Class: Yara::Rules
- Inherits:
-
Object
- Object
- Yara::Rules
- Defined in:
- lib/yara.rb,
ext/yara_native/Rules.c
Overview
Encapsulates a Yara context against which you can compile rules and scan inputs.
Instance Method Summary (collapse)
-
- (nil) compile_file(filename, ns = nil)
Compiles rules taken from a file by its filename.
-
- (nil) compile_string(rules_string, ns = nil)
Compiles rules taken from a ruby string.
-
- (Object) current_namespace
String Returns the name of the currently active namespace.
-
- (String) namespaces
Returns the namespaces available in this rules context.
-
- (Yara::Match) scan_file(filename)
Scans a file using the compiled rules supplied with either compile_file or compile_string (or both).
-
- (Yara::Match) scan_string(buf)
Scans a ruby string using the compiled rules supplied with either compile_file or compile_string (or both).
-
- (nil) set_namespace(name)
Sets the current namespace to the given name.
-
- (Object) weight
Fixnum returns a weight value for the compiled rules.
Instance Method Details
- (nil) compile_file(filename, ns = nil)
Compiles rules taken from a file by its filename. This method can be called more than once using multiple rules strings and can be used in combination with compile_file.
To avoid namespace conflicts, you can use set_namespace before compiling rules.
|
|
# File 'ext/yara_native/Rules.c'
VALUE rules_compile_file(int argc, VALUE *argv, VALUE self) {
FILE *file;
char *fname;
YARA_CONTEXT *ctx;
char error_message[256];
NAMESPACE *orig_ns, *ns;
VALUE rb_fname;
VALUE rb_ns;
orig_ns = ns = NULL;
rb_scan_args(argc, argv, "11", &rb_fname, &rb_ns);
Check_Type(rb_fname, T_STRING);
if(rb_ns != Qnil) {
Check_Type(rb_ns, T_STRING);
}
|
- (nil) compile_string(rules_string, ns = nil)
Compiles rules taken from a ruby string. This method can be called more than once using multiple rules strings and can be used in combination with compile_file.
To avoid namespace conflicts, you can set a namespace using the optional 'ns' argument.
|
|
# File 'ext/yara_native/Rules.c'
VALUE rules_compile_string(int argc, VALUE *argv, VALUE self) {
YARA_CONTEXT *ctx;
char *rules;
char error_message[256];
NAMESPACE *orig_ns, *ns;
VALUE rb_rules;
VALUE rb_ns;
orig_ns = ns = NULL;
rb_scan_args(argc, argv, "11", &rb_rules, &rb_ns);
Check_Type(rb_rules, T_STRING);
if (rb_ns != Qnil)
Check_Type(rb_ns, T_STRING);
rules = RSTRING_PTR(rb_rules);
Data_Get_Struct(self, YARA_CONTEXT, ctx);
if((rb_ns != Qnil) && (orig_ns = ctx->current_namespace)) {
orig_ns = ctx->current_namespace;
if (!(ns = find_namespace(ctx, RSTRING_PTR(rb_ns))))
ns = yr_create_namespace(ctx, RSTRING_PTR(rb_ns));
ctx->current_namespace = ns;
}
|
- (Object) current_namespace
String Returns the name of the currently active namespace.
|
|
# File 'ext/yara_native/Rules.c'
VALUE rules_current_namespace(VALUE self) {
YARA_CONTEXT *ctx;
Data_Get_Struct(self, YARA_CONTEXT, ctx);
if(ctx->current_namespace && ctx->current_namespace->name)
return rb_str_new2(ctx->current_namespace->name);
else
return Qnil;
}
|
- (String) namespaces
Returns the namespaces available in this rules context.
|
|
# File 'ext/yara_native/Rules.c'
VALUE rules_namespaces(VALUE self) {
YARA_CONTEXT *ctx;
NAMESPACE *ns;
VALUE ary = rb_ary_new();
Data_Get_Struct(self, YARA_CONTEXT, ctx);
ns = ctx->namespaces;
while(ns && ns->name) {
rb_ary_push(ary, rb_str_new2(ns->name));
ns = ns->next;
}
|
- (Yara::Match) scan_file(filename)
Scans a file using the compiled rules supplied with either compile_file or compile_string (or both).
|
|
# File 'ext/yara_native/Rules.c'
VALUE rules_scan_file(VALUE self, VALUE rb_fname) {
YARA_CONTEXT *ctx;
VALUE results;
unsigned int ret;
char *fname;
Check_Type(rb_fname, T_STRING);
results = rb_ary_new();
Data_Get_Struct(self, YARA_CONTEXT, ctx);
fname = RSTRING_PTR(rb_fname);
ret = yr_scan_file(fname, ctx, scan_callback, &results);
if (ret == ERROR_COULD_NOT_OPEN_FILE)
rb_raise(error_ScanError, "Could not open file: '%s'", fname);
else if (ret != 0)
rb_raise(error_ScanError, "A error occurred while scanning: %s",
((ret > MAX_SCAN_ERROR)? "unknown error" : SCAN_ERRORS[ret]));
return results;
}
|
- (Yara::Match) scan_string(buf)
Scans a ruby string using the compiled rules supplied with either compile_file or compile_string (or both).
|
|
# File 'ext/yara_native/Rules.c'
VALUE rules_scan_string(VALUE self, VALUE rb_dat) {
YARA_CONTEXT *ctx;
VALUE results;
char *buf;
size_t buflen;
int ret;
Check_Type(rb_dat, T_STRING);
buf = RSTRING_PTR(rb_dat);
buflen = RSTRING_LEN(rb_dat);
results = rb_ary_new();
Data_Get_Struct(self, YARA_CONTEXT, ctx);
ret = yr_scan_mem(buf, buflen, ctx, scan_callback, &results);
if (ret != 0)
rb_raise(error_ScanError, "A error occurred while scanning: %s",
((ret > MAX_SCAN_ERROR)? "unknown error" : SCAN_ERRORS[ret]));
return results;
}
|
- (nil) set_namespace(name)
Sets the current namespace to the given name. If the namespace does not yet exist it is added.
To avoid namespace conflicts, you can use set_namespace before compiling rules.
|
|
# File 'ext/yara_native/Rules.c'
VALUE rules_set_namespace(VALUE self, VALUE rb_namespace) {
YARA_CONTEXT *ctx;
NAMESPACE *ns = NULL;
const char *name;
Check_Type(rb_namespace, T_STRING);
name = RSTRING_PTR(rb_namespace);
Data_Get_Struct(self, YARA_CONTEXT, ctx);
if (!(ns = find_namespace(ctx, name)))
ns = yr_create_namespace(ctx, name);
if (ns) {
ctx->current_namespace = ns;
return rb_namespace;
}
|
- (Object) weight
Fixnum returns a weight value for the compiled rules.
|
|
# File 'ext/yara_native/Rules.c' VALUE rules_weight(VALUE self) { YARA_CONTEXT *ctx; Data_Get_Struct(self, YARA_CONTEXT, ctx); return INT2NUM(yr_calculate_rules_weight(ctx)); } |
