yara-ffi 4.1.0 → 4.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f964b7eb475719ea6ceb456125b6ead06be8d9263a8839267ee96cdbe072b470
-  data.tar.gz: 36cc2f79374b0d00f245329f5d3e18423b6f16740e92f893c07d662f2183ce67
+  metadata.gz: 3e278e7deb04454bfa05c54feb3763d282073abe392ddbd142cef55afa749637
+  data.tar.gz: ec29557182c143b5d8a696d7d494bbf7e737fdd115cddaf637538322902863fc
 SHA512:
-  metadata.gz: 5636bffbece91a2b3d48568e7bcac3e75d0f7713231c1a0abfbcbf83a0436b1d950ca5dccb5dae98b82c6ab3686521f61b561a2802f1c26145f887ea64fccf37
-  data.tar.gz: b10394734d3c00d986a5f12a6a2682087a7641e2abb62108728fc699f1e79f395f4bf2c5d94842c440fb15c960690773760907be56b4f14edbe5c86c3589aa3c
+  metadata.gz: 2bcfc0f2f49fbbb2faf7c0bd221c4b6c8b41ff7c3724feca975e4ae4c89f4d3528966efcb5123d315aafc95decde239ccd7d27a1c0327ce578990f84db7e131a
+  data.tar.gz: fb704aebc592c80b63012acbd060b17608f9a6c43250a560379c39b11e6e813825df67ddc4b5daaf676fa18da383fe3f73f66bfcc87421b906c21f33a721dfcf

data/.github/workflows/ruby.yml

@@ -18,7 +18,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        ruby-version: ['3.2', '3.3']
+        ruby-version: ['3.2', '3.3', '3.4']
 
     steps:
     - name: Checkout code

data/CHANGELOG.md

@@ -1,5 +1,24 @@
 ## [Unreleased]
 
+## [4.2.0] - 2025-11-13
+
+- **NEW**: Added rule iteration API for inspecting compiled rules without scanning
+  - `Scanner#each_rule` - Iterate through all compiled rules (returns Enumerator)
+  - `Yara::Rule` class for accessing rule properties
+  - `Rule#identifier` - Get rule name
+  - `Rule#namespace` - Get rule namespace
+  - `Rule#metadata` - Access rule metadata as hash
+  - `Rule#tags` - Get rule tags as array
+  - Enables building rule catalogs and introspection without scanning data
+  - Works with compiled rules from `Scanner`, `Compiler`, or deserialized rules
+- **IMPROVED**: Enhanced FFI struct handling for better memory safety with unions
+
+## [4.1.1] - 2025-08-20
+
+- **FIXED**: Fixed crash when `Yara.test` or `Yara.scan` receive `nil` as the test string parameter ([#15](https://github.com/jonmagic/yara-ffi/issues/15))
+  - `nil` values are now treated as empty strings instead of causing `NoMethodError`
+  - Both `Yara.test(rule, nil)` and `Yara.scan(rule, nil)` now return empty `ScanResults` objects
+
 ## [4.1.0] - 2025-08-20
 
 - **NEW**: Added advanced `Yara::Compiler` API for complex rule compilation scenarios

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    yara-ffi (4.1.0)
+    yara-ffi (4.2.0)
       ffi
 
 GEM
@@ -14,24 +14,24 @@ GEM
     ffi (1.17.2-arm64-darwin)
     ffi (1.17.2-x86_64-darwin)
     ffi (1.17.2-x86_64-linux-gnu)
-    json (2.13.2)
+    json (2.16.0)
     language_server-protocol (3.17.0.5)
     lint_roller (1.1.0)
     method_source (1.1.0)
-    minitest (5.25.5)
+    minitest (5.26.1)
     parallel (1.27.0)
-    parser (3.3.9.0)
+    parser (3.3.10.0)
       ast (~> 2.4.1)
       racc
-    prism (1.4.0)
+    prism (1.6.0)
     pry (0.15.2)
       coderay (~> 1.1)
       method_source (~> 1.0)
     racc (1.8.1)
     rainbow (3.1.1)
-    rake (13.3.0)
-    regexp_parser (2.11.2)
-    rubocop (1.79.2)
+    rake (13.3.1)
+    regexp_parser (2.11.3)
+    rubocop (1.81.7)
       json (~> 2.3)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.1.0)
@@ -39,16 +39,16 @@ GEM
       parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 2.9.3, < 3.0)
-      rubocop-ast (>= 1.46.0, < 2.0)
+      rubocop-ast (>= 1.47.1, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 4.0)
-    rubocop-ast (1.46.0)
+    rubocop-ast (1.48.0)
       parser (>= 3.3.7.2)
       prism (~> 1.4)
     ruby-progressbar (1.13.0)
-    unicode-display_width (3.1.5)
-      unicode-emoji (~> 4.0, >= 4.0.4)
-    unicode-emoji (4.0.4)
+    unicode-display_width (3.2.0)
+      unicode-emoji (~> 4.1)
+    unicode-emoji (4.1.0)
 
