From d55c8221ad95365dd2f7a38f81fd556c69154079 Mon Sep 17 00:00:00 2001 From: Terrtia Date: Thu, 3 Sep 2020 16:33:10 +0200 Subject: [PATCH] chg: [yara trackers UI] add yara trackers, show default yara rule --- bin/lib/Tracker.py | 16 ++++++++++ var/www/modules/hunter/Flask_hunter.py | 13 +++++---- .../modules/hunter/templates/Add_tracker.html | 29 +++++++++++++++---- 3 files changed, 47 insertions(+), 11 deletions(-) diff --git a/bin/lib/Tracker.py b/bin/lib/Tracker.py index 52c85b67..ff646bfe 100755 --- a/bin/lib/Tracker.py +++ b/bin/lib/Tracker.py @@ -139,6 +139,22 @@ def get_yara_rule_content(yara_rule): rule_content = f.read() return rule_content +def api_get_default_rule_content(default_yara_rule): + yara_dir = get_yara_rules_default_dir() + filename = os.path.join(yara_dir, default_yara_rule) + filename = os.path.realpath(filename) + + # incorrect filename + if not os.path.commonprefix([filename, yara_dir]) == yara_dir: + return ({'status': 'error', 'reason': 'file transversal detected'}, 400) + + if not os.path.isfile(filename): + return ({'status': 'error', 'reason': 'yara rule not found'}, 400) + + with open(filename, 'r') as f: + rule_content = f.read() + return ({'rule_name': default_yara_rule, 'content': rule_content}, 200) + ##-- YARA --## diff --git a/var/www/modules/hunter/Flask_hunter.py b/var/www/modules/hunter/Flask_hunter.py index 48530574..a1281d4c 100644 --- a/var/www/modules/hunter/Flask_hunter.py +++ b/var/www/modules/hunter/Flask_hunter.py @@ -254,12 +254,13 @@ def get_json_tracker_stats(): res = Term.get_list_tracked_term_stats_by_day([tracker_uuid]) return jsonify(res) -# @hunter.route("/tracker/get_all_default_yara_rules_by_type", methods=['GET']) -# @login_required -# @login_read_only -# def get_all_default_yara_rules_by_type(): -# yara_types = request.args.get('yara_types') -# get_all_default_yara_rules_by_types(yara_types) +@hunter.route("/tracker/yara/default_rule/content", methods=['GET']) +@login_required +@login_read_only +def get_default_yara_rule_content(): + default_yara_rule = request.args.get('rule_name') + res = Tracker.api_get_default_rule_content(default_yara_rule) + return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1] # ========= REGISTRATION ========= app.register_blueprint(hunter, url_prefix=baseUrl) diff --git a/var/www/modules/hunter/templates/Add_tracker.html b/var/www/modules/hunter/templates/Add_tracker.html index 0653b834..091d66f5 100644 --- a/var/www/modules/hunter/templates/Add_tracker.html +++ b/var/www/modules/hunter/templates/Add_tracker.html @@ -89,10 +89,10 @@ -
+
- {% for yara_types in all_yara_files %} {% for yara_file in all_yara_files[yara_types] %} @@ -100,12 +100,17 @@ {% endfor %} {% endfor %} + +

+
 										
-
- +
+ +
+ +
-