From fd8625d0ec53aeeae594564f05548dc7ae855a9f Mon Sep 17 00:00:00 2001 From: Matt Moore Date: Sat, 30 Mar 2024 18:16:43 -0700 Subject: [PATCH] Add a `yara` image. (#2418) Signed-off-by: Matt Moore --- images/yara/README.md | 36 +++++++++++++++++++++++++++ images/yara/config/main.tf | 19 ++++++++++++++ images/yara/config/template.apko.yaml | 15 +++++++++++ images/yara/main.tf | 36 +++++++++++++++++++++++++++ images/yara/metadata.yaml | 13 ++++++++++ images/yara/tests/main.tf | 21 ++++++++++++++++ images/yara/tests/test-yar.sh | 6 +++++ images/yara/tests/test.yar | 6 +++++ main.tf | 5 ++++ 9 files changed, 157 insertions(+) create mode 100644 images/yara/README.md create mode 100644 images/yara/config/main.tf create mode 100644 images/yara/config/template.apko.yaml create mode 100644 images/yara/main.tf create mode 100644 images/yara/metadata.yaml create mode 100644 images/yara/tests/main.tf create mode 100755 images/yara/tests/test-yar.sh create mode 100644 images/yara/tests/test.yar diff --git a/images/yara/README.md b/images/yara/README.md new file mode 100644 index 0000000000..5e68f99542 --- /dev/null +++ b/images/yara/README.md @@ -0,0 +1,36 @@ + +# yara +| | | +| - | - | +| **OCI Reference** | `cgr.dev/chainguard/yara` | + + +* [View Image in Chainguard Academy](https://edu.chainguard.dev/chainguard/chainguard-images/reference/yara/overview/) +* [View Image Catalog](https://console.enforce.dev/images/catalog) for a full list of available tags. +* [Contact Chainguard](https://www.chainguard.dev/chainguard-images) for enterprise support, SLAs, and access to older tags.* + +--- + + + +The pattern matching swiss knife. + + + +## Download this Image +The image is available on `cgr.dev`: + +``` +docker pull cgr.dev/chainguard/yara:latest +``` + + + +## Usage + +Inspect the crane image manifest using the crane image: + +``` +docker run --rm cgr.dev/chainguard/crane:latest manifest cgr.dev/chainguard/crane:latest --platform=linux/amd64 +``` + diff --git a/images/yara/config/main.tf b/images/yara/config/main.tf new file mode 100644 index 0000000000..90a40afa8f --- /dev/null +++ b/images/yara/config/main.tf @@ -0,0 +1,19 @@ +terraform { + required_providers { + apko = { source = "chainguard-dev/apko" } + } +} + +variable "extra_packages" { + description = "The additional packages to install (e.g. yara)." + default = ["yara"] +} + +data "apko_config" "this" { + config_contents = file("${path.module}/template.apko.yaml") + extra_packages = var.extra_packages +} + +output "config" { + value = jsonencode(data.apko_config.this.config) +} diff --git a/images/yara/config/template.apko.yaml b/images/yara/config/template.apko.yaml new file mode 100644 index 0000000000..7233debca9 --- /dev/null +++ b/images/yara/config/template.apko.yaml @@ -0,0 +1,15 @@ +contents: + packages: [] + +accounts: + groups: + - groupname: nonroot + gid: 65532 + users: + - username: nonroot + uid: 65532 + gid: 65532 + run-as: 65532 + +entrypoint: + command: /usr/bin/yara diff --git a/images/yara/main.tf b/images/yara/main.tf new file mode 100644 index 0000000000..088f646469 --- /dev/null +++ b/images/yara/main.tf @@ -0,0 +1,36 @@ +terraform { + required_providers { + oci = { source = "chainguard-dev/oci" } + } +} + +variable "target_repository" { + description = "The docker repo into which the image and attestations should be published." +} + +module "latest-config" { source = "./config" } + +module "latest" { + source = "../../tflib/publisher" + name = basename(path.module) + target_repository = var.target_repository + config = module.latest-config.config + build-dev = true +} + +module "test-latest" { + source = "./tests" + digest = module.latest.image_ref +} + +resource "oci_tag" "latest" { + depends_on = [module.test-latest] + digest_ref = module.latest.image_ref + tag = "latest" +} + +resource "oci_tag" "latest-dev" { + depends_on = [module.test-latest] + digest_ref = module.latest.dev_ref + tag = "latest-dev" +} diff --git a/images/yara/metadata.yaml b/images/yara/metadata.yaml new file mode 100644 index 0000000000..e07cdd678a --- /dev/null +++ b/images/yara/metadata.yaml @@ -0,0 +1,13 @@ +name: yara +image: cgr.dev/chainguard/yara +logo: https://github.com/VirusTotal.png +endoflife: "" +console_summary: "" +short_description: The pattern matching swiss knife. +compatibility_notes: "" +readme_file: README.md +upstream_url: https://github.com/VirusTotal/yara +keywords: + - security + - yara + - malware diff --git a/images/yara/tests/main.tf b/images/yara/tests/main.tf new file mode 100644 index 0000000000..8774a3e625 --- /dev/null +++ b/images/yara/tests/main.tf @@ -0,0 +1,21 @@ +terraform { + required_providers { + oci = { source = "chainguard-dev/oci" } + } +} + +variable "digest" { + description = "The image digest to run tests over." +} + +data "oci_exec_test" "version" { + digest = var.digest + script = "docker run --rm $IMAGE_NAME --version" +} + +data "oci_exec_test" "test-yar" { + digest = var.digest + script = "./test-yar.sh" + + working_dir = path.module +} diff --git a/images/yara/tests/test-yar.sh b/images/yara/tests/test-yar.sh new file mode 100755 index 0000000000..2f3415595c --- /dev/null +++ b/images/yara/tests/test-yar.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env bash + +set -o errexit -o nounset -o errtrace -o pipefail -x + +# Grep checks for the expected output +docker run --rm -v "${PWD}:/work" -w /work "${IMAGE_NAME}" test.yar /usr/bin/yara | grep test_rule | grep /usr/bin/yara diff --git a/images/yara/tests/test.yar b/images/yara/tests/test.yar new file mode 100644 index 0000000000..a0cd17316f --- /dev/null +++ b/images/yara/tests/test.yar @@ -0,0 +1,6 @@ +rule test_rule { + strings: + $a = "yr_scanner_create" + condition: + $a +} diff --git a/main.tf b/main.tf index 77b599d69b..395f893248 100644 --- a/main.tf +++ b/main.tf @@ -1508,6 +1508,11 @@ module "wolfi-base" { target_repository = "${var.target_repository}/wolfi-base" } +module "yara" { + source = "./images/yara" + target_repository = "${var.target_repository}/yara" +} + module "zig" { source = "./images/zig" target_repository = "${var.target_repository}/zig"