Skip to content

Commit baa4ae8

Browse files
buubbbuubb
authored
Merge pull request #19 from Gurummang/develop
feat: add all-scan-queue
2 parents 4aad8ee + 7817271 commit baa4ae8

File tree

3 files changed

+44
-9
lines changed

3 files changed

+44
-9
lines changed

app/__init__.py

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -40,12 +40,14 @@
4040
DOC_SCAN_QUEUE = os.getenv("RABBITMQ_DOC_QUEUE_NAME")
4141
EXE_SCAN_QUEUE = os.getenv("RABBITMQ_EXE_QUEUE_NAME")
4242
IMG_SCAN_QUEUE = os.getenv("RABBITMQ_IMG_QUEUE_NAME")
43+
ALL_SCAN_QUEUE = os.getenv("RABBITMQ_ALL_QUEUE_NAME")
4344
ALERT_QUEUE = os.getenv("RABBITMQ_SUSPICIOUS_QUEUE")
4445

4546
# Routing Key 설정
4647
EXE_ROUTING_KEY = os.getenv("RABBITMQ_EXE_ROUTING_KEY")
4748
IMG_ROUTING_KEY = os.getenv("RABBITMQ_IMG_ROUTING_KEY")
4849
DOC_ROUTING_KEY = os.getenv("RABBITMQ_DOC_ROUTING_KEY")
50+
ALL_ROUTING_KEY = os.getenv("RABBITMQ_ALL_ROUTING_KEY")
4951
ALERT_ROUTING_KEY = os.getenv("RABBITMQ_SUSPICIOUS_ROUTING_KEY")
5052

5153
# S3

app/utils.py

Lines changed: 30 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,31 @@
2121
from app.models import FileScanRequest
2222
from app.rabbitmq_sender import send_message
2323

24+
def match_multiple_rules(*rule_file_lists):
25+
"""
26+
여러 YARA 룰셋의 파일 경로를 병합하고 컴파일된 하나의 룰셋을 반환하는 함수.
27+
"""
28+
all_rule_files = {}
29+
rule_index = 0
30+
31+
# 각 룰셋의 파일 경로 리스트에서 유효한 룰 파일들을 수집
32+
for rule_files in rule_file_lists:
33+
for i, rule_file in enumerate(rule_files):
34+
all_rule_files[str(rule_index + i)] = rule_file
35+
rule_index += len(rule_files)
36+
37+
if all_rule_files:
38+
try:
39+
# 여러 YARA 룰 파일을 하나의 룰셋으로 컴파일
40+
compiled_rules = yara.compile(filepaths=all_rule_files)
41+
return compiled_rules
42+
except yara.Error as e:
43+
logging.error(f"Failed to compile merged YARA rules: {e}")
44+
return None
45+
else:
46+
logging.info("No valid YARA rule files found for merging.")
47+
return None
48+
2449

2550
def load_yara_rules(directory):
2651
rule_files = []
@@ -30,7 +55,6 @@ def load_yara_rules(directory):
3055
logging.info(f"Scanning directory: {root}") # 현재 디렉토리 로그에 남기기
3156
for file in files:
3257
if file.endswith(".yar"):
33-
logging.info(f"Scanning file: {file}") # 현재 디렉토리 로그에 남기기
3458
rule_files.append(os.path.join(root, file))
3559

3660
# YARA 룰 컴파일
@@ -54,16 +78,17 @@ def load_yara_rules(directory):
5478
logging.info(
5579
f"Compiled {len(valid_rule_files)} YARA rules from {directory}"
5680
)
57-
return compiled_rules
81+
return compiled_rules, valid_rule_files
5882
except yara.Error as e:
5983
logging.info(f"Failed to compile YARA rules: {e}")
60-
return None
84+
return None, valid_rule_files
6185
else:
6286
logging.info(f"No valid YARA rule files found in {directory}")
63-
return None
87+
return None, []
6488
else:
6589
logging.info(f"No YARA rule files found in {directory}")
66-
return None
90+
return None, []
91+
6792

6893

6994
def stream_file_from_s3(s3_key):

main.py

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -14,9 +14,11 @@
1414
EXE_SCAN_QUEUE,
1515
IMG_ROUTING_KEY,
1616
IMG_SCAN_QUEUE,
17+
ALL_SCAN_QUEUE,
18+
ALL_ROUTING_KEY
1719
)
1820
from app.rabbitmq_consumer import start_consuming
19-
from app.utils import load_yara_rules
21+
from app.utils import load_yara_rules, match_multiple_rules
2022

2123
app = FastAPI()
2224

@@ -33,9 +35,9 @@ async def lifespan(app: FastAPI):
3335

3436
try:
3537
# YARA 규칙을 로드하고 컴파일
36-
rules["exe"] = load_yara_rules(os.path.join(RULES_DIR, "exe"))
37-
rules["img"] = load_yara_rules(os.path.join(RULES_DIR, "img"))
38-
rules["doc"] = load_yara_rules(os.path.join(RULES_DIR, "doc"))
38+
rules["exe"], exe_files = load_yara_rules(os.path.join(RULES_DIR, "exe"))
39+
rules["img"], img_files = load_yara_rules(os.path.join(RULES_DIR, "img"))
40+
rules["doc"], doc_files = load_yara_rules(os.path.join(RULES_DIR, "doc"))
3941
logging.info("YARA rules loaded and compiled successfully.")
4042
except Exception as e:
4143
logging.error(f"Failed to load YARA rules: {e}")
@@ -49,6 +51,12 @@ async def lifespan(app: FastAPI):
4951
Thread(
5052
target=start_consuming, args=(DOC_SCAN_QUEUE, rules["doc"], DOC_ROUTING_KEY)
5153
).start()
54+
# ALL QUEUE에는 모든 규칙 적용
55+
all_rules_matcher = match_multiple_rules(doc_files, exe_files, img_files)
56+
Thread(
57+
target=start_consuming,
58+
args=(ALL_SCAN_QUEUE, all_rules_matcher, ALL_ROUTING_KEY)
59+
).start()
5260

5361
yield
5462

0 commit comments

Comments
 (0)