From becc3ff18566cc856cc2146ca4e3f52daf20d036 Mon Sep 17 00:00:00 2001
From: Pau RE <prodrigestivill@gmail.com>
Date: Tue, 16 Apr 2024 12:15:23 +0200
Subject: [PATCH] Add yara and r2yara

---
 .github/scripts/update-versions.sh |  7 ++++++-
 Makefile                           |  4 +++-
 README-containers.md               |  1 +
 README.md                          |  1 +
 docker/Dockerfile                  | 30 +++++++++++++++++++++++++--
 docker/sbom/r2yara.spdx.json.in    | 33 ++++++++++++++++++++++++++++++
 docker/sbom/yara.spdx.json.in      | 33 ++++++++++++++++++++++++++++++
 versions.mk                        |  2 ++
 8 files changed, 107 insertions(+), 4 deletions(-)
 create mode 100644 docker/sbom/r2yara.spdx.json.in
 create mode 100644 docker/sbom/yara.spdx.json.in

diff --git a/.github/scripts/update-versions.sh b/.github/scripts/update-versions.sh
index c07a2a4..bef1313 100755
--- a/.github/scripts/update-versions.sh
+++ b/.github/scripts/update-versions.sh
@@ -6,7 +6,10 @@ cd "$(dirname "$0")/../.."
 
 getLatestReleaseTag() {
   echo "Checking latest release version for $1..." > /dev/stderr
-  gh release view --repo "$1" --json tagName --template '{{.tagName}}'
+  V=$(gh release view --repo "$1" --json tagName --template '{{.tagName}}')
+  if [ -n "$2" ]; then V="${V#$2}"; fi
+  if [ -n "$3" ]; then V="${V%$3}"; fi
+  echo "$V"
 }
 
 cat << EOF > versions.mk
@@ -14,4 +17,6 @@ R2_VERSION=$(getLatestReleaseTag radareorg/radare2)
 R2GHIDRA_VERSION=$(getLatestReleaseTag radareorg/r2ghidra)
 R2FRIDA_VERSION=$(getLatestReleaseTag nowsecure/r2frida)
 R2DEC_VERSION=$(getLatestReleaseTag wargio/r2dec-js)
+YARA_VERSION=$(getLatestReleaseTag VirusTotal/yara v)
+R2YARA_VERSION=$(getLatestReleaseTag radareorg/r2yara)
 EOF
diff --git a/Makefile b/Makefile
index 9975604..cdd7dd0 100644
--- a/Makefile
+++ b/Makefile
@@ -21,7 +21,9 @@ DOCKER_BUILD_ARGS+= \
 	--build-arg R2_VERSION=$(R2_VERSION) \
 	--build-arg R2GHIDRA_VERSION=$(R2GHIDRA_VERSION) \
 	--build-arg R2FRIDA_VERSION=$(R2FRIDA_VERSION) \
-	--build-arg R2DEC_VERSION=$(R2DEC_VERSION)
+	--build-arg R2DEC_VERSION=$(R2DEC_VERSION) \
+	--build-arg YARA_VERSION=$(YARA_VERSION) \
+	--build-arg R2YARA_VERSION=$(R2YARA_VERSION)
 
 .PHONY: all snap docker update clean \
 	buildx snap-buildx docker-buildx docker-buildx-tarball \
diff --git a/README-containers.md b/README-containers.md
index b2dc46b..ce95223 100644
--- a/README-containers.md
+++ b/README-containers.md
@@ -23,6 +23,7 @@ The resulting build includes the following projects:
 * [r2ghidra](https://github.com/radareorg/r2ghidra)
 * [r2frida](https://github.com/nowsecure/r2frida) (only in supported platforms)
 * [r2dec](https://github.com/wargio/r2dec-js)
+* [r2yara](https://github.com/radareorg/r2yara)
 * [r2pipe](https://pypi.org/project/r2pipe/) (for Python)
 
 
diff --git a/README.md b/README.md
index 6b438fd..8848897 100644
--- a/README.md
+++ b/README.md
@@ -11,6 +11,7 @@ The resulting build includes the following projects:
 * [r2ghidra](https://github.com/radareorg/r2ghidra)
 * [r2frida](https://github.com/nowsecure/r2frida) (only in supported platforms)
 * [r2dec](https://github.com/wargio/r2dec-js)
+* [r2yara](https://github.com/radareorg/r2yara)
 
 ## Install the snap
 
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 88d061e..6d621cd 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -23,6 +23,12 @@ RUN apt-get update && \
         python3-venv \
         ninja-build \
         gettext-base \
+        autoconf \
+        automake \
+        bison \
+        flex \
+        libtool \
+        libssl-dev \
         && \
     rm -rf /var/lib/apt/lists/* && \
     python3 -m venv /opt/meson && /opt/meson/bin/pip3 install "meson~=${MESON_VERSION}" && \
@@ -68,11 +74,26 @@ RUN git clone --branch "$R2DEC_VERSION" --recurse-submodules --depth 1 https://g
     meson setup --prefix "$PREFIX" build && \
     ninja -C build install
 
