Skip to content

Add a yara operator #3594

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 41 commits into from
Nov 1, 2023
Merged

Add a yara operator #3594

merged 41 commits into from
Nov 1, 2023

Conversation

mavam
Copy link
Member

@mavam mavam commented Oct 21, 2023
edited
Loading

This PR adds a yara operator that makes it possible to match YARA rules on byte chunks.

### Tasks
- [x] Implement the `yara` operator
- [x] Add docs
- [x] Understand double quotes in builder conflict
- [x] Add changelog entry
- [x] Add integration tests
- [x] Add blog post

@mavam mavam added feature New functionality operator Source, transformation, and sink labels Oct 21, 2023
@mavam mavam marked this pull request as ready for review October 23, 2023 05:05
dominiklohmann
dominiklohmann approved these changes Oct 23, 2023
View reviewed changes
Copy link
Member

@dominiklohmann dominiklohmann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lots of smaller comments; generally this works, but I think the default to match on individual chunks is dangerous and should be made an option instead. The default behavior of an operator should be what users want most of the time, and that isn't the case here as indicated by the warning in the documentation.

I'm approving because the required changes are really small and should not need another review. Please make them before merging, or let's postpone the blog post and discuss.

@mavam mavam force-pushed the topic/yara-operator branch from d7dad38 to e3a4f31 Compare October 28, 2023 09:51
@mavam mavam mentioned this pull request Oct 28, 2023
Closed
@mavam mavam requested a review from jachris October 28, 2023 14:45
@mavam mavam enabled auto-merge November 1, 2023 03:29
@mavam mavam merged commit 01c0539 into main Nov 1, 2023
@mavam mavam deleted the topic/yara-operator branch November 1, 2023 05:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tobim tobim tobim left review comments

@thomaspatzke thomaspatzke thomaspatzke left review comments

@dominiklohmann dominiklohmann dominiklohmann approved these changes

@jachris jachris Awaiting requested review from jachris

Assignees
No one assigned
Labels
feature New functionality operator Source, transformation, and sink
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@mavam @tobim @thomaspatzke @dominiklohmann @jachris