yaralyzer 1.0.8__py3-none-any.whl → 1.0.9__py3-none-any.whl

yaralyzer/util/argument_parser.py

@@ -218,9 +218,16 @@ YaralyzerConfig.set_argument_parser(parser)
 
 def parse_arguments(args: Optional[Namespace] = None):
     """
-    Parse command line args. Most settings can be communicated to the app by setting env vars.
-    If args are passed neither rules nor a regex need be provided as it is assumed
-    the constructor will instantiate a Yaralyzer object directly.
+    Parse command line args. Most arguments can also be communicated to the app by setting env vars.
+    If `args` are passed neither rules nor a regex need be provided as it is assumed
+    the constructor will instantiate a `Yaralyzer` object directly.
+
+    Args:
+        args (Optional[Namespace], optional): If provided, use these args instead of parsing from command line.
+            Defaults to `None`.
+
+    Raises:
+        ArgumentError: If args are invalid.
     """
     if '--version' in sys.argv:
         print(f"yaralyzer {version('yaralyzer')}")
@@ -282,6 +289,7 @@ def parse_arguments(args: Optional[Namespace] = None):
 
 
 def get_export_basepath(args: Namespace, yaralyzer: Yaralyzer):
+    """Get the basepath (directory + filename without extension) for exported files."""
     file_prefix = (args.file_prefix + '_') if args.file_prefix else ''
     args.output_basename  = f"{file_prefix}{yaralyzer._filename_string()}"  # noqa: E221
     args.output_basename += f"__maxdecode{YaralyzerConfig.args.max_decode_length}"

yaralyzer/util/logging.py

@@ -1,28 +1,34 @@
 """
-There's two possible log sinks other than STDOUT:
+Handle logging for `yaralyzer`.
 
-  1. 'log' - the application log (standard log, what goes to STDOUT with -D option)
+There's two possible log sinks other than `STDOUT`:
+
+  1. 'log' - the application log (standard log, what goes to `STDOUT` with `-D` option)
   2. 'invocation_log' - tracks the exact command yaralyzer was invoked with, similar to a history file
 
-The regular log file at APPLICATION_LOG_PATH is where the quite verbose application logs
+The regular log file at `APPLICATION_LOG_PATH` is where the quite verbose application logs
 will be written if things ever need to get that formal. For now those logs are only accessible
-on STDOUT with the -D flag but the infrastructure for persistent logging exists if someone
+on `STDOUT` with the `-D` flag but the infrastructure for persistent logging exists if someone
 needs/wants that sort of thing.
 
-Logs are not normally ephemeral/not written  to files but can be configured to do so by setting
-the YARALYZER_LOG_DIR env var. See .yaralyzer.example for documentation about the side effects of setting
-YARALYZER_LOG_DIR to a value.
+Logs are not normally ephemeral/not written to files but can be configured to do so by setting
+the `YARALYZER_LOG_DIR` env var. See `.yaralyzer.example` for documentation about the side effects
+of setting `YARALYZER_LOG_DIR` to a value.
+
+* [logging.basicConfig](https://docs.python.org/3/library/logging.html#logging.basicConfig)
 
-https://docs.python.org/3/library/logging.html#logging.basicConfig
-https://realpython.com/python-logging/
+* [realpython.com/python-logging/](https://realpython.com/python-logging/)
 
 Python log levels for reference:
+
+```
     CRITICAL 50
     ERROR 40
     WARNING 30
     INFO 20
     DEBUG 10
     NOTSET 0
+```
 """
 import logging
 import sys
@@ -37,13 +43,22 @@ ARGPARSE_LOG_FORMAT = '{0: >30}    {1: <17} {2: <}\n'
 
 
 def configure_logger(log_label: str) -> logging.Logger:
-    """Set up a file or stream logger depending on the configuration."""
+    """
+    Set up a file or stream `logger` depending on the configuration.
+
+    Args:
+        log_label (str): The label for the `logger`, e.g. "run" or "invocation".
+            Actual name will be `"yaralyzer.{log_label}"`.
+
+    Returns:
+        logging.Logger: The configured `logger`.
+    """
     log_name = f"yaralyzer.{log_label}"
     logger = logging.getLogger(log_name)
 
     if YaralyzerConfig.LOG_DIR:
         if not path.isdir(YaralyzerConfig.LOG_DIR) or not path.isabs(YaralyzerConfig.LOG_DIR):
-            raise RuntimeError(f"Log dir '{YaralyzerConfig.LOG_DIR}' doesn't exist or is not absolute")
+            raise FileNotFoundError(f"Log dir '{YaralyzerConfig.LOG_DIR}' doesn't exist or is not absolute")
 
         log_file_path = path.join(YaralyzerConfig.LOG_DIR, f"{log_name}.log")
         log_formatter = logging.Formatter('%(asctime)s %(levelname)s %(message)s')
@@ -70,14 +85,14 @@ if YaralyzerConfig.LOG_DIR:
     invocation_log.setLevel('INFO')
 
