helperFunctions.yara_binary_search module
- class helperFunctions.yara_binary_search.YaraBinarySearchScanner
Bases:
objectThis class provides functionality to scan files in the database for yara patterns. The public method allows to either match a given set of patterns on all files in the database or focus only on files included in a single firmware.
- Parameters:
config – The FACT configuration.
- get_binary_search_result(task)
Perform a yara search on the files in the database.
- Parameters:
task (tuple[bytes, str | None]) – A tuple containing the yara_rules (byte string with the contents of the yara rule file) and optionally a firmware uid if only the contents of a single firmware are to be scanned.
- Returns:
dict of matching rules with lists of (unique) matched UIDs as values or an error message.
- Return type:
dict[str, dict[str, list[dict]]] | str