Add the information about match context to the database #395

msm-cert · 2024-09-16T15:56:08Z

To implement #38, we'll need to add the information about match context to the database. AFAIK it's not possible to get it directly from Yara-Python (but do check), so it must be worked around by using offset: VirusTotal/yara#1335

This information should be stored for every string in every matched rule (there may be more than one rule). So maybe matches array should be changed to a dict. We can just store hexencoded context in the matches field then (as long as it's not too big).

for example if the rule is

rule test_romanum {
    strings:
        $a = "a"
        $b = "b"
    condition:
        all of them
}

rule test_romanum {
    strings:
        $c = "c"
        $d = "d"
    condition:
        all of them
}

There may be as much as 4 matches. If there are more than one match per string then only the first should be stored, and the rest ignored.

Finally, this information should be exposed via the API (included in the serialized object) like /api/job/{job_id}.

The text was updated successfully, but these errors were encountered:

msm-cert added the zone:backend Backend oriented tasks label Sep 16, 2024

This was referenced Sep 16, 2024

Show the information about matches in the frontend. #396

Open

Show matched strings in matched samples #38

Open

[Meta] Release v1.5 #398

Open

msm-cert added the next-sprint label Sep 17, 2024

msm-cert assigned michalkrzem Sep 19, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add the information about match context to the database #395

Add the information about match context to the database #395

msm-cert commented Sep 16, 2024 •

edited

Loading

Add the information about match context to the database #395

Add the information about match context to the database #395

Comments

msm-cert commented Sep 16, 2024 • edited Loading

msm-cert commented Sep 16, 2024 •

edited

Loading