 
-def log_and_print(msg: str, log_level='INFO'):
-    """Both print and log (at INFO level) a string."""
+def log_and_print(msg: str, log_level: str = 'INFO'):
+    """Both print (to console) and log (to file) a string."""
     log.log(logging.getLevelName(log_level), msg)
     print(msg)
 
 
 def log_current_config():
-    """Write current state of YaralyzerConfig object to the logs."""
+    """Write current state of `YaralyzerConfig` object to the logs."""
     msg = f"{YaralyzerConfig.__name__} current attributes:\n"
     config_dict = {k: v for k, v in vars(YaralyzerConfig).items() if not k.startswith('__')}
 
@@ -88,14 +103,14 @@ def log_current_config():
 
 
 def log_invocation() -> None:
-    """Log the command used to launch the yaralyzer to the invocation log."""
+    """Log the command used to launch the `yaralyzer` to the invocation log."""
     msg = f"THE INVOCATION: '{' '.join(sys.argv)}'"
     log.info(msg)
     invocation_log.info(msg)
 
 
 def log_argparse_result(args, label: str):
-    """Logs the result of argparse."""
+    """Logs the result of `argparse`."""
     args_dict = vars(args)
     log_msg = f'{label} argparse results:\n' + ARGPARSE_LOG_FORMAT.format('OPTION', 'TYPE', 'VALUE')
 

yaralyzer/yara/yara_match.py

@@ -1,17 +1,22 @@
 """
-Rich text decorator for YARA match dicts, which look like this:
-
-{
-    'tags': ['foo', 'bar'],
-    'matches': True,
-    'namespace': 'default',
-    'rule': 'my_rule',
-    'meta': {},
-    'strings': [
-        StringMatch1,
-        StringMatch2
-    ]
-}
+Rich text decorator for YARA match dicts.
+
+A YARA match is returned as a `dict` with this structure:
+
+Example:
+    ```
+    {
+        'tags': ['foo', 'bar'],
+        'matches': True,
+        'namespace': 'default',
+        'rule': 'my_rule',
+        'meta': {},
+        'strings': [
+            StringMatch1,
+            StringMatch2
+        ]
+    }
+    ```
 """
 import re
 from numbers import Number
@@ -30,11 +35,12 @@ from yaralyzer.output.rich_console import console_width, theme_colors_with_prefi
 from yaralyzer.util.logging import log
 
 MATCH_PADDING = (0, 0, 0, 1)
-URL_REGEX = re.compile('^https?:')
+
+DATE_REGEX = re.compile('\\d{4}-\\d{2}-\\d{2}')
 DIGITS_REGEX = re.compile("^\\d+$")
 HEX_REGEX = re.compile('^[0-9A-Fa-f]+$')
-DATE_REGEX = re.compile('\\d{4}-\\d{2}-\\d{2}')
 MATCHER_VAR_REGEX = re.compile('\\$[a-z_]+')
+URL_REGEX = re.compile('^https?:')
 
 YARA_STRING_STYLES: Dict[re.Pattern, str] = {
     URL_REGEX: 'yara.url',
@@ -50,14 +56,21 @@ RAW_YARA_THEME_TXT.justify = CENTER
 
 
 class YaraMatch:
+    """Rich text decorator for YARA match dicts."""
+
     def __init__(self, match: dict, matched_against_bytes_label: Text) -> None:
+        """
+        Args:
+            match (dict): The YARA match dict.
+            matched_against_bytes_label (Text): Label indicating what bytes were matched against.
+        """
         self.match = match
         self.rule_name = match['rule']
         self.label = matched_against_bytes_label.copy().append(f" matched rule: '", style='matched_rule')
         self.label.append(self.rule_name, style='on bright_red bold').append("'!", style='siren')
 
