Skip to content

fix: update YARAify URL in FREE_TO_USE_ANALYZERS playbook #3163

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
YadavAkhileshh wants to merge 2 commits into
base: develop
Choose a base branch
from
Open

fix: update YARAify URL in FREE_TO_USE_ANALYZERS playbook #3163

YadavAkhileshh wants to merge 2 commits into from

Conversation

@YadavAkhileshh
Copy link

@YadavAkhileshh YadavAkhileshh commented Jan 5, 2026

Description

This PR updates the YARAify download URL in the FREE_TO_USE_ANALYZERS playbook configuration to use the new yarahub endpoint as announced by abuse.ch.

Fixes #3140

Changes made:

  • Updated YARAify URL from the deprecated API endpoint to the new yarahub endpoint
  • Created a new migration to apply this configuration update
  • Included reverse migration for rollback capability

This ensures users can continue downloading the latest YARA rules from YARAify without interruption.

Type of change

  • Bug fix (non-breaking change which fixes an issue).

Checklist

  • I have read and understood the rules about how to Contribute to this project
  • The pull request is for the branch develop
  • A new plugin (analyzer, connector, visualizer, playbook, pivot or ingestor) was added or changed, in which case:
    • I strictly followed the documentation "How to create a Plugin"
    • Usage file was updated.
    • Advanced-Usage was updated.
    • I have dumped the configuration from Django Admin using the dumpplugin command and added it in the project as a data migration.
    • If a File analyzer was added and it supports a mimetype which is not already supported, you added a sample of that type inside the archive test_files.zip.
    • If you created a new analyzer and it is free, please add it in the FREE_TO_USE_ANALYZERS playbook.
    • Check if it could make sense to add that analyzer/connector to other freely available playbooks.
    • I have provided the resulting raw JSON of a finished analysis and a screenshot of the results.
    • If the plugin interacts with an external service, I have created an attribute called precisely url.
    • If the plugin requires mocked testing, _monkeypatch() was used in its class.
    • I have added that raw JSON sample to the MockUpResponse of the _monkeypatch() method.
    • I have created the corresponding DataModel for the new analyzer.
  • I have inserted the copyright banner at the start of the file
  • Please avoid adding new libraries as requirements whenever it is possible.
  • If external libraries/packages with restrictive licenses were added, they were added in the Legal Notice section.
  • Linters (Black, Flake, Isort) gave 0 errors.
  • I have added tests for the feature/bug I solved (see tests folder).
  • If the GUI has been modified:
    • I have provided a screenshot of the result in the PR.
    • I have created new frontend tests for the new component or updated existing ones.
  • After you had submitted the PR, if DeepSource, Django Doctors or other third-party linters have triggered any alerts during the CI checks, I have solved those alerts.

mlodic
mlodic reviewed Jan 6, 2026
View reviewed changes
api_app/playbooks_manager/migrations/0060_update_yaraify_url_free_to_use.py Outdated

# Update the YARAify URL to the new yarahub endpoint
if "analyzers" in pc.runtime_configuration:
if "Yara" in pc.runtime_configuration["analyzers"]:
Copy link
Member

@mlodic mlodic Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please check deepsource failures, that suggest to optimize this code.

Copy link
Member

@mlodic mlodic Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also, instead of a lot of if, you can just use .get() and have fewer lines

mlodic
mlodic reviewed Jan 6, 2026
View reviewed changes
api_app/playbooks_manager/migrations/0060_update_yaraify_url_free_to_use.py
repositories[index] = new_url

pc.full_clean()
pc.save()
Copy link
Member

@mlodic mlodic Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please provide a screenshot of the plugin section showing the correct data in the GUI

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mlodic mlodic mlodic left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@YadavAkhileshh @mlodic