FACT Logo
  • Challenges
  • Easy to Install! Easy to Use!
  • Easy to Extend! Easy to Integrate!
  • Screenshots
  • Contributing
  • Latest News and Contact
  • Authors and Acknowledgment
  • Source Code
  • Upgrading FACT from 3 to 4

Modules:

  • analysis
  • config
  • conftest
  • test
  • helperFunctions
    • helperFunctions.compare_sets module
    • helperFunctions.data_conversion module
    • helperFunctions.database module
    • helperFunctions.docker module
    • helperFunctions.fileSystem module
    • helperFunctions.hash module
    • helperFunctions.install module
    • helperFunctions.logging module
    • helperFunctions.merge_generators module
    • helperFunctions.object_conversion module
    • helperFunctions.pdf module
    • helperFunctions.plugin module
    • helperFunctions.process module
    • helperFunctions.program_setup module
    • helperFunctions.tag module
    • helperFunctions.task_conversion module
    • helperFunctions.uid module
    • helperFunctions.virtual_file_path module
    • helperFunctions.uid web_interface
    • helperFunctions.yara_binary_search module
      • YaraBinarySearchScanner
        • YaraBinarySearchScanner.get_binary_search_result()
      • get_yara_error()
      • is_valid_yara_rule_file()
  • objects
  • plugins
  • scheduler
  • web_interface
FACT
  • helperFunctions
  • helperFunctions.yara_binary_search module
  • View page source

helperFunctions.yara_binary_search module

class helperFunctions.yara_binary_search.YaraBinarySearchScanner

Bases: object

This class provides functionality to scan files in the database for yara patterns. The public method allows to either match a given set of patterns on all files in the database or focus only on files included in a single firmware.

Parameters:

config – The FACT configuration.

get_binary_search_result(task)

Perform a yara search on the files in the database.

Parameters:

task (tuple[bytes, str | None]) – A tuple containing the yara_rules (byte string with the contents of the yara rule file) and optionally a firmware uid if only the contents of a single firmware are to be scanned.

Returns:

dict of matching rules with lists of (unique) matched UIDs as values or an error message.

Return type:

dict[str, dict[str, list[dict]]] | str

helperFunctions.yara_binary_search.get_yara_error(rules_file)

Get the exception that is caused by trying to compile rules_file with yara or None if there is none.

Parameters:

rules_file (str | bytes) – A string containing yara rules.

Result:

The exception if compiling the rules causes an exception or None otherwise.

Return type:

Exception | None

helperFunctions.yara_binary_search.is_valid_yara_rule_file(yara_rules)

Check if yara_rules is a valid set of yara rules.

Param:

A string containing yara rules.

Returns:

True if the rules are valid and False otherwise.

Parameters:

yara_rules (str | bytes) –

Return type:

bool

Previous Next

© Copyright 2020-2024 Fraunhofer FKIE.

Built with Sphinx using a theme provided by Read the Docs.