     def __rich_console__(self, _console: Console, options: ConsoleOptions) -> RenderResult:
-        """Renders a panel showing the color highlighted raw YARA match info."""
+        """Renders a rich `Panel` showing the color highlighted raw YARA match info."""
         yield Text("\n")
         yield Padding(Panel(self.label, expand=False, style=f"on color(251) reverse"), MATCH_PADDING)
         yield RAW_YARA_THEME_TXT
@@ -65,7 +78,16 @@ class YaraMatch:
 
 
 def _rich_yara_match(element: Any, depth: int = 0) -> Text:
-    """Painful/hacky way of recursively coloring a yara result hash."""
+    """
+    Painful/hacky way of recursively coloring a YARA match dict.
+
+    Args:
+        element (Any): The element to render (can be `dict`, `list`, `str`, `bytes`, `int`, `bool`).
+        depth (int): Current recursion depth (used for indentation).
+
+    Returns:
+        Text: The rich `Text` representation of the element.
+    """
     indent = Text((depth + 1) * INDENT_SPACES)
     end_indent = Text(depth * INDENT_SPACES)
 
@@ -130,6 +152,7 @@ def _rich_yara_match(element: Any, depth: int = 0) -> Text:
 
 
 def _yara_string(_string: str) -> Text:
+    """Apply special styles to certain types of yara strings (e.g. URLs, numbers, hex, dates, matcher vars)."""
     for regex in YARA_STRING_STYLES.keys():
         if regex.match(_string):
             return Text(_string, YARA_STRING_STYLES[regex])

yaralyzer/yara/yara_rule_builder.py

@@ -1,6 +1,9 @@
 """
-Builds bare bones YARA rules to match strings and regex patterns. Example rule string:
+Builds bare bones YARA rules to match strings and regex patterns.
 
+Example rule string:
+
+```
 rule Just_A_Piano_Man {
     meta:
         author           = "Tim"
@@ -9,19 +12,23 @@ rule Just_A_Piano_Man {
     condition:
         $hilton_producer
 }
+```
 """
 import re
-from typing import Optional
+from typing import Literal, Optional
 
 import yara
 
 from yaralyzer.config import YARALYZE
 from yaralyzer.util.logging import log
 
+PatternType = Literal['hex', 'regex']
+YaraModifierType = Literal['ascii', 'fullword', 'nocase', 'wide']
+
 HEX = 'hex'
+PATTERN = 'pattern'
 REGEX = 'regex'
 RULE = 'rule'
-PATTERN = 'pattern'
 UNDERSCORE = '_'
 YARA_REGEX_MODIFIERS = ['nocase', 'ascii', 'wide', 'fullword']
 
@@ -60,12 +67,25 @@ rule {rule_name} {{
 
 def yara_rule_string(
     pattern: str,
-    pattern_type: str = REGEX,
+    pattern_type: PatternType = REGEX,
     rule_name: str = YARALYZE,
     pattern_label: Optional[str] = PATTERN,
-    modifier: Optional[str] = None
+    modifier: Optional[YaraModifierType] = None
 ) -> str:
-    """Build a YARA rule string for a given pattern"""
+    """
+    Build a YARA rule string for a given `pattern`.
+
+    Args:
+        pattern (str): The string or regex pattern to match.
+        pattern_type (str): Either `"regex"` or `"hex"`. Default is `"regex"`.
+        rule_name (str): The name of the YARA rule. Default is `"YARALYZE"`.
+        pattern_label (Optional[str]): The label for the pattern in the YARA rule. Default is `"pattern"`.
+        modifier (Optional[str]): Optional regex modifier (e.g. 'nocase', 'ascii', 'wide', 'fullword').
+            Only valid if `pattern_type` is `"regex"`.
+
+    Returns:
+        str: The constructed YARA rule as a string.
+    """
     if not (modifier is None or modifier in YARA_REGEX_MODIFIERS):
         raise TypeError(f"Modifier '{modifier}' is not one of {YARA_REGEX_MODIFIERS}")
 
