pb

package
v0.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 29, 2022 License: Apache-2.0 Imports: 4 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	Keyword_name = map[int32]string{
		1: "UNKNOWN",
		2: "ENTRYPOINT",
		3: "FILESIZE",
	}
	Keyword_value = map[string]int32{
		"UNKNOWN":    1,
		"ENTRYPOINT": 2,
		"FILESIZE":   3,
	}
)

Enum value maps for Keyword.

View Source 
var (
	ForKeyword_name = map[int32]string{
		0: "NONE",
		1: "ALL",
		2: "ANY",
	}
	ForKeyword_value = map[string]int32{
		"NONE": 0,
		"ALL":  1,
		"ANY":  2,
	}
)

Enum value maps for ForKeyword.

View Source 
var (
	StringSetKeyword_name = map[int32]string{
		1: "THEM",
	}
	StringSetKeyword_value = map[string]int32{
		"THEM": 1,
	}
)

Enum value maps for StringSetKeyword.

View Source 
var (
	BinaryExpression_Operator_name = map[int32]string{
		0:  "UNKNOWN",
		1:  "MATCHES",
		2:  "CONTAINS",
		3:  "AT",
		4:  "IN",
		5:  "LT",
		6:  "GT",
		7:  "LE",
		8:  "GE",
		9:  "EQ",
		10: "NEQ",
		11: "INTEGER_FUNCTION",
		12: "PLUS",
		13: "MINUS",
		14: "TIMES",
		15: "DIV",
		16: "MOD",
		17: "XOR",
		18: "BITWISE_AND",
		19: "BITWISE_OR",
		20: "SHIFT_LEFT",
		21: "SHIFT_RIGHT",
		22: "ICONTAINS",
		23: "STARTSWITH",
		24: "ISTARTSWITH",
		25: "ENDSWITH",
		26: "IENDSWITH",
		27: "IEQUALS",
	}
	BinaryExpression_Operator_value = map[string]int32{
		"UNKNOWN":          0,
		"MATCHES":          1,
		"CONTAINS":         2,
		"AT":               3,
		"IN":               4,
		"LT":               5,
		"GT":               6,
		"LE":               7,
		"GE":               8,
		"EQ":               9,
		"NEQ":              10,
		"INTEGER_FUNCTION": 11,
		"PLUS":             12,
		"MINUS":            13,
		"TIMES":            14,
		"DIV":              15,
		"MOD":              16,
		"XOR":              17,
		"BITWISE_AND":      18,
		"BITWISE_OR":       19,
		"SHIFT_LEFT":       20,
		"SHIFT_RIGHT":      21,
		"ICONTAINS":        22,
		"STARTSWITH":       23,
		"ISTARTSWITH":      24,
		"ENDSWITH":         25,
		"IENDSWITH":        26,
		"IEQUALS":          27,
	}
)

Enum value maps for BinaryExpression_Operator.

View Source 
var (
	UnaryExpression_Operator_name = map[int32]string{
		0: "UNKNOWN",
		1: "UNARY_MINUS",
		2: "BITWISE_NOT",
		3: "DEFINED",
	}
	UnaryExpression_Operator_value = map[string]int32{
		"UNKNOWN":     0,
		"UNARY_MINUS": 1,
		"BITWISE_NOT": 2,
		"DEFINED":     3,
	}
)

Enum value maps for UnaryExpression_Operator.

View Source 
var File_pb_yara_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type BinaryExpression 

type BinaryExpression struct {

	// Operator. Required.
	Operator *BinaryExpression_Operator `protobuf:"varint,1,opt,name=operator,enum=BinaryExpression_Operator" json:"operator,omitempty"`
	// Left expression. Required.
	Left *Expression `protobuf:"bytes,2,opt,name=left" json:"left,omitempty"`
	// Right expression. Required.
	Right *Expression `protobuf:"bytes,3,opt,name=right" json:"right,omitempty"`
	// contains filtered or unexported fields
}

Binary expression, consisting of two expressions joined by an operator.

func (*BinaryExpression) Descriptor deprecated 

func (*BinaryExpression) Descriptor() ([]byte, []int)

Deprecated: Use BinaryExpression.ProtoReflect.Descriptor instead.

func (*BinaryExpression) GetLeft 

func (x *BinaryExpression) GetLeft() *Expression

func (*BinaryExpression) GetOperator 

func (x *BinaryExpression) GetOperator() BinaryExpression_Operator

func (*BinaryExpression) GetRight 

func (x *BinaryExpression) GetRight() *Expression

func (*BinaryExpression) ProtoMessage 

func (*BinaryExpression) ProtoMessage()

func (*BinaryExpression) ProtoReflect added in v0.6.1 

func (x *BinaryExpression) ProtoReflect() protoreflect.Message

func (*BinaryExpression) Reset 

func (x *BinaryExpression) Reset()

func (*BinaryExpression) String 

func (x *BinaryExpression) String() string

type BinaryExpression_Operator 

type BinaryExpression_Operator int32
const (
	BinaryExpression_UNKNOWN          BinaryExpression_Operator = 0
	BinaryExpression_MATCHES          BinaryExpression_Operator = 1  // matches
	BinaryExpression_CONTAINS         BinaryExpression_Operator = 2  // contains
	BinaryExpression_AT               BinaryExpression_Operator = 3  // at
	BinaryExpression_IN               BinaryExpression_Operator = 4  // in
	BinaryExpression_LT               BinaryExpression_Operator = 5  // <
	BinaryExpression_GT               BinaryExpression_Operator = 6  // >
	BinaryExpression_LE               BinaryExpression_Operator = 7  // <=
	BinaryExpression_GE               BinaryExpression_Operator = 8  // >=
	BinaryExpression_EQ               BinaryExpression_Operator = 9  // ==
	BinaryExpression_NEQ              BinaryExpression_Operator = 10 // !=
	BinaryExpression_INTEGER_FUNCTION BinaryExpression_Operator = 11 // intXX and uintXX functions
	BinaryExpression_PLUS             BinaryExpression_Operator = 12 // +
	BinaryExpression_MINUS            BinaryExpression_Operator = 13 // -
	BinaryExpression_TIMES            BinaryExpression_Operator = 14 // *
	BinaryExpression_DIV              BinaryExpression_Operator = 15 // \
	BinaryExpression_MOD              BinaryExpression_Operator = 16 // %
	BinaryExpression_XOR              BinaryExpression_Operator = 17 // ^
	BinaryExpression_BITWISE_AND      BinaryExpression_Operator = 18 // &
	BinaryExpression_BITWISE_OR       BinaryExpression_Operator = 19 // |
	BinaryExpression_SHIFT_LEFT       BinaryExpression_Operator = 20 // <<
	BinaryExpression_SHIFT_RIGHT      BinaryExpression_Operator = 21 // >>
	BinaryExpression_ICONTAINS        BinaryExpression_Operator = 22
	BinaryExpression_STARTSWITH       BinaryExpression_Operator = 23
	BinaryExpression_ISTARTSWITH      BinaryExpression_Operator = 24
	BinaryExpression_ENDSWITH         BinaryExpression_Operator = 25
	BinaryExpression_IENDSWITH        BinaryExpression_Operator = 26
	BinaryExpression_IEQUALS          BinaryExpression_Operator = 27
)

func (BinaryExpression_Operator) Descriptor added in v0.6.1 

func (BinaryExpression_Operator) Descriptor() protoreflect.EnumDescriptor

func (BinaryExpression_Operator) Enum 

func (x BinaryExpression_Operator) Enum() *BinaryExpression_Operator

func (BinaryExpression_Operator) EnumDescriptor deprecated 

func (BinaryExpression_Operator) EnumDescriptor() ([]byte, []int)

Deprecated: Use BinaryExpression_Operator.Descriptor instead.

func (BinaryExpression_Operator) Number added in v0.6.1 

func (x BinaryExpression_Operator) Number() protoreflect.EnumNumber

func (BinaryExpression_Operator) String 

func (x BinaryExpression_Operator) String() string

func (BinaryExpression_Operator) Type added in v0.6.1 

func (BinaryExpression_Operator) Type() protoreflect.EnumType

func (*BinaryExpression_Operator) UnmarshalJSON deprecated 

func (x *BinaryExpression_Operator) UnmarshalJSON(b []byte) error

Deprecated: Do not use.

type BytesSequence 

type BytesSequence struct {

	// The list of values.
	Value []byte `protobuf:"bytes,1,opt,name=value" json:"value,omitempty"`
	// The mask applied to each byte in value.
	// Indexes and length of value and mask must match.
	// Possible masks:
	// 00 -> Full wildcard, value is ignored (??).
	// 0F -> Nibble-wise wildcard (?v).
	// F0 -> Nibble-wise wildcard (v?).
	// FF -> No wildcard (vv).
	Mask []byte `protobuf:"bytes,2,opt,name=mask" json:"mask,omitempty"`
	// List of which values are using the ~ operator.
	Nots []bool `protobuf:"varint,3,rep,name=nots" json:"nots,omitempty"`
	// contains filtered or unexported fields
}

