fix markdown for no matches

Makefile

@@ -72,8 +72,8 @@ test: malware
 test_elastic: start_elasticsearch malware
 	@echo "===> ${NAME} test_elastic found"
 	docker run --rm --link elasticsearch -e MALICE_ELASTICSEARCH_URL=http://elasticsearch:9200 -v $(PWD):/malware $(ORG)/$(NAME):$(VERSION) -V $(MALWARE)
-	# @echo "===> ${NAME} test_elastic NOT found"
-	# docker run --rm --link elasticsearch -e MALICE_ELASTICSEARCH_URL=http://elasticsearch:9200 $(ORG)/$(NAME):$(VERSION) -V --api ${MALICE_VT_API} lookup $(MISSING_HASH)
+	@echo "===> ${NAME} test_elastic NOT found"
+	docker run --rm --link elasticsearch -e MALICE_ELASTICSEARCH_URL=http://elasticsearch:9200 -v $(PWD):/malware $(ORG)/$(NAME):$(VERSION) -V $(NOT_MALWARE)
 	http localhost:9200/malice/_search | jq . > docs/elastic.json
 
 .PHONY: test_markdown

docs/SAMPLE.md

@@ -21,3 +21,7 @@
 | `_Microsoft_Visual_Cpp_v50v60_MFC_`                       | Microsoft Visual C++ v5.0/v6.0 (MFC)     | `0x5a46` | `"U\x8b\xecj\xffh b@\x00h\xc6[@\x00d\xa1\x00\x00\x00\x00P"`       | []   |
 