@@ -73,6 +93,8 @@ def yara_rule_string(
         pattern = f"/{pattern}/"
     elif pattern_type == HEX:
         pattern = f"{{{pattern}}}"
+    else:
+        raise ValueError(f"pattern_type must be either '{REGEX}' or '{HEX}'")
 
     if modifier:
         pattern += f" {modifier}"
@@ -81,7 +103,8 @@ def yara_rule_string(
         rule_name=rule_name,
         pattern_label=pattern_label,
         pattern=pattern,
-        modifier='' if modifier is None else f" {modifier}")
+        modifier='' if modifier is None else f" {modifier}"
+    )
 
     log.debug(f"Built YARA rule: \n{rule}")
     return rule
@@ -89,18 +112,39 @@ def yara_rule_string(
 
 def build_yara_rule(
     pattern: str,
-    pattern_type: str = REGEX,
+    pattern_type: PatternType = REGEX,
     rule_name: str = YARALYZE,
     pattern_label: Optional[str] = PATTERN,
-    modifier: Optional[str] = None
+    modifier: Optional[YaraModifierType] = None
 ) -> yara.Rule:
-    """Build a compiled YARA rule"""
+    """
+    Build a compiled `yara.Rule` object.
+
+    Args:
+        pattern (str): The string or regex pattern to match.
+        pattern_type (str): Either `"regex"` or `"hex"`. Default is `"regex"`.
+        rule_name (str): The name of the YARA rule. Default is `"YARALYZE"`.
+        pattern_label (Optional[str]): The label for the pattern in the YARA rule. Default is `"pattern"`.
+        modifier (Optional[str]): Optional regex modifier (e.g. 'nocase', 'ascii', 'wide', 'fullword').
+            Only valid if `pattern_type` is `"regex"`.
+
+    Returns:
+        yara.Rule: Compiled YARA rule object.
+    """
     rule_string = yara_rule_string(pattern, pattern_type, rule_name, pattern_label, modifier)
     return yara.compile(source=rule_string)
 
 
 def safe_label(_label: str) -> str:
-    """YARA rule and pattern names can only contain alphanumeric chars"""
+    """
+    YARA rule and pattern names can only contain alphanumeric chars.
+
+    Args:
+        _label (str): The label to sanitize.
+
+    Returns:
+        str: A sanitized label safe for use in YARA rules.
+    """
     label = _label
 
     for char, replacement in SAFE_LABEL_REPLACEMENTS.items():

yaralyzer/yaralyzer.py

@@ -1,10 +1,11 @@
 """Main Yaralyzer class and alternate constructors."""
 from os import path
-from typing import Iterator, List, Optional, Tuple, Union
+from typing import Callable, Iterator, List, Optional, Tuple, Union
 
 import yara
 from rich.console import Console, ConsoleOptions, RenderResult
 from rich.padding import Padding
+from rich.style import Style
 from rich.text import Text
 
 from yaralyzer.bytes_match import BytesMatch
@@ -26,7 +27,7 @@ YARA_FILE_DOES_NOT_EXIST_ERROR_MSG = "is not a valid yara rules file (it doesn't
 # TODO: might be worth introducing a Scannable namedtuple or similar
 class Yaralyzer:
     """
-    Central class that handles setting up / compiling rules and reading binary data from files as needed.
+    Central class that handles setting up / compiling YARA rules and reading binary data from files as needed.
 
     Alternate constructors are provided depending on whether:
 
@@ -38,7 +39,18 @@ class Yaralyzer:
 
     * YARA rules should be read from a directory of .yara files
 
-    The real action happens in the __rich__console__() dunder method.
+    The real action happens in the `__rich__console__()` dunder method.
+
+    Attributes:
+        bytes (bytes): The binary data to scan.
+        bytes_length (int): The length of the binary data.
+        scannable_label (str): A label for the binary data, typically the filename or a user-provided label.
+        rules (yara.Rules): The compiled YARA rules to use for scanning.
+        rules_label (str): A label for the ruleset, typically derived from filenames or user input.
+        highlight_style (str): The style to use for highlighting matches in the output.
+        non_matches (List[dict]): A list of YARA rules that did not match the binary data.
+        matches (List[YaraMatch]): A list of YaraMatch objects representing the matches found.
+        extraction_stats (RegexMatchMetrics): Metrics related to decoding attempts on matched data
     """
 
     def __init__(
@@ -50,17 +62,22 @@ class Yaralyzer:
         highlight_style: str = YaralyzerConfig.HIGHLIGHT_STYLE
     ) -> None:
         """
-        Initialize a Yaralyzer instance for scanning binary data with YARA rules.
+        Initialize a `Yaralyzer` instance for scanning binary data with YARA rules.
 
