Fix yara

app.py

@@ -65,31 +65,84 @@ async def clone_yara_repo():
         logger.error(f"Error cloning YARA repository: {str(e)}")
         return None
 
+def preprocess_yara_rules(repo_path: Path) -> Path:
+    """Preprocess YARA rules to fix syntax issues"""
+    processed_dir = Path("processed_yara_rules")
+    if processed_dir.exists():
+        shutil.rmtree(processed_dir)
+    processed_dir.mkdir()
+
+    for yara_file in repo_path.glob("**/*.yar"):
+        try:
+            content = yara_file.read_text(encoding='utf-8', errors='replace')
+            
+            # Fix invalid rule names and string identifiers
+            processed_content = []
+            rule_counter = 1
+            string_counter = 1
+            current_rule = None
+            
+            for line in content.split('\n'):
+                # Normalize rule names
+                if line.strip().startswith('rule '):
+                    rule_name = line.split('{')[0].split('rule ')[1].strip()
+                    # Replace invalid characters and ensure unique names
+                    clean_name = rule_name.replace('#', '').replace(' ', '_').replace('-', '_')
+                    clean_name = f"Rule_{rule_counter}_{clean_name}"[:128]
+                    processed_content.append(f"rule {clean_name} {{")
+                    current_rule = clean_name
+                    rule_counter += 1
+                    string_counter = 1
+                # Make string identifiers unique per rule
+                elif '$a_01_' in line and current_rule:
+                    new_id = f"${current_rule}_str_{string_counter}"
+                    line = line.replace('$a_01_', new_id, 1)
+                    string_counter += 1
+                    processed_content.append(line)
+                else:
+                    processed_content.append(line)
+
+            # Save processed file
+            processed_file = processed_dir / yara_file.name
+            processed_file.write_text('\n'.join(processed_content))
+            
+        except Exception as e:
+            logger.warning(f"Error processing {yara_file}: {str(e)}")
+            continue
+
+    return processed_dir
+
 def compile_yara_rules(repo_path: Path) -> Optional[yara.Rules]:
-    """Compile YARA rules from repository"""
+    """Compile YARA rules from repository with error handling"""
     try:
-        yara_files = list(repo_path.glob("**/*.yar"))
+        processed_dir = preprocess_yara_rules(repo_path)
+        yara_files = list(processed_dir.glob("**/*.yar"))
+        
         if not yara_files:
-            logger.warning("No YARA files found in repository")
+            logger.warning("No valid YARA files after preprocessing")
             return None
 
-        logger.info(f"Found {len(yara_files)} YARA files, compiling rules")
+        logger.info(f"Compiling {len(yara_files)} processed YARA files")
         rules = {}
         
         for yara_file in yara_files:
             try:
-                rules[str(yara_file)] = str(yara_file)
+                # Use namespace based on file path to avoid conflicts
+                namespace = str(yara_file.relative_to(processed_dir)).replace('/', '_')
+                rules[namespace] = str(yara_file)
             except Exception as e:
-                logger.warning(f"Error processing {yara_file}: {str(e)}")
+                logger.warning(f"Error adding {yara_file}: {str(e)}")
 
-        return yara.compile(filepaths=rules)
-    
-    except yara.SyntaxError as e:
-        logger.error(f"YARA syntax error: {str(e)}")
+        # Compile with error handling
+        try:
+            return yara.compile(filepaths=rules, error_on_warning=False)
+        except yara.SyntaxError as e:
+            logger.error(f"YARA syntax error in processed rules: {str(e)}")
+            return None
+            
     except Exception as e:
         logger.error(f"Error compiling YARA rules: {str(e)}")
-    
-    return None
+        return None
 
 @asynccontextmanager
 async def lifespan(app: FastAPI):