A sequence of bytes, which may contain wildcards.

func (*BytesSequence) Descriptor deprecated 

func (*BytesSequence) Descriptor() ([]byte, []int)

Deprecated: Use BytesSequence.ProtoReflect.Descriptor instead.

func (*BytesSequence) GetMask 

func (x *BytesSequence) GetMask() []byte

func (*BytesSequence) GetNots added in v0.9.0 

func (x *BytesSequence) GetNots() []bool

func (*BytesSequence) GetValue 

func (x *BytesSequence) GetValue() []byte

func (*BytesSequence) ProtoMessage 

func (*BytesSequence) ProtoMessage()

func (*BytesSequence) ProtoReflect added in v0.6.1 

func (x *BytesSequence) ProtoReflect() protoreflect.Message

func (*BytesSequence) Reset 

func (x *BytesSequence) Reset()

func (*BytesSequence) String 

func (x *BytesSequence) String() string

type Expression 

type Expression struct {

	// Types that are assignable to Expression:
	//	*Expression_BoolValue
	//	*Expression_BinaryExpression
	//	*Expression_UnaryExpression
	//	*Expression_StringIdentifier
	//	*Expression_ForInExpression
	//	*Expression_ForOfExpression
	//	*Expression_NotExpression
	//	*Expression_OrExpression
	//	*Expression_AndExpression
	//	*Expression_Range
	//	*Expression_Regexp
	//	*Expression_Keyword
	//	*Expression_NumberValue
	//	*Expression_DoubleValue
	//	*Expression_Text
	//	*Expression_StringCount
	//	*Expression_StringOffset
	//	*Expression_StringLength
	//	*Expression_Identifier
	//	*Expression_IntegerFunction
	//	*Expression_PercentageExpression
	Expression isExpression_Expression `protobuf_oneof:"expression"`
	// contains filtered or unexported fields
}

Expression used as part of a rule condition.

func (*Expression) Descriptor deprecated 

func (*Expression) Descriptor() ([]byte, []int)

Deprecated: Use Expression.ProtoReflect.Descriptor instead.

func (*Expression) GetAndExpression 

func (x *Expression) GetAndExpression() *Expressions

func (*Expression) GetBinaryExpression 

func (x *Expression) GetBinaryExpression() *BinaryExpression

func (*Expression) GetBoolValue 

func (x *Expression) GetBoolValue() bool

func (*Expression) GetDoubleValue 

func (x *Expression) GetDoubleValue() float64

func (*Expression) GetExpression 

func (m *Expression) GetExpression() isExpression_Expression

func (*Expression) GetForInExpression 

func (x *Expression) GetForInExpression() *ForInExpression

func (*Expression) GetForOfExpression 

func (x *Expression) GetForOfExpression() *ForOfExpression

func (*Expression) GetIdentifier 

func (x *Expression) GetIdentifier() *Identifier

func (*Expression) GetIntegerFunction 

func (x *Expression) GetIntegerFunction() *IntegerFunction

func (*Expression) GetKeyword 

func (x *Expression) GetKeyword() Keyword

func (*Expression) GetNotExpression 

func (x *Expression) GetNotExpression() *Expression

func (*Expression) GetNumberValue 

func (x *Expression) GetNumberValue() int64

func (*Expression) GetOrExpression 

func (x *Expression) GetOrExpression() *Expressions

func (*Expression) GetPercentageExpression added in v0.7.0 

func (x *Expression) GetPercentageExpression() *Percentage

func (*Expression) GetRange 

func (x *Expression) GetRange() *Range

func (*Expression) GetRegexp 

func (x *Expression) GetRegexp() *Regexp

func (*Expression) GetStringCount 

func (x *Expression) GetStringCount() string

func (*Expression) GetStringIdentifier 

func (x *Expression) GetStringIdentifier() string

func (*Expression) GetStringLength 

func (x *Expression) GetStringLength() *StringLength

func (*Expression) GetStringOffset 

func (x *Expression) GetStringOffset() *StringOffset

func (*Expression) GetText 

func (x *Expression) GetText() string

func (*Expression) GetUnaryExpression 

func (x *Expression) GetUnaryExpression() *UnaryExpression

func (*Expression) ProtoMessage 

func (*Expression) ProtoMessage()

func (*Expression) ProtoReflect added in v0.6.1 

func (x *Expression) ProtoReflect() protoreflect.Message

func (*Expression) Reset 

func (x *Expression) Reset()

func (*Expression) String 

func (x *Expression) String() string

type Expression_AndExpression 

type Expression_AndExpression struct {
	AndExpression *Expressions `protobuf:"bytes,9,opt,name=and_expression,json=andExpression,oneof"`
}

type Expression_BinaryExpression 

type Expression_BinaryExpression struct {
	BinaryExpression *BinaryExpression `protobuf:"bytes,2,opt,name=binary_expression,json=binaryExpression,oneof"`
}

type Expression_BoolValue 

type Expression_BoolValue struct {
	BoolValue bool `protobuf:"varint,1,opt,name=bool_value,json=boolValue,oneof"`
}

type Expression_DoubleValue 

type Expression_DoubleValue struct {
	DoubleValue float64 `protobuf:"fixed64,14,opt,name=double_value,json=doubleValue,oneof"`
}

type Expression_ForInExpression 

type Expression_ForInExpression struct {
	ForInExpression *ForInExpression `protobuf:"bytes,5,opt,name=for_in_expression,json=forInExpression,oneof"`
}

type Expression_ForOfExpression 

type Expression_ForOfExpression struct {
	ForOfExpression *ForOfExpression `protobuf:"bytes,6,opt,name=for_of_expression,json=forOfExpression,oneof"`
}

type Expression_Identifier 

type Expression_Identifier struct {
	Identifier *Identifier `protobuf:"bytes,19,opt,name=identifier,oneof"`
}

type Expression_IntegerFunction 

type Expression_IntegerFunction struct {
	IntegerFunction *IntegerFunction `protobuf:"bytes,20,opt,name=integer_function,json=integerFunction,oneof"`
}

type Expression_Keyword 

type Expression_Keyword struct {
	Keyword Keyword `protobuf:"varint,12,opt,name=keyword,enum=Keyword,oneof"`
}

type Expression_NotExpression 

type Expression_NotExpression struct {
	NotExpression *Expression `protobuf:"bytes,7,opt,name=not_expression,json=notExpression,oneof"`
}

type Expression_NumberValue 

type Expression_NumberValue struct {
	NumberValue int64 `protobuf:"varint,13,opt,name=number_value,json=numberValue,oneof"`
}

type Expression_OrExpression 

type Expression_OrExpression struct {
	OrExpression *Expressions `protobuf:"bytes,8,opt,name=or_expression,json=orExpression,oneof"`
}

type Expression_PercentageExpression added in v0.7.0 

type Expression_PercentageExpression struct {
	PercentageExpression *Percentage `protobuf:"bytes,21,opt,name=percentage_expression,json=percentageExpression,oneof"`
}

type Expression_Range 

type Expression_Range struct {
	Range *Range `protobuf:"bytes,10,opt,name=range,oneof"`
}

type Expression_Regexp 

type Expression_Regexp struct {
	Regexp *Regexp `protobuf:"bytes,11,opt,name=regexp,oneof"`
}

type Expression_StringCount 

type Expression_StringCount struct {
	StringCount string `protobuf:"bytes,16,opt,name=string_count,json=stringCount,oneof"`
}

type Expression_StringIdentifier 

type Expression_StringIdentifier struct {
	StringIdentifier string `protobuf:"bytes,4,opt,name=string_identifier,json=stringIdentifier,oneof"`
}

type Expression_StringLength 

type Expression_StringLength struct {
	StringLength *StringLength `protobuf:"bytes,18,opt,name=string_length,json=stringLength,oneof"`
}

type Expression_StringOffset 

type Expression_StringOffset struct {
	StringOffset *StringOffset `protobuf:"bytes,17,opt,name=string_offset,json=stringOffset,oneof"`
}

type Expression_Text 

type Expression_Text struct {
	Text string `protobuf:"bytes,15,opt,name=text,oneof"`
}

type Expression_UnaryExpression 

type Expression_UnaryExpression struct {
	UnaryExpression *UnaryExpression `protobuf:"bytes,3,opt,name=unary_expression,json=unaryExpression,oneof"`
}

type Expressions 

type Expressions struct {

	// Terms in the sequence.
	Terms []*Expression `protobuf:"bytes,1,rep,name=terms" json:"terms,omitempty"`
	// contains filtered or unexported fields
}

Sequence of expressions.

func (*Expressions) Descriptor deprecated 

func (*Expressions) Descriptor() ([]byte, []int)