         Args:
-            rules (Union[str, yara.Rules]): YARA rules to use for scanning. Can be a string (YARA rule source) or a pre-compiled yara.Rules object. If a string is provided, it will be compiled.
+            rules (Union[str, yara.Rules]): YARA rules to use for scanning. Can be a string or a pre-compiled
+                `yara.Rules` object (strings will be compiled to an instance of `yara.Rules`).
             rules_label (str): Label to identify the ruleset in output and logs.
-            scannable (Union[bytes, str]): The data to scan. If bytes, raw data is scanned; if str, it is treated as a file path to load bytes from.
-            scannable_label (Optional[str], optional): Label for the scannable data. Required if scannable is bytes. If scannable is a file path, defaults to the file's basename.
-            highlight_style (str, optional): Style to use for highlighting matches in output. Defaults to YaralyzerConfig.HIGHLIGHT_STYLE.
+            scannable (Union[bytes, str]): The data to scan. If it's `bytes` type then that data is scanned;
+                if it's a string it is treated as a file path to load bytes from.
+            scannable_label (Optional[str], optional): Label for the `scannable` arg data.
+                Required if `scannable` is `bytes`.
+                If `scannable` is a file path `scannable_label` will default to the file's basename.
+            highlight_style (str, optional): Style to use for highlighting matches in output.
+                Defaults to `YaralyzerConfig.HIGHLIGHT_STYLE`.
 
         Raises:
-            TypeError: If scannable is bytes and scannable_label is not provided.
+            TypeError: If `scannable` is `bytes` and `scannable_label` is not provided.
         """
         if 'args' not in vars(YaralyzerConfig):
             YaralyzerConfig.set_default_args()
@@ -72,7 +89,7 @@ class Yaralyzer:
 
         if isinstance(scannable, bytes):
             if scannable_label is None:
-                raise TypeError("Must provide scannable_label arg when yaralyzing raw bytes")
+                raise TypeError("Must provide 'scannable_label' arg when yaralyzing raw bytes")
 
             self.bytes: bytes = scannable
             self.scannable_label: str = scannable_label
@@ -101,13 +118,26 @@ class Yaralyzer:
         scannable: Union[bytes, str],
         scannable_label: Optional[str] = None
     ) -> 'Yaralyzer':
-        """Alternate constructor to load yara rules from files and label rules with the filenames."""
+        """
+        Alternate constructor to load YARA rules from files and label rules with the filenames.
+
+        Args:
+            yara_rules_files (List[str]): List of file paths to YARA rules files.
+            scannable (Union[bytes, str]): The data to scan. If `bytes`, raw data is scanned;
+                if `str`, it is treated as a file path to load bytes from.
+            scannable_label (Optional[str], optional): Label for the `scannable` data.
+                Required if `scannable` is `bytes`. If scannable is a file path, defaults to the file's basename.
+
+        Raises:
+            TypeError: If `yara_rules_files` is not a list.
+            FileNotFoundError: If any file in `yara_rules_files` does not exist.
+        """
         if not isinstance(yara_rules_files, list):
             raise TypeError(f"{yara_rules_files} is not a list")
 
         for file in yara_rules_files:
             if not path.exists(file):
-                raise ValueError(f"'{file}' {YARA_FILE_DOES_NOT_EXIST_ERROR_MSG}")
+                raise FileNotFoundError(f"'{file}' {YARA_FILE_DOES_NOT_EXIST_ERROR_MSG}")
 
         filepaths_arg = {path.basename(file): file for file in yara_rules_files}
 
@@ -126,9 +156,21 @@ class Yaralyzer:
         scannable: Union[bytes, str],
         scannable_label: Optional[str] = None
     ) -> 'Yaralyzer':
-        """Alternate constructor that will load all .yara files in yara_rules_dir."""
+        """
+        Alternate constructor that will load all `.yara` files in `yara_rules_dir`.
+
+        Args:
+            dirs (List[str]): List of directories to search for `.yara` files.
+            scannable (Union[bytes, str]): The data to scan. If `bytes`, raw data is scanned;
+                if `str`, it is treated as a file path to load bytes from.
+            scannable_label (Optional[str], optional): Label for the `scannable` data.
+                Required if `scannable` is `bytes`. If scannable is a file path, defaults to the file's basename.
+
+        Raises:
+            FileNotFoundError: If `dirs` is not a list of valid directories.
+        """
         if not (isinstance(dirs, list) and all(path.isdir(dir) for dir in dirs)):
-            raise TypeError(f"'{dirs}' is not a list of valid directories")
+            raise FileNotFoundError(f"'{dirs}' is not a list of valid directories")
 
