Merge pull request #14 from IoT-Inspector/1-cache-compiled-yara-rules

Cache compiled YARA rules
onekey-sec · Nov 23, 2021 · 03d9ec4 · 03d9ec4
2 parents b1bff2e + 414105e
commit 03d9ec4
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/unblob/finder.py b/unblob/finder.py
@@ -1,5 +1,6 @@
+from functools import lru_cache
 from pathlib import Path
-from typing import Dict, Iterable, List
+from typing import Dict, List, Tuple
 
 import yara
 from structlog import get_logger
@@ -18,7 +19,8 @@
 """
 
 
-def _make_yara_rules(handlers: Iterable[Handler]):
+@lru_cache
+def _make_yara_rules(handlers: Tuple[Handler, ...]):
     all_yara_rules = "\n".join(
         _YARA_RULE_TEMPLATE.format(NAME=h.NAME, YARA_RULE=h.YARA_RULE.strip())
         for h in handlers
@@ -31,7 +33,7 @@ def _make_yara_rules(handlers: Iterable[Handler]):
 def search_chunks(
     handlers: Dict[str, Handler], full_path: Path
 ) -> List[YaraMatchResult]:
-    yara_rules = _make_yara_rules(handlers.values())
+    yara_rules = _make_yara_rules(tuple(handlers.values()))
     # YARA uses a memory mapped file internally when given a path
     yara_matches: List[yara.Match] = yara_rules.match(str(full_path), timeout=60)