Allow rules to run to be configured

Make the list of rules to run a section in the ruleset configuration.
This allows rules to be reordered and (potentially) run more than once
without code changes.

This also obsoletes the enabled setting per rule because they're now
implicitly enabled if they're listed. Commenting out disables a rule.

1 files changed, 11 insertions, 15 deletions

diff --git a/peekaboo/ruleset/engine.py b/peekaboo/ruleset/engine.py
index 8b4287b..86b95e8 100644
--- a/peekaboo/ruleset/engine.py
+++ b/peekaboo/ruleset/engine.py
@@ -40,7 +40,7 @@ class RulesetEngine(object):
 
     @since: 1.6
     """
-    rules = [
+    known_rules = [
         KnownRule,
         FileLargerThanRule,
         FileTypeOnWhitelistRule,
@@ -59,9 +59,14 @@ class RulesetEngine(object):
         self.config = ruleset_config
         self.db_con = db_con
 
+        # create a lookup table from rule name to class
+        self.rules = {}
+        for known_rule in self.known_rules:
+            self.rules[known_rule.rule_name] = known_rule
+
     def run(self):
-        for rule in RulesetEngine.rules:
-            result = self.__exec_rule(self.sample, rule)
+        for rule in self.config.rule_config('rules').get('rule'):
+            result = self.__exec_rule(self.sample, self.rules[rule])
             if not result.further_analysis:
                 return
 
@@ -75,18 +80,9 @@ class RulesetEngine(object):
         logger.debug("Processing rule '%s' for %s" % (rule_name, sample))
 
         try:
-            # skip disabled rules.
-            if self.config.rule_enabled(rule_name):
-                rule_config = self.config.rule_config(rule_name)
-                rule = rule_class(config=rule_config, db_con=self.db_con)
-                result = rule.evaluate(sample)
-            else:
-                logger.debug("Rule '%s' is disabled." % rule_name)
-                result = RuleResult(
-                    rule_name, result=Result.unchecked,
-                    reason=_("Rule '%s' is disabled.") % rule_name,
-                    further_analysis=True)
-
+            rule_config = self.config.rule_config(rule_name)
+            rule = rule_class(config=rule_config, db_con=self.db_con)
+            result = rule.evaluate(sample)
             sample.add_rule_result(result)
         except PeekabooAnalysisDeferred:
             # in case the Sample is requesting the Cuckoo report