         rules_files = [path.join(dir, f) for dir in dirs for f in files_in_dir(dir)]
         return cls.for_rules_files(rules_files, scannable, scannable_label)
@@ -144,7 +186,22 @@ class Yaralyzer:
         pattern_label: Optional[str] = None,
         regex_modifier: Optional[str] = None,
     ) -> 'Yaralyzer':
-        """Constructor taking regex pattern strings. Rules label defaults to patterns joined by comma."""
+        """
+        Alternate constructor taking regex pattern strings. Rules label defaults to the patterns joined by comma.
+
+        Args:
+            patterns (List[str]): List of regex or hex patterns to build rules from.
+            patterns_type (str): Either `"regex"` or `"hex"` to indicate the type of patterns provided.
+            scannable (Union[bytes, str]): The data to scan. If `bytes`, raw data is scanned;
+                if `str`, it is treated as a file path to load bytes from.
+            scannable_label (Optional[str], optional): Label for the `scannable` data.
+                Required if `scannable` is `bytes`.
+                If scannable is a file path, defaults to the file's basename.
+            rules_label (Optional[str], optional): Label for the ruleset. Defaults to the patterns joined by comma.
+            pattern_label (Optional[str], optional): Label for each pattern in the YARA rules. Defaults to "pattern".
+            regex_modifier (Optional[str], optional): Optional regex modifier (e.g. "nocase", "ascii", "wide", etc).
+                Only valid if `patterns_type` is `"regex"`.
+        """
         rule_strings = []
 
         for i, pattern in enumerate(patterns):
@@ -167,7 +224,12 @@ class Yaralyzer:
         console.print(self)
 
     def match_iterator(self) -> Iterator[Tuple[BytesMatch, BytesDecoder]]:
-        """Iterator version of yaralyze. Yields match and decode data tuple back to caller."""
+        """
+        Iterator version of `yaralyze()`.
+
+        Yields:
+            Tuple[BytesMatch, BytesDecoder]: Match and decode data tuple.
+        """
         self.rules.match(data=self.bytes, callback=self._yara_callback)
 
         for yara_match in self.matches:
@@ -181,8 +243,16 @@ class Yaralyzer:
 
         self._print_non_matches()
 
-    def _yara_callback(self, data: dict):
-        """YARA callback to handle matches and non-matches as they are discovered."""
+    def _yara_callback(self, data: dict) -> Callable:
+        """
+        Callback invoked by `yara-python` to handle matches and non-matches as they are discovered.
+
+        Args:
+            data (dict): Data provided when `yara-python` invokes the callback.
+
+        Returns:
+            Callable: Always returns `yara.CALLBACK_CONTINUE` to signal `yara-python` should continue processing.
+        """
         if data['matches']:
             self.matches.append(YaraMatch(data, self._panel_text()))
         else:
@@ -212,11 +282,11 @@ class Yaralyzer:
         styles = [reverse_color(YARALYZER_THEME.styles[f"yara.{s}"]) for s in ('scanned', 'rules')]
         return self.__text__(*styles)
 
-    def _filename_string(self):
+    def _filename_string(self) -> str:
         """The string to use when exporting this yaralyzer to SVG/HTML/etc."""
         return str(self).replace('>', '').replace('<', '').replace(' ', '_')
 
-    def __text__(self, byte_style: str = 'yara.scanned', rule_style: str = 'yara.rules') -> Text:
+    def __text__(self, byte_style: Style | str = 'yara.scanned', rule_style: Style | str = 'yara.rules') -> Text:
         """Text representation of this YARA scan (__text__() was taken)."""
         txt = Text('').append(self.scannable_label, style=byte_style or 'yara.scanned')
         return txt.append(' scanned with <').append(self.rules_label, style=rule_style or 'yara.rules').append('>')

{yaralyzer-1.0.8.dist-info → yaralyzer-1.0.9.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: yaralyzer
-Version: 1.0.8
+Version: 1.0.9
 Summary: Visualize and force decode YARA and regex matches found in a file or byte stream with colors. Lots of colors.
 Home-page: https://github.com/michelcrypt4d4mus/yaralyzer
 License: GPL-3.0-or-later
@@ -78,7 +78,7 @@ YARA just tells you the byte position and the matched string but it can't tell y
 
 Enter **The Yaralyzer**, which lets you quickly scan the regions around matches while also showing you what those regions would look like if they were forced into various character encodings.
 
