From b2760a4ba4f8dc6258c180eed2a6f753226d2290 Mon Sep 17 00:00:00 2001 From: Fabien Bloume <15647296+nusantara-self@users.noreply.github.com> Date: Fri, 28 Feb 2025 19:43:15 +0900 Subject: [PATCH] Update yara_analyzer.py - Fixes --- analyzers/Yara/yara_analyzer.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/analyzers/Yara/yara_analyzer.py b/analyzers/Yara/yara_analyzer.py index e50149b1f..a630bc3c5 100755 --- a/analyzers/Yara/yara_analyzer.py +++ b/analyzers/Yara/yara_analyzer.py @@ -149,12 +149,15 @@ def download_rules_from_github_url(self, url, token): def __init__(self): Analyzer.__init__(self) - self.rulepaths = self.get_param('config.rules', None, 'No paths for rules provided.') + self.rulepaths = self.get_param('config.rules', [], 'No paths for rules provided.') if not self.rulepaths: self.rulepaths = [] # Ensure it's a list even if nothing was provided elif isinstance(self.rulepaths, str): self.rulepaths = [self.rulepaths] + # Filter out any None values from the list + self.rulepaths = [rp for rp in self.rulepaths if rp is not None and rp != ''] + self.github_urls = self.get_param('config.github_urls', None, 'No GitHub URLs provided.') self.github_token = self.get_param('config.github_token', None, 'No GitHub PAT provided.') @@ -238,7 +241,7 @@ def check(self, file_path): decoded_strings = [] for s in match.strings: try: - matched_text = s[2].decode(errors='ignore') + matched_text = s.data.decode(errors='ignore') except Exception as e: matched_text = f"" @@ -324,4 +327,4 @@ def run(self): if __name__ == '__main__': - YaraAnalyzer().run() \ No newline at end of file + YaraAnalyzer().run()