 > NOTE: **Data** truncated to 25 characters
+
+#### Yara
+
+- No Matches Found

docs/elastic.json

@@ -1,5 +1,5 @@
 {
-  "took": 46,
+  "took": 41,
   "timed_out": false,
   "_shards": {
     "total": 1,
@@ -8,19 +8,19 @@
     "failed": 0
   },
   "hits": {
-    "total": 1,
+    "total": 2,
     "max_score": 1,
     "hits": [
       {
         "_index": "malice",
         "_type": "samples",
-        "_id": "EFOmnGUBlp9CG-J-khlW",
+        "_id": "TwY5umUBQmwpI6z8tcxx",
         "_score": 1,
         "_source": {
           "plugins": {
             "av": {
               "yara": {
-                "markdown": "#### Yara\n| Rule        | Description  | Offset      | Data        | Tags        |\n|-------------|--------------|-------------|-------------|-------------|\n| `Contains_PE_File` | Detect a PE file inside a byte sequence | `0x0` | `"MZ"` | [] |\n| `maldoc_function_prolog_signature` |  | `0x1454` | `"U\\x8b\\xec\\x81\\xec"` | [] |\n| `maldoc_structured_exception_handling` |  | `0x5a55` | `"d\\xa1\\x00\\x00\\x00\\x00"` | [] |\n| `maldoc_suspicious_strings` |  | `0x67ec` | `"CloseHandle"` | [] |\n| `PEiD_00138_Armadillo_v1_71_` | [Armadillo v1.71] | `0x5a46` | `"U\\x8b\\xecj\\xffh b@\\x00h\\xc6[@\\x00d\\xa1"` | [] |\n| `PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_` | [dUP v2.x Patcher --> www.diablo2oo2.cjb.net] | `0x4e` | `"This program cannot be ru"` | [] |\n| `PEiD_00729_Free_Pascal_1_06_` | [Free Pascal 1.06] | `0x3a12` | `"\\xc6\\x05\\xc0\\x84@\\x00O\\xe8k\\x04\\x00\\x00"` | [] |\n| `PEiD_01101_Microsoft_Visual_C___v5_0_v6_0__MFC__` | [Microsoft Visual C++ v5.0/v6.0 (MFC)] | `0x5a46` | `"U\\x8b\\xecj\\xffh b@\\x00h\\xc6[@\\x00d\\xa1\\x00\\x00\\x00\\x00P"` | [] |\n| `PEiD_01108_Microsoft_Visual_C___v6_0_` | [Microsoft Visual C++ v6.0] | `0x5a46` | `"U\\x8b\\xecj\\xffh b@\\x00h\\xc6[@\\x00d\\xa1\\x00\\x00\\x00\\x00Pd\\x89%"` | [] |\n| `PEiD_01110_Microsoft_Visual_C___v6_0_` | [Microsoft Visual C++ v6.0] | `0x5a46` | `"U\\x8b\\xecj\\xffh b@\\x00h\\xc6[@\\x00d\\xa1\\x00\\x00\\x00\\x00Pd\\x89%"` | [] |\n| `PEiD_01125_Microsoft_Visual_C___` | [Microsoft Visual C++] | `0x5a46` | `"U\\x8b\\xecj\\xffh b@\\x00h\\xc6[@\\x00d\\xa1\\x00\\x00\\x00\\x00Pd\\x89%"` | [] |\n| `_dUP_v2x_Patcher__wwwdiablo2oo2cjbnet_` | dUP v2.x Patcher --> www.diablo2oo2.cjb.net | `0x4e` | `"This program cannot be ru"` | [] |\n| `_Microsoft_Visual_Cpp_` | Microsoft Visual C++ | `0x5a46` | `"U\\x8b\\xecj\\xffh b@\\x00h\\xc6[@\\x00d\\xa1\\x00\\x00\\x00\\x00Pd\\x89%"` | [] |\n| `_Free_Pascal_v106_` | Free Pascal v1.06 | `0x3a12` | `"\\xc6\\x05\\xc0\\x84@\\x00O\\xe8k\\x04\\x00\\x00"` | [] |\n| `_Armadillo_v171_` | Armadillo v1.71 | `0x5a46` | `"U\\x8b\\xecj\\xffh b@\\x00h\\xc6[@\\x00d\\xa1"` | [] |\n| `_Microsoft_Visual_Cpp_v60_` | Microsoft Visual C++ v6.0 | `0x5a46` | `"U\\x8b\\xecj\\xffh b@\\x00h\\xc6[@\\x00d\\xa1\\x00\\x00\\x00\\x00Pd\\x89%"` | [] |\n| `_Microsoft_Visual_Cpp_v50v60_MFC_` | Microsoft Visual C++ v5.0/v6.0 (MFC) | `0x5a46` | `"U\\x8b\\xecj\\xffh b@\\x00h\\xc6[@\\x00d\\xa1\\x00\\x00\\x00\\x00P"` | [] |\n> NOTE: **Data** truncated to 25 characters\n",
