Skip to content

Commit

Permalink
plugins/crypto_hints: Use AnalysisPluginV0
Browse files Browse the repository at this point in the history
  • Loading branch information
maringuu committed Oct 10, 2023
1 parent 04e334a commit bbc2bea
Show file tree
Hide file tree
Showing 3 changed files with 48 additions and 26 deletions.
37 changes: 30 additions & 7 deletions src/plugins/analysis/crypto_hints/code/crypto_hints.py
Original file line number Diff line number Diff line change
@@ -1,9 +1,32 @@
from analysis.YaraPluginBase import YaraBasePlugin
import io

import pydantic
import typing

class AnalysisPlugin(YaraBasePlugin):
NAME = 'crypto_hints'
DESCRIPTION = 'find indicators of specific crypto algorithms'
DEPENDENCIES = [] # noqa: RUF012
VERSION = '0.1.1'
FILE = __file__
from analysis.plugin import addons, compat
from analysis.plugin import AnalysisPluginV0


class AnalysisPlugin(AnalysisPluginV0, compat.AnalysisBasePluginAdapterMixin):
class Schema(pydantic.BaseModel):
matches: typing.List[dict]

def __init__(self):
metadata = AnalysisPluginV0.MetaData(
name='crypto_hints',
description='find indicators of specific crypto algorithms',
version='0.2.0',
Schema=AnalysisPlugin.Schema,
)
super().__init__(metadata=metadata)

self._yara = addons.Yara(plugin=self)

def summarize(self, result):
return [match['rule'] for match in result.matches]

def analyze(self, file_handle: io.FileIO, virtual_file_path: str, analyses: dict) -> Schema:
del virtual_file_path, analyses
return AnalysisPlugin.Schema(
matches=[compat.yara_match_to_dict(m) for m in self._yara.match(file_handle)],
)
19 changes: 9 additions & 10 deletions src/plugins/analysis/crypto_hints/test/test_crypto_hints.py
Original file line number Diff line number Diff line change
@@ -1,19 +1,18 @@
import io
from pathlib import Path

import pytest

from objects.file import FileObject

from ..code.crypto_hints import AnalysisPlugin

TEST_DATA_DIR = Path(__file__).parent / 'data'


@pytest.mark.AnalysisPluginTestConfig(plugin_class=AnalysisPlugin)
def test_additional_rules(analysis_plugin):
test_file = FileObject(file_path=str(TEST_DATA_DIR / 'additional_rules_test_file'))
processed_file = analysis_plugin.process_object(test_file)
result = processed_file.processed_analysis[analysis_plugin.NAME]
file_path = str(TEST_DATA_DIR / 'additional_rules_test_file')
result = analysis_plugin.analyze(io.FileIO(file_path), {}, {})
summary = analysis_plugin.summarize(result)
for rule in [
'secp256r1',
'AES_Constants',
Expand All @@ -22,12 +21,12 @@ def test_additional_rules(analysis_plugin):
'camellia_constants',
'present_cipher',
]:
assert rule in result
assert rule in summary


@pytest.mark.AnalysisPluginTestConfig(plugin_class=AnalysisPlugin)
def test_basic_scan_feature(analysis_plugin):
test_file = FileObject(file_path=str(TEST_DATA_DIR / 'CRC32_table'))
processed_file = analysis_plugin.process_object(test_file)
result = processed_file.processed_analysis[analysis_plugin.NAME]
assert 'CRC32_table' in result
file_path = str(TEST_DATA_DIR / 'CRC32_table')
result = analysis_plugin.analyze(io.FileIO(file_path), {}, {})
summary = analysis_plugin.summarize(result)
assert 'CRC32_table' in summary
18 changes: 9 additions & 9 deletions src/plugins/analysis/crypto_hints/view/crypto_hints.html
Original file line number Diff line number Diff line change
Expand Up @@ -10,28 +10,28 @@
<col style="width: 600px">
</colgroup>
<tbody class="table-analysis">
{% for key, entry in analysis_result.items() %}
{% for match_dict in analysis_result["matches"] %}
<tr>
{% set row_count = 3 + (1 if entry.meta.date else 0) + (1 if entry.meta.author else 0) %}
{% set row_count = 3 + (1 if match_dict.meta.date else 0) + (1 if match_dict.meta.author else 0) %}
<td class="table-head-light" rowspan={{ row_count }}>{{ loop.index - 1 }}</td>
<td class="table-head-light">Matched Rule</td>
<td class="table-head-light">{{ entry['rule'] }} </td>
<td class="table-head-light">{{ match_dict['rule'] }} </td>
</tr>
<tr>
<td> Description</td>
<td> {{ entry['meta']['description'] }} </td>
<td> {{ match_dict['meta']['description'] }} </td>
</tr>
{% if entry.meta.date %}
{% if match_dict.meta.date %}
<tr>
<td>Rule Version</td>
<td>{{ entry['meta']['date'] }}</td>
<td>{{ match_dict['meta']['date'] }}</td>
</tr>
{% endif %}
{% if entry.meta.author %}
{% if match_dict.meta.author %}
<tr>
<td>Rule Author</td>
<td><a href="https://github.com/Yara-Rules/rules/blob/master/crypto/crypto_signatures.yar">
{{ entry['meta']['author'] }}
{{ match_dict['meta']['author'] }}
</a></td>
</tr>
{% endif %}
Expand All @@ -48,7 +48,7 @@
<td class="table-head-light">name</td>
<td class="table-head-light" style="width: 90%">matched value</td>
</tr>
{% for offset, name, matched_string in entry['strings'] %}
{% for offset, name, matched_string in match_dict['strings'] %}
<tr>
<td> 0x{{ '0%x' % offset }} </td>
<td> {{ name[1:] }} </td>
Expand Down

0 comments on commit bbc2bea

Please sign in to comment.