Merge pull request #1718 from kevoreilly/private

private folder integration
kevoreilly · Aug 29, 2023 · 1715f71 · 1715f71
2 parents e302624 + 2f675e2
commit 1715f71
Show file tree

Hide file tree

Showing 11 changed files with 26 additions and 24 deletions.
diff --git a/lib/cuckoo/common/objects.py b/lib/cuckoo/common/objects.py
@@ -74,10 +74,14 @@
     import yara
 
     HAVE_YARA = True
+    if not int(yara.__version__[0]) >= 4:
+        raise ImportError("Missed library. Run: poetry install")
 except ImportError:
+    print("Missed library. Run: poetry install")
     HAVE_YARA = False
 
 
+
 log = logging.getLogger(__name__)
 
 yara_error = {
@@ -438,28 +442,28 @@ def init_yara(self):
         """Generates index for yara signatures."""
 
         categories = ("binaries", "urls", "memory", "CAPE", "macro", "monitor")
-
         log.debug("Initializing Yara...")
 
         # Generate root directory for yara rules.
         yara_root = os.path.join(CUCKOO_ROOT, "data", "yara")
-
+        priacte_yara_root = os.path.join(CUCKOO_ROOT, "private", "yara")
         # Loop through all categories.
         for category in categories:
+            rules, indexed = {}, []
             # Check if there is a directory for the given category.
-            category_root = os.path.join(yara_root, category)
-            if not path_exists(category_root):
-                log.warning("Missing Yara directory: %s?", category_root)
-                continue
+            for path in (yara_root, priacte_yara_root):
+                category_root = os.path.join(path, category)
+                if not path_exists(category_root):
+                    log.warning("Missing Yara directory: %s?", category_root)
+                    continue
 
-            rules, indexed = {}, []
-            for category_root, _, filenames in os.walk(category_root, followlinks=True):
-                for filename in filenames:
-                    if not filename.endswith((".yar", ".yara")):
-                        continue
-                    filepath = os.path.join(category_root, filename)
-                    rules[f"rule_{category}_{len(rules)}"] = filepath
-                    indexed.append(filename)
+                for category_root, _, filenames in os.walk(category_root, followlinks=True):
+                    for filename in filenames:
+                        if not filename.endswith((".yar", ".yara")):
+                            continue
+                        filepath = os.path.join(category_root, filename)
+                        rules[f"rule_{category}_{len(rules)}"] = filepath
+                        indexed.append(filename)
 
                 # Need to define each external variable that will be used in the
             # future. Otherwise Yara will complain.

diff --git a/lib/cuckoo/core/startup.py b/lib/cuckoo/core/startup.py
@@ -20,6 +20,10 @@
 import modules.processing
 import modules.reporting
 import modules.signatures
+
+# Private
+import private.signatures
+
 from lib.cuckoo.common.colors import cyan, red, yellow
 from lib.cuckoo.common.config import Config
 from lib.cuckoo.common.constants import CUCKOO_ROOT
@@ -31,15 +35,6 @@
 from lib.cuckoo.core.plugins import import_package, import_plugin, list_plugins
 from lib.cuckoo.core.rooter import rooter, socks5s, vpns
 
-try:
-    import yara
-
-    HAVE_YARA = True
-    if not int(yara.__version__[0]) >= 4:
-        raise ImportError("Missed library: poetry run pip install yara-python>=4.0.0 -U")
-except ImportError:
-    print("Missed library: poetry run pip install yara-python>=4.0.0 -U")
-    HAVE_YARA = False
 
 log = logging.getLogger()
 
@@ -259,8 +254,10 @@ def init_modules():
     import_package(modules.processing)
     # Import all signatures.
     import_package(modules.signatures)
+    # Import all private signatures
+    import_package(private.signatures)
     if len(os.listdir(os.path.join(CUCKOO_ROOT, "modules", "signatures"))) < 5:
-        log.warning("Suggestion: looks like you didn't install community, execute: python3 utils/community.py -h")
+        log.warning("Suggestion: looks like you didn't install community, execute: poetry run python utils/community.py -h")
     # Import all reporting modules.
     import_package(modules.reporting)
     # Import all feeds modules.

diff --git a/private/README.md b/private/README.md
@@ -0,0 +1 @@
+### All custom signatures, yaras, etc should be placed in this folder
diff --git a/private/parsers/__init__.py b/private/parsers/__init__.py
diff --git a/private/signatures/__init__.py b/private/signatures/__init__.py
diff --git a/private/yara/CAPE/.placeholder b/private/yara/CAPE/.placeholder
diff --git a/private/yara/binaries/.placeholder b/private/yara/binaries/.placeholder
diff --git a/private/yara/macro/.placeholder b/private/yara/macro/.placeholder
diff --git a/private/yara/memory/.placeholder b/private/yara/memory/.placeholder
diff --git a/private/yara/monitor/.placeholder b/private/yara/monitor/.placeholder
diff --git a/private/yara/urls/.placeholder b/private/yara/urls/.placeholder
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		### All custom signatures, yaras, etc should be placed in this folder