Deprecated: Use Expressions.ProtoReflect.Descriptor instead.

func (*Expressions) GetTerms 

func (x *Expressions) GetTerms() []*Expression

func (*Expressions) ProtoMessage 

func (*Expressions) ProtoMessage()

func (*Expressions) ProtoReflect added in v0.6.1 

func (x *Expressions) ProtoReflect() protoreflect.Message

func (*Expressions) Reset 

func (x *Expressions) Reset()

func (*Expressions) String 

func (x *Expressions) String() string

type ForExpression 

type ForExpression struct {

	// Types that are assignable to For:
	//	*ForExpression_Expression
	//	*ForExpression_Keyword
	//	*ForExpression_Percentage
	For isForExpression_For `protobuf_oneof:"for"`
	// contains filtered or unexported fields
}

FOR expression, used as part of ForInExpressions and ForOrExpressions. Can contain either an expression or a keyword.

func (*ForExpression) Descriptor deprecated 

func (*ForExpression) Descriptor() ([]byte, []int)

Deprecated: Use ForExpression.ProtoReflect.Descriptor instead.

func (*ForExpression) GetExpression 

func (x *ForExpression) GetExpression() *Expression

func (*ForExpression) GetFor 

func (m *ForExpression) GetFor() isForExpression_For

func (*ForExpression) GetKeyword 

func (x *ForExpression) GetKeyword() ForKeyword

func (*ForExpression) GetPercentage added in v0.7.0 

func (x *ForExpression) GetPercentage() *Percentage

func (*ForExpression) ProtoMessage 

func (*ForExpression) ProtoMessage()

func (*ForExpression) ProtoReflect added in v0.6.1 

func (x *ForExpression) ProtoReflect() protoreflect.Message

func (*ForExpression) Reset 

func (x *ForExpression) Reset()

func (*ForExpression) String 

func (x *ForExpression) String() string

type ForExpression_Expression 

type ForExpression_Expression struct {
	Expression *Expression `protobuf:"bytes,1,opt,name=expression,oneof"` // Example: "for 10"
}

type ForExpression_Keyword 

type ForExpression_Keyword struct {
	Keyword ForKeyword `protobuf:"varint,2,opt,name=keyword,enum=ForKeyword,oneof"` // Example: "for all"
}

type ForExpression_Percentage added in v0.7.0 

type ForExpression_Percentage struct {
	Percentage *Percentage `protobuf:"bytes,3,opt,name=percentage,oneof"` // Example: "x%"
}

type ForInExpression 

type ForInExpression struct {

	// FOR expression: "for any". Required.
	ForExpression *ForExpression `protobuf:"bytes,1,opt,name=for_expression,json=forExpression" json:"for_expression,omitempty"`
	// Identifiers that will hold the values returned by the iterator. Required.
	Identifiers []string `protobuf:"bytes,2,rep,name=identifiers" json:"identifiers,omitempty"`
	// Iterator: "(1..10)", "(1,2,3)", "identifier" . Required.
	Iterator *Iterator `protobuf:"bytes,5,opt,name=iterator" json:"iterator,omitempty"`
	// Expression to match: "@s1[i] != @s2[i]". Required.
	Expression *Expression `protobuf:"bytes,4,opt,name=expression" json:"expression,omitempty"`
	// contains filtered or unexported fields
}

Expression for iterating over iterators. Example: for <for_expression> k,v in iterator : ( expression ) Next id: 6

func (*ForInExpression) Descriptor deprecated 

func (*ForInExpression) Descriptor() ([]byte, []int)

Deprecated: Use ForInExpression.ProtoReflect.Descriptor instead.

func (*ForInExpression) GetExpression 

func (x *ForInExpression) GetExpression() *Expression

func (*ForInExpression) GetForExpression 

func (x *ForInExpression) GetForExpression() *ForExpression

func (*ForInExpression) GetIdentifiers 

func (x *ForInExpression) GetIdentifiers() []string

func (*ForInExpression) GetIterator 

func (x *ForInExpression) GetIterator() *Iterator

func (*ForInExpression) ProtoMessage 

func (*ForInExpression) ProtoMessage()

func (*ForInExpression) ProtoReflect added in v0.6.1 

func (x *ForInExpression) ProtoReflect() protoreflect.Message

func (*ForInExpression) Reset 

func (x *ForInExpression) Reset()

func (*ForInExpression) String 

func (x *ForInExpression) String() string

type ForKeyword 

type ForKeyword int32

Keywords used in FOR expressions. 

const (
	// No items must satisfy a condition.
	ForKeyword_NONE ForKeyword = 0
	// All items must satisfy a condition.
	ForKeyword_ALL ForKeyword = 1
	// At least one item must satisfy a condition.
	ForKeyword_ANY ForKeyword = 2
)

func (ForKeyword) Descriptor added in v0.6.1 

func (ForKeyword) Descriptor() protoreflect.EnumDescriptor

func (ForKeyword) Enum 

func (x ForKeyword) Enum() *ForKeyword

func (ForKeyword) EnumDescriptor deprecated 

func (ForKeyword) EnumDescriptor() ([]byte, []int)

Deprecated: Use ForKeyword.Descriptor instead.

func (ForKeyword) Number added in v0.6.1 

func (x ForKeyword) Number() protoreflect.EnumNumber

func (ForKeyword) String 

func (x ForKeyword) String() string

func (ForKeyword) Type added in v0.6.1 

func (ForKeyword) Type() protoreflect.EnumType

func (*ForKeyword) UnmarshalJSON deprecated 

func (x *ForKeyword) UnmarshalJSON(b []byte) error

Deprecated: Do not use.

type ForOfExpression 

type ForOfExpression struct {

	// FOR expression: "for all". Required.
	ForExpression *ForExpression `protobuf:"bytes,1,opt,name=for_expression,json=forExpression" json:"for_expression,omitempty"`
	// String set: "($s1, $s2)". Required.
	StringSet *StringSet `protobuf:"bytes,2,opt,name=string_set,json=stringSet" json:"string_set,omitempty"`
	// Expression to match: "(@$ > 10)"
	Expression *Expression `protobuf:"bytes,3,opt,name=expression" json:"expression,omitempty"`
	// "3 of ($s1, $s2) in (0..100)"
	Range *Range `protobuf:"bytes,4,opt,name=range" json:"range,omitempty"`
	// Rule set: "(rule1, rule2, foo*)".
	// Only one of StringSet or RuleEnumeration is allowed.
	RuleEnumeration *RuleEnumeration `protobuf:"bytes,5,opt,name=rule_enumeration,json=ruleEnumeration" json:"rule_enumeration,omitempty"`
	// Offset to match: "1 of them at 0"
	At *Expression `protobuf:"bytes,6,opt,name=at" json:"at,omitempty"`
	// contains filtered or unexported fields
}

A ForOfExpression is satisfied if at least "expression" strings in "string_set" satisfy "expression". Example: for all of ($s1, $s2) : (@$ > 10)

func (*ForOfExpression) Descriptor deprecated 

func (*ForOfExpression) Descriptor() ([]byte, []int)

Deprecated: Use ForOfExpression.ProtoReflect.Descriptor instead.

func (*ForOfExpression) GetAt added in v0.9.0 

func (x *ForOfExpression) GetAt() *Expression

func (*ForOfExpression) GetExpression 

func (x *ForOfExpression) GetExpression() *Expression

func (*ForOfExpression) GetForExpression 

func (x *ForOfExpression) GetForExpression() *ForExpression

func (*ForOfExpression) GetRange added in v0.7.0 

func (x *ForOfExpression) GetRange() *Range

func (*ForOfExpression) GetRuleEnumeration added in v0.7.0 

func (x *ForOfExpression) GetRuleEnumeration() *RuleEnumeration

func (*ForOfExpression) GetStringSet 

func (x *ForOfExpression) GetStringSet() *StringSet

func (*ForOfExpression) ProtoMessage 

func (*ForOfExpression) ProtoMessage()

func (*ForOfExpression) ProtoReflect added in v0.6.1 

func (x *ForOfExpression) ProtoReflect() protoreflect.Message

func (*ForOfExpression) Reset 

func (x *ForOfExpression) Reset()

func (*ForOfExpression) String 

func (x *ForOfExpression) String() string

type HexAlternative 

type HexAlternative struct {

	// Alternatives, which are sequences of tokens.
	Tokens []*HexTokens `protobuf:"bytes,1,rep,name=tokens" json:"tokens,omitempty"`
	// contains filtered or unexported fields
}

List of alternatives for a part in the hexadecimal string.

func (*HexAlternative) Descriptor deprecated 

func (*HexAlternative) Descriptor() ([]byte, []int)

Deprecated: Use HexAlternative.ProtoReflect.Descriptor instead.

