diff --git a/Tools/yara/YaraWrapperTest/resources/hello.compiled b/Tools/yara/YaraWrapperTest/resources/hello.compiled new file mode 100755 index 0000000000..8912235125 Binary files /dev/null and b/Tools/yara/YaraWrapperTest/resources/hello.compiled differ diff --git a/Tools/yara/YaraWrapperTest/resources/hello.txt b/Tools/yara/YaraWrapperTest/resources/hello.txt new file mode 100755 index 0000000000..5e1c309dae --- /dev/null +++ b/Tools/yara/YaraWrapperTest/resources/hello.txt @@ -0,0 +1 @@ +Hello World \ No newline at end of file diff --git a/Tools/yara/YaraWrapperTest/src/org/sleuthkit/autopsy/yara/YaraWrapperTest.java b/Tools/yara/YaraWrapperTest/src/org/sleuthkit/autopsy/yara/YaraWrapperTest.java index d63a160a5a..c015ea8c7e 100755 --- a/Tools/yara/YaraWrapperTest/src/org/sleuthkit/autopsy/yara/YaraWrapperTest.java +++ b/Tools/yara/YaraWrapperTest/src/org/sleuthkit/autopsy/yara/YaraWrapperTest.java @@ -1,7 +1,20 @@ /* - * To change this license header, choose License Headers in Project Properties. - * To change this template file, choose Tools | Templates - * and open the template in the editor. + * Autopsy Forensic Browser + * + * Copyright 2020 Basis Technology Corp. + * Contact: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package org.sleuthkit.autopsy.yara; @@ -14,28 +27,50 @@ import java.util.List; import org.sleuthkit.autopsy.yara.YaraJNIWrapper; import org.sleuthkit.autopsy.yara.YaraWrapperException; - +/** + * Tests the YaraJNIWrapper code. + */ public class YaraWrapperTest { - private static String compiledRulePath = "C:\\Temp\\yara\\hello.compiled"; - private static String textFilePath = "C:\\Temp\\yara\\hello.txt"; - public static void main(String[] args) { - Path path = Paths.get(textFilePath); + if (args.length < 2) { + System.out.println("Please supply two arguments, a yara compiled rule path and a path to the file to scan."); + return; + } + + TestFileRuleMatch(args[0], args[1]); + } + + /** + * Call the YaraJNIWrapper FindRuleMatch with the given path and output the + * results to the cl. + * + * @param compiledRulePath Path to yara compiled rule file + * @param filePath Path to file + */ + private static void TestFileRuleMatch(String compiledRulePath, String filePath) { + Path path = Paths.get(filePath); + try { byte[] data = Files.readAllBytes(path); List list = YaraJNIWrapper.FindRuleMatch(compiledRulePath, data); - for (String s : list) { - System.out.println(s); + if (list != null) { + if (list.isEmpty()) { + System.out.println("FindRuleMatch return an empty list"); + } else { + for (String s : list) { + System.out.println("Matching Rules:"); + System.out.println(s); + } + } + } else { + System.out.println("FindRuleMatch return a null list"); } - } catch (IOException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (YaraWrapperException ex) { - System.out.println("it worked"); + } catch (IOException | YaraWrapperException ex) { + ex.printStackTrace(); } }