From 781e0f7e69a74b1fc239c51b8e140476e49acfd4 Mon Sep 17 00:00:00 2001 From: Evan Gibler <20933572+egibs@users.noreply.github.com> Date: Tue, 30 Jul 2024 09:10:47 -0500 Subject: [PATCH] Update go-yara to 4.3.3 (#386) Signed-off-by: egibs <20933572+egibs@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- pkg/compile/compile.go | 26 +++++++++++++------------- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/go.mod b/go.mod index a986b73ce..a10114823 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/fatih/color v1.17.0 github.com/google/go-cmp v0.6.0 github.com/google/go-containerregistry v0.20.1 - github.com/hillu/go-yara/v4 v4.3.2 + github.com/hillu/go-yara/v4 v4.3.3 github.com/liamg/magic v0.0.1 github.com/olekukonko/tablewriter v0.0.5 github.com/ulikunitz/xz v0.5.12 diff --git a/go.sum b/go.sum index 141a717e2..0b4461996 100644 --- a/go.sum +++ b/go.sum @@ -19,8 +19,8 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-containerregistry v0.20.1 h1:eTgx9QNYugV4DN5mz4U8hiAGTi1ybXn0TPi4Smd8du0= github.com/google/go-containerregistry v0.20.1/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= -github.com/hillu/go-yara/v4 v4.3.2 h1:HGqUN3ORUduWZbb95RQjut4UzavGDbtt/C6SnGB3Amk= -github.com/hillu/go-yara/v4 v4.3.2/go.mod h1:AHEs/FXVMQKVVlT6iG9d+q1BRr0gq0WoAWZQaZ0gS7s= +github.com/hillu/go-yara/v4 v4.3.3 h1:O+7iYTZK20fzsXiJyvA0d529RTdnZCrgS6HdE0O7BMg= +github.com/hillu/go-yara/v4 v4.3.3/go.mod h1:AHEs/FXVMQKVVlT6iG9d+q1BRr0gq0WoAWZQaZ0gS7s= github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI= diff --git a/pkg/compile/compile.go b/pkg/compile/compile.go index b480a9aae..accd2af51 100644 --- a/pkg/compile/compile.go +++ b/pkg/compile/compile.go @@ -9,6 +9,7 @@ import ( "io/fs" "log/slog" "path/filepath" + "strings" "github.com/chainguard-dev/bincapz/rules" "github.com/chainguard-dev/clog" @@ -113,20 +114,20 @@ func Recursive(ctx context.Context, fss []fs.FS) (*yara.Rules, error) { warnings := map[string]string{} for _, ycw := range yc.Warnings { clog.WarnContext(ctx, "warning", slog.String("filename", ycw.Filename), slog.Int("line", ycw.Line), slog.String("text", ycw.Text)) - if ycw.Rule == nil { + if ycw.Rule == "" { continue } - - id := fmt.Sprintf("%s:%s", ycw.Rule.Namespace(), ycw.Rule.Identifier()) - clog.WarnContext(ctx, "rule has warning", "id", id) + parts := strings.Split(ycw.Rule, ".") + id := parts[len(parts)-1] warnings[id] = ycw.Text + clog.WarnContext(ctx, "rule has warning", id) } errors := []string{} for _, yce := range yc.Errors { clog.ErrorContext(ctx, "error", slog.String("filename", yce.Filename), slog.Int("line", yce.Line), slog.String("text", yce.Text)) - if yce.Rule != nil { - clog.ErrorContext(ctx, "defective rule", slog.String("namespace", yce.Rule.Namespace()), slog.String("id", yce.Rule.Identifier())) + if yce.Rule != "" { + clog.ErrorContext(ctx, "defective rule", slog.String("rule", yce.Rule)) } errors = append(errors, yce.Text) } @@ -138,28 +139,27 @@ func Recursive(ctx context.Context, fss []fs.FS) (*yara.Rules, error) { if err != nil { return nil, err } - for _, r := range rs.GetRules() { - if badRules[r.Identifier()] { - clog.InfoContext(ctx, "info", slog.String("namespace", r.Namespace()), slog.String("id", r.Identifier()), slog.String("reason", "disabled (known bad rule)")) + id := r.Identifier() + if badRules[id] { + clog.InfoContext(ctx, "info", slog.String("namespace", r.Namespace()), slog.String("id", id), slog.String("reason", "disabled (known bad rule)")) r.Disable() } - id := fmt.Sprintf("%s:%s", r.Namespace(), r.Identifier()) warning := warnings[id] if warning == "" { continue } // use rule name instead of filename to lower maintenance in the face of renames - keep, known := rulesWithWarnings[r.Identifier()] + keep, known := rulesWithWarnings[id] if keep { continue } if !known { - clog.ErrorContext(ctx, "error", slog.String("namespace", r.Namespace()), slog.String("id", r.Identifier()), slog.String("disabled due to unexpected warning", warnings[id])) + clog.ErrorContext(ctx, "error", slog.String("namespace", r.Namespace()), slog.String("id", id), slog.String("disabled due to unexpected warning", warnings[id])) } else { - clog.InfoContext(ctx, "info", slog.String("namespace", r.Namespace()), slog.String("id", r.Identifier()), slog.String("disabled due to expected warning", warnings[id])) + clog.InfoContext(ctx, "info", slog.String("namespace", r.Namespace()), slog.String("id", id), slog.String("disabled due to expected warning", warnings[id])) } r.Disable() }