 PLATFORMS
   aarch64-linux

data/USAGE.md

@@ -69,6 +69,25 @@ result.tags                         # => ["malware", "trojan"]
 result.has_tag?("malware")         # => true
 ```
 
+### Rule Iteration (Without Scanning)
+
+```ruby
+# Inspect compiled rules without scanning data
+scanner.compile
+scanner.each_rule do |rule|
+  puts "Rule: #{rule.identifier}"
+  puts "Namespace: #{rule.namespace}"
+  puts "Tags: #{rule.tags.join(', ')}"
+
+  # Access metadata
+  rule.metadata.each { |k, v| puts "  #{k}: #{v}" }
+
+  # Type-safe metadata access
+  author = rule.metadata_string(:author)
+  severity = rule.metadata_int(:severity)
+end
+```
+
 ### Global Variables
 
 ```ruby
@@ -284,6 +303,141 @@ results2 = scanner.scan(data2)
 scanner.close
 ```
 
+### Iterating Rules Without Scanning
+
+Extract rule information, metadata, and tags without scanning any data:
+
+```ruby
+# Setup: compile multiple rules
+scanner = Yara::Scanner.new
+scanner.add_rule(rule1)
+scanner.add_rule(rule2, namespace: "malware")
+scanner.compile
+
+# Iterate through all compiled rules
+scanner.each_rule do |rule|
+  puts "Rule: #{rule.identifier}"
+  puts "Namespace: #{rule.namespace || 'default'}"
+  puts "Qualified Name: #{rule.qualified_name}"
+
+  # Access metadata
+  puts "\nMetadata:"
+  rule.metadata.each do |key, value|
+    puts "  #{key}: #{value}"
+  end
+
+  # Access tags
+  if rule.tags.any?
+    puts "\nTags: #{rule.tags.join(', ')}"
+  end
+
+  # Type-safe metadata access
+  if author = rule.metadata_string(:author)
+    puts "Author: #{author}"
+  end
+
+  if severity = rule.metadata_int(:severity)
+    puts "Severity: #{severity}/10"
+  end
+
+  # Check for specific tags
+  if rule.has_tag?("trojan")
+    puts "⚠️  Trojan detection rule"
+  end
+end
+
+# Use as an Enumerator
+rules = scanner.each_rule.to_a
+puts "Total rules: #{rules.size}"
+
+# Filter rules by criteria
+high_severity = scanner.each_rule.select do |rule|
+  (rule.metadata_int(:severity) || 0) >= 8
+end
+
+malware_rules = scanner.each_rule.select do |rule|
+  rule.has_tag?("malware")
+end
+
+scanner.close
+```
+
+**Example Rule with Metadata:**
+
+```ruby
+rule = <<-RULE
+rule SuspiciousActivity : malware trojan
+{
+  meta:
+    author = "Security Team"
+    description = "Detects suspicious API calls"
+    severity = 8
+    date = "2024-01-15"
+    is_active = true
+    confidence = 0.95
+
+  strings:
+    $api1 = "VirtualAlloc"
+    $api2 = "WriteProcessMemory"
+
+  condition:
+    all of them
+}
+RULE
+
+scanner = Yara::Scanner.new
+scanner.add_rule(rule, namespace: "detection")
+scanner.compile
+
+scanner.each_rule do |rule|
+  puts "Rule: #{rule.identifier}"           # => "SuspiciousActivity"
+  puts "Namespace: #{rule.namespace}"       # => "detection"
+  puts "Full name: #{rule.qualified_name}"  # => "detection.SuspiciousActivity"
+
+  # Access metadata with type safety
+  puts "Author: #{rule.metadata_string(:author)}"           # => "Security Team"
+  puts "Severity: #{rule.metadata_int(:severity)}"          # => 8
+  puts "Active: #{rule.metadata_bool(:is_active)}"          # => true
+  puts "Confidence: #{rule.metadata_float(:confidence)}"    # => 0.95
+
+  # Check tags
+  puts "Is malware rule: #{rule.has_tag?('malware')}"       # => true
+  puts "Tags: #{rule.tags.join(', ')}"                      # => "malware, trojan"
+end
+
+scanner.close
+```
+
+**Use Case: Building a Rule Catalog**
+
+```ruby
+# Create a catalog of all rules without scanning
+def build_rule_catalog(scanner)
+  catalog = {}
+
+  scanner.each_rule do |rule|
+    catalog[rule.identifier] = {
+      namespace: rule.namespace,