+                "markdown": "#### Yara\n| Rule        | Description  | Offset      | Data        | Tags        |\n|-------------|--------------|-------------|-------------|-------------|\n| `Contains_PE_File` | Detect a PE file inside a byte sequence | `0x0` | `"MZ"` | [] |\n| `maldoc_function_prolog_signature` |  | `0x1454` | `"U\\x8b\\xec\\x81\\xec"` | [] |\n| `maldoc_structured_exception_handling` |  | `0x5a55` | `"d\\xa1\\x00\\x00\\x00\\x00"` | [] |\n| `maldoc_suspicious_strings` |  | `0x67ec` | `"CloseHandle"` | [] |\n| `PEiD_00138_Armadillo_v1_71_` | [Armadillo v1.71] | `0x5a46` | `"U\\x8b\\xecj\\xffh b@\\x00h\\xc6[@\\x00d\\xa1"` | [] |\n| `PEiD_00497_dUP_v2_x_Patcher_____www_diablo2oo2_cjb_net_` | [dUP v2.x Patcher --> www.diablo2oo2.cjb.net] | `0x4e` | `"This program cannot be ru"` | [] |\n| `PEiD_00729_Free_Pascal_1_06_` | [Free Pascal 1.06] | `0x3a12` | `"\\xc6\\x05\\xc0\\x84@\\x00O\\xe8k\\x04\\x00\\x00"` | [] |\n| `PEiD_01101_Microsoft_Visual_C___v5_0_v6_0__MFC__` | [Microsoft Visual C++ v5.0/v6.0 (MFC)] | `0x5a46` | `"U\\x8b\\xecj\\xffh b@\\x00h\\xc6[@\\x00d\\xa1\\x00\\x00\\x00\\x00P"` | [] |\n| `PEiD_01108_Microsoft_Visual_C___v6_0_` | [Microsoft Visual C++ v6.0] | `0x5a46` | `"U\\x8b\\xecj\\xffh b@\\x00h\\xc6[@\\x00d\\xa1\\x00\\x00\\x00\\x00Pd\\x89%"` | [] |\n| `PEiD_01110_Microsoft_Visual_C___v6_0_` | [Microsoft Visual C++ v6.0] | `0x5a46` | `"U\\x8b\\xecj\\xffh b@\\x00h\\xc6[@\\x00d\\xa1\\x00\\x00\\x00\\x00Pd\\x89%"` | [] |\n| `PEiD_01125_Microsoft_Visual_C___` | [Microsoft Visual C++] | `0x5a46` | `"U\\x8b\\xecj\\xffh b@\\x00h\\xc6[@\\x00d\\xa1\\x00\\x00\\x00\\x00Pd\\x89%"` | [] |\n| `_dUP_v2x_Patcher__wwwdiablo2oo2cjbnet_` | dUP v2.x Patcher --> www.diablo2oo2.cjb.net | `0x4e` | `"This program cannot be ru"` | [] |\n| `_Microsoft_Visual_Cpp_` | Microsoft Visual C++ | `0x5a46` | `"U\\x8b\\xecj\\xffh b@\\x00h\\xc6[@\\x00d\\xa1\\x00\\x00\\x00\\x00Pd\\x89%"` | [] |\n| `_Free_Pascal_v106_` | Free Pascal v1.06 | `0x3a12` | `"\\xc6\\x05\\xc0\\x84@\\x00O\\xe8k\\x04\\x00\\x00"` | [] |\n| `_Armadillo_v171_` | Armadillo v1.71 | `0x5a46` | `"U\\x8b\\xecj\\xffh b@\\x00h\\xc6[@\\x00d\\xa1"` | [] |\n| `_Microsoft_Visual_Cpp_v60_` | Microsoft Visual C++ v6.0 | `0x5a46` | `"U\\x8b\\xecj\\xffh b@\\x00h\\xc6[@\\x00d\\xa1\\x00\\x00\\x00\\x00Pd\\x89%"` | [] |\n| `_Microsoft_Visual_Cpp_v50v60_MFC_` | Microsoft Visual C++ v5.0/v6.0 (MFC) | `0x5a46` | `"U\\x8b\\xecj\\xffh b@\\x00h\\xc6[@\\x00d\\xa1\\x00\\x00\\x00\\x00P"` | [] |\n> NOTE: **Data** truncated to 25 characters\n\n",
                 "matches": [
                   {
                     "Meta": {
@@ -475,7 +475,24 @@
               }
             }
           },
-          "scan_date": "2018-09-02T23:38:06.79482848Z"
+          "scan_date": "2018-09-08T17:27:48.834832489Z"
+        }
+      },
+      {
+        "_index": "malice",
+        "_type": "samples",
+        "_id": "UAY5umUBQmwpI6z8vsyP",
+        "_score": 1,
+        "_source": {
+          "plugins": {
+            "av": {
+              "yara": {
+                "markdown": "#### Yara\n - No Matches Found\n",
+                "matches": []
+              }
+            }
+          },
+          "scan_date": "2018-09-08T17:27:51.181743813Z"
         }
       }
     ]

template.go

@@ -9,6 +9,8 @@ const tpl = `#### Yara
 | ` + "`" + `{{ .Rule }}` + "`" + ` | {{ index .Meta "description" }} | ` + "`" + `{{ printf "%#x" (index .Strings 0).Offset }}` + "`" + ` | ` + "`" + `{{ printf "%.25q" (index .Strings 0).Data }}` + "`" + ` | {{ .Tags }} |
 {{- end }}
 > NOTE: **Data** truncated to 25 characters
+{{ else }}
+ - No Matches Found
 {{- end }}
 `