Update yara rules

Signed-off-by: ziad hany <ziadhany2016@gmail.com>

Author: ziadhany

vulnerabilities/pipelines/v2_improvers/yara_rules.py

@@ -21,7 +21,10 @@
 
 class YaraRulesImproverPipeline(VulnerableCodePipeline):
     repo_url = None
-    rglob_patterns = ["**/*.yml"]
+    rglob_patterns = [
+        "**/*.yara",
+        "**/*.yar",
+    ]
 
     @classmethod
     def steps(cls):
@@ -98,121 +101,167 @@ def on_failure(self):
 
 
 class ProtectionsArtifactsYara(YaraRulesImproverPipeline):
-    repo_urls = "https://github.com/elastic/protections-artifacts"
-    license_urls = "https://github.com/elastic/protections-artifacts/blob/main/LICENSE.txt"
+    pipeline_id = "elastic-protections-artifacts"
+    repo_url = "https://github.com/elastic/protections-artifacts"
+    license_url = "https://github.com/elastic/protections-artifacts/blob/main/LICENSE.txt"
+    rglob_patterns = ["yara/rules/**/*.yar"]
 
 class YaraRulesYara(YaraRulesImproverPipeline):
-    repo_urls = "https://github.com/Yara-Rules/rules"
-    license_urls = "https://github.com/Yara-Rules/rules/blob/master/LICENSE"
+    pipeline_id = "yara-rules-rules"
+    repo_url = "https://github.com/Yara-Rules/rules"
+    license_url = "https://github.com/Yara-Rules/rules/blob/master/LICENSE"
+    rglob_patterns = [
+        "antidebug_antivm/**/*.yar",
+        "capabilities/**/*.yar",
+        "crypto/**/*.yar",
+        "cve_rules/**/*.yar",
+        "deprecated/**/*.yar",
+        "email/**/*.yar",
+        "exploit_kits/**/*.yar",
+        "maldocs/**/*.yar",
+        "malware/**/*.yar",
+        "mobile_malware/**/*.yar",
+        "packers/**/*.yar",
+        "utils/**/*.yar",
+        "webshells/**/*.yar",
+    ]
 
 class XumeiquerForensicsYara(YaraRulesImproverPipeline):
-    repo_urls = "https://github.com/Xumeiquer/yara-forensics"
-    license_urls = "https://github.com/Xumeiquer/yara-forensics/blob/master/LICENSE"
+    pipeline_id = "xumeiquer-yara-forensics"
+    repo_url = "https://github.com/Xumeiquer/yara-forensics"
+    license_url = "https://github.com/Xumeiquer/yara-forensics/blob/master/LICENSE"
 
 class ReversinglabsYaraRules(YaraRulesImproverPipeline):
-    repo_urls = "https://github.com/reversinglabs/reversinglabs-yara-rules"
-    license_urls = "https://github.com/reversinglabs/reversinglabs-yara-rules/blob/develop/LICENSE"
+    pipeline_id = "reversinglabs-yara-rules"
+    repo_url = "https://github.com/reversinglabs/reversinglabs-yara-rules"
+    license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules/blob/develop/LICENSE"
 
 class AdvancedThreatResearchYara(YaraRulesImproverPipeline):
-    repo_urls = "https://github.com/advanced-threat-research/Yara-Rules"
-    license_urls = "https://github.com/advanced-threat-research/Yara-Rules/blob/master/LICENSE"
+    pipeline_id = "advanced-threat-research-yara-rules"
+    repo_url = "https://github.com/advanced-threat-research/Yara-Rules"
+    license_url = "https://github.com/advanced-threat-research/Yara-Rules/blob/master/LICENSE"
 
 class BartblazeYaraRules(YaraRulesImproverPipeline):
-    repo_urls = "https://github.com/bartblaze/Yara-rules"
-    license_urls = "https://github.com/bartblaze/Yara-rules/blob/master/LICENSE"
+    pipeline_id = "bartblaze-yara-rules"
+    repo_url = "https://github.com/bartblaze/Yara-rules"
+    license_url = "https://github.com/bartblaze/Yara-rules/blob/master/LICENSE"
 
 class GodaddyYaraRules(YaraRulesImproverPipeline):
-    repo_urls = "https://github.com/godaddy/yara-rules"  # archived
-    license_urls = "https://github.com/godaddy/yara-rules/blob/master/LICENSE.md"
+    pipeline_id = "godaddy-yara-rules"
+    repo_url = "https://github.com/godaddy/yara-rules"  # archived
+    license_url = "https://github.com/godaddy/yara-rules/blob/master/LICENSE.md"
 
 class SupportIntelligenceIcewaterYara(YaraRulesImproverPipeline):
-    repo_urls = "https://github.com/SupportIntelligence/Icewater"
-    license_urls = "https://github.com/SupportIntelligence/Icewater/blob/master/LICENSE"
+    pipeline_id = "supportintelligence-icewater"
+    repo_url = "https://github.com/SupportIntelligence/Icewater"
+    license_url = "https://github.com/SupportIntelligence/Icewater/blob/master/LICENSE"
 
