Update yara to 4.2.3 and fix output reading 0 matches

package-lock.json

@@ -52,7 +52,7 @@
         "jsrsasign": "^10.5.23",
         "kbpgp": "2.1.15",
         "libbzip2-wasm": "0.0.4",
-        "libyara-wasm": "^1.1.0",
+        "libyara-wasm": "^1.2.0",
         "lodash": "^4.17.21",
         "loglevel": "^1.8.0",
         "loglevel-message-prefix": "^3.0.0",
@@ -9152,9 +9152,9 @@
       "integrity": "sha512-RqscTx95+RTKhFAyjedsboR0Lmo3zd8//EuRwQXkdWmsCwYlzarVRaiYg6kS1O8m10MCQkGdrnlK9L4eAmZUwA=="
     },
     "node_modules/libyara-wasm": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/libyara-wasm/-/libyara-wasm-1.1.0.tgz",
-      "integrity": "sha512-MI2C4v8JxPN46l3VPWK66HApLPO4rx7n4rGioaSOfbIZikTJIuvI+eRPPnW3K2BXzrOHYj5sMl/RoLlKbXtiLw=="
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/libyara-wasm/-/libyara-wasm-1.2.0.tgz",
+      "integrity": "sha512-Dx6lnwy/JIuYSAhLcRBqdNBOzzrFoCcthmIuiNHi89P3fObXAxQYajWxOv3OFjXfIyTLr8mqSUSiyzfonbQoXg=="
     },
     "node_modules/lie": {
       "version": "3.3.0",
@@ -21198,9 +21198,9 @@
       "integrity": "sha512-RqscTx95+RTKhFAyjedsboR0Lmo3zd8//EuRwQXkdWmsCwYlzarVRaiYg6kS1O8m10MCQkGdrnlK9L4eAmZUwA=="
     },
     "libyara-wasm": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/libyara-wasm/-/libyara-wasm-1.1.0.tgz",
-      "integrity": "sha512-MI2C4v8JxPN46l3VPWK66HApLPO4rx7n4rGioaSOfbIZikTJIuvI+eRPPnW3K2BXzrOHYj5sMl/RoLlKbXtiLw=="
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/libyara-wasm/-/libyara-wasm-1.2.0.tgz",
+      "integrity": "sha512-Dx6lnwy/JIuYSAhLcRBqdNBOzzrFoCcthmIuiNHi89P3fObXAxQYajWxOv3OFjXfIyTLr8mqSUSiyzfonbQoXg=="
     },
     "lie": {
       "version": "3.3.0",

package.json

@@ -128,7 +128,7 @@
     "jsrsasign": "^10.5.23",
     "kbpgp": "2.1.15",
     "libbzip2-wasm": "0.0.4",
-    "libyara-wasm": "^1.1.0",
+    "libyara-wasm": "^1.2.0",
     "lodash": "^4.17.21",
     "loglevel": "^1.8.0",
     "loglevel-message-prefix": "^3.0.0",

src/core/operations/YARARules.mjs

@@ -100,7 +100,7 @@ class YARARules extends Operation {
                         }
                         meta = meta.slice(0, -2) + "]";
                     }
-                    const countString = showCounts ? `${matches.size()} time${matches.size() > 1 ? "s" : ""}` : "";
+                    const countString = matches.size() === 0 ? "" : (showCounts ? `${matches.size()} time${matches.size() > 1 ? "s" : ""}` : "");
                     if (matches.size() === 0 || !(showStrings || showLengths)) {
                         matchString += `Input matches rule "${rule.ruleName}"${meta}${countString.length > 0 ? ` ${countString}`: ""}.\n`;
                     } else {

tests/operations/tests/YARA.mjs

@@ -20,5 +20,28 @@ TestRegister.addTests([
             }
         ],
     },
+    {
+        name: "YARA Match: hashing rules",
+        input: "Hello World!",
+        expectedOutput: "Input matches rule \"HelloWorldMD5\".\nInput matches rule \"HelloWorldSHA256\".\n",
+        recipeConfig: [
+            {
+                "op": "YARA Rules",
+                "args": [
+                    `import "hash"
+                    rule HelloWorldMD5 {
+                        condition:
+                            hash.md5(0,filesize) == "ed076287532e86365e841e92bfc50d8c"
+                    }
+
+                    rule HelloWorldSHA256 {
+                        condition:
+                            hash.sha256(0,filesize) == "7f83b1657ff1fc53b92dc18148a1d65dfc2d4b1fa3d677284addd200126d9069"
+                    }`,
+                    true, true, true, true
+                ],
+            }
+        ],
+    },
 ]);
 

webpack.config.js

@@ -109,7 +109,8 @@ module.exports = {
             "buffer": require.resolve("buffer/"),
             "crypto": require.resolve("crypto-browserify"),
             "stream": require.resolve("stream-browserify"),
-            "zlib": require.resolve("browserify-zlib")
+            "zlib": require.resolve("browserify-zlib"),
+            "process": false
         }
     },
     module: {