Merge pull request #34 from CybercentreCanada/feature_change_cli_change_to_no_flag_functionality

CCCS-MA · web-flow · commit c9759cdb6291 · 2020-07-21T10:09:35.000-04:00
First Pass of changes
diff --git a/README.md b/README.md
@@ -79,39 +79,34 @@ yara_validator_cli.py -h
    | |__| |__| |___ ___) |   | |/ ___ \|  _ <  / ___ \ 
     \____\____\____|____/    |_/_/   \_\_| \_\/_/   \_\ 
     
-usage: yara_validator_cli.py [-h] [-r] [-n] [-v] [-vv] [-f] [-w] [-s] [-g]
+usage: yara_validator_cli.py [-h] [-r] [-n] [-v] [-vv] [-f] [-w] [-s]
                              [-i | -c]
                              paths [paths ...]
 
-CCCS YARA script to run the CCCS YARA validator, if the -i or -c flags are not
-provided no changes will be made to the files. The default behavior without
-either of the -i or -c flags is to return the validity of the file or files if
-the -i or -c flag had been used. Use the -g flag to check the current validity
-of the file or files.
+CCCS YARA script to run the CCCS YARA validator, use the -i or -c flags to
+generate the id, fingerprint, version, first_imported, or last_modified (if
+not already present) and add them to the file.
 
 positional arguments:
-  paths                 A list of files or folders to be analyzed.
+  paths                A list of files or folders to be analyzed.
 
 optional arguments:
-  -h, --help            show this help message and exit
-  -r, --recursive       Recursively search folders provided.
-  -n, --no-changes      Makes no changes and outputs potential results to the
-                        output.
-  -v, --verbose         Verbose mode, will print why a rule was invalid.
-  -vv, --very-verbose   Very-verbose mode, will printout what rule is about to
-                        be processed, the invalid rules, the reasons they are
-                        invalid and all contents of the rule.
-  -f, --fail            Fail mode, only prints messages about invalid rules.
-  -w, --warnings        This mode will ignore warnings and proceed with other
-                        behaviors if the rule is valid.
-  -s, --standard        This prints the YARA standard to the screen.
-  -g, --generate-values
-                        Generate-values, this is true by default use this flag
-                        to prevent values from being generated.
-  -i, --in-place        Modifies valid files in place, mutually exclusive with
-                        -c.
-  -c, --create-files    Writes a new file for each valid file, mutually
-                        exclusive with -i.
+  -h, --help           show this help message and exit
+  -r, --recursive      Recursively search folders provided.
+  -n, --no-changes     Makes no changes and outputs potential results to the
+                       output.
+  -v, --verbose        Verbose mode, will print why a rule was invalid.
+  -vv, --very-verbose  Very-verbose mode, will printout what rule is about to
+                       be processed, the invalid rules, the reasons they are
+                       invalid and all contents of the rule.
+  -f, --fail           Fail mode, only prints messages about invalid rules.
+  -w, --warnings       This mode will ignore warnings and proceed with other
+                       behaviors if the rule is valid.
+  -s, --standard       This prints the YARA standard to the screen.
+  -i, --in-place       Modifies valid files in place, mutually exclusive with
+                       -c.
+  -c, --create-files   Writes a new file for each valid file, mutually
+                       exclusive with -i.
   ```
 
 
@@ -197,38 +192,33 @@ yara_validator_cli.py -h
    | |__| |__| |___ ___) |   | |/ ___ \|  _ <  / ___ \ 
     \____\____\____|____/    |_/_/   \_\_| \_\/_/   \_\ 
     
-usage: yara_validator_cli.py [-h] [-r] [-n] [-v] [-vv] [-f] [-w] [-s] [-g]
+usage: yara_validator_cli.py [-h] [-r] [-n] [-v] [-vv] [-f] [-w] [-s]
                              [-i | -c]
                              paths [paths ...]
 
-CCCS YARA script to run the CCCS YARA validator, if the -i or -c flags are not
-provided no changes will be made to the files. The default behavior without
-either of the -i or -c flags is to return the validity of the file or files if
-the -i or -c flag had been used. Use the -g flag to check the current validity
-of the file or files.
+CCCS YARA script to run the CCCS YARA validator, use the -i or -c flags to
+generate the id, fingerprint, version, first_imported, or last_modified (if
+not already present) and add them to the file.
 
 positional arguments:
-  paths                 A list of files or folders to be analyzed.
+  paths                A list of files or folders to be analyzed.
 
 optional arguments:
-  -h, --help            show this help message and exit
-  -r, --recursive       Recursively search folders provided.
-  -n, --no-changes      Makes no changes and outputs potential results to the
-                        output.
-  -v, --verbose         Verbose mode, will print why a rule was invalid.
-  -vv, --very-verbose   Very-verbose mode, will printout what rule is about to
-                        be processed, the invalid rules, the reasons they are
-                        invalid and all contents of the rule.
-  -f, --fail            Fail mode, only prints messages about invalid rules.
-  -w, --warnings        This mode will ignore warnings and proceed with other
-                        behaviors if the rule is valid.
-  -s, --standard        This prints the YARA standard to the screen.
-  -g, --generate-values
-                        Generate-values, this is true by default use this flag
-                        to prevent values from being generated.
-  -i, --in-place        Modifies valid files in place, mutually exclusive with
-                        -c.
-  -c, --create-files    Writes a new file for each valid file, mutually
-                        exclusive with -i.
+  -h, --help           show this help message and exit
+  -r, --recursive      Recursively search folders provided.
+  -n, --no-changes     Makes no changes and outputs potential results to the
+                       output.
+  -v, --verbose        Verbose mode, will print why a rule was invalid.
+  -vv, --very-verbose  Very-verbose mode, will printout what rule is about to
+                       be processed, the invalid rules, the reasons they are
+                       invalid and all contents of the rule.
+  -f, --fail           Fail mode, only prints messages about invalid rules.
+  -w, --warnings       This mode will ignore warnings and proceed with other
+                       behaviors if the rule is valid.
+  -s, --standard       This prints the YARA standard to the screen.
+  -i, --in-place       Modifies valid files in place, mutually exclusive with
+                       -c.
+  -c, --create-files   Writes a new file for each valid file, mutually
+                       exclusive with -i.
   ```
 
