From e8b4536ec2e28b7ea6973a633eaf39f3a7f7b3a2 Mon Sep 17 00:00:00 2001 From: Matt Date: Fri, 18 Oct 2019 12:57:13 +0100 Subject: [PATCH 1/3] Updated yara to v3.11.0 and openssl to v1.1.1d finally managed to fudge the compiler --- package-lock.json | 57 ++++++++++++++++------------------------------- package.json | 2 +- 2 files changed, 20 insertions(+), 39 deletions(-) diff --git a/package-lock.json b/package-lock.json index bf9aa0c7..7a489abc 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1760,7 +1760,7 @@ "dependencies": { "es6-promisify": { "version": "5.0.0", - "resolved": "https://registry.npmjs.org/es6-promisify/-/es6-promisify-5.0.0.tgz", + "resolved": "http://registry.npmjs.org/es6-promisify/-/es6-promisify-5.0.0.tgz", "integrity": "sha1-UQnWLz5W6pZ8S2NQWu8IKRyKUgM=", "dev": true, "requires": { @@ -4307,7 +4307,7 @@ }, "deep-eql": { "version": "0.1.3", - "resolved": "https://registry.npmjs.org/deep-eql/-/deep-eql-0.1.3.tgz", + "resolved": "http://registry.npmjs.org/deep-eql/-/deep-eql-0.1.3.tgz", "integrity": "sha1-71WKyrjeJSBs1xOQbXTlaTDrafI=", "dev": true, "requires": { @@ -4651,7 +4651,7 @@ }, "duplexer": { "version": "0.1.1", - "resolved": "https://registry.npmjs.org/duplexer/-/duplexer-0.1.1.tgz", + "resolved": "http://registry.npmjs.org/duplexer/-/duplexer-0.1.1.tgz", "integrity": "sha1-rOb/gIwc5mtX0ev5eXessCM0z8E=", "dev": true }, @@ -6018,8 +6018,7 @@ "ansi-regex": { "version": "2.1.1", "bundled": true, - "dev": true, - "optional": true + "dev": true }, "aproba": { "version": "1.2.0", @@ -6040,14 +6039,12 @@ "balanced-match": { "version": "1.0.0", "bundled": true, - "dev": true, - "optional": true + "dev": true }, "brace-expansion": { "version": "1.1.11", "bundled": true, "dev": true, - "optional": true, "requires": { "balanced-match": "^1.0.0", "concat-map": "0.0.1" @@ -6062,20 +6059,17 @@ "code-point-at": { "version": "1.1.0", "bundled": true, - "dev": true, - "optional": true + "dev": true }, "concat-map": { "version": "0.0.1", "bundled": true, - "dev": true, - "optional": true + "dev": true }, "console-control-strings": { "version": "1.1.0", "bundled": true, - "dev": true, - "optional": true + "dev": true }, "core-util-is": { "version": "1.0.2", @@ -6192,8 +6186,7 @@ "inherits": { "version": "2.0.3", "bundled": true, - "dev": true, - "optional": true + "dev": true }, "ini": { "version": "1.3.5", @@ -6205,7 +6198,6 @@ "version": "1.0.0", "bundled": true, "dev": true, - "optional": true, "requires": { "number-is-nan": "^1.0.0" } @@ -6220,7 +6212,6 @@ "version": "3.0.4", "bundled": true, "dev": true, - "optional": true, "requires": { "brace-expansion": "^1.1.7" } @@ -6228,14 +6219,12 @@ "minimist": { "version": "0.0.8", "bundled": true, - "dev": true, - "optional": true + "dev": true }, "minipass": { "version": "2.3.5", "bundled": true, "dev": true, - "optional": true, "requires": { "safe-buffer": "^5.1.2", "yallist": "^3.0.0" @@ -6254,7 +6243,6 @@ "version": "0.5.1", "bundled": true, "dev": true, - "optional": true, "requires": { "minimist": "0.0.8" } @@ -6335,8 +6323,7 @@ "number-is-nan": { "version": "1.0.1", "bundled": true, - "dev": true, - "optional": true + "dev": true }, "object-assign": { "version": "4.1.1", @@ -6348,7 +6335,6 @@ "version": "1.4.0", "bundled": true, "dev": true, - "optional": true, "requires": { "wrappy": "1" } @@ -6434,8 +6420,7 @@ "safe-buffer": { "version": "5.1.2", "bundled": true, - "dev": true, - "optional": true + "dev": true }, "safer-buffer": { "version": "2.1.2", @@ -6471,7 +6456,6 @@ "version": "1.0.2", "bundled": true, "dev": true, - "optional": true, "requires": { "code-point-at": "^1.0.0", "is-fullwidth-code-point": "^1.0.0", @@ -6491,7 +6475,6 @@ "version": "3.0.1", "bundled": true, "dev": true, - "optional": true, "requires": { "ansi-regex": "^2.0.0" } @@ -6535,14 +6518,12 @@ "wrappy": { "version": "1.0.2", "bundled": true, - "dev": true, - "optional": true + "dev": true }, "yallist": { "version": "3.0.3", "bundled": true, - "dev": true, - "optional": true + "dev": true } } }, @@ -7443,7 +7424,7 @@ }, "html-webpack-plugin": { "version": "3.2.0", - "resolved": "https://registry.npmjs.org/html-webpack-plugin/-/html-webpack-plugin-3.2.0.tgz", + "resolved": "http://registry.npmjs.org/html-webpack-plugin/-/html-webpack-plugin-3.2.0.tgz", "integrity": "sha1-sBq71yOsqqeze2r0SS69oD2d03s=", "dev": true, "requires": { @@ -7458,7 +7439,7 @@ "dependencies": { "json5": { "version": "0.5.1", - "resolved": "https://registry.npmjs.org/json5/-/json5-0.5.1.tgz", + "resolved": "http://registry.npmjs.org/json5/-/json5-0.5.1.tgz", "integrity": "sha1-Hq3nrMASA0rYTiOWdn6tn6VJWCE=", "dev": true }, @@ -8586,9 +8567,9 @@ "integrity": "sha512-RqscTx95+RTKhFAyjedsboR0Lmo3zd8//EuRwQXkdWmsCwYlzarVRaiYg6kS1O8m10MCQkGdrnlK9L4eAmZUwA==" }, "libyara-wasm": { - "version": "0.0.12", - "resolved": "https://registry.npmjs.org/libyara-wasm/-/libyara-wasm-0.0.12.tgz", - "integrity": "sha512-AjTe4FiBuH4F7HwGT/3UxoRenczXtrbM6oWGrifxb44LrkDh5VxRNg9zwfPpDA5Fcc1iYcXS0WVA/b3DGtD8cQ==" + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/libyara-wasm/-/libyara-wasm-1.0.0.tgz", + "integrity": "sha512-BtCrvwbMIIPnBVM2sv1bR1bFvb4Rxr2hOJfvm6xiZY/hDtw0KQx05RIY+4DyqoirCxzy71UchUsvnPKieO29bg==" }, "linkify-it": { "version": "2.2.0", diff --git a/package.json b/package.json index dd83e745..3b5920b3 100644 --- a/package.json +++ b/package.json @@ -122,7 +122,7 @@ "jsrsasign": "8.0.12", "kbpgp": "2.1.3", "libbzip2-wasm": "0.0.4", - "libyara-wasm": "0.0.12", + "libyara-wasm": "^1.0.0", "lodash": "^4.17.15", "loglevel": "^1.6.3", "loglevel-message-prefix": "^3.0.0", From 252b1b65c4ad5bd97716b241e52172f0d8def114 Mon Sep 17 00:00:00 2001 From: Matt Date: Fri, 18 Oct 2019 12:58:17 +0100 Subject: [PATCH 2/3] Add YARA rules node test --- src/core/operations/YARARules.mjs | 2 +- tests/node/tests/operations.mjs | 17 ++++++++++++++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/src/core/operations/YARARules.mjs b/src/core/operations/YARARules.mjs index b95d5a4c..e654cc6d 100644 --- a/src/core/operations/YARARules.mjs +++ b/src/core/operations/YARARules.mjs @@ -61,7 +61,7 @@ class YARARules extends Operation { * @param {Object[]} args * @returns {string} */ - run(input, args) { + async run(input, args) { if (isWorkerEnvironment()) self.sendStatusMessage("Instantiating YARA..."); const [rules, showStrings, showLengths, showMeta, showCounts] = args; diff --git a/tests/node/tests/operations.mjs b/tests/node/tests/operations.mjs index cfe67211..f20708f0 100644 --- a/tests/node/tests/operations.mjs +++ b/tests/node/tests/operations.mjs @@ -31,7 +31,7 @@ import { cartesianProduct, CSSMinify, toBase64, - toHex, + toHex } from "../../../src/node/index"; import chef from "../../../src/node/index.mjs"; import TestRegister from "../../lib/TestRegister.mjs"; @@ -1059,5 +1059,20 @@ ExifImageHeight: 57`); assert.equal(unzipped.value[0].data, "some content"); }), + it("YARA Rule Matching", async () => { + const input = "foobar foobar bar foo foobar"; + const output = "Rule \"foo\" matches (4 times):\nPos 0, length 3, identifier $re1, data: \"foo\"\nPos 7, length 3, identifier $re1, data: \"foo\"\nPos 18, length 3, identifier $re1, data: \"foo\"\nPos 22, length 3, identifier $re1, data: \"foo\"\nRule \"bar\" matches (4 times):\nPos 3, length 3, identifier $re1, data: \"bar\"\nPos 10, length 3, identifier $re1, data: \"bar\"\nPos 14, length 3, identifier $re1, data: \"bar\"\nPos 25, length 3, identifier $re1, data: \"bar\"\n"; + + const res = await chef.YARARules(input, { + rules: "rule foo {strings: $re1 = /foo/ condition: $re1} rule bar {strings: $re1 = /bar/ condition: $re1}", + showStrings: true, + showStringLengths: true, + showMetadata: true + }); + + assert.equal(output, res.value); + }), + + ]); From 4387038351f79e105c22976d8ec92837304cff32 Mon Sep 17 00:00:00 2001 From: Matt Date: Sat, 26 Oct 2019 16:14:25 +0100 Subject: [PATCH 3/3] Update libyara-wasm --- package-lock.json | 6 +++--- package.json | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index 7a489abc..92535448 100644 --- a/package-lock.json +++ b/package-lock.json @@ -8567,9 +8567,9 @@ "integrity": "sha512-RqscTx95+RTKhFAyjedsboR0Lmo3zd8//EuRwQXkdWmsCwYlzarVRaiYg6kS1O8m10MCQkGdrnlK9L4eAmZUwA==" }, "libyara-wasm": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/libyara-wasm/-/libyara-wasm-1.0.0.tgz", - "integrity": "sha512-BtCrvwbMIIPnBVM2sv1bR1bFvb4Rxr2hOJfvm6xiZY/hDtw0KQx05RIY+4DyqoirCxzy71UchUsvnPKieO29bg==" + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/libyara-wasm/-/libyara-wasm-1.0.1.tgz", + "integrity": "sha512-Vq0EcQ3HRJinFxxb00JZpjyX8NCerazVhSf3+TVt1c21T3pcEJJ3RkanAwT71lW6CCmmmKuNU4QwqsinmR6pKQ==" }, "linkify-it": { "version": "2.2.0", diff --git a/package.json b/package.json index 3b5920b3..c79b4f89 100644 --- a/package.json +++ b/package.json @@ -122,7 +122,7 @@ "jsrsasign": "8.0.12", "kbpgp": "2.1.3", "libbzip2-wasm": "0.0.4", - "libyara-wasm": "^1.0.0", + "libyara-wasm": "^1.0.1", "lodash": "^4.17.15", "loglevel": "^1.6.3", "loglevel-message-prefix": "^3.0.0",