+      description: rule.metadata_string(:description),
+      author: rule.metadata_string(:author),
+      severity: rule.metadata_int(:severity),
+      tags: rule.tags,
+      active: rule.metadata_bool(:is_active) != false
+    }
+  end
+
+  catalog
+end
+
+scanner.compile
+catalog = build_rule_catalog(scanner)
+
+# Query the catalog
+catalog.each do |name, info|
+  puts "#{name}: #{info[:description]}" if info[:active]
+end
+```
+
 ## Pattern Matching Analysis
 
 ### Detailed Pattern Match Information

data/lib/yara/ffi.rb

@@ -139,6 +139,17 @@ module Yara
     # C Signature: typedef void (*YRX_ON_MATCHING_RULE)(const struct YRX_RULE *rule, void *user_data)
     callback :matching_rule_callback, [:pointer, :pointer], :void
 
+    # Internal: Callback function type for rule iteration.
+    #
+    # This callback is invoked for each rule during rule iteration.
+    # The callback receives pointers to the rule and optional user data.
+    #
+    # rule      - A Pointer to the YRX_RULE structure
+    # user_data - A Pointer to optional user-provided data
+    #
+    # C Signature: typedef void (*YRX_RULE_CALLBACK)(const struct YRX_RULE *rule, void *user_data)
+    callback :rule_callback, [:pointer, :pointer], :void
+
     # Public: Set callback for handling rule matches during scanning.
     #
     # This function registers a callback that will be invoked each time a rule
@@ -158,6 +169,26 @@ module Yara
     # C Signature: enum YRX_RESULT yrx_scanner_on_matching_rule(struct YRX_SCANNER *scanner, YRX_ON_MATCHING_RULE callback, void *user_data)
     attach_function :yrx_scanner_on_matching_rule, [:pointer, :matching_rule_callback, :pointer], :int
 
+    # Public: Iterate through all compiled rules without scanning.
+    #
+    # This function calls the provided callback for each rule in the compiled
+    # rules object, regardless of whether they would match any data. This is
+    # useful for inspecting rule metadata, tags, and patterns without performing
+    # an actual scan.
+    #
+    # rules     - A Pointer to the YRX_RULES structure
+    # callback  - A Proc matching the rule_callback signature
+    # user_data - A Pointer to optional data passed to callback (can be nil)
+    #
+    # Examples
+    #
+    #   callback = proc { |rule_ptr, user_data| puts "Found rule" }
+    #   result = Yara::FFI.yrx_rules_iter(rules_ptr, callback, nil)
+    #
+    # Returns an Integer result code (YRX_SUCCESS on success).
+    # C Signature: enum YRX_RESULT yrx_rules_iter(const struct YRX_RULES *rules, YRX_RULE_CALLBACK callback, void *user_data)
+    attach_function :yrx_rules_iter, [:pointer, :rule_callback, :pointer], :int
+
     # Public: Scan data using the configured scanner and rules.
     #
     # This function performs pattern matching against the provided data using

data/lib/yara/rule.rb

@@ -0,0 +1,287 @@
+# frozen_string_literal: true
+
+module Yara
+  # Public: Represents a YARA rule from compiled rules.
+  #
+  # A Rule provides access to a YARA rule's metadata, tags, and patterns
+  # without needing to scan any data. This is useful for inspecting compiled
+  # rules, extracting metadata, and understanding rule structure.
+  #
+  # Examples
+  #
+  #   # Typically created by Scanner#each_rule
+  #   scanner.each_rule do |rule|
+  #     puts "Rule: #{rule.identifier}"
+  #     puts "Namespace: #{rule.namespace}"
+  #     puts "Tags: #{rule.tags.join(', ')}"
+  #     rule.metadata.each { |k, v| puts "  #{k}: #{v}" }
+  #   end
+  class Rule
+    # Public: The identifier (name) of the rule.
+    attr_reader :identifier
+
