recursive macros

app/models/yara_rule.py

@@ -289,11 +289,23 @@ def to_yara_rule_string(yara_dict, include_imports=True):
         return yara_rule_text.encode("utf-8")
 
     @staticmethod
-    def expand_macros(yara_rule_text):
-        all_macros = macros.Macros.get_macros()
+    def expand_macros(yara_rule_text, all_macros=None):
+
+        try:
+            if len(all_macros) == 0:
+                return yara_rule_text
+        except:
+            all_macros = all_macros = macros.Macros.get_macros()
+
         tag_template = cfg_settings.Cfg_settings.get_setting("MACRO_TAG_TEMPLATE")
+
         for m in all_macros:
-            yara_rule_text = yara_rule_text.replace(tag_template % m['tag'], m['value'])
+            if m["tag"] in yara_rule_text:
+                yara_rule_text = yara_rule_text.replace(tag_template % m['tag'], m['value'])
+
+        if any([tag_template % m['tag'] in yara_rule_text for m in all_macros]):
+            return Yara_rule.expand_macros(yara_rule_text, [{"tag": m["tag"], "value": m["value"]} for m in all_macros])
+
         return yara_rule_text
 
     @staticmethod

app/static/views/macros/macros.html

@@ -92,7 +92,7 @@ <h4 class="modal-title" id="myMacroLabel">Edit Macro</h4>
         Macros are used to inject re-usable strings and regexs into signatures. You can use macros in the strings or
         conditions area of the signatures editor. To see what the rule would look like after macro expansion, click on
         the view signature icon on the signatures list page. The current macro tag template
-        is {{ macro_tag_template.value }}. This can be changing the MACRO_TAG_TEMPLATE setting <a
+        is {{ macro_tag_template.value }}. This can be changing the MACRO_TAG_TEMPLATE setting. Macros can be nested. <a
         href="#!/cfg_settings">here</a>
     </div>
     <BR>