func (*HexAlternative) GetTokens 

func (x *HexAlternative) GetTokens() []*HexTokens

func (*HexAlternative) ProtoMessage 

func (*HexAlternative) ProtoMessage()

func (*HexAlternative) ProtoReflect added in v0.6.1 

func (x *HexAlternative) ProtoReflect() protoreflect.Message

func (*HexAlternative) Reset 

func (x *HexAlternative) Reset()

func (*HexAlternative) String 

func (x *HexAlternative) String() string

type HexToken 

type HexToken struct {

	// Types that are assignable to Value:
	//	*HexToken_Sequence
	//	*HexToken_Jump
	//	*HexToken_Alternative
	Value isHexToken_Value `protobuf_oneof:"value"`
	// contains filtered or unexported fields
}

A token in a hexadecimal string. A token can be either a sequence of bytes, a jump or an alternative.

func (*HexToken) Descriptor deprecated 

func (*HexToken) Descriptor() ([]byte, []int)

Deprecated: Use HexToken.ProtoReflect.Descriptor instead.

func (*HexToken) GetAlternative 

func (x *HexToken) GetAlternative() *HexAlternative

func (*HexToken) GetJump 

func (x *HexToken) GetJump() *Jump

func (*HexToken) GetSequence 

func (x *HexToken) GetSequence() *BytesSequence

func (*HexToken) GetValue 

func (m *HexToken) GetValue() isHexToken_Value

func (*HexToken) ProtoMessage 

func (*HexToken) ProtoMessage()

func (*HexToken) ProtoReflect added in v0.6.1 

func (x *HexToken) ProtoReflect() protoreflect.Message

func (*HexToken) Reset 

func (x *HexToken) Reset()

func (*HexToken) String 

func (x *HexToken) String() string

type HexToken_Alternative 

type HexToken_Alternative struct {
	// An alternative of token sequences.
	Alternative *HexAlternative `protobuf:"bytes,3,opt,name=alternative,oneof"`
}

type HexToken_Jump 

type HexToken_Jump struct {
	// A jump.
	Jump *Jump `protobuf:"bytes,2,opt,name=jump,oneof"`
}

type HexToken_Sequence 

type HexToken_Sequence struct {
	// A sequence of bytes, which may contain wildcards.
	Sequence *BytesSequence `protobuf:"bytes,1,opt,name=sequence,oneof"`
}

type HexTokens 

type HexTokens struct {

	// Tokens.
	Token []*HexToken `protobuf:"bytes,1,rep,name=token" json:"token,omitempty"`
	// contains filtered or unexported fields
}

Sequence of hexadecimal string tokens.

func (*HexTokens) Descriptor deprecated 

func (*HexTokens) Descriptor() ([]byte, []int)

Deprecated: Use HexTokens.ProtoReflect.Descriptor instead.

func (*HexTokens) GetToken 

func (x *HexTokens) GetToken() []*HexToken

func (*HexTokens) ProtoMessage 

func (*HexTokens) ProtoMessage()

func (*HexTokens) ProtoReflect added in v0.6.1 

func (x *HexTokens) ProtoReflect() protoreflect.Message

func (*HexTokens) Reset 

func (x *HexTokens) Reset()

func (*HexTokens) String 

func (x *HexTokens) String() string

type Identifier 

type Identifier struct {

	// Items in the identifier.
	Items []*Identifier_IdentifierItem `protobuf:"bytes,1,rep,name=items" json:"items,omitempty"`
	// contains filtered or unexported fields
}

Identifier used as part of expressions. Consists of sequence of identifiers, expressions and arguments. Examples: - my_var - pe.number_of_resources - math.entropy(mystr[i])

func (*Identifier) Descriptor deprecated 

func (*Identifier) Descriptor() ([]byte, []int)

Deprecated: Use Identifier.ProtoReflect.Descriptor instead.

func (*Identifier) GetItems 

func (x *Identifier) GetItems() []*Identifier_IdentifierItem

func (*Identifier) ProtoMessage 

func (*Identifier) ProtoMessage()

func (*Identifier) ProtoReflect added in v0.6.1 

func (x *Identifier) ProtoReflect() protoreflect.Message

func (*Identifier) Reset 

func (x *Identifier) Reset()

func (*Identifier) String 

func (x *Identifier) String() string

type Identifier_IdentifierItem 

type Identifier_IdentifierItem struct {

	// Types that are assignable to Item:
	//	*Identifier_IdentifierItem_Identifier
	//	*Identifier_IdentifierItem_Index
	//	*Identifier_IdentifierItem_Arguments
	Item isIdentifier_IdentifierItem_Item `protobuf_oneof:"item"`
	// contains filtered or unexported fields
}

func (*Identifier_IdentifierItem) Descriptor deprecated 

func (*Identifier_IdentifierItem) Descriptor() ([]byte, []int)

Deprecated: Use Identifier_IdentifierItem.ProtoReflect.Descriptor instead.

func (*Identifier_IdentifierItem) GetArguments 

func (x *Identifier_IdentifierItem) GetArguments() *Expressions

func (*Identifier_IdentifierItem) GetIdentifier 

func (x *Identifier_IdentifierItem) GetIdentifier() string

func (*Identifier_IdentifierItem) GetIndex 

func (x *Identifier_IdentifierItem) GetIndex() *Expression

func (*Identifier_IdentifierItem) GetItem 

func (m *Identifier_IdentifierItem) GetItem() isIdentifier_IdentifierItem_Item

func (*Identifier_IdentifierItem) ProtoMessage 

func (*Identifier_IdentifierItem) ProtoMessage()

func (*Identifier_IdentifierItem) ProtoReflect added in v0.6.1 

func (x *Identifier_IdentifierItem) ProtoReflect() protoreflect.Message

func (*Identifier_IdentifierItem) Reset 

func (x *Identifier_IdentifierItem) Reset()

func (*Identifier_IdentifierItem) String 

func (x *Identifier_IdentifierItem) String() string

type Identifier_IdentifierItem_Arguments 

type Identifier_IdentifierItem_Arguments struct {
	Arguments *Expressions `protobuf:"bytes,3,opt,name=arguments,oneof"`
}

type Identifier_IdentifierItem_Identifier 

type Identifier_IdentifierItem_Identifier struct {
	Identifier string `protobuf:"bytes,1,opt,name=identifier,oneof"`
}

type Identifier_IdentifierItem_Index 

type Identifier_IdentifierItem_Index struct {
	Index *Expression `protobuf:"bytes,2,opt,name=index,oneof"`
}

type IntegerEnumeration 

type IntegerEnumeration struct {

	// Enumeration values, which can be calculated from an expression.
	Values []*Expression `protobuf:"bytes,1,rep,name=values" json:"values,omitempty"`
	// contains filtered or unexported fields
}

Enumeration of integer values.

func (*IntegerEnumeration) Descriptor deprecated 

func (*IntegerEnumeration) Descriptor() ([]byte, []int)

Deprecated: Use IntegerEnumeration.ProtoReflect.Descriptor instead.

func (*IntegerEnumeration) GetValues 

func (x *IntegerEnumeration) GetValues() []*Expression

func (*IntegerEnumeration) ProtoMessage 

func (*IntegerEnumeration) ProtoMessage()

func (*IntegerEnumeration) ProtoReflect added in v0.6.1 

func (x *IntegerEnumeration) ProtoReflect() protoreflect.Message

func (*IntegerEnumeration) Reset 

func (x *IntegerEnumeration) Reset()

func (*IntegerEnumeration) String 

func (x *IntegerEnumeration) String() string

type IntegerFunction 

type IntegerFunction struct {

	// Integer function: (u)intXX(be). Required.
	Function *string `protobuf:"bytes,1,opt,name=function" json:"function,omitempty"`
	// Offset or virtual address. Required.
	Argument *Expression `protobuf:"bytes,2,opt,name=argument" json:"argument,omitempty"`
	// contains filtered or unexported fields
}

Functions for reading data from a file at a specified offset or virtual address.

func (*IntegerFunction) Descriptor deprecated 

func (*IntegerFunction) Descriptor() ([]byte, []int)

Deprecated: Use IntegerFunction.ProtoReflect.Descriptor instead.

func (*IntegerFunction) GetArgument 

func (x *IntegerFunction) GetArgument() *Expression

func (*IntegerFunction) GetFunction 

func (x *IntegerFunction) GetFunction() string

func (*IntegerFunction) ProtoMessage 

func (*IntegerFunction) ProtoMessage()

func (*IntegerFunction) ProtoReflect added in v0.6.1 

func (x *IntegerFunction) ProtoReflect() protoreflect.Message

func (*IntegerFunction) Reset 

func (x *IntegerFunction) Reset()

func (*IntegerFunction) String 

func (x *IntegerFunction) String() string

type IntegerSet 

type IntegerSet struct {

	// Types that are assignable to Set:
	//	*IntegerSet_IntegerEnumeration
	//	*IntegerSet_Range
	Set isIntegerSet_Set `protobuf_oneof:"set"`
	// contains filtered or unexported fields
}