+    # Public: The namespace of the rule.
+    attr_reader :namespace
+
+    # Public: FFI pointer to the underlying YRX_RULE structure.
+    attr_reader :rule_ptr
+
+    # Public: Initialize a new Rule from a YRX_RULE pointer.
+    #
+    # This constructor extracts the rule identifier, namespace, metadata,
+    # and tags using the YARA-X C API.
+    #
+    # rule_ptr - An FFI Pointer to the YRX_RULE structure
+    #
+    # Examples
+    #
+    #   # Typically created internally by Scanner#each_rule
+    #   rule = Rule.new(rule_ptr)
+    def initialize(rule_ptr)
+      @rule_ptr = rule_ptr
+      @identifier = extract_identifier
+      @namespace = extract_namespace
+      @metadata_cache = nil
+      @tags_cache = nil
+    end
+
+    # Public: Get the rule's metadata as a Hash.
+    #
+    # Metadata is extracted from the rule's meta section and includes
+    # various types: strings, integers, floats, booleans, and bytes.
+    #
+    # Returns a Hash mapping metadata keys (Symbols) to their values.
+    #
+    # Examples
+    #
+    #   metadata = rule.metadata
+    #   # => { author: "test", severity: 5, is_malware: true }
+    def metadata
+      @metadata_cache ||= extract_metadata
+    end
+
+    # Public: Get the rule's tags as an Array.
+    #
+    # Tags are labels used to categorize and organize rules, defined
+    # after the rule name in the rule definition.
+    #
+    # Returns an Array of Strings containing the rule's tags.
+    #
+    # Examples
+    #
+    #   tags = rule.tags
+    #   # => ["malware", "trojan"]
+    def tags
+      @tags_cache ||= extract_tags
+    end
+
+    # Public: Get a qualified name combining namespace and identifier.
+    #
+    # Returns a String in the format "namespace.identifier".
+    #
+    # Examples
+    #
+    #   rule.qualified_name
+    #   # => "malware.trojan_detector"
+    def qualified_name
+      return identifier if namespace.nil? || namespace.empty?
+
+      "#{namespace}.#{identifier}"
+    end
+
+    # Public: Check if the rule has a specific tag.
+    #
+    # tag - A String or Symbol representing the tag to check
+    #
+    # Returns true if the tag exists, false otherwise.
+    #
+    # Examples
+    #
+    #   rule.has_tag?("malware")
+    #   # => true
+    def has_tag?(tag)
+      tags.include?(tag.to_s)
+    end
+
+    # Public: Get a metadata value by key with type checking.
+    #
+    # key - A Symbol or String representing the metadata key
+    #
+    # Returns the metadata value if found, nil otherwise.
+    #
+    # Examples
+    #
+    #   rule.metadata_value(:author)
+    #   # => "test_author"
+    def metadata_value(key)
+      metadata[key.to_sym]
+    end
+
+    # Public: Get a String metadata value with type validation.
+    #
+    # key - A Symbol or String representing the metadata key
+    #
+    # Returns the String value if found and is a String, nil otherwise.
+    #
+    # Examples
+    #
+    #   rule.metadata_string(:author)
+    #   # => "test_author"
+    def metadata_string(key)
+      value = metadata_value(key)
+      value.is_a?(String) ? value : nil
+    end
+
+    # Public: Get an Integer metadata value with type validation.
+    #
+    # key - A Symbol or String representing the metadata key
+    #
+    # Returns the Integer value if found and is an Integer, nil otherwise.
+    #
+    # Examples
+    #
+    #   rule.metadata_int(:severity)
+    #   # => 5
+    def metadata_int(key)
+      value = metadata_value(key)
+      value.is_a?(Integer) ? value : nil
+    end
+
+    # Public: Get a Boolean metadata value with type validation.
+    #