 class Jeff0FalltradesSignaturesYara(YaraRulesImproverPipeline):
-    repo_urls = "https://github.com/jeFF0Falltrades/YARA-Signatures"
-    license_urls = "https://github.com/jeFF0Falltrades/YARA-Signatures/blob/master/LICENSE.md"
+    pipeline_id = "jeff0falltrades-yara-signatures"
+    repo_url = "https://github.com/jeFF0Falltrades/YARA-Signatures"
+    license_url = "https://github.com/jeFF0Falltrades/YARA-Signatures/blob/master/LICENSE.md"
 
 class TjnelRepoYara(YaraRulesImproverPipeline):
-    repo_urls = "https://github.com/tjnel/yara_repo"
-    license_urls = "https://github.com/tjnel/yara_repo/blob/master/LICENSE"
+    pipeline_id = "tjnel-yara-repo"
+    repo_url = "https://github.com/tjnel/yara_repo"
+    license_url = "https://github.com/tjnel/yara_repo/blob/master/LICENSE"
 
 class JpcertccJpcertYara(YaraRulesImproverPipeline):
-    repo_urls = "https://github.com/JPCERTCC/jpcert-yara"
-    license_urls = "https://github.com/JPCERTCC/jpcert-yara/blob/main/LICENSE"
+    pipeline_id = "jpcertcc-jpcert-yara"
+    repo_url = "https://github.com/JPCERTCC/jpcert-yara"
+    license_url = "https://github.com/JPCERTCC/jpcert-yara/blob/main/LICENSE"
 
 class MikesxrsOpenSourceYaraRules(YaraRulesImproverPipeline):
-    repo_urls = "https://github.com/mikesxrs/Open-Source-YARA-rules"
-    license_urls = None
+    pipeline_id = "mikesxrs-open-source-yara-rules"
+    repo_url = "https://github.com/mikesxrs/Open-Source-YARA-rules"
+    license_url = None
 
 class FboldewinYaraRules(YaraRulesImproverPipeline):
-    repo_urls = "https://github.com/fboldewin/YARA-rules"
-    license_urls = None
+    pipeline_id = "fboldewin-yara-rules"
+    repo_url = "https://github.com/fboldewin/YARA-rules"
+    license_url = None
 
 class H3x2bYaraRules(YaraRulesImproverPipeline):
-    repo_urls = "https://github.com/h3x2b/yara-rules"
-    license_urls = None
+    pipeline_id = "h3x2b-yara-rules"
+    repo_url = "https://github.com/h3x2b/yara-rules"
+    license_url = None
 
 class RoadwyDefenderYara(YaraRulesImproverPipeline):
-    repo_urls = "https://github.com/roadwy/DefenderYara"
-    license_urls = None
+    pipeline_id = "roadwy-defenderyara"
+    repo_url = "https://github.com/roadwy/DefenderYara"
+    license_url = None
 
 class MthchtThreatHuntingKeywordsYara(YaraRulesImproverPipeline):
-    repo_urls = "https://github.com/mthcht/ThreatHunting-Keywords-yara-rules"
-    license_urls = "https://github.com/mthcht/ThreatHunting-Keywords-yara-rules/blob/main/LICENSE"
+    pipeline_id = "mthcht-threathunting-keywords-yara-rules"
+    repo_url = "https://github.com/mthcht/ThreatHunting-Keywords-yara-rules"
+    license_url = "https://github.com/mthcht/ThreatHunting-Keywords-yara-rules/blob/main/LICENSE"
 
 class Neo23x0SignatureBaseYara(YaraRulesImproverPipeline):
-    repo_urls = "https://github.com/Neo23x0/signature-base"
-    license_urls = None
+    pipeline_id = "neo23x0-signature-base"
+    repo_url = "https://github.com/Neo23x0/signature-base"
+    license_url = None
 
 class MalpediaSignatorRulesYara(YaraRulesImproverPipeline):
-    repo_urls = "https://github.com/malpedia/signator-rules"
-    license_urls = "https://creativecommons.org/licenses/by-sa/4.0/"
+    pipeline_id = "malpedia-signator-rules"
+    repo_url = "https://github.com/malpedia/signator-rules"
+    license_url = "https://creativecommons.org/licenses/by-sa/4.0/"
 
 class BaderjYara(YaraRulesImproverPipeline):
-    repo_urls = "https://github.com/baderj/yara"
-    license_urls = "https://github.com/baderj/yara/blob/main/LICENSE"
+    pipeline_id = "baderj-yara"
+    repo_url = "https://github.com/baderj/yara"
+    license_url = "https://github.com/baderj/yara/blob/main/LICENSE"
 