Set of integer numbers, which can be either an enumeration of integer values or a range of values.

func (*IntegerSet) Descriptor deprecated 

func (*IntegerSet) Descriptor() ([]byte, []int)

Deprecated: Use IntegerSet.ProtoReflect.Descriptor instead.

func (*IntegerSet) GetIntegerEnumeration 

func (x *IntegerSet) GetIntegerEnumeration() *IntegerEnumeration

func (*IntegerSet) GetRange 

func (x *IntegerSet) GetRange() *Range

func (*IntegerSet) GetSet 

func (m *IntegerSet) GetSet() isIntegerSet_Set

func (*IntegerSet) ProtoMessage 

func (*IntegerSet) ProtoMessage()

func (*IntegerSet) ProtoReflect added in v0.6.1 

func (x *IntegerSet) ProtoReflect() protoreflect.Message

func (*IntegerSet) Reset 

func (x *IntegerSet) Reset()

func (*IntegerSet) String 

func (x *IntegerSet) String() string

type IntegerSet_IntegerEnumeration 

type IntegerSet_IntegerEnumeration struct {
	// Enumeration of integer values.
	IntegerEnumeration *IntegerEnumeration `protobuf:"bytes,1,opt,name=integer_enumeration,json=integerEnumeration,oneof"`
}

type IntegerSet_Range 

type IntegerSet_Range struct {
	// Range of values.
	Range *Range `protobuf:"bytes,2,opt,name=range,oneof"`
}

type Iterator 

type Iterator struct {

	// Types that are assignable to Iterator:
	//	*Iterator_IntegerSet
	//	*Iterator_Identifier
	Iterator isIterator_Iterator `protobuf_oneof:"iterator"`
	// contains filtered or unexported fields
}

func (*Iterator) Descriptor deprecated 

func (*Iterator) Descriptor() ([]byte, []int)

Deprecated: Use Iterator.ProtoReflect.Descriptor instead.

func (*Iterator) GetIdentifier 

func (x *Iterator) GetIdentifier() *Identifier

func (*Iterator) GetIntegerSet 

func (x *Iterator) GetIntegerSet() *IntegerSet

func (*Iterator) GetIterator 

func (m *Iterator) GetIterator() isIterator_Iterator

func (*Iterator) ProtoMessage 

func (*Iterator) ProtoMessage()

func (*Iterator) ProtoReflect added in v0.6.1 

func (x *Iterator) ProtoReflect() protoreflect.Message

func (*Iterator) Reset 

func (x *Iterator) Reset()

func (*Iterator) String 

func (x *Iterator) String() string

type Iterator_Identifier 

type Iterator_Identifier struct {
	Identifier *Identifier `protobuf:"bytes,2,opt,name=identifier,oneof"`
}

type Iterator_IntegerSet 

type Iterator_IntegerSet struct {
	IntegerSet *IntegerSet `protobuf:"bytes,1,opt,name=integer_set,json=integerSet,oneof"`
}

type Jump 

type Jump struct {

	// Minimum jump length. 0 if not present.
	Start *int64 `protobuf:"varint,1,opt,name=start" json:"start,omitempty"` // 0 if not present
	// Maximum jump length. Infinite if not present.
	End *int64 `protobuf:"varint,2,opt,name=end" json:"end,omitempty"`
	// contains filtered or unexported fields
}

Sequence of arbitrary content and variable length.

func (*Jump) Descriptor deprecated 

func (*Jump) Descriptor() ([]byte, []int)

Deprecated: Use Jump.ProtoReflect.Descriptor instead.

func (*Jump) GetEnd 

func (x *Jump) GetEnd() int64

func (*Jump) GetStart 

func (x *Jump) GetStart() int64

func (*Jump) ProtoMessage 

func (*Jump) ProtoMessage()

func (*Jump) ProtoReflect added in v0.6.1 

func (x *Jump) ProtoReflect() protoreflect.Message

func (*Jump) Reset 

func (x *Jump) Reset()

func (*Jump) String 

func (x *Jump) String() string

type Keyword 

type Keyword int32

Keywords used in expressions of rule condition. 

const (
	Keyword_UNKNOWN Keyword = 1
	// Raw offset of a PE or ELF file entrypoint.
	Keyword_ENTRYPOINT Keyword = 2
	// Size of the scanned file.
	Keyword_FILESIZE Keyword = 3
)

func (Keyword) Descriptor added in v0.6.1 

func (Keyword) Descriptor() protoreflect.EnumDescriptor

func (Keyword) Enum 

func (x Keyword) Enum() *Keyword

func (Keyword) EnumDescriptor deprecated 

func (Keyword) EnumDescriptor() ([]byte, []int)

Deprecated: Use Keyword.Descriptor instead.

func (Keyword) Number added in v0.6.1 

func (x Keyword) Number() protoreflect.EnumNumber

func (Keyword) String 

func (x Keyword) String() string

func (Keyword) Type added in v0.6.1 

func (Keyword) Type() protoreflect.EnumType

func (*Keyword) UnmarshalJSON deprecated 

func (x *Keyword) UnmarshalJSON(b []byte) error

Deprecated: Do not use.

type Meta 

type Meta struct {

	// Metadata key. Can be repeated. Required.
	Key *string `protobuf:"bytes,1,opt,name=key" json:"key,omitempty"`
	// Entry value, which can be a string, a number or a boolean.
	//
	// Types that are assignable to Value:
	//	*Meta_Text
	//	*Meta_Number
	//	*Meta_Boolean
	Value isMeta_Value `protobuf_oneof:"value"`
	// contains filtered or unexported fields
}

Rule metadata entry.

func (*Meta) Descriptor deprecated 

func (*Meta) Descriptor() ([]byte, []int)

Deprecated: Use Meta.ProtoReflect.Descriptor instead.

func (*Meta) GetBoolean 

func (x *Meta) GetBoolean() bool

func (*Meta) GetKey 

func (x *Meta) GetKey() string

func (*Meta) GetNumber 

func (x *Meta) GetNumber() int64

func (*Meta) GetText 

func (x *Meta) GetText() string

func (*Meta) GetValue 

func (m *Meta) GetValue() isMeta_Value

func (*Meta) ProtoMessage 

func (*Meta) ProtoMessage()

func (*Meta) ProtoReflect added in v0.6.1 

func (x *Meta) ProtoReflect() protoreflect.Message

func (*Meta) Reset 

func (x *Meta) Reset()

func (*Meta) String 

func (x *Meta) String() string

type Meta_Boolean 

type Meta_Boolean struct {
	Boolean bool `protobuf:"varint,4,opt,name=boolean,oneof"`
}

type Meta_Number 

type Meta_Number struct {
	Number int64 `protobuf:"varint,3,opt,name=number,oneof"`
}

type Meta_Text 

type Meta_Text struct {
	Text string `protobuf:"bytes,2,opt,name=text,oneof"`
}

type Percentage added in v0.7.0 

type Percentage struct {
	Expression *Expression `protobuf:"bytes,1,opt,name=expression" json:"expression,omitempty"`
	// contains filtered or unexported fields
}

func (*Percentage) Descriptor deprecated added in v0.7.0 

func (*Percentage) Descriptor() ([]byte, []int)

Deprecated: Use Percentage.ProtoReflect.Descriptor instead.

func (*Percentage) GetExpression added in v0.7.0 

func (x *Percentage) GetExpression() *Expression

func (*Percentage) ProtoMessage added in v0.7.0 

func (*Percentage) ProtoMessage()

func (*Percentage) ProtoReflect added in v0.7.0 

func (x *Percentage) ProtoReflect() protoreflect.Message

func (*Percentage) Reset added in v0.7.0 

func (x *Percentage) Reset()

func (*Percentage) String added in v0.7.0 

func (x *Percentage) String() string

type Range 

type Range struct {

	// Range start. Required.
	Start *Expression `protobuf:"bytes,1,opt,name=start" json:"start,omitempty"`
	// Range end. Required.
	End *Expression `protobuf:"bytes,2,opt,name=end" json:"end,omitempty"`
	// contains filtered or unexported fields
}

A range of values. The start and end of a range are expressions, so they do not need to be constants.

func (*Range) Descriptor deprecated 

func (*Range) Descriptor() ([]byte, []int)

Deprecated: Use Range.ProtoReflect.Descriptor instead.

func (*Range) GetEnd 

func (x *Range) GetEnd() *Expression

func (*Range) GetStart 

func (x *Range) GetStart() *Expression

func (*Range) ProtoMessage 

func (*Range) ProtoMessage()

func (*Range) ProtoReflect added in v0.6.1 

func (x *Range) ProtoReflect() protoreflect.Message

func (*Range) Reset 

func (x *Range) Reset()

func (*Range) String 

func (x *Range) String() string

type Regexp 

type Regexp struct {

	// String content.
	Text *string `protobuf:"bytes,1,opt,name=text" json:"text,omitempty"`
	// String modifiers.
	Modifiers *StringModifiers `protobuf:"bytes,2,opt,name=modifiers" json:"modifiers,omitempty"`
	// contains filtered or unexported fields
}

