diff options
Diffstat (limited to '')
| -rw-r--r-- | Makefile | 2 | ||||
| -rw-r--r-- | main.go | 24 |
2 files changed, 19 insertions, 7 deletions
| @@ -38,7 +38,7 @@ docker: ## Build docker image | |||
| 38 | docker tag $(IMAGE_NAME):latest $(IMAGE_NAME):$(IMAGE_VERSION) | 38 | docker tag $(IMAGE_NAME):latest $(IMAGE_NAME):$(IMAGE_VERSION) |
| 39 | 39 | ||
| 40 | docker-tests: ## Run docker image against the samples folder | 40 | docker-tests: ## Run docker image against the samples folder |
| 41 | @docker run --rm -v $(shell pwd)/data/samples:/data $(IMAGE_NAME):latest | 41 | @(docker run --rm -v $(shell pwd)/data/samples:/data $(IMAGE_NAME):latest && exit 1) || (test $$? -eq 255 || exit 1) |
| 42 | 42 | ||
| 43 | docker-publish: ## Push docker image to the container registry | 43 | docker-publish: ## Push docker image to the container registry |
| 44 | @docker push $(IMAGE_NAME):latest | 44 | @docker push $(IMAGE_NAME):latest |
| @@ -30,6 +30,9 @@ const ( | |||
| 30 | FileBufferSize = 32 * 1024 // 32KB | 30 | FileBufferSize = 32 * 1024 // 32KB |
| 31 | YaraMaxThreads = 32 | 31 | YaraMaxThreads = 32 |
| 32 | TempDirPrefix = "pmf-" | 32 | TempDirPrefix = "pmf-" |
| 33 | ExitCodeOk = 0 | ||
| 34 | ExitCodeWithMatches = 255 | ||
| 35 | ExitCodeWithError = 1 | ||
| 33 | ) | 36 | ) |
| 34 | 37 | ||
| 35 | var ( | 38 | var ( |
| @@ -93,7 +96,7 @@ func handleError(err error, desc string, isFatal bool) { | |||
| 93 | } | 96 | } |
| 94 | log.Println("[ERROR]"+desc, err) | 97 | log.Println("[ERROR]"+desc, err) |
| 95 | if isFatal { | 98 | if isFatal { |
| 96 | os.Exit(1) | 99 | os.Exit(ExitCodeWithError) |
| 97 | } | 100 | } |
| 98 | } | 101 | } |
| 99 | } | 102 | } |
| @@ -111,8 +114,9 @@ func writeRulesFiles(content fs.FS) string { | |||
| 111 | for _, rulesFile := range rulesFiles { | 114 | for _, rulesFile := range rulesFiles { |
| 112 | // read embedded content | 115 | // read embedded content |
| 113 | f, err := content.Open(path.Join("data", rulesFile)) | 116 | f, err := content.Open(path.Join("data", rulesFile)) |
| 114 | handleError(err, "unable to read embedded rule", true) | 117 | handleError(err, "unable to open embedded rule", true) |
| 115 | ruleData, err := io.ReadAll(f) | 118 | ruleData, err := io.ReadAll(f) |
| 119 | handleError(err, "unable to read rule content", true) | ||
| 116 | 120 | ||
| 117 | // write to temporary file | 121 | // write to temporary file |
| 118 | err = os.WriteFile(path.Join(rulesPath, rulesFile), ruleData, 0640) | 122 | err = os.WriteFile(path.Join(rulesPath, rulesFile), ruleData, 0640) |
| @@ -297,13 +301,14 @@ func loadRulesFile(fileName string) (*yara.Rules, error) { | |||
| 297 | 301 | ||
| 298 | func main() { | 302 | func main() { |
| 299 | startTime := time.Now() | 303 | startTime := time.Now() |
| 304 | matchesFound := false | ||
| 300 | _, err := flags.Parse(&args) | 305 | _, err := flags.Parse(&args) |
| 301 | if err != nil { | 306 | if err != nil { |
| 302 | os.Exit(1) | 307 | os.Exit(ExitCodeWithError) |
| 303 | } | 308 | } |
| 304 | if args.ShowVersion { | 309 | if args.ShowVersion { |
| 305 | println(version) | 310 | println(version) |
| 306 | os.Exit(0) | 311 | os.Exit(ExitCodeOk) |
| 307 | } | 312 | } |
| 308 | 313 | ||
| 309 | // check rules path | 314 | // check rules path |
| @@ -317,7 +322,7 @@ func main() { | |||
| 317 | // update rules if required | 322 | // update rules if required |
| 318 | if args.Update { | 323 | if args.Update { |
| 319 | updateRules() | 324 | updateRules() |
| 320 | os.Exit(0) | 325 | os.Exit(ExitCodeOk) |
| 321 | } | 326 | } |
| 322 | 327 | ||
| 323 | // add custom excluded file extensions | 328 | // add custom excluded file extensions |
| @@ -428,6 +433,7 @@ func main() { | |||
| 428 | for target, count := range matchCount { | 433 | for target, count := range matchCount { |
| 429 | if count >= DangerousMinScore { | 434 | if count >= DangerousMinScore { |
| 430 | log.Println("[WARNING] dangerous file found:", target) | 435 | log.Println("[WARNING] dangerous file found:", target) |
| 436 | matchesFound = true | ||
| 431 | } | 437 | } |
| 432 | } | 438 | } |
| 433 | } else { // single file mode | 439 | } else { // single file mode |
| @@ -437,6 +443,7 @@ func main() { | |||
| 437 | err := scanner.SetCallback(&matches).ScanFile(args.Positional.Target) | 443 | err := scanner.SetCallback(&matches).ScanFile(args.Positional.Target) |
| 438 | handleError(err, "unable to scan target", true) | 444 | handleError(err, "unable to scan target", true) |
| 439 | for _, match := range matches { | 445 | for _, match := range matches { |
| 446 | matchesFound = true | ||
| 440 | log.Println("[WARNING] match found:", args.Positional.Target, match.Rule) | 447 | log.Println("[WARNING] match found:", args.Positional.Target, match.Rule) |
| 441 | if args.Verbose { | 448 | if args.Verbose { |
| 442 | for _, matchString := range match.Strings { | 449 | for _, matchString := range match.Strings { |
| @@ -460,6 +467,11 @@ func main() { | |||
| 460 | log.Println("[DEBUG] deleting temporary folder:", args.RulesDir) | 467 | log.Println("[DEBUG] deleting temporary folder:", args.RulesDir) |
| 461 | } | 468 | } |
| 462 | err := os.RemoveAll(args.RulesDir) | 469 | err := os.RemoveAll(args.RulesDir) |
| 463 | handleError(err, "unable to delete temporary folder", true) | 470 | handleError(err, fmt.Sprintf("unable to delete temporary folder '%s'", args.RulesDir), false) |
| 464 | } | 471 | } |
| 472 | |||
| 473 | if matchesFound { | ||
| 474 | os.Exit(ExitCodeWithMatches) | ||
| 475 | } | ||
| 476 | os.Exit(ExitCodeOk) | ||
| 465 | } | 477 | } |