yarascanner/git.go
Tyler 6f09b9f4c6
All checks were successful
continuous-integration/drone/push Build is passing
Remove erroring rule from signature-base
2021-10-04 22:35:25 -04:00

84 lines
1.6 KiB
Go

package main
import (
"github.com/hillu/go-yara/v4"
"github.com/package-url/packageurl-go"
"gopkg.in/src-d/go-git.v4"
"gopkg.in/src-d/go-git.v4/plumbing"
"gopkg.in/src-d/go-git.v4/plumbing/object"
"gopkg.in/src-d/go-git.v4/storage/memory"
"strings"
)
// Load rules from a git url.
// Supports github, bitbucket, gitlab, and regular git urls.
// Version will be interpreted as a commit hash
func loadRulesFromGit(pkg packageurl.PackageURL, c *yara.Compiler) error {
var repoUrl string
switch pkg.Type {
case "github":
repoUrl = "https://github.com/" + pkg.Namespace + "/" + pkg.Name
case "bitbucket":
repoUrl = "https://bitbucket.com/" + pkg.Namespace + "/" + pkg.Name
case "gitlab":
repoUrl = "https://gitlab.com/" + pkg.Namespace + "/" + pkg.Name
default:
repoUrl = "https://" + pkg.Namespace + "/" + pkg.Name
}
r, err := git.Clone(memory.NewStorage(), nil, &git.CloneOptions{
URL: repoUrl,
})
if err != nil {
return err
}
var hash plumbing.Hash
if pkg.Version != "" {
hash = plumbing.NewHash(pkg.Version)
} else {
ref, err := r.Head()
if err != nil {
return err
}
hash = ref.Hash()
}
commit, err := r.CommitObject(hash)
if err != nil {
return err
}
tree, err := commit.Tree()
if err != nil {
return err
}
tree, err = tree.Tree(pkg.Subpath)
if err != nil {
return err
}
return tree.Files().ForEach(func(f *object.File) error {
contents, err := f.Contents()
if err != nil {
return err
}
if index := strings.Index(contents, "rule SUSP_EXPL_Confluence_RCE_CVE_2021_26084_Indicators_Sep21"); index != -1 {
contents = contents[0:index]
}
return c.AddString(contents, "")
})
}