Regular expression string.

func (*Regexp) Descriptor deprecated 

func (*Regexp) Descriptor() ([]byte, []int)

Deprecated: Use Regexp.ProtoReflect.Descriptor instead.

func (*Regexp) GetModifiers 

func (x *Regexp) GetModifiers() *StringModifiers

func (*Regexp) GetText 

func (x *Regexp) GetText() string

func (*Regexp) ProtoMessage 

func (*Regexp) ProtoMessage()

func (*Regexp) ProtoReflect added in v0.6.1 

func (x *Regexp) ProtoReflect() protoreflect.Message

func (*Regexp) Reset 

func (x *Regexp) Reset()

func (*Regexp) String 

func (x *Regexp) String() string

type Rule 

type Rule struct {

	// Rule modifiers (global, private).
	Modifiers *RuleModifiers `protobuf:"bytes,1,opt,name=modifiers" json:"modifiers,omitempty"`
	// Rule identifier. Must be unique in the ruleset. Required.
	Identifier *string `protobuf:"bytes,2,opt,name=identifier" json:"identifier,omitempty"`
	// Tags. Cannot be repeated.
	Tags []string `protobuf:"bytes,3,rep,name=tags" json:"tags,omitempty"`
	// Metadata.
	Meta []*Meta `protobuf:"bytes,4,rep,name=meta" json:"meta,omitempty"`
	// String declarations.
	Strings []*String `protobuf:"bytes,5,rep,name=strings" json:"strings,omitempty"`
	// Boolean expression to check.
	Condition *Expression `protobuf:"bytes,6,opt,name=condition" json:"condition,omitempty"`
	// contains filtered or unexported fields
}

YARA rule.

func (*Rule) Descriptor deprecated 

func (*Rule) Descriptor() ([]byte, []int)

Deprecated: Use Rule.ProtoReflect.Descriptor instead.

func (*Rule) GetCondition 

func (x *Rule) GetCondition() *Expression

func (*Rule) GetIdentifier 

func (x *Rule) GetIdentifier() string

func (*Rule) GetMeta 

func (x *Rule) GetMeta() []*Meta

func (*Rule) GetModifiers 

func (x *Rule) GetModifiers() *RuleModifiers

func (*Rule) GetStrings 

func (x *Rule) GetStrings() []*String

func (*Rule) GetTags 

func (x *Rule) GetTags() []string

func (*Rule) ProtoMessage 

func (*Rule) ProtoMessage()

func (*Rule) ProtoReflect added in v0.6.1 

func (x *Rule) ProtoReflect() protoreflect.Message

func (*Rule) Reset 

func (x *Rule) Reset()

func (*Rule) String 

func (x *Rule) String() string

type RuleEnumeration added in v0.7.0 

type RuleEnumeration struct {

	// Items in the rule enumeration.
	Items []*RuleEnumeration_RuleEnumerationItem `protobuf:"bytes,1,rep,name=items" json:"items,omitempty"`
	// contains filtered or unexported fields
}

Set of rules, referenced by their identifier. A wildcard can be used to match multiple rules.

func (*RuleEnumeration) Descriptor deprecated added in v0.7.0 

func (*RuleEnumeration) Descriptor() ([]byte, []int)

Deprecated: Use RuleEnumeration.ProtoReflect.Descriptor instead.

func (*RuleEnumeration) GetItems added in v0.7.0 

func (x *RuleEnumeration) GetItems() []*RuleEnumeration_RuleEnumerationItem

func (*RuleEnumeration) ProtoMessage added in v0.7.0 

func (*RuleEnumeration) ProtoMessage()

func (*RuleEnumeration) ProtoReflect added in v0.7.0 

func (x *RuleEnumeration) ProtoReflect() protoreflect.Message

func (*RuleEnumeration) Reset added in v0.7.0 

func (x *RuleEnumeration) Reset()

func (*RuleEnumeration) String added in v0.7.0 

func (x *RuleEnumeration) String() string

type RuleEnumeration_RuleEnumerationItem added in v0.7.0 

type RuleEnumeration_RuleEnumerationItem struct {

	// Identifier or part of it if a wildcard (*) is used.
	// Includes the wildcard if present.
	RuleIdentifier *string `protobuf:"bytes,1,opt,name=rule_identifier,json=ruleIdentifier" json:"rule_identifier,omitempty"`
	// Wildcard (*).
	HasWildcard *bool `protobuf:"varint,2,opt,name=has_wildcard,json=hasWildcard" json:"has_wildcard,omitempty"`
	// contains filtered or unexported fields
}

An entry in the rule enumeration.

func (*RuleEnumeration_RuleEnumerationItem) Descriptor deprecated added in v0.7.0 

func (*RuleEnumeration_RuleEnumerationItem) Descriptor() ([]byte, []int)

Deprecated: Use RuleEnumeration_RuleEnumerationItem.ProtoReflect.Descriptor instead.

func (*RuleEnumeration_RuleEnumerationItem) GetHasWildcard added in v0.7.0 

func (x *RuleEnumeration_RuleEnumerationItem) GetHasWildcard() bool

func (*RuleEnumeration_RuleEnumerationItem) GetRuleIdentifier added in v0.7.0 

func (x *RuleEnumeration_RuleEnumerationItem) GetRuleIdentifier() string

func (*RuleEnumeration_RuleEnumerationItem) ProtoMessage added in v0.7.0 

func (*RuleEnumeration_RuleEnumerationItem) ProtoMessage()

func (*RuleEnumeration_RuleEnumerationItem) ProtoReflect added in v0.7.0 

func (x *RuleEnumeration_RuleEnumerationItem) ProtoReflect() protoreflect.Message

func (*RuleEnumeration_RuleEnumerationItem) Reset added in v0.7.0 

func (x *RuleEnumeration_RuleEnumerationItem) Reset()

func (*RuleEnumeration_RuleEnumerationItem) String added in v0.7.0 

func (x *RuleEnumeration_RuleEnumerationItem) String() string

type RuleModifiers 

type RuleModifiers struct {

	// Impose restrictions on all the rules in the ruleset.
	Global *bool `protobuf:"varint,1,opt,name=global" json:"global,omitempty"`
	// Rule is not reported when matches a file.
	Private *bool `protobuf:"varint,2,opt,name=private" json:"private,omitempty"`
	// contains filtered or unexported fields
}

Rule modifiers.

func (*RuleModifiers) Descriptor deprecated 

func (*RuleModifiers) Descriptor() ([]byte, []int)

Deprecated: Use RuleModifiers.ProtoReflect.Descriptor instead.

func (*RuleModifiers) GetGlobal 

func (x *RuleModifiers) GetGlobal() bool

func (*RuleModifiers) GetPrivate 

func (x *RuleModifiers) GetPrivate() bool

func (*RuleModifiers) ProtoMessage 

func (*RuleModifiers) ProtoMessage()

func (*RuleModifiers) ProtoReflect added in v0.6.1 

func (x *RuleModifiers) ProtoReflect() protoreflect.Message

func (*RuleModifiers) Reset 

func (x *RuleModifiers) Reset()

func (*RuleModifiers) String 

func (x *RuleModifiers) String() string

type RuleSet 

type RuleSet struct {

	// Names of the imported modules.
	// Examples: "pe", "elf", "cuckoo", "magic", "hash", "math", ...
	Imports []string `protobuf:"bytes,1,rep,name=imports" json:"imports,omitempty"`
	// Path to other YARA source files whose content should be included.
	// Examples:
	// - "other_rule.yar"
	// - "rules/rule1.yar"
	Includes []string `protobuf:"bytes,2,rep,name=includes" json:"includes,omitempty"`
	// Set of rules.
	Rules []*Rule `protobuf:"bytes,3,rep,name=rules" json:"rules,omitempty"`
	// contains filtered or unexported fields
}

Set of YARA rules.

func (*RuleSet) Descriptor deprecated 

func (*RuleSet) Descriptor() ([]byte, []int)

Deprecated: Use RuleSet.ProtoReflect.Descriptor instead.

func (*RuleSet) GetImports 

func (x *RuleSet) GetImports() []string

func (*RuleSet) GetIncludes 

func (x *RuleSet) GetIncludes() []string

func (*RuleSet) GetRules 

func (x *RuleSet) GetRules() []*Rule

func (*RuleSet) ProtoMessage 

func (*RuleSet) ProtoMessage()

func (*RuleSet) ProtoReflect added in v0.6.1 

func (x *RuleSet) ProtoReflect() protoreflect.Message

func (*RuleSet) Reset 

func (x *RuleSet) Reset()

func (*RuleSet) String 

func (x *RuleSet) String() string

type String 

type String struct {

	// String identifier. Required.
	Id *string `protobuf:"bytes,1,opt,name=id" json:"id,omitempty"`
	// String value, which can be a text string, an hexadecimal string or a
	// regular expression.
	//
	// Types that are assignable to Value:
	//	*String_Text
	//	*String_Hex
	//	*String_Regexp
	Value isString_Value `protobuf_oneof:"value"`
	// contains filtered or unexported fields
}

