Cccs-yara

**NEW FEATURES**

- Added the -st flag to the yara_validator_cli.py. This causes the cli to return a exit code 49 for warnings.
- Added a validity check with the yara-python library
- Added the -m flag to the yara_validator_cli.py. This flag overrides the check for modules that have not been imported.

**CHANGES**

- Updating the MITRE ATT&CK submodule to the version 8.2
- Added yara-python>=4.0.2 to the requirements.txt file

**BUG FIXES**

- A couple of bug fixes related to the new yara-python validity check, these bugs resulted in rules that should be valid getting marked invalid
- Fixed a bug that caused yara_file_processor.py to exit with an error if a string was passed instead of a Path object.
- Fixed a bug that would cause lines with only space or tab characters to double on each pass with the -i flag.

**NEW FEATURES**

- Automatic generation of mitre_att software ids for malware or tool names found in the MITRE ATT&CK database

**CHANGES**

- Updating the MITRE ATT&CK submodule to the latest released version

**BUG FIXES**

- None

**NEW FEATURES**

- None

**CHANGES**

- changed the error message for missing metadata that could have been generated
- "⚙️ Missing metadata that could have been generated with the -i or -c flag for the cli"

- changed the default behaviour of the cli
- a rule now returns invalid if it is missing the 'id', 'fingerprint', 'version', 'first_imported' or 'last_modified' metadata
- see PR https://github.com/CybercentreCanada/CCCS-Yara/pull/34 for details on the reason behind this

**BUG FIXES**

- None

**NEW FEATURES**

- Leading white space standardization
- ensures the leading white space in validated rules are the same, by default converts and '\t' characters to four ' ' characters
- this is a configurable behavior in validator_cfg.yml

**CHANGES**

- changed minimum_yara to yara_version:
- fixes a compatibility issue

**BUG FIXES**

- None

**NEW FEATURES**

- None

**CHANGES**

- changed the canonical order of the metadata:
- moved reference from between source and author to between report and hash

**BUG FIXES**

- None

**NEW FEATURES**

- handling multi-rule YARA files via a new yara_file_processor.py library
- string_encoding: allow of ASCII, UTF-8 or any encoding configured in: validator_cfg.yml: Default utf-8.
- added -g to yara_validator_cli.py: suppresses the generation of id, fingerprint, version, first_imported or last_modified and will return invalid of those fields are missing.

**CHANGES**

- malvidin's pull request 18 and 24 have been merged in. Including many of the stylistic changes:
- strips down the requirements.txt so that it no longer includes the items that will be installed when stix2 is installed
- renames the cfg folder to stix2_patch
- BitsOfBinary made the suggestion of a yara_version optional metadata entry in pull request 29.
- incorporated as "minimum_yara" using the existing valid_version()
- more permissive values allowed for the value of info|exploit|technique|tool|malware (any non-lowercase UTF-8 characters 28 )
- more permissive author values (include special characters, eg. , %)

**BUG FIXES**

- fixed the entry for source in CCCS-YARA.yml, when source = "OPENSOURCE" a reference must be provided