Documentation ¶
Overview ¶
Package yara provides bindings to the YARA library.
Index ¶
- Constants
- type Compiler
- type CompilerMessage
- type MatchRule
- type MatchString
- type Rules
- func (r *Rules) DefineVariable(name string, value interface{}) (err error)
- func (r *Rules) Destroy()
- func (r *Rules) Save(filename string) (err error)
- func (r *Rules) ScanFile(filename string, flags ScanFlags, timeout time.Duration) (matches []MatchRule, err error)
- func (r *Rules) ScanFileDescriptor(fd uintptr, flags ScanFlags, timeout time.Duration) (matches []MatchRule, err error)
- func (r *Rules) ScanMem(buf []byte, flags ScanFlags, timeout time.Duration) (matches []MatchRule, err error)
- func (r *Rules) ScanProc(pid int, flags int, timeout time.Duration) (matches []MatchRule, err error)
- func (r *Rules) Write(wr io.Writer) (err error)
- type ScanFlags
Constants ¶
const ( // ScanFlagsFastMode avoids multiple matches of the same string // when not necessary. ScanFlagsFastMode = C.SCAN_FLAGS_FAST_MODE // ScanFlagsProcessMemory causes the scanned data to be // interpreted like live, in-prcess memory rather than an on-disk // file. ScanFlagsProcessMemory = C.SCAN_FLAGS_PROCESS_MEMORY )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Compiler ¶
type Compiler struct { Errors []CompilerMessage Warnings []CompilerMessage // contains filtered or unexported fields }
A Compiler encapsulates the YARA compiler that transforms rules into YARA's internal, binary form which in turn is used for scanning files or memory blocks.
func (*Compiler) AddFile ¶
AddFile compiles rules from a file. Rules are added to the specified namespace.
func (*Compiler) AddString ¶
AddString compiles rules from a string. Rules are added to the specified namespace.
func (*Compiler) DefineVariable ¶
DefineVariable defines a named variable for use by the compiler. Boolean, int64, float64, and string types are supported.
type CompilerMessage ¶
A CompilerMessage contains an error or warning message produced while compiling sets of rules using AddString or AddFile.
type MatchRule ¶
type MatchRule struct { Rule string Namespace string Tags []string Meta map[string]interface{} Strings []MatchString }
A MatchRule represents a rule successfully matched against a block of data.
type MatchString ¶
A MatchString represents a string declared and matched in a rule.
type Rules ¶
type Rules struct {
// contains filtered or unexported fields
}
Rules contains a compiled YARA ruleset.
func Compile ¶
Compile compiles rules and an (optional) set of variables into a Rules object in a single step.
func MustCompile ¶
MustCompile is like Compile but panics if the rules and optional variables can't be compiled. Like regexp.MustCompile, it allows for simple, safe initialization of global or test data.
func (*Rules) DefineVariable ¶
DefineVariable defines a named variable for use by the compiler. Boolean, int64, float64, and string types are supported.
func (*Rules) Destroy ¶
func (r *Rules) Destroy()
Destroy destroys the YARA data structure representing a ruleset. Since a Finalizer for the underlying YR_RULES structure is automatically set up on creation, it should not be necessary to explicitly call this method.
func (*Rules) ScanFile ¶
func (r *Rules) ScanFile(filename string, flags ScanFlags, timeout time.Duration) (matches []MatchRule, err error)
ScanFile scans a file using the ruleset.
func (*Rules) ScanFileDescriptor ¶
func (r *Rules) ScanFileDescriptor(fd uintptr, flags ScanFlags, timeout time.Duration) (matches []MatchRule, err error)
ScanFileDescriptor scans a file using the ruleset.
func (*Rules) ScanMem ¶
func (r *Rules) ScanMem(buf []byte, flags ScanFlags, timeout time.Duration) (matches []MatchRule, err error)
ScanMem scans an in-memory buffer using the ruleset.