diff options
author | Michael Weiser <michael.weiser@gmx.de> | 2019-02-22 13:43:52 +0000 |
---|---|---|
committer | Michael Weiser <michael.weiser@gmx.de> | 2019-04-25 12:20:20 +0000 |
commit | e6c44a8ca3c2216904731e4d889e53473691c0dc (patch) | |
tree | e1af84c58c42d41759c6fbc75173003b0765dae3 /peekaboo/ruleset/engine.py | |
parent | cb54cc4dda6a43b8b5d6d8ab22518fef27b70c60 (diff) |
Allow rules to run to be configured
Make the list of rules to run a section in the ruleset configuration.
This allows rules to be reordered and (potentially) run more than once
without code changes.
This also obsoletes the enabled setting per rule because they're now
implicitly enabled if they're listed. Commenting out disables a rule.
Diffstat (limited to 'peekaboo/ruleset/engine.py')
-rw-r--r-- | peekaboo/ruleset/engine.py | 26 |
1 files changed, 11 insertions, 15 deletions
diff --git a/peekaboo/ruleset/engine.py b/peekaboo/ruleset/engine.py index 8b4287b..86b95e8 100644 --- a/peekaboo/ruleset/engine.py +++ b/peekaboo/ruleset/engine.py @@ -40,7 +40,7 @@ class RulesetEngine(object): @since: 1.6 """ - rules = [ + known_rules = [ KnownRule, FileLargerThanRule, FileTypeOnWhitelistRule, @@ -59,9 +59,14 @@ class RulesetEngine(object): self.config = ruleset_config self.db_con = db_con + # create a lookup table from rule name to class + self.rules = {} + for known_rule in self.known_rules: + self.rules[known_rule.rule_name] = known_rule + def run(self): - for rule in RulesetEngine.rules: - result = self.__exec_rule(self.sample, rule) + for rule in self.config.rule_config('rules').get('rule'): + result = self.__exec_rule(self.sample, self.rules[rule]) if not result.further_analysis: return @@ -75,18 +80,9 @@ class RulesetEngine(object): logger.debug("Processing rule '%s' for %s" % (rule_name, sample)) try: - # skip disabled rules. - if self.config.rule_enabled(rule_name): - rule_config = self.config.rule_config(rule_name) - rule = rule_class(config=rule_config, db_con=self.db_con) - result = rule.evaluate(sample) - else: - logger.debug("Rule '%s' is disabled." % rule_name) - result = RuleResult( - rule_name, result=Result.unchecked, - reason=_("Rule '%s' is disabled.") % rule_name, - further_analysis=True) - + rule_config = self.config.rule_config(rule_name) + rule = rule_class(config=rule_config, db_con=self.db_con) + result = rule.evaluate(sample) sample.add_rule_result(result) except PeekabooAnalysisDeferred: # in case the Sample is requesting the Cuckoo report |