Class: Yara::Rules
- Inherits:
-
Object
- Object
- Yara::Rules
- Defined in:
- ext/yara_native/Rules.c,
lib/yara.rb,
ext/yara_native/Rules.c
Overview
Encapsulates a Yara context against which you can compile rules and scan inputs.
Instance Method Summary collapse
-
#compile_file(filename, ns = nil) ⇒ nil
Compiles rules taken from a file by its filename.
-
#compile_string(rules_string, ns = nil) ⇒ nil
Compiles rules taken from a ruby string.
-
#current_namespace ⇒ String
String Returns the name of the currently active namespace.
-
#namespaces ⇒ Array
Returns the namespaces available in this rules context.
-
#scan_file(filename) ⇒ Array
Scans a file using the compiled rules supplied with either compile_file or compile_string (or both).
-
#scan_string(buf) ⇒ Array
Scans a ruby string using the compiled rules supplied with either compile_file or compile_string (or both).
-
#set_namespace(name) ⇒ nil
Sets the current namespace to the given name.
-
#weight ⇒ Fixnum
Fixnum returns a weight value for the compiled rules.
Instance Method Details
#compile_file(filename, ns = nil) ⇒ nil
Compiles rules taken from a file by its filename. This method can be called more than once using multiple rules strings and can be used in combination with compile_file.
To avoid namespace conflicts, you can use set_namespace before compiling rules.
70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 |
# File 'ext/yara_native/Rules.c', line 70
VALUE rules_compile_file(int argc, VALUE *argv, VALUE self) {
FILE *file;
char *fname;
YARA_CONTEXT *ctx;
char error_message[256];
NAMESPACE *orig_ns, *ns;
VALUE rb_fname;
VALUE rb_ns;
orig_ns = ns = NULL;
rb_scan_args(argc, argv, "11", &rb_fname, &rb_ns);
Check_Type(rb_fname, T_STRING);
if(rb_ns != Qnil) {
Check_Type(rb_ns, T_STRING);
}
fname = RSTRING_PTR(rb_fname);
if( !(file=fopen(fname, "r")) ) {
rb_raise(error_CompileError, "No such file: %s", fname);
} else {
Data_Get_Struct(self, YARA_CONTEXT, ctx);
if((rb_ns != Qnil) && (orig_ns = ctx->current_namespace)) {
if (!(ns = find_namespace(ctx, RSTRING_PTR(rb_ns))))
ns = yr_create_namespace(ctx, RSTRING_PTR(rb_ns));
ctx->current_namespace = ns;
}
if( yr_compile_file(file, ctx) != 0 ) {
yr_get_error_message(ctx, error_message, sizeof(error_message));
fclose(file);
rb_raise(error_CompileError, "Syntax Error - %s(%d): %s", fname, ctx->last_error_line, error_message);
}
yr_push_file_name(ctx, fname);
if ( orig_ns )
ctx->current_namespace = orig_ns;
fclose(file);
return Qtrue;
}
}
|
#compile_string(rules_string, ns = nil) ⇒ nil
Compiles rules taken from a ruby string. This method can be called more than once using multiple rules strings and can be used in combination with compile_file.
To avoid namespace conflicts, you can set a namespace using the optional ‘ns’ argument.
138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 |
# File 'ext/yara_native/Rules.c', line 138
VALUE rules_compile_string(int argc, VALUE *argv, VALUE self) {
YARA_CONTEXT *ctx;
char *rules;
char error_message[256];
NAMESPACE *orig_ns, *ns;
VALUE rb_rules;
VALUE rb_ns;
orig_ns = ns = NULL;
rb_scan_args(argc, argv, "11", &rb_rules, &rb_ns);
Check_Type(rb_rules, T_STRING);
if (rb_ns != Qnil)
Check_Type(rb_ns, T_STRING);
rules = RSTRING_PTR(rb_rules);
Data_Get_Struct(self, YARA_CONTEXT, ctx);
if((rb_ns != Qnil) && (orig_ns = ctx->current_namespace)) {
orig_ns = ctx->current_namespace;
if (!(ns = find_namespace(ctx, RSTRING_PTR(rb_ns))))
ns = yr_create_namespace(ctx, RSTRING_PTR(rb_ns));
ctx->current_namespace = ns;
}
if( yr_compile_string(rules, ctx) != 0) {
yr_get_error_message(ctx, error_message, sizeof(error_message));
rb_raise(error_CompileError, "Syntax Error - line(%d): %s", ctx->last_error_line, error_message);
}
if ( orig_ns )
ctx->current_namespace = orig_ns;
return Qtrue;
}
|
#current_namespace ⇒ String
Returns String Returns the name of the currently active namespace.
