Plyara thank you

InQuest · Apr 29, 2018 · 872d659 · 872d659
1 parent ac05ae9
commit 872d659
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -110,3 +110,9 @@ Releases are controlled by artifact states. States are configurable in the State
 The Release, Staging, and Retired states must be configured in the admin section *before* you can generate a release. If they are not, the system will error out. 
 
 When a release is created, the system first pulls all signatures that are in the release state. Then, it gathers all signatures that are in the staging state and checks their revision history for the most recently released revision that is in the release state. If it finds it, it will include it in the release. If it does not find any previously released revisions, it will skip the signature.
+
+## Thank You
+ThreatKB utilizes Plyara to parse yara rules into python dictionaries. A huge thank you to the Plyara team! Links to the project are below:
+
+https://github.com/8u1a/plyara
+https://github.com/8u1a/plyara/blob/master/LICENSE
diff --git a/app/utilities.py b/app/utilities.py
@@ -46,10 +46,13 @@ def extract_yara_rules(text):
                         re.MULTILINE | re.DOTALL)
     yara_rules = re.compile(parse_regex, re.MULTILINE | re.DOTALL).findall(yara_rules)
     extracted = []
-    for yara_rule in yara_rules:
+    for yara_rule_original in yara_rules:
         try:
-            parsed_rule = parse_yara_rules_text(yara_rule)[0]
-            strings, condition = get_strings_and_conditions(yara_rule)
+            yara_rule_to_parse = re.sub(r'//[^\n]*', "", yara_rule_original, re.MULTILINE)
+            yara_rule_to_parse = re.sub(r'(^|\n)[\s\t]*//*', "", yara_rule_to_parse)
+            parsed_rule = parse_yara_rules_text(yara_rule_to_parse)[0]
+
+            strings, condition = get_strings_and_conditions(yara_rule_original)
             extracted.append({"parsed_rule": parsed_rule, "strings": strings, "condition": condition})
         except Exception, e:
             pass
@@ -121,6 +124,13 @@ def parse_yara_rules_text(text):
     return parseString(text)
 
 
+#####################################################################
+# All code below this point was taken from the Plyara project.
+# Huge thank you to the Plyara team for awesome project!
+#
+# https://github.com/8u1a/plyara
+# https://github.com/8u1a/plyara/blob/master/LICENSE
+#
 #####################################################################
 
 class ElementTypes: