diff --git a/package-lock.json b/package-lock.json index e6b2082e..cf8c212a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -52,7 +52,7 @@ "jsrsasign": "^10.5.23", "kbpgp": "2.1.15", "libbzip2-wasm": "0.0.4", - "libyara-wasm": "^1.1.0", + "libyara-wasm": "^1.2.0", "lodash": "^4.17.21", "loglevel": "^1.8.0", "loglevel-message-prefix": "^3.0.0", @@ -9152,9 +9152,9 @@ "integrity": "sha512-RqscTx95+RTKhFAyjedsboR0Lmo3zd8//EuRwQXkdWmsCwYlzarVRaiYg6kS1O8m10MCQkGdrnlK9L4eAmZUwA==" }, "node_modules/libyara-wasm": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/libyara-wasm/-/libyara-wasm-1.1.0.tgz", - "integrity": "sha512-MI2C4v8JxPN46l3VPWK66HApLPO4rx7n4rGioaSOfbIZikTJIuvI+eRPPnW3K2BXzrOHYj5sMl/RoLlKbXtiLw==" + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/libyara-wasm/-/libyara-wasm-1.2.0.tgz", + "integrity": "sha512-Dx6lnwy/JIuYSAhLcRBqdNBOzzrFoCcthmIuiNHi89P3fObXAxQYajWxOv3OFjXfIyTLr8mqSUSiyzfonbQoXg==" }, "node_modules/lie": { "version": "3.3.0", @@ -21198,9 +21198,9 @@ "integrity": "sha512-RqscTx95+RTKhFAyjedsboR0Lmo3zd8//EuRwQXkdWmsCwYlzarVRaiYg6kS1O8m10MCQkGdrnlK9L4eAmZUwA==" }, "libyara-wasm": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/libyara-wasm/-/libyara-wasm-1.1.0.tgz", - "integrity": "sha512-MI2C4v8JxPN46l3VPWK66HApLPO4rx7n4rGioaSOfbIZikTJIuvI+eRPPnW3K2BXzrOHYj5sMl/RoLlKbXtiLw==" + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/libyara-wasm/-/libyara-wasm-1.2.0.tgz", + "integrity": "sha512-Dx6lnwy/JIuYSAhLcRBqdNBOzzrFoCcthmIuiNHi89P3fObXAxQYajWxOv3OFjXfIyTLr8mqSUSiyzfonbQoXg==" }, "lie": { "version": "3.3.0", diff --git a/package.json b/package.json index a0aa75c1..84c087a2 100644 --- a/package.json +++ b/package.json @@ -128,7 +128,7 @@ "jsrsasign": "^10.5.23", "kbpgp": "2.1.15", "libbzip2-wasm": "0.0.4", - "libyara-wasm": "^1.1.0", + "libyara-wasm": "^1.2.0", "lodash": "^4.17.21", "loglevel": "^1.8.0", "loglevel-message-prefix": "^3.0.0", diff --git a/src/core/operations/YARARules.mjs b/src/core/operations/YARARules.mjs index e654cc6d..4d4346a0 100644 --- a/src/core/operations/YARARules.mjs +++ b/src/core/operations/YARARules.mjs @@ -100,7 +100,7 @@ class YARARules extends Operation { } meta = meta.slice(0, -2) + "]"; } - const countString = showCounts ? `${matches.size()} time${matches.size() > 1 ? "s" : ""}` : ""; + const countString = matches.size() === 0 ? "" : (showCounts ? `${matches.size()} time${matches.size() > 1 ? "s" : ""}` : ""); if (matches.size() === 0 || !(showStrings || showLengths)) { matchString += `Input matches rule "${rule.ruleName}"${meta}${countString.length > 0 ? ` ${countString}`: ""}.\n`; } else { diff --git a/tests/operations/tests/YARA.mjs b/tests/operations/tests/YARA.mjs index 267af2ef..307f10b7 100644 --- a/tests/operations/tests/YARA.mjs +++ b/tests/operations/tests/YARA.mjs @@ -20,5 +20,28 @@ TestRegister.addTests([ } ], }, + { + name: "YARA Match: hashing rules", + input: "Hello World!", + expectedOutput: "Input matches rule \"HelloWorldMD5\".\nInput matches rule \"HelloWorldSHA256\".\n", + recipeConfig: [ + { + "op": "YARA Rules", + "args": [ + `import "hash" + rule HelloWorldMD5 { + condition: + hash.md5(0,filesize) == "ed076287532e86365e841e92bfc50d8c" + } + + rule HelloWorldSHA256 { + condition: + hash.sha256(0,filesize) == "7f83b1657ff1fc53b92dc18148a1d65dfc2d4b1fa3d677284addd200126d9069" + }`, + true, true, true, true + ], + } + ], + }, ]); diff --git a/webpack.config.js b/webpack.config.js index 9db5462d..50c4c731 100644 --- a/webpack.config.js +++ b/webpack.config.js @@ -109,7 +109,8 @@ module.exports = { "buffer": require.resolve("buffer/"), "crypto": require.resolve("crypto-browserify"), "stream": require.resolve("stream-browserify"), - "zlib": require.resolve("browserify-zlib") + "zlib": require.resolve("browserify-zlib"), + "process": false } }, module: {