attempt at fixing whitelist generation

1 files changed, 10 insertions, 3 deletions

diff --git a/php-malware-finder/generate_whitelist.py b/php-malware-finder/generate_whitelist.py
index 04bcc91..a8ed8f8 100644..100755
--- a/php-malware-finder/generate_whitelist.py
+++ b/php-malware-finder/generate_whitelist.py
@@ -11,6 +11,11 @@ except ImportError:
     print('Please install python-yara')
     sys.exit(1)
 
+print("/!\\ THIS SCRIPT IS BROKEN AND SHOULD NOT BE USED /!\\")
+print("IF YOU WANT ANYWAY, EDIT IT TO REMOVE THIS WARNING")
+sys.exit(0)
+
+
 if len(sys.argv) != 3:
     print('Usage: %s name_of_the_rule_and_version folder_to_scan' % sys.argv[0])
     sys.exit(1)
@@ -29,11 +34,13 @@ for cpt, (root, dirnames, filenames) in enumerate(os.walk(sys.argv[2])):
         if os.stat(fname).st_size:
             matches = rules.match(os.path.join(root, filename), fast=True)
             if matches:
-                matches = matches.pop()  # only one match, since we're scaning files
-                output_list.append('hash.sha1(0, filename) == %s or // %s' % (hashlib.sha1(fname.encode('utf-8')).hexdigest(), fname))
+                hasher = hashlib.sha1()
+                with open(fname, 'rb') as ifile:
+                    hasher.update(ifile.read())
+                output_list.append('hash.sha1(0, filesize) == "%s" or // %s' % (hasher.hexdigest(), fname))
 
 
-output_rule = 'private rule %s\n{\n\tcondition:\n\t\t/* %s */\n\t\t' % (sys.argv[1].split(' ')[0], sys.argv[1])
+output_rule = 'import "hash"\n\nprivate rule %s\n{\n\tcondition:\n\t\t/* %s */\n\t\t' % (sys.argv[1].split(' ')[0], sys.argv[1])
 output_list.append(output_list.pop().replace(' or ', '    '))
 output_rule += '\n\t\t'.join(output_list)
 output_rule += '\n}'