Rule string entry.

func (*String) Descriptor deprecated 

func (*String) Descriptor() ([]byte, []int)

Deprecated: Use String.ProtoReflect.Descriptor instead.

func (*String) GetHex 

func (x *String) GetHex() *HexTokens

func (*String) GetId 

func (x *String) GetId() string

func (*String) GetRegexp 

func (x *String) GetRegexp() *Regexp

func (*String) GetText 

func (x *String) GetText() *TextString

func (*String) GetValue 

func (m *String) GetValue() isString_Value

func (*String) ProtoMessage 

func (*String) ProtoMessage()

func (*String) ProtoReflect added in v0.6.1 

func (x *String) ProtoReflect() protoreflect.Message

func (*String) Reset 

func (x *String) Reset()

func (*String) String 

func (x *String) String() string

type StringEnumeration 

type StringEnumeration struct {

	// Items in the strings enumeration.
	Items []*StringEnumeration_StringEnumerationItem `protobuf:"bytes,1,rep,name=items" json:"items,omitempty"`
	// contains filtered or unexported fields
}

Enumeration of strings, referenced by their identifier. A wildcard can be used to match multiple strings. Examples: $str1, $str*

func (*StringEnumeration) Descriptor deprecated 

func (*StringEnumeration) Descriptor() ([]byte, []int)

Deprecated: Use StringEnumeration.ProtoReflect.Descriptor instead.

func (*StringEnumeration) GetItems 

func (x *StringEnumeration) GetItems() []*StringEnumeration_StringEnumerationItem

func (*StringEnumeration) ProtoMessage 

func (*StringEnumeration) ProtoMessage()

func (*StringEnumeration) ProtoReflect added in v0.6.1 

func (x *StringEnumeration) ProtoReflect() protoreflect.Message

func (*StringEnumeration) Reset 

func (x *StringEnumeration) Reset()

func (*StringEnumeration) String 

func (x *StringEnumeration) String() string

type StringEnumeration_StringEnumerationItem 

type StringEnumeration_StringEnumerationItem struct {

	// String identifier or part of it if a wildcard (*) is used.
	// Includes the wildcard if present.
	StringIdentifier *string `protobuf:"bytes,1,opt,name=string_identifier,json=stringIdentifier" json:"string_identifier,omitempty"`
	// Wildcard (*).
	HasWildcard *bool `protobuf:"varint,2,opt,name=has_wildcard,json=hasWildcard" json:"has_wildcard,omitempty"`
	// contains filtered or unexported fields
}

An entry in the strings enumeration.

func (*StringEnumeration_StringEnumerationItem) Descriptor deprecated 

func (*StringEnumeration_StringEnumerationItem) Descriptor() ([]byte, []int)

Deprecated: Use StringEnumeration_StringEnumerationItem.ProtoReflect.Descriptor instead.

func (*StringEnumeration_StringEnumerationItem) GetHasWildcard 

func (x *StringEnumeration_StringEnumerationItem) GetHasWildcard() bool

func (*StringEnumeration_StringEnumerationItem) GetStringIdentifier 

func (x *StringEnumeration_StringEnumerationItem) GetStringIdentifier() string

func (*StringEnumeration_StringEnumerationItem) ProtoMessage 

func (*StringEnumeration_StringEnumerationItem) ProtoMessage()

func (*StringEnumeration_StringEnumerationItem) ProtoReflect added in v0.6.1 

func (x *StringEnumeration_StringEnumerationItem) ProtoReflect() protoreflect.Message

func (*StringEnumeration_StringEnumerationItem) Reset 

func (x *StringEnumeration_StringEnumerationItem) Reset()

func (*StringEnumeration_StringEnumerationItem) String 

func (x *StringEnumeration_StringEnumerationItem) String() string

type StringLength 

type StringLength struct {

	// String Identifier. Required.
	StringIdentifier *string `protobuf:"bytes,1,opt,name=string_identifier,json=stringIdentifier" json:"string_identifier,omitempty"`
	// The index of the match.
	Index *Expression `protobuf:"bytes,2,opt,name=index" json:"index,omitempty"`
	// contains filtered or unexported fields
}

Refers to the length of the matches of a string (or, optionally, to the length of the i-th match). It is useful when combined with regular expressions or hexadecimal strings, which may contain jumps. Examples: - !s1 > 50 - !s1[1] != 30

func (*StringLength) Descriptor deprecated 

func (*StringLength) Descriptor() ([]byte, []int)

Deprecated: Use StringLength.ProtoReflect.Descriptor instead.

func (*StringLength) GetIndex 

func (x *StringLength) GetIndex() *Expression

func (*StringLength) GetStringIdentifier 

func (x *StringLength) GetStringIdentifier() string

func (*StringLength) ProtoMessage 

func (*StringLength) ProtoMessage()

func (*StringLength) ProtoReflect added in v0.6.1 

func (x *StringLength) ProtoReflect() protoreflect.Message

func (*StringLength) Reset 

func (x *StringLength) Reset()

func (*StringLength) String 

func (x *StringLength) String() string

type StringModifiers 

type StringModifiers struct {

	// Case-insensitive.
	Nocase *bool `protobuf:"varint,1,opt,name=nocase" json:"nocase,omitempty"`
	// Strings should be ASCII-encoded.
	Ascii *bool `protobuf:"varint,2,opt,name=ascii" json:"ascii,omitempty"`
	// String should be encoded with two bytes per character.
	Wide *bool `protobuf:"varint,3,opt,name=wide" json:"wide,omitempty"`
	// Only matches the string if it appears delimited by non-alphanumeric chars.
	Fullword *bool `protobuf:"varint,4,opt,name=fullword" json:"fullword,omitempty"`
	// Matches strings with a single-byte XOR applied to them.
	Xor *bool `protobuf:"varint,5,opt,name=xor" json:"xor,omitempty"`
	// Regexp case-insensitive modifier.
	I *bool `protobuf:"varint,6,opt,name=i" json:"i,omitempty"`
	// Regexp single-line modifier.
	S *bool `protobuf:"varint,7,opt,name=s" json:"s,omitempty"`
	// String is private.
	Private *bool `protobuf:"varint,8,opt,name=private" json:"private,omitempty"`
	// Minimum and maximum values for the XOR key. These values are present
	// only if the "xor" field is true.
	XorMin *int32 `protobuf:"varint,9,opt,name=xor_min,json=xorMin" json:"xor_min,omitempty"`
	XorMax *int32 `protobuf:"varint,10,opt,name=xor_max,json=xorMax" json:"xor_max,omitempty"`
	// String is base64.
	Base64 *bool `protobuf:"varint,11,opt,name=base64" json:"base64,omitempty"`
	// Optional alphabet for base64 strings.
	Base64Alphabet *string `protobuf:"bytes,12,opt,name=base64alphabet" json:"base64alphabet,omitempty"`
	// String is base64 wide.
	Base64Wide *bool `protobuf:"varint,13,opt,name=base64wide" json:"base64wide,omitempty"`
	// contains filtered or unexported fields
}

Modifiers for TextStrings and Regexps.

func (*StringModifiers) Descriptor deprecated 

func (*StringModifiers) Descriptor() ([]byte, []int)

Deprecated: Use StringModifiers.ProtoReflect.Descriptor instead.

func (*StringModifiers) GetAscii 

func (x *StringModifiers) GetAscii() bool

func (*StringModifiers) GetBase64 added in v0.3.0 

func (x *StringModifiers) GetBase64() bool

func (*StringModifiers) GetBase64Alphabet added in v0.3.0 

func (x *StringModifiers) GetBase64Alphabet() string

func (*StringModifiers) GetBase64Wide added in v0.4.2 

func (x *StringModifiers) GetBase64Wide() bool

func (*StringModifiers) GetFullword 

func (x *StringModifiers) GetFullword() bool

func (*StringModifiers) GetI 

func (x *StringModifiers) GetI() bool

func (*StringModifiers) GetNocase 

func (x *StringModifiers) GetNocase() bool

func (*StringModifiers) GetPrivate 

func (x *StringModifiers) GetPrivate() bool

func (*StringModifiers) GetS 

func (x *StringModifiers) GetS() bool

func (*StringModifiers) GetWide 

func (x *StringModifiers) GetWide() bool

func (*StringModifiers) GetXor 

func (x *StringModifiers) GetXor() bool

func (*StringModifiers) GetXorMax 

func (x *StringModifiers) GetXorMax() int32

func (*StringModifiers) GetXorMin 

func (x *StringModifiers) GetXorMin() int32

func (*StringModifiers) ProtoMessage 

func (*StringModifiers) ProtoMessage()

func (*StringModifiers) ProtoReflect added in v0.6.1 

func (x *StringModifiers) ProtoReflect() protoreflect.Message

func (*StringModifiers) Reset 

func (x *StringModifiers) Reset()

func (*StringModifiers) String 

func (x *StringModifiers) String() string

type StringOffset 

type StringOffset struct {

	// String identifier. Required.
	StringIdentifier *string `protobuf:"bytes,1,opt,name=string_identifier,json=stringIdentifier" json:"string_identifier,omitempty"`
	// The index of the occurrence of the string.
	Index *Expression `protobuf:"bytes,2,opt,name=index" json:"index,omitempty"`
	// contains filtered or unexported fields
}

