Compile rules from their location (#116)

* handle errors while loading rules * move to rules folder for compiling
author: Mathieu Deous 2022-04-30 15:41:40 +0200
committer: GitHub 2022-04-30 15:41:40 +0200
commit: bbc738e16f8b637afde58d65196374af98a5e0e2 (patch)
tree: 40a93bb106d16e67aab4db9041c1ac7a3eaf04b1
parent: 61126b35771eaa7537757362f264dbc8b6a32ed7 (diff)
1 files changed, 38 insertions, 2 deletions
diff --git a/php-malware-finder/phpmalwarefinder.go b/php-malware-finder/phpmalwarefinder.go
index 799df60..2a641b3 100644
--- a/php-malware-finder/phpmalwarefinder.go
+++ b/php-malware-finder/phpmalwarefinder.go
@@ -210,6 +210,42 @@ func scanDir(dirName string, targets chan<- string, ticker <-chan time.Time) {
        close(targets)
 }
+// loadRulesFile reads YARA rules from specified `fileName` and returns
+// them in their compiled form.
+func loadRulesFile(fileName string) (*yara.Rules, error) {
+        var err error = nil
+        // record working directory and move to rules location
+        curDir, err := os.Getwd()
+        if err != nil {
+                return nil, fmt.Errorf("unable to determine working directory: %v", err)
+        }
+        ruleDir, ruleName := filepath.Split(fileName)
+        err = os.Chdir(ruleDir)
+        if err != nil {
+                return nil, fmt.Errorf("unable to move to rules directory: %v", err)
+        }
+        // read file content
+        data, err := ioutil.ReadFile(ruleName)
+        if err != nil {
+                return nil, fmt.Errorf("unable to read rules file: %v", err)
+        }
+        // compile rules
+        rules, err := yara.Compile(string(data), nil)
+        if err != nil {
+                return nil, fmt.Errorf("unable to load rules: %v", err)
+        }
+        // move back to working directory
+        err = os.Chdir(curDir)
+        if err != nil {
+                return nil, fmt.Errorf("unable to move back to working directory: %v", err)
+        }
+        return rules, nil
+}
 func main() {
        startTime := time.Now()
        _, err := flags.Parse(&args)
@@ -265,8 +301,8 @@ func main() {
        // load YARA rules
        rulePath := path.Join(args.RulesDir, RulesFile)
-        data, _ := ioutil.ReadFile(rulePath)
+        rules, err := loadRulesFile(rulePath)
-        rules, _ := yara.Compile(string(data), nil)
+        handleError(err, true)
        if args.Verbose {
                log.Println("[DEBUG] ruleset loaded:", rulePath)
        }
author	Mathieu Deous	2022-04-30 15:41:40 +0200
committer	GitHub	2022-04-30 15:41:40 +0200
commit	bbc738e16f8b637afde58d65196374af98a5e0e2 (patch)
tree	40a93bb106d16e67aab4db9041c1ac7a3eaf04b1
parent	61126b35771eaa7537757362f264dbc8b6a32ed7 (diff)

diff --git a/php-malware-finder/phpmalwarefinder.go b/php-malware-finder/phpmalwarefinder.go index 799df60..2a641b3 100644 --- a/php-malware-finder/phpmalwarefinder.go +++ b/php-malware-finder/phpmalwarefinder.go
@@ -210,6 +210,42 @@ func scanDir(dirName string, targets chan<- string, ticker <-chan time.Time) {
210	close(targets)	210	close(targets)
211	}	211	}
212		212
		213	// loadRulesFile reads YARA rules from specified `fileName` and returns
		214	// them in their compiled form.
		215	func loadRulesFile(fileName string) (*yara.Rules, error) {
		216	var err error = nil
		217	// record working directory and move to rules location
		218	curDir, err := os.Getwd()
		219	if err != nil {
		220	return nil, fmt.Errorf("unable to determine working directory: %v", err)
		221	}
		222	ruleDir, ruleName := filepath.Split(fileName)
		223	err = os.Chdir(ruleDir)
		224	if err != nil {
		225	return nil, fmt.Errorf("unable to move to rules directory: %v", err)
		226	}
		227
		228	// read file content
		229	data, err := ioutil.ReadFile(ruleName)
		230	if err != nil {
		231	return nil, fmt.Errorf("unable to read rules file: %v", err)
		232	}
		233
		234	// compile rules
		235	rules, err := yara.Compile(string(data), nil)
		236	if err != nil {
		237	return nil, fmt.Errorf("unable to load rules: %v", err)
		238	}
		239
		240	// move back to working directory
		241	err = os.Chdir(curDir)
		242	if err != nil {
		243	return nil, fmt.Errorf("unable to move back to working directory: %v", err)
		244	}
		245
		246	return rules, nil
		247	}
		248
213	func main() {	249	func main() {
214	startTime := time.Now()	250	startTime := time.Now()
215	_, err := flags.Parse(&args)	251	_, err := flags.Parse(&args)
@@ -265,8 +301,8 @@ func main() {
265		301
266	// load YARA rules	302	// load YARA rules
267	rulePath := path.Join(args.RulesDir, RulesFile)	303	rulePath := path.Join(args.RulesDir, RulesFile)
268	data, _ := ioutil.ReadFile(rulePath)	304	rules, err := loadRulesFile(rulePath)
269	rules, _ := yara.Compile(string(data), nil)	305	handleError(err, true)
270	if args.Verbose {	306	if args.Verbose {
271	log.Println("[DEBUG] ruleset loaded:", rulePath)	307	log.Println("[DEBUG] ruleset loaded:", rulePath)
272	}	308	}