Add some docstrings and fixes (#1245)

tomchop · web-flow · commit f64cba0d7873 · 2025-04-14T13:23:41.000+02:00
diff --git a/core/schemas/indicators/yara.py b/core/schemas/indicators/yara.py
@@ -275,18 +275,27 @@ def render_with_overlays(cls, pattern, rule_map, overlays):
         parsed_rules = plyara.Plyara().parse_string(pattern)
         final = ""
         for rule in parsed_rules:
-            db_rule = rule_map.get(rule["rule_name"])
-            if not db_rule:
-                raise ValueError(f"Rule {rule['rule_name']} not found in database.")
-            db_rule.apply_overlays_plyara(overlays, parsed_rule=rule)
-            final += db_rule.pattern
+            rule_from_map = rule_map.get(rule["rule_name"])
+            if not rule_from_map:
+                logger.warning(
+                    f"Rule {rule['rule_name']} not found in map, it might be a dependency. "
+                    "Skipping overlay application."
+                )
+                continue
+            rule_from_map.apply_overlays_plyara(overlays, parsed_rule=rule)
+            final += rule_from_map.pattern
         return final
 
     def apply_overlays_plyara(
         self, overlays: set[str], parsed_rule: dict | None = None
     ):
         """Apply an overlay to a Yara rule.
 
+        Overlays are used to modify the metadata of a Yara rule. The Yara rule's
+        context attribute will be traversed, looking for `source` matching the
+        overlay string. If found, the context key-value pairs will be used to
+        update the Yara rule's metadata section.
+
         Args:
             overlay: The overlays to apply.
             parsed_rule: The parsed rule to apply the overlays to. If not provided
diff --git a/core/web/apiv2/indicators.py b/core/web/apiv2/indicators.py
@@ -66,6 +66,15 @@ class IndicatorTagResponse(BaseModel):
 
 
 class YaraBundleRequest(BaseModel):
+    """Request to generate a YARA bundle from a list of indicators.
+
+    Attributes:
+        ids: List of YARA IDs to include in the bundle.
+        tags: List of tags to include in the bundle.
+        exclude_tags: List of tags to exclude from the bundle.
+        overlays: Set of overlay names to apply to the bundle. Over
+    """
+
     model_config = ConfigDict(extra="forbid")
 
     ids: list[str] = []