+# Build yara
+ARG YARA_VERSION
+RUN git clone --branch "v$YARA_VERSION" --recurse-submodules --depth 1 https://github.com/VirusTotal/yara.git && \
+    cd yara && \
+    ./bootstrap.sh && \
+    ./configure --prefix="$PREFIX" && \
+    make && make install
+
+# Build r2yara
+ARG R2YARA_VERSION
+RUN git clone --branch "$R2YARA_VERSION" --recurse-submodules --depth 1 https://github.com/radareorg/r2yara.git && \
+    cd r2yara && \
+    ./configure --prefix="$PREFIX" --with-checks-level=0 && \
+    make && make install
+
 # Generate SBOM files
 ARG R2_SNAP_COMMIT
 COPY sbom /usr/src/sbom
 RUN mkdir -p "$PREFIX/share/sbom/"; \
-    SBOMS="radare2-snap radare2 r2ghidra r2dec"; \
+    SBOMS="radare2-snap radare2 r2ghidra r2dec yara r2yara"; \
     [ -n "$FRIDA_ARCH" ] && SBOMS="$SBOMS r2frida"; \
     for c in $SBOMS; do \
         echo "Generate SBOM for $c..."; \
@@ -133,7 +154,12 @@ ARG BUILDKIT_SBOM_SCAN_STAGE=true
 
 # Create non-root user
 RUN apt-get update && \
-    apt-get install -y --no-install-recommends sudo python3-pip python3-setuptools && \
+    apt-get install -y --no-install-recommends \
+        sudo \
+        openssl \
+        python3-pip \
+        python3-setuptools \
+        && \
     rm -rf /var/lib/apt/lists/* && \
     mkdir -p /var/snap/radare2/current /var/snap/radare2/common && \
     useradd -m r2 && \
diff --git a/docker/sbom/r2yara.spdx.json.in b/docker/sbom/r2yara.spdx.json.in
new file mode 100644
index 0000000..8c08437
--- /dev/null
+++ b/docker/sbom/r2yara.spdx.json.in
@@ -0,0 +1,33 @@
+{
+  "SPDXID": "SPDXRef-DOCUMENT",
+  "spdxVersion": "SPDX-2.3",
+  "creationInfo": {
+    "created": "2024-03-07T14:00:00Z",
+    "creators": [ "Organization: radare org" ]
+  },
+  "name": "r2yara",
+  "dataLicense": "CC0-1.0",
+  "documentDescribes": [
+    "SPDXRef-com.github.radareorg-r2ghidra"
+  ],
+  "documentNamespace": "https://github.com/radareorg/radare2-snap/sbom/r2yara-${R2_SNAP_COMMIT}",
+  "packages": [
+    {
+      "SPDXID": "SPDXRef-com.github.radareorg-r2yara",
+      "name": "r2yara",
+      "versionInfo": "${R2YARA_VERSION}",
+      "downloadLocation": "git+https://github.com/radareorg/r2yara#${R2YARA_VERSION}",
+      "filesAnalyzed": false,
+      "licenseDeclared": "LGPL-3.0-only",
+      "supplier": "Organization: radare org",
+      "primaryPackagePurpose": "LIBRARY",
+      "externalRefs": [
+        {
+          "referenceCategory": "PACKAGE-MANAGER",
+          "referenceType": "purl",
+          "referenceLocator": "pkg:github/radareorg/r2yara@${R2YARA_VERSION}"
+        }
+      ]
+    }
+  ]
+}
\ No newline at end of file
diff --git a/docker/sbom/yara.spdx.json.in b/docker/sbom/yara.spdx.json.in
new file mode 100644
index 0000000..ea72ba9
--- /dev/null
+++ b/docker/sbom/yara.spdx.json.in
@@ -0,0 +1,33 @@
+{
+  "SPDXID": "SPDXRef-DOCUMENT",
+  "spdxVersion": "SPDX-2.3",
+  "creationInfo": {
+    "created": "2024-03-07T14:00:00Z",
+    "creators": [ "Organization: radare org" ]
+  },
+  "name": "yara",
+  "dataLicense": "CC0-1.0",
+  "documentDescribes": [
+    "SPDXRef-com.github.virustotal-yara"
+  ],
+  "documentNamespace": "https://github.com/radareorg/radare2-snap/sbom/yara-${R2_SNAP_COMMIT}",
+  "packages": [
+    {
+      "SPDXID": "SPDXRef-com.github.virustotal-yara",
+      "name": "yara",
+      "versionInfo": "${YARA_VERSION}",
+      "downloadLocation": "git+https://github.com/VirusTotal/yara#${YARA_VERSION}",
+      "filesAnalyzed": false,
+      "licenseDeclared": "BSD-3-Clause",
+      "supplier": "Organization: VirusTotal",
+      "primaryPackagePurpose": "LIBRARY",
+      "externalRefs": [
+        {
+          "referenceCategory": "PACKAGE-MANAGER",
+          "referenceType": "purl",
+          "referenceLocator": "pkg:github/VirusTotal/yara@${YARA_VERSION}"
+        }
+      ]
+    }
+  ]
+}
\ No newline at end of file
diff --git a/versions.mk b/versions.mk
index c9438a2..69e7269 100644
--- a/versions.mk
+++ b/versions.mk
@@ -2,3 +2,5 @@ R2_VERSION=5.9.0
 R2GHIDRA_VERSION=5.9.0
 R2FRIDA_VERSION=5.9.0
 R2DEC_VERSION=5.9.0
+YARA_VERSION=4.5.0
+R2YARA_VERSION=1.2.2