Patched: "/tmp/tmpqik896dk/modules/leak_detector/leak_detector.py"

patched.codes[bot] · patched.codes[bot] · commit ce0bb0016e6f · 2024-03-08T02:34:05.000Z
diff --git a/modules/leak_detector/leak_detector.py b/modules/leak_detector/leak_detector.py
@@ -1,4 +1,5 @@
 from slips_files.common.imports import *
+import shlex
 import sys
 import base64
 import time
@@ -247,23 +248,22 @@ def delete_compiled_rules(self):
         """
         shutil.rmtree(self.compiled_yara_rules_path)
         os.mkdir(self.compiled_yara_rules_path)
-
+    
     def find_matches(self):
         """Run yara rules on the given pcap and find matches"""
         for compiled_rule in os.listdir(self.compiled_yara_rules_path):
             compiled_rule_path = os.path.join(self.compiled_yara_rules_path, compiled_rule)
             # -p 7 means use 7 threads for faster analysis
             # -f to stop searching for strings when they were already found
             # -s prints the found string
-            cmd = f'yara -C {compiled_rule_path} "{self.pcap}" -p 7 -f -s '
+            cmd = ['yara', '-C', compiled_rule_path, self.pcap, '-p', '7', '-f', '-s']
             yara_proc = subprocess.Popen(
                 cmd,
                 stdout=subprocess.PIPE,
                 stderr=subprocess.PIPE,
-                stdin=subprocess.PIPE,
-                shell=True
+                stdin=subprocess.PIPE
             )
-
+    
             lines, error = yara_proc.communicate()
             lines = lines.decode()
             if error:
@@ -272,13 +272,13 @@ def find_matches(self):
                     # will re-compile and save rules again and try to find matches
                     self.run()
                 else:
-                    self.print (f"YARA error {yara_proc.returncode}: {error.strip()}")
+                    self.print(f"YARA error {yara_proc.returncode}: {error.strip()}")
                     return
-
+    
             if not lines:
                 # no match
                 return
-
+    
             lines = lines.splitlines()
             matching_rule = lines[0].split()[0]
             # each match (line) should be a separate detection(yara match)
