Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(yara): error threshold #732

Merged
merged 8 commits into from
Oct 6, 2023
Merged

feat(yara): error threshold #732

merged 8 commits into from
Oct 6, 2023

Conversation

pbalogh-sa
Copy link
Member

@pbalogh-sa pbalogh-sa commented Oct 3, 2023
edited

Description

This PR adds an error threshold for the Yara scan in order to mark the whole scan as failed.
There are two types of errors:

  1. count all lines in stdout and stderr, and if the stdout lines/stdout+stderr lines reach the threshold we will send a scan error.
  2. count all lines in stdout and count the parse errors in stdout, and if the stdout line-parse error count/stdout lines reach the threshold we will send a parser error.

fixes: #682

Type of Change

[ ] Bug Fix
[x] New Feature
[ ] Breaking Change
[ ] Refactor
[ ] Documentation
[ ] Other (please describe)

Checklist

  • I have read the contributing guidelines
  • Existing issues have been referenced (where applicable)
  • I have verified this change is not present in other open pull requests
  • Functionality is documented
  • All code style checks pass
  • New code contribution is covered by automated tests
  • All new and existing tests pass

@pbalogh-sa pbalogh-sa requested a review from a team as a code owner October 3, 2023 14:31
@github-actions

This comment has been minimized.

Sign in to view
@github-actions

This comment has been minimized.

Sign in to view
@pbalogh-sa pbalogh-sa self-assigned this Oct 6, 2023
Tehsmash
Tehsmash requested changes Oct 6, 2023
View reviewed changes
pkg/shared/families/malware/yara/yara.go Outdated Show resolved Hide resolved
pkg/shared/families/malware/yara/yara.go Outdated Show resolved Hide resolved
@github-actions
Copy link

github-actions bot commented Oct 6, 2023

Hey!

Your images are ready:

  • ghcr.io/openclarity/vmclarity-apiserver-dev:pr732-aaaa9d9a9713b6ecf508c10284cbecb4d40c8d04
  • ghcr.io/openclarity/vmclarity-orchestrator-dev:pr732-aaaa9d9a9713b6ecf508c10284cbecb4d40c8d04
  • ghcr.io/openclarity/vmclarity-ui-backend-dev:pr732-aaaa9d9a9713b6ecf508c10284cbecb4d40c8d04
  • ghcr.io/openclarity/vmclarity-ui-dev:pr732-aaaa9d9a9713b6ecf508c10284cbecb4d40c8d04
  • ghcr.io/openclarity/vmclarity-cli-dev:pr732-aaaa9d9a9713b6ecf508c10284cbecb4d40c8d04

@pbalogh-sa pbalogh-sa added this pull request to the merge queue Oct 6, 2023
Merged via the queue into main with commit 31eba8f Oct 6, 2023
26 checks passed
@pbalogh-sa pbalogh-sa deleted the yara-error-threshold branch October 6, 2023 11:29
@chrisgacsal chrisgacsal mentioned this pull request Nov 6, 2023
Merged
7 tasks
@chrisgacsal chrisgacsal mentioned this pull request Feb 21, 2024
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Tehsmash Tehsmash Tehsmash approved these changes

Assignees

@pbalogh-sa pbalogh-sa

Labels
None yet
Projects
OpenClarity
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Error threshold for Yara family
2 participants
@pbalogh-sa @Tehsmash