 class DeadbitsYaraRules(YaraRulesImproverPipeline):
-    repo_urls = "https://github.com/deadbits/yara-rules"
-    license_urls = "https://github.com/deadbits/yara-rules/blob/master/UNLICENSE"
+    pipeline_id = "deadbits-yara-rules"
+    repo_url = "https://github.com/deadbits/yara-rules"
+    license_url = "https://github.com/deadbits/yara-rules/blob/master/UNLICENSE"
 
 class PmelsonYaraRules(YaraRulesImproverPipeline):
-    repo_urls = "https://github.com/pmelson/yara_rules"
-    license_urls = None
+    pipeline_id = "pmelson-yara-rules"
+    repo_url = "https://github.com/pmelson/yara_rules"
+    license_url = None
 
 class SbousseadenYaraHunts(YaraRulesImproverPipeline):
-    repo_urls = "https://github.com/sbousseaden/YaraHunts"
-    license_urls = None
+    pipeline_id = "sbousseaden-yarahunts"
+    repo_url = "https://github.com/sbousseaden/YaraHunts"
+    license_url = None
 
 class EmbeeResearchYaraRules(YaraRulesImproverPipeline):
-    repo_urls = "https://github.com/embee-research/Yara-detection-rules"
-    license_urls = "https://github.com/embee-research/Yara-detection-rules/tree/main?tab=readme-ov-file#detection-rule-license-drl-11"
+    pipeline_id = "embee-research-yara-detection-rules"
+    repo_url = "https://github.com/embee-research/Yara-detection-rules"
+    license_url = "https://github.com/embee-research/Yara-detection-rules/tree/main?tab=readme-ov-file#detection-rule-license-drl-11"
 
 class RussianPanda95YaraRules(YaraRulesImproverPipeline):
-    repo_urls = "https://github.com/RussianPanda95/Yara-Rules"
-    license_urls = None
+    pipeline_id = "russianpanda95-yara-rules"
+    repo_url = "https://github.com/RussianPanda95/Yara-Rules"
+    license_url = None
 
 class AilProjectAilYaraRules(YaraRulesImproverPipeline):
-    repo_urls = "https://github.com/ail-project/ail-yara-rules"
-    license_urls = "https://github.com/ail-project/ail-yara-rules?tab=AGPL-3.0-1-ov-file"
+    pipeline_id = "ail-project-ail-yara-rules"
+    repo_url = "https://github.com/ail-project/ail-yara-rules"
+    license_url = "https://github.com/ail-project/ail-yara-rules?tab=AGPL-3.0-1-ov-file"
 
 class MalgamyYaraRules(YaraRulesImproverPipeline):
-    repo_urls = "https://github.com/MalGamy/YARA_Rules"
-    license_urls = "https://github.com/MalGamy/YARA_Rules/blob/main/LICENSE.md"
+    pipeline_id = "malgamy-yara-rules"
+    repo_url = "https://github.com/MalGamy/YARA_Rules"
+    license_url = "https://github.com/MalGamy/YARA_Rules/blob/main/LICENSE.md"
 
 class ElceefYaraRulz(YaraRulesImproverPipeline):
-    repo_urls = "https://github.com/elceef/yara-rulz"
-    license_urls = "https://github.com/elceef/yara-rulz/tree/main?tab=MIT-1-ov-file"
+    pipeline_id = "elceef-yara-rulz"
+    repo_url = "https://github.com/elceef/yara-rulz"
+    license_url = "https://github.com/elceef/yara-rulz/tree/main?tab=MIT-1-ov-file"
 
 class TenableYaraRules(YaraRulesImproverPipeline):
-    repo_urls = "https://github.com/tenable/yara-rules"
-    license_urls = "https://github.com/tenable/yara-rules/tree/master?tab=BSD-3-Clause-1-ov-file"
+    pipeline_id = "tenable-yara-rules"
+    repo_url = "https://github.com/tenable/yara-rules"
+    license_url = "https://github.com/tenable/yara-rules/tree/master?tab=BSD-3-Clause-1-ov-file"
 
 class Dr4k0niaYaraRules(YaraRulesImproverPipeline):
-    repo_urls = "https://github.com/dr4k0nia/yara-rules"
-    license_urls = "https://github.com/dr4k0nia/yara-rules/blob/main/LICENSE.md"
+    pipeline_id = "dr4k0nia-yara-rules"
+    repo_url = "https://github.com/dr4k0nia/yara-rules"
+    license_url = "https://github.com/dr4k0nia/yara-rules/blob/main/LICENSE.md"
 
 class Umair9747YaraRules(YaraRulesImproverPipeline):
-    repo_urls = "https://github.com/umair9747/yara-rules"
-    license_urls = "https://github.com/umair9747/yara-rules?tab=GPL-3.0-1-ov-file"
+    pipeline_id = "umair9747-yara-rules"
+    repo_url = "https://github.com/umair9747/yara-rules"
+    license_url = "https://github.com/umair9747/yara-rules?tab=GPL-3.0-1-ov-file"