From f5e534d4afdee5379ce7e9f2100f265686055a9b Mon Sep 17 00:00:00 2001 From: Michael Weiser Date: Mon, 11 Feb 2019 21:06:28 +0000 Subject: Reorder rules to keep Cuckoo rules together --- peekaboo/ruleset/rules.py | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/peekaboo/ruleset/rules.py b/peekaboo/ruleset/rules.py index 48851cb..e204a9d 100644 --- a/peekaboo/ruleset/rules.py +++ b/peekaboo/ruleset/rules.py @@ -155,6 +155,23 @@ class FileTypeOnGreylistRule(Rule): False) +class OfficeMacroRule(Rule): + """ A rule checking the sample for Office macros. """ + rule_name = 'office_macro' + + def evaluate(self, sample): + """ Report the sample as bad if it contains a macro. """ + if sample.office_macros: + return self.result(Result.bad, + "Die Datei beinhaltet ein Office-Makro", + False) + + return self.result(Result.unknown, + "Die Datei beinhaltet kein erkennbares " + "Office-Makro", + True) + + class CuckooRule(Rule): """ A common base class for rules that evaluate the Cuckoo report. """ def evaluate(self, sample): @@ -262,23 +279,6 @@ class CuckooScoreRule(CuckooRule): True) -class OfficeMacroRule(Rule): - """ A rule checking the sample for Office macros. """ - rule_name = 'office_macro' - - def evaluate(self, sample): - """ Report the sample as bad if it contains a macro. """ - if sample.office_macros: - return self.result(Result.bad, - "Die Datei beinhaltet ein Office-Makro", - False) - - return self.result(Result.unknown, - "Die Datei beinhaltet kein erkennbares " - "Office-Makro", - True) - - class RequestsEvilDomainRule(CuckooRule): """ A rule checking the domains reported as requested by the sample by Cuckoo against a blacklist. """ -- cgit v1.2.3