Refers to the offset or virtual address at which a string (or, optionally, the i-th occurence of the string) is found. Examples: - $s1 at 1000 - $s1[2] at 1000

func (*StringOffset) Descriptor deprecated 

func (*StringOffset) Descriptor() ([]byte, []int)

Deprecated: Use StringOffset.ProtoReflect.Descriptor instead.

func (*StringOffset) GetIndex 

func (x *StringOffset) GetIndex() *Expression

func (*StringOffset) GetStringIdentifier 

func (x *StringOffset) GetStringIdentifier() string

func (*StringOffset) ProtoMessage 

func (*StringOffset) ProtoMessage()

func (*StringOffset) ProtoReflect added in v0.6.1 

func (x *StringOffset) ProtoReflect() protoreflect.Message

func (*StringOffset) Reset 

func (x *StringOffset) Reset()

func (*StringOffset) String 

func (x *StringOffset) String() string

type StringSet 

type StringSet struct {

	// Types that are assignable to Set:
	//	*StringSet_Strings
	//	*StringSet_Keyword
	Set isStringSet_Set `protobuf_oneof:"set"`
	// contains filtered or unexported fields
}

Set of strings. Can be either an enumeration of strings or a keyword.

func (*StringSet) Descriptor deprecated 

func (*StringSet) Descriptor() ([]byte, []int)

Deprecated: Use StringSet.ProtoReflect.Descriptor instead.

func (*StringSet) GetKeyword 

func (x *StringSet) GetKeyword() StringSetKeyword

func (*StringSet) GetSet 

func (m *StringSet) GetSet() isStringSet_Set

func (*StringSet) GetStrings 

func (x *StringSet) GetStrings() *StringEnumeration

func (*StringSet) ProtoMessage 

func (*StringSet) ProtoMessage()

func (*StringSet) ProtoReflect added in v0.6.1 

func (x *StringSet) ProtoReflect() protoreflect.Message

func (*StringSet) Reset 

func (x *StringSet) Reset()

func (*StringSet) String 

func (x *StringSet) String() string

type StringSetKeyword 

type StringSetKeyword int32

Keywords used in string sets. 

const (
	// All the strings in the rule (equivalent to $*).
	StringSetKeyword_THEM StringSetKeyword = 1
)

func (StringSetKeyword) Descriptor added in v0.6.1 

func (StringSetKeyword) Descriptor() protoreflect.EnumDescriptor

func (StringSetKeyword) Enum 

func (x StringSetKeyword) Enum() *StringSetKeyword

func (StringSetKeyword) EnumDescriptor deprecated 

func (StringSetKeyword) EnumDescriptor() ([]byte, []int)

Deprecated: Use StringSetKeyword.Descriptor instead.

func (StringSetKeyword) Number added in v0.6.1 

func (x StringSetKeyword) Number() protoreflect.EnumNumber

func (StringSetKeyword) String 

func (x StringSetKeyword) String() string

func (StringSetKeyword) Type added in v0.6.1 

func (StringSetKeyword) Type() protoreflect.EnumType

func (*StringSetKeyword) UnmarshalJSON deprecated 

func (x *StringSetKeyword) UnmarshalJSON(b []byte) error

Deprecated: Do not use.

type StringSet_Keyword 

type StringSet_Keyword struct {
	// Keyword. Example: them.
	Keyword StringSetKeyword `protobuf:"varint,2,opt,name=keyword,enum=StringSetKeyword,oneof"`
}

type StringSet_Strings 

type StringSet_Strings struct {
	// Enumeration of strings. Example: ($s1, $s2, $s3)
	Strings *StringEnumeration `protobuf:"bytes,1,opt,name=strings,oneof"`
}

type String_Hex 

type String_Hex struct {
	Hex *HexTokens `protobuf:"bytes,3,opt,name=hex,oneof"`
}

type String_Regexp 

type String_Regexp struct {
	Regexp *Regexp `protobuf:"bytes,4,opt,name=regexp,oneof"`
}

type String_Text 

type String_Text struct {
	Text *TextString `protobuf:"bytes,2,opt,name=text,oneof"`
}

type TextString 

type TextString struct {

	// String content. Any character that appears in escaped form in the source
	// is translated to their binary form. For example, if the string contained
	// \x01, this string contains a 01 byte.
	Text *string `protobuf:"bytes,1,opt,name=text" json:"text,omitempty"`
	// String modifiers.
	Modifiers *StringModifiers `protobuf:"bytes,2,opt,name=modifiers" json:"modifiers,omitempty"`
	// contains filtered or unexported fields
}

Text string.

func (*TextString) Descriptor deprecated 

func (*TextString) Descriptor() ([]byte, []int)

Deprecated: Use TextString.ProtoReflect.Descriptor instead.

func (*TextString) GetModifiers 

func (x *TextString) GetModifiers() *StringModifiers

func (*TextString) GetText 

func (x *TextString) GetText() string

func (*TextString) ProtoMessage 

func (*TextString) ProtoMessage()

func (*TextString) ProtoReflect added in v0.6.1 

func (x *TextString) ProtoReflect() protoreflect.Message

func (*TextString) Reset 

func (x *TextString) Reset()

func (*TextString) String 

func (x *TextString) String() string

type UnaryExpression 

type UnaryExpression struct {

	// Operator. Required.
	Operator *UnaryExpression_Operator `protobuf:"varint,1,opt,name=operator,enum=UnaryExpression_Operator" json:"operator,omitempty"`
	// Expression. Required.
	Expression *Expression `protobuf:"bytes,2,opt,name=expression" json:"expression,omitempty"`
	// contains filtered or unexported fields
}

Unary expression, consisting of an operator applied to an expression.

func (*UnaryExpression) Descriptor deprecated 

func (*UnaryExpression) Descriptor() ([]byte, []int)

Deprecated: Use UnaryExpression.ProtoReflect.Descriptor instead.

func (*UnaryExpression) GetExpression 

func (x *UnaryExpression) GetExpression() *Expression

func (*UnaryExpression) GetOperator 

func (x *UnaryExpression) GetOperator() UnaryExpression_Operator

func (*UnaryExpression) ProtoMessage 

func (*UnaryExpression) ProtoMessage()

func (*UnaryExpression) ProtoReflect added in v0.6.1 

func (x *UnaryExpression) ProtoReflect() protoreflect.Message

func (*UnaryExpression) Reset 

func (x *UnaryExpression) Reset()

func (*UnaryExpression) String 

func (x *UnaryExpression) String() string

type UnaryExpression_Operator 

type UnaryExpression_Operator int32
const (
	UnaryExpression_UNKNOWN     UnaryExpression_Operator = 0
	UnaryExpression_UNARY_MINUS UnaryExpression_Operator = 1 // -
	UnaryExpression_BITWISE_NOT UnaryExpression_Operator = 2 // ~
	UnaryExpression_DEFINED     UnaryExpression_Operator = 3
)

func (UnaryExpression_Operator) Descriptor added in v0.6.1 

func (UnaryExpression_Operator) Descriptor() protoreflect.EnumDescriptor

func (UnaryExpression_Operator) Enum 

func (x UnaryExpression_Operator) Enum() *UnaryExpression_Operator

func (UnaryExpression_Operator) EnumDescriptor deprecated 

func (UnaryExpression_Operator) EnumDescriptor() ([]byte, []int)

Deprecated: Use UnaryExpression_Operator.Descriptor instead.

func (UnaryExpression_Operator) Number added in v0.6.1 

func (x UnaryExpression_Operator) Number() protoreflect.EnumNumber

func (UnaryExpression_Operator) String 

func (x UnaryExpression_Operator) String() string

func (UnaryExpression_Operator) Type added in v0.6.1 

func (UnaryExpression_Operator) Type() protoreflect.EnumType

func (*UnaryExpression_Operator) UnmarshalJSON deprecated 

func (x *UnaryExpression_Operator) UnmarshalJSON(b []byte) error

Deprecated: Do not use.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.