+    # key - A Symbol or String representing the metadata key
+    #
+    # Returns the Boolean value if found and is a Boolean, nil otherwise.
+    #
+    # Examples
+    #
+    #   rule.metadata_bool(:is_malware)
+    #   # => true
+    def metadata_bool(key)
+      value = metadata_value(key)
+      [true, false].include?(value) ? value : nil
+    end
+
+    # Public: Get a Float metadata value with type validation.
+    #
+    # key - A Symbol or String representing the metadata key
+    #
+    # Returns the Float value if found and is a Float, nil otherwise.
+    #
+    # Examples
+    #
+    #   rule.metadata_float(:confidence)
+    #   # => 0.95
+    def metadata_float(key)
+      value = metadata_value(key)
+      value.is_a?(Float) ? value : nil
+    end
+
+    # Internal: Extract the rule identifier using YARA-X API.
+    #
+    # Returns a String containing the rule name.
+    def extract_identifier
+      ident_ptr = ::FFI::MemoryPointer.new(:pointer)
+      len_ptr = ::FFI::MemoryPointer.new(:size_t)
+
+      result = Yara::FFI.yrx_rule_identifier(@rule_ptr, ident_ptr, len_ptr)
+      if result != Yara::FFI::YRX_SUCCESS
+        raise "Failed to extract rule identifier: #{Yara::FFI.yrx_last_error}"
+      end
+
+      ident = ident_ptr.read_pointer
+      length = len_ptr.read(:size_t)
+      ident.read_bytes(length).force_encoding("UTF-8")
+    end
+
+    # Internal: Extract the rule namespace using YARA-X API.
+    #
+    # Returns a String containing the namespace, or nil if default namespace.
+    def extract_namespace
+      ns_ptr = ::FFI::MemoryPointer.new(:pointer)
+      len_ptr = ::FFI::MemoryPointer.new(:size_t)
+
+      result = Yara::FFI.yrx_rule_namespace(@rule_ptr, ns_ptr, len_ptr)
+      if result != Yara::FFI::YRX_SUCCESS
+        raise "Failed to extract rule namespace: #{Yara::FFI.yrx_last_error}"
+      end
+
+      ns = ns_ptr.read_pointer
+      length = len_ptr.read(:size_t)
+      namespace_str = ns.read_bytes(length).force_encoding("UTF-8")
+
+      # Return nil for default namespace
+      namespace_str.empty? ? nil : namespace_str
+    end
+
+    # Internal: Extract metadata from the rule using YARA-X API.
+    #
+    # Returns a Hash mapping metadata keys to their values.
+    def extract_metadata
+      metadata = {}
+
+      metadata_callback = proc do |metadata_ptr, _user_data|
+        begin
+          # Read identifier (first field, pointer at offset 0)
+          identifier_ptr = metadata_ptr.get_pointer(0)
+          next if identifier_ptr.null?
+          identifier = identifier_ptr.read_string.to_sym
+
+          # Read value_type (int at offset 8, after the 8-byte pointer)
+          value_type = metadata_ptr.get_int32(8)
+
+          # The value union starts at offset 16 (pointer:8 + int:4 + padding:4)
+          # This is due to struct alignment requirements
+          value_offset = 16
+
+          value = case value_type
+          when Yara::FFI::YRX_METADATA_TYPE_I64
+            metadata_ptr.get_int64(value_offset)
+          when Yara::FFI::YRX_METADATA_TYPE_F64
+            metadata_ptr.get_double(value_offset)
+          when Yara::FFI::YRX_METADATA_TYPE_BOOLEAN
+            metadata_ptr.get_uint8(value_offset) != 0
+          when Yara::FFI::YRX_METADATA_TYPE_STRING
+            str_ptr = metadata_ptr.get_pointer(value_offset)
+            str_ptr.null? ? nil : str_ptr.read_string
+          when Yara::FFI::YRX_METADATA_TYPE_BYTES
+            length = metadata_ptr.get_size_t(value_offset)
+            data_ptr = metadata_ptr.get_pointer(value_offset + 8)
+            (data_ptr.null? || length == 0) ? nil : data_ptr.read_bytes(length)