-It's important to note that **The Yaralyzer** isn't a full on malware reversing tool. It can't do all the things a tool like [CyberChef](https://gchq.github.io/CyberChef/) does and it doesn't try to. It's more intended to give you a quick visual overview of suspect regions in the binary so you can hone in on the areas you might want to inspect with a more serious tool like [CyberChef](https://gchq.github.io/CyberChef/).
+**The Yaralyzer** isn't a malware reversing tool. It can't do all the things a tool like [CyberChef](https://gchq.github.io/CyberChef/) does and it doesn't try to. It's more intended to give you a quick visual overview of suspect regions in the binary so you can hone in on the areas you might want to inspect with a more serious tool like [CyberChef](https://gchq.github.io/CyberChef/).
 
 # Installation
 Install it with [`pipx`](https://pypa.github.io/pipx/) or `pip3`. `pipx` is a marginally better solution as it guarantees any packages installed with it will be isolated from the rest of your local python environment. Of course if you don't really have a local python environment this is a moot point and you can feel free to install with `pip`/`pip3`.
@@ -86,6 +86,7 @@ Install it with [`pipx`](https://pypa.github.io/pipx/) or `pip3`. `pipx` is a ma
 pipx install yaralyzer
 ```
 
+
 # Usage
 Run `yaralyze -h` to see the command line options (screenshot below).
 
@@ -99,7 +100,7 @@ If you place a file called `.yaralyzer` in your home directory or the current wo
 Only one `.yaralyzer` file will be loaded and the working directory's `.yaralyzer` takes precedence over the home directory's `.yaralyzer`.
 
 ### As A Library
-[`Yaralyzer`](yaralyzer/yaralyzer.py) is the main class. It has a variety of constructors supporting:
+[`Yaralyzer`](yaralyzer/yaralyzer.py) is the main class. Auto generated documentation for `Yaralyzer`'s various classes and methods can be found [here](https://michelcrypt4d4mus.github.io/yaralyzer/). It has a variety of [alternate constructors](https://michelcrypt4d4mus.github.io/yaralyzer/api/yaralyzer/) supporting:
 
 1. Precompiled YARA rules
 1. Creating a YARA rule from a string
@@ -108,7 +109,7 @@ Only one `.yaralyzer` file will be loaded and the working directory's `.yaralyze
 1. Scanning `bytes`
 1. Scanning a file
 
-Should you want to iterate over the `BytesMatch` (like a `re.Match` object for a YARA match) and `BytesDecoder` (tracks decoding attempt stats) objects returned by The Yaralyzer, you can do so like this:
+Should you want to iterate over the [`BytesMatch`](https://michelcrypt4d4mus.github.io/yaralyzer/api/bytes_match/) (like a `re.Match` object for a YARA match) and [`BytesDecoder`](https://michelcrypt4d4mus.github.io/yaralyzer/api/bytes_decoder/) (tracks decoding attempt stats) objects used by The Yaralyzer, you can do so like this:
 