198 199 200 201 202 203 204 205 |
# File 'ext/yara_native/Rules.c', line 198
VALUE rules_current_namespace(VALUE self) {
YARA_CONTEXT *ctx;
Data_Get_Struct(self, YARA_CONTEXT, ctx);
if(ctx->current_namespace && ctx->current_namespace->name)
return rb_str_new2(ctx->current_namespace->name);
else
return Qnil;
}
|
#namespaces ⇒ Array
Returns the namespaces available in this rules context.
213 214 215 216 217 218 219 220 221 222 223 224 225 |
# File 'ext/yara_native/Rules.c', line 213
VALUE rules_namespaces(VALUE self) {
YARA_CONTEXT *ctx;
NAMESPACE *ns;
VALUE ary = rb_ary_new();
Data_Get_Struct(self, YARA_CONTEXT, ctx);
ns = ctx->namespaces;
while(ns && ns->name) {
rb_ary_push(ary, rb_str_new2(ns->name));
ns = ns->next;
}
return ary;
}
|
#scan_file(filename) ⇒ Array
Scans a file using the compiled rules supplied with either compile_file or compile_string (or both).
290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 |
# File 'ext/yara_native/Rules.c', line 290
VALUE rules_scan_file(VALUE self, VALUE rb_fname) {
YARA_CONTEXT *ctx;
VALUE results;
unsigned int ret;
char *fname;
Check_Type(rb_fname, T_STRING);
results = rb_ary_new();
Data_Get_Struct(self, YARA_CONTEXT, ctx);
fname = RSTRING_PTR(rb_fname);
ret = yr_scan_file(fname, ctx, scan_callback, &results);
if (ret == ERROR_COULD_NOT_OPEN_FILE)
rb_raise(error_ScanError, "Could not open file: '%s'", fname);
else if (ret != 0)
rb_raise(error_ScanError, "A error occurred while scanning: %s",
((ret > MAX_SCAN_ERROR)? "unknown error" : SCAN_ERRORS[ret]));
return results;
}
|
#scan_string(buf) ⇒ Array
Scans a ruby string using the compiled rules supplied with either compile_file or compile_string (or both).
325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 |
# File 'ext/yara_native/Rules.c', line 325
VALUE rules_scan_string(VALUE self, VALUE rb_dat) {
YARA_CONTEXT *ctx;
VALUE results;
char *buf;
size_t buflen;
int ret;
Check_Type(rb_dat, T_STRING);
buf = RSTRING_PTR(rb_dat);
buflen = RSTRING_LEN(rb_dat);
results = rb_ary_new();
Data_Get_Struct(self, YARA_CONTEXT, ctx);
ret = yr_scan_mem(buf, buflen, ctx, scan_callback, &results);
if (ret != 0)
rb_raise(error_ScanError, "A error occurred while scanning: %s",
((ret > MAX_SCAN_ERROR)? "unknown error" : SCAN_ERRORS[ret]));
return results;
}
|
#set_namespace(name) ⇒ nil
Sets the current namespace to the given name. If the namespace does not yet exist it is added.
To avoid namespace conflicts, you can use set_namespace before compiling rules.
239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 |
# File 'ext/yara_native/Rules.c', line 239
VALUE rules_set_namespace(VALUE self, VALUE rb_namespace) {
YARA_CONTEXT *ctx;
NAMESPACE *ns = NULL;
const char *name;
Check_Type(rb_namespace, T_STRING);
name = RSTRING_PTR(rb_namespace);
Data_Get_Struct(self, YARA_CONTEXT, ctx);
if (!(ns = find_namespace(ctx, name)))
ns = yr_create_namespace(ctx, name);
if (ns) {
ctx->current_namespace = ns;
return rb_namespace;
} else {
return Qnil;
}
}
|
#weight ⇒ Fixnum
Fixnum returns a weight value for the compiled rules.
186 187 188 189 190 |
# File 'ext/yara_native/Rules.c', line 186 VALUE rules_weight(VALUE self) { YARA_CONTEXT *ctx; Data_Get_Struct(self, YARA_CONTEXT, ctx); return INT2NUM(yr_calculate_rules_weight(ctx)); } |