+          else
+            nil
+          end
+
+          metadata[identifier] = value unless value.nil?
+        rescue => e
+          # Skip problematic metadata entries to ensure partial extraction works
+        end
+      end
+
+      result = Yara::FFI.yrx_rule_iter_metadata(@rule_ptr, metadata_callback, nil)
+      if result != Yara::FFI::YRX_SUCCESS
+        raise "Failed to iterate rule metadata: #{Yara::FFI.yrx_last_error}"
+      end
+
+      metadata
+    end
+
+    # Internal: Extract tags from the rule using YARA-X API.
+    #
+    # Returns an Array of Strings containing the rule's tags.
+    def extract_tags
+      tags = []
+
+      tag_callback = proc do |tag_ptr, _user_data|
+        tags << tag_ptr.read_string unless tag_ptr.null?
+      end
+
+      result = Yara::FFI.yrx_rule_iter_tags(@rule_ptr, tag_callback, nil)
+      if result != Yara::FFI::YRX_SUCCESS
+        raise "Failed to iterate rule tags: #{Yara::FFI.yrx_last_error}"
+      end
+
+      tags
+    end
+  end
+end

data/lib/yara/scanner.rb

@@ -225,6 +225,9 @@ module Yara
     def scan(test_string)
       raise NotCompiledError, "Rules not compiled. Call compile() first." unless @scanner_pointer
 
+      # Handle nil input by treating it as empty string
+      test_string = "" if test_string.nil?
+
       results = ScanResults.new
 
       # Set up callback for matching rules
@@ -268,6 +271,55 @@ module Yara
       block_given? ? nil : results
     end
 
+    # Public: Iterate through all compiled rules without scanning.
+    #
+    # This method iterates through all rules in the compiled ruleset, yielding
+    # each as a Rule object. Unlike scan(), this does not require any data and
+    # provides access to rule metadata, tags, and other information for inspection.
+    #
+    # This is useful for:
+    # - Inspecting compiled rules without scanning
+    # - Extracting metadata from rule sets
+    # - Validating rule compilation
+    # - Building rule catalogs or indexes
+    #
+    # If no block is given, returns an Enumerator.
+    #
+    # Examples
+    #
+    #   # Iterate with a block
+    #   scanner.each_rule do |rule|
+    #     puts "Rule: #{rule.identifier}"
+    #     puts "Namespace: #{rule.namespace}"
+    #     puts "Tags: #{rule.tags.join(', ')}"
+    #     rule.metadata.each { |k, v| puts "  #{k}: #{v}" }
+    #   end
+    #
+    #   # Or use as an Enumerator
+    #   rules = scanner.each_rule.to_a
+    #
+    # Yields each Rule object.
+    # Returns nil when block given, Enumerator when no block given.
+    # Raises NotCompiledError if rules haven't been compiled yet.
+    def each_rule
+      raise NotCompiledError, "Rules must be compiled before iterating" unless @rules_pointer
+
+      return enum_for(:each_rule) unless block_given?
+
+      rule_callback = proc do |rule_ptr, _user_data|
+        rule = Rule.new(rule_ptr)
+        yield rule
+      end
+
+      result = Yara::FFI.yrx_rules_iter(@rules_pointer, rule_callback, nil)
+      if result != Yara::FFI::YRX_SUCCESS
+        error_msg = Yara::FFI.yrx_last_error
+        raise ScanError, "Failed to iterate rules: #{error_msg}"
+      end
+
+      nil
+    end
+
     # Public: Set a timeout for scanning operations on this scanner (milliseconds).
     #
     # This method configures the scanner to abort scans that take longer than

data/lib/yara/version.rb

@@ -5,5 +5,5 @@ module Yara
   #
   # This constant holds the current version of the Ruby gem, not the underlying
   # YARA-X library version. The gem version follows semantic versioning.
-  VERSION = "4.