RubyGems - yara-ffi - Versions diffs - 2.0.1 → 2.1.0 - Mend

yara-ffi 2.0.1 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 495c967a7af5781f211a7f02a8161e117d35e701ebbdcc8b15fe0def323a623b
-  data.tar.gz: 2f4b0325bf5c51d2483326f98de991f89633d27923f31c046bef919e49fc6e23
+  metadata.gz: 69d13f5f4b62199af83b30a5bb43366c98bd298b10f11b33d54ce931b5b3a23b
+  data.tar.gz: 384f0506d4781049c57f143243b4b8ff9fb7c46fc95cd8e9fe781d39e16c22ce
 SHA512:
-  metadata.gz: 38cc0d0af7ab17fa8103ed273556ef489f619c2de4facf678a724e05af03c0454b5d5b1dddd24134469d5340cec4f17e4de459066f6d9e6086099dbf61b52510
-  data.tar.gz: 7bc527f30f067905006e1155645c4a01fe34e413bec32a93611b02dfe6a9330753006962b44dcdcd1d085050c0aa54dbf99b334825b547f5cb3fac1e95788431
+  metadata.gz: 6811bee54889a6a95a01df893fe694e3fc2bd1a424063c7d51aa222f6a37e7b202dbcee06ed58b7768b9b348b530918b3e093994ac753831823951ac194a21cd
+  data.tar.gz: b58b0fa59f64501b560f99b012ea2132617e16811988e70d887838df157028fabdeed2109ba723389e1830e411c111233f1f0a1ef6e877913ac55849d37203dc

data/lib/yara/scan_result.rb CHANGED Viewed

@@ -9,8 +9,14 @@ module Yara
     META_TYPE_STRING  = 2
     META_TYPE_BOOLEAN = 3
+    STRING_FLAGS_LAST_IN_RULE = 0
+    STRING_LENGTH = 4
+    STRING_POINTER = 5
     RULE_IDENTIFIER  = 1
     METAS_IDENTIFIER = 3
+    STRING_IDENTIFIER = 4
     attr_reader :callback_type, :rule
@@ -41,6 +47,25 @@ module Yara
       metas
     end
+    def rule_strings
+      strings = {}
+      reading_strings = true
+      string_index = 0
+      string_pointer = @rule.values[STRING_IDENTIFIER]
+      while reading_strings do
+        string = YrString.new(string_pointer + string_index * YrString.size)
+        string_length = string.values[STRING_LENGTH]
+        flags = string.values.first
+        if flags == STRING_FLAGS_LAST_IN_RULE
+          reading_strings = false
+        else
+          strings.merge!(string_as_hash(string)) unless string_length == 0
+          string_index += 1
+        end
+      end
+      strings
+    end
     def scan_complete?
       callback_type == SCAN_FINISHED
     end
@@ -61,6 +86,12 @@ module Yara
       { name.to_sym => value }
     end
+    def string_as_hash(yr_string)
+      string_pointer = yr_string.values[STRING_POINTER]
+      string_identifier = yr_string.values.last
+      { string_identifier.to_sym => string_pointer.read_string }
+    end
     def meta_value(string_value, int_value, type)
       if type == META_TYPE_INTEGER
         int_value

data/lib/yara/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Yara
-  VERSION = "2.0.1"
+  VERSION = "2.1.0"
 end

data/lib/yara/yr_rule.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module Yara
       :identifier, :string,
       :tags, :string,
       :metas, :pointer,
-      :strings, YrString.ptr,
+      :strings, :pointer,
       :ns, YrNamespace.ptr
   end
 end

data/lib/yara/yr_string.rb CHANGED Viewed

@@ -1,5 +1,15 @@
 module Yara
   class YrString < FFI::Struct
-    layout :identifier, :string
+    layout \
+      :flags, :uint32_t,
+      :idx, :uint32_t,
+      :fixed_offset, :int64_t,
+      :rule_idx, :uint32_t,
+      :length, :int32_t,
+      :string, :pointer,
+      :chained_to, :pointer,
+      :chain_gap_min, :int32_t,
+      :chain_gap_max, :int32_t,
+      :identifier, :string
   end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: yara-ffi
 version: !ruby/object:Gem::Version
-  version: 2.0.1
+  version: 2.1.0
 platform: ruby
 authors:
 - Jonathan Hoyt