fixes?

malice-plugins · Aug 3, 2018 · 0ce028d · 0ce028d
1 parent 6508dd8
commit 0ce028d
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 16 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -53,22 +53,21 @@ RUN apk --update add --no-cache -t .build-deps \
   go \
   && echo "===> Building scan Go binary..." \
   && cd /go/src/github.com/maliceio/malice-yara \
+  && echo " * copy yara rules" \
+  && mkdir /rules \
+  && mv rules /rules \
   && export GOPATH=/go \
   && export CGO_CFLAGS="-I/usr/local/include" \
   && export CGO_LDFLAGS="-L/usr/local/lib -lyara" \
   && export PKG_CONFIG_PATH="/usr/local/lib/pkgconfig" \
   && go version \
   && go get \
-  && CGO_ENABLED=1 go build -ldflags "-X main.Version=$(cat VERSION) -X main.BuildTime=$(date -u +%Y%m%d)" -o /bin/scan \
+  && CGO_ENABLED=1 go build -ldflags "-s -w -X main.Version=$(cat VERSION) -X main.BuildTime=$(date -u +%Y%m%d)" -o /bin/scan \
   && rm -rf /go /usr/local/go /usr/lib/go /tmp/* \
   && apk del --purge .build-deps
 
-COPY rules /rules
-
-VOLUME ["/malware"]
-VOLUME ["/rules"]
-
 WORKDIR /malware
 
 ENTRYPOINT ["su-exec","malice","/sbin/tini","--","scan"]
+# ENTRYPOINT ["scan"]
 CMD ["--help"]
diff --git a/Makefile b/Makefile
@@ -3,10 +3,11 @@ ORG=malice
 NAME=yara
 CATEGORY=av
 VERSION=$(shell cat VERSION)
-MALWARE=test/malware
+MALWARE=tests/malware
+NOT_MALWARE=tests/not.malware
 
 
-all: build size tag test test_markdown
+all: build size tag test test_markdown test_web
 
 .PHONY: build
 build:
@@ -35,7 +36,10 @@ tar:
 .PHONY: start_elasticsearch
 start_elasticsearch:
 ifeq ("$(shell docker inspect -f {{.State.Running}} elasticsearch)", "true")
-	@echo "===> elasticsearch already running"
+	@echo "===> elasticsearch already running.  Stopping now..."
+	@docker rm -f elasticsearch || true
+	@echo "===> Starting elasticsearch"
+	@docker run --init -d --name elasticsearch -p 9200:9200 malice/elasticsearch:6.3; sleep 10
 else
 	@echo "===> Starting elasticsearch"
 	@docker rm -f elasticsearch || true
@@ -46,7 +50,7 @@ endif
 malware:
 ifeq (,$(wildcard $(MALWARE)))
 	wget https://github.com/maliceio/malice-av/raw/master/samples/befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408 -O $(MALWARE)
-	cd test; echo "TEST" > not.malware
+	cd tests; echo "TEST" > not.malware
 endif
 
 .PHONY: test
@@ -71,6 +75,18 @@ test_markdown: test_elastic
 	cat docs/elastic.json | jq -r '.hits.hits[] ._source.plugins.${CATEGORY}.${NAME}.markdown' > docs/SAMPLE.md
 	docker container rm -f elasticsearch
 
+.PHONY: test_web
+test_web: malware stop
+	@echo "===> ${NAME} web service"
+	@docker run --init -d -p 3993:3993 malice/yara web
+	http -f localhost:3993/scan malware@$(MALWARE)
+	http -f localhost:3993/scan malware@$(NOT_MALWARE)
+
+.PHONY: stop
+stop:
+	@echo "===> Stopping container ${NAME}"
+	@docker container rm -f $(NAME) || true
+
 .PHONY: circle
 circle: ci-size
 	@sed -i.bu 's/docker%20image-.*-blue/docker%20image-$(shell cat .circleci/size)-blue/' README.md
@@ -86,9 +102,10 @@ ci-size: ci-build
 	@http https://circleci.com/api/v1.1/project/github/${REPO}/$(shell cat .circleci/build_num)/artifacts${CIRCLE_TOKEN} | jq -r ".[] | .url" | xargs wget -q -P .circleci
 
 clean:
-	rm -rf test
+	rm -rf tests/*malware*
 	docker-clean stop
 	docker image rm $(ORG)/$(NAME):$(VERSION)
+	docker image rm $(ORG)/$(NAME):latest
 
 # Absolutely awesome: http://marmelab.com/blog/2016/02/29/auto-documented-makefile.html
 help:

diff --git a/README.md b/README.md
@@ -2,7 +2,7 @@
 
 # malice-yara
 
-[![Circle CI](https://circleci.com/gh/malice-plugins/yara.png?style=shield)](https://circleci.com/gh/malice-plugins/yara) [![License](http://img.shields.io/:license-mit-blue.svg)](http://doge.mit-license.org) [![Docker Stars](https://img.shields.io/docker/stars/malice/yara.svg)](https://hub.docker.com/r/malice/yara/) [![Docker Pulls](https://img.shields.io/docker/pulls/malice/yara.svg)](https://hub.docker.com/r/malice/yara/) [![Docker Image](https://img.shields.io/badge/docker%20image-57MB-blue.svg)](https://hub.docker.com/r/malice/virustotal/)
+[![Circle CI](https://circleci.com/gh/malice-plugins/yara.png?style=shield)](https://circleci.com/gh/malice-plugins/yara) [![License](http://img.shields.io/:license-mit-blue.svg)](http://doge.mit-license.org) [![Docker Stars](https://img.shields.io/docker/stars/malice/yara.svg)](https://hub.docker.com/r/malice/yara/) [![Docker Pulls](https://img.shields.io/docker/pulls/malice/yara.svg)](https://hub.docker.com/r/malice/yara/) [![Docker Image](https://img.shields.io/badge/docker%20image-52.8MB-blue.svg)](https://hub.docker.com/r/malice/virustotal/)
 
 Malice Yara Plugin
 

diff --git a/test/.gitkeep → tests/.gitkeep b/test/.gitkeep → tests/.gitkeep
diff --git a/yara.go b/yara.go
@@ -113,11 +113,11 @@ func printStatus(resp gorequest.Response, body string, errs []error) {
 	fmt.Println(body)
 }
 
-func webService() {
+func webService() error {
 	router := mux.NewRouter().StrictSlash(true)
 	router.HandleFunc("/scan", webAvScan).Methods("POST")
 	log.Info("web service listening on port :3993")
-	log.Fatal(http.ListenAndServe(":3993", router))
+	return http.ListenAndServe(":3993", router)
 }
 
 func webAvScan(w http.ResponseWriter, r *http.Request) {
@@ -243,8 +243,7 @@ func main() {
 			Name:  "web",
 			Usage: "Create a Yara web service",
 			Action: func(c *cli.Context) error {
-				webService()
-				return nil
+				return webService()
 			},
 		},
 	}