Skip to content

Commit

Permalink
YARA validation perf improvement candiate
Browse files Browse the repository at this point in the history
  • Loading branch information
Jason Batchelor committed Jan 18, 2024
1 parent 534f6a0 commit 9b1837d
Showing 1 changed file with 15 additions and 8 deletions.
23 changes: 15 additions & 8 deletions yara_validator/validator.py
Original file line number Diff line number Diff line change
Expand Up @@ -139,12 +139,21 @@ def run_yara_validator(yara_file, generate_values=True, check_import_modules=Tru
.format(str(validator_configuration.get(STRING_ENCODING).get(VALUE)))
yara_file_processor.update_file_error(True, str(yara_file_processor.original_rule_file.name), file_response)
return yara_file_processor

with open(CONFIG_VALUES_YAML_PATH, 'r', encoding='utf8') as yaml_file:
scheme = yaml.safe_load(yaml_file)

with open(CONFIG_YAML_PATH, 'r', encoding='utf8') as config_file:
yara_config = yaml.safe_load(config_file)

validator = YaraValidator(MITRE_STIX_DATA_PATH, CONFIG_YAML_PATH, CONFIG_VALUES_YAML_PATH, yara_config, scheme)

for rule in yara_file_processor.yara_rules:
try:
validator = YaraValidator(MITRE_STIX_DATA_PATH, config_path or CONFIG_YAML_PATH,
config_values_path or CONFIG_VALUES_YAML_PATH)
rule.add_rule_return(validator.validation(rule.rule_plyara, rule.rule_string, generate_values))
# reset the counter here since we are evaluating 'per rule'
for key, value in validator.required_fields.items():
validator.required_fields_index[value.position].count = 0
except Exception as e:
raise Exception(
f"{rule.rule_plyara.get('rule_name', None)} produced the following exception: {str(e)}. Halting validation..")
Expand Down Expand Up @@ -377,18 +386,15 @@ class YaraValidator:
Class for YaraValidator that does most of the work for validating YARA rules to the defined YARA Metadata Standard.
"""

def __init__(self, stix_data_path, validator_yaml, validator_yaml_values):
def __init__(self, stix_data_path, validator_yaml, validator_yaml_values, yara_config, scheme):
# initialize the file system source for the MITRE ATT&CK data
self.STIX_DATA_PATH = stix_data_path
self.fs = FileSystemSource(self.STIX_DATA_PATH)

self.validator_yaml_values = validator_yaml_values
with open(validator_yaml_values, 'r', encoding='utf8') as yaml_file:
self.scheme = yaml.safe_load(yaml_file)

self.scheme = scheme
self.validator_yaml = validator_yaml
with open(validator_yaml, 'r', encoding='utf8') as config_file:
self.yara_config = yaml.safe_load(config_file)
self.yara_config = yara_config

self.validators = Validators()
self.required_fields = {}
Expand Down Expand Up @@ -904,3 +910,4 @@ def import_yara_cfg(self):
# check if any metadata in child-parent relationship are missing
self.validate_child_parent_metadata(self.yara_config, metadata_in_child_parent_relationship)
self.metadata_keys_regex = self.metadata_keys_regex[:-1]

0 comments on commit 9b1837d

Please sign in to comment.