 ```python
 from yaralyzer.yaralyzer import Yaralyzer
@@ -119,8 +120,6 @@ for bytes_match, bytes_decoder in yaralyzer.match_iterator():
     do_stuff()
 ```
 
-#### API Documentation
-Auto generated documentation for Yaralyzer's various classes and methods can be found [here](https://michelcrypt4d4mus.github.io/yaralyzer/).
 
 # Example Output
 The Yaralyzer can export visualizations to HTML, ANSI colored text, and SVG vector images using the file export functionality that comes with [Rich](https://github.com/Textualize/rich) as well as a (somewhat limited) plain text JSON format. SVGs can be turned into `png` format images with a tool like [Inkscape](https://inkscape.org/) or `cairosvg`. In our experience they both work though we've seen some glitchiness with `cairosvg`.

yaralyzer-1.0.9.dist-info/RECORD

@@ -0,0 +1,32 @@
+.yaralyzer.example,sha256=z3_mk41xxm0Pr_8MGM7AKQG0xEFRtGcyJLboMuelRp4,3504
+CHANGELOG.md,sha256=lepFLLmnoHWaac4ae49WqSbpqXXxge2S2mDvE2qbixE,3408
+LICENSE,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
+yaralyzer/__init__.py,sha256=FHfzll5jfldsqx3pXVBPu9xwDqFKjEVfTL7dha9BYX8,2793
+yaralyzer/bytes_match.py,sha256=ROMv9gK0R1bDP5IpheNyxQ44_oEJPkHn_XYwkoIYKdQ,10901
+yaralyzer/config.py,sha256=uVT8Jjw6kViH_PvBQ0etaH3JXPWOIXgiaoAv3ompnJA,4558
+yaralyzer/decoding/bytes_decoder.py,sha256=8uKmqXEchjhTFULrcIKk699bfbBJrwvr9A8GlzCq0Z0,10200
+yaralyzer/decoding/decoding_attempt.py,sha256=gUroTUSgWrgD-EZH8t5vsdDk0DSPqHMt0ow947sSFok,10290
+yaralyzer/encoding_detection/character_encodings.py,sha256=_b3Vk5abAcKVDZ7QQyrAMQODAgMjG54AjqxdSGSdaj0,5637
+yaralyzer/encoding_detection/encoding_assessment.py,sha256=q7wa2rls5nXEioX9UqzaNk4TxdW5WKzXjQik9e9AHs4,3262
+yaralyzer/encoding_detection/encoding_detector.py,sha256=9zV1ZA6D3z9t6-Bz2IhcmqufJ_7zGJ0Rzh2gn0fmaO8,6487
+yaralyzer/helpers/bytes_helper.py,sha256=7l0EycirLsPl--BakAEH-P7ruAgGgu75zYEfiw0OwO4,10212
+yaralyzer/helpers/dict_helper.py,sha256=rhyu-xlpl4yevXdLZUIgVwap0b57O9I3DNAEv8MfTlI,186
+yaralyzer/helpers/file_helper.py,sha256=tjiwCr8EMFHHmX4R13J4Sba5xv0IWXhEGyWUvGvCSa8,1588
+yaralyzer/helpers/list_helper.py,sha256=zX6VzJDbnyxuwQpth5Mc7k7yeJytqWPzpo1v5nXCMtE,394
+yaralyzer/helpers/rich_text_helper.py,sha256=7h3MOORdfZ8vrfUJ5sei4GOMxyfTonxmzii_VhrJZ6U,4383
+yaralyzer/helpers/string_helper.py,sha256=8XsvYlKn-fGhKihfJBOG6mqi5nV_8LM-IWgHzvkRgCc,933
+yaralyzer/output/decoding_attempts_table.py,sha256=wQ3cyN9czZkC3cbwjgflSu0t4wDKGDIs5NPOE6UwBLk,5004
+yaralyzer/output/file_export.py,sha256=iTlCYErquuy6tqBZ1_BQHxBk-6jZ2ihTnGe83HEI_5o,3300
+yaralyzer/output/file_hashes_table.py,sha256=pKbIc1bHJIIorqk9R2gz3IhTxKJpYU1TioGgceyoxiI,2615
+yaralyzer/output/regex_match_metrics.py,sha256=ZQjzePPXpq_g99KNQjHrRQ1N6u_OUxD32uf9xnqcOw8,4341
+yaralyzer/output/rich_console.py,sha256=mQEK0hq2qyCzqebzNDmNTqG2O8pqwBKs_UFIC0DEvxM,5124
+yaralyzer/util/argument_parser.py,sha256=ZOsBf5xkAWHFSWPbZt7_OdkYHIY3RIjtK1QIXOj2g6U,13281
+yaralyzer/util/logging.py,sha256=aBvpNukwZTGOgzm_zpwWzTWFrptThk-g2cqi8D4Fkmo,4616
+yaralyzer/yara/yara_match.py,sha256=BwWbVgYYCybT9TMhWgkT5vA54C9XJ7fAmGf6JKncjhA,5845
+yaralyzer/yara/yara_rule_builder.py,sha256=PeuhPtO4FvXJoTegQr0NXwGpX7wxPfGzAO1tMozaZd8,4535
+yaralyzer/yaralyzer.py,sha256=CLczlTW2ppyoChkPIGvQWwAo-5F0LG_rMEJpCy4cucg,13813
+yaralyzer-1.0.9.dist-info/LICENSE,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
+yaralyzer-1.0.9.dist-info/METADATA,sha256=sN9ZZxRsjj79m5miQ535kers7OVuSYLcvB6Uuu8COqY,11255
+yaralyzer-1.0.9.dist-info/WHEEL,sha256=d2fvjOD7sXsVzChCqf0Ty0JbHKBaLYwDbGQDwQTnJ50,88
+yaralyzer-1.0.9.dist-info/entry_points.txt,sha256=7LnLJrNTfql0vuctjRWwp_ZD-BYvtv9ENVipdjuT7XI,136
+yaralyzer-1.0.9.dist-info/RECORD,,