diff --git a/yara-validator/yara_validator.py b/yara-validator/yara_validator.py
@@ -509,7 +509,8 @@ def validation(self, rule_to_validate, rule_to_validate_string, generate_values=
                 if value.optional == MetadataOpt.REQ_PROVIDED:
                     valid.update_validity(False, key, 'Missing required metadata')
                 elif value.optional == MetadataOpt.REQ_OPTIONAL:
-                    valid.update_validity(False, key, 'Missing metadata that could have been generated')
+                    valid.update_validity(False, key, '⚙️ Missing metadata that could have been generated with the -i'
+                                                      ' or -c flag for the cli')
             else:
                 if self.required_fields_index[value.position].count > value.max_count and value.max_count != -1:
                     valid.update_validity(False, key, 'Too many instances of metadata value.')
diff --git a/yara_validator_cli.py b/yara_validator_cli.py
@@ -24,11 +24,9 @@
 # Defining the parser and arguments to parse so it be used both when called by the command line and with the git_ci
 # function.
 parser = argparse.ArgumentParser(description='CCCS YARA script to run the CCCS YARA validator, '
-                                             'if the -i or -c flags are not provided no changes '
-                                             'will be made to the files. '
-                                             'The default behavior without either of the -i or -c flags is to return '
-                                             'the validity of the file or files if the -i or -c flag had been used. '
-                                             'Use the -g flag to check the current validity of the file or files.')
+                                             'use the -i or -c flags to generate the id, fingerprint, version, '
+                                             'first_imported, or last_modified (if not already present) and add them '
+                                             'to the file.')
 parser.add_argument('paths', nargs='+', type=str, default=[],
                     help='A list of files or folders to be analyzed.')
 parser.add_argument('-r', '--recursive', action='store_true', default=False, dest='recursive',
@@ -46,9 +44,6 @@
                     help='This mode will ignore warnings and proceed with other behaviors if the rule is valid.')
 parser.add_argument('-s', '--standard', action='store_true', default=False, dest='standard',
                     help='This prints the YARA standard to the screen.')
-parser.add_argument('-g', '--generate-values', action='store_false', default=True, dest='generatevalues',
-                    help='Generate-values, this is true by default use this flag to prevent values from being'
-                         ' generated.')
 
 parser_group = parser.add_mutually_exclusive_group()
 parser_group.add_argument('-i', '--in-place', action='store_true', default=False, dest='inplace',
@@ -182,17 +177,22 @@ def __call_validator(options):
                 y_file=yara_rule_path,
             ))
 
-        yara_file_processor = run_yara_validator(yara_rule_path, options.generatevalues)
-        what_will_be_done = 'make no changes'
-        yara_file_output = None
-
         # handle if we want to overwrite or create new files
         if options.createfile:
+            generate_values = True
             yara_file_output = get_yara_file_new_path(yara_rule_path)
             what_will_be_done = 'create a new file with the {} preface.'.format(YARA_VALID_PREFIX)
         elif options.inplace:
+            generate_values = True
             yara_file_output = yara_rule_path
             what_will_be_done = 'modify the file in place.'
+        else:
+            generate_values = False
+            what_will_be_done = 'make no changes'
+            yara_file_output = None
+
+        yara_file_processor = run_yara_validator(yara_rule_path, generate_values)
+
 
         # Prints the output of the validator.
         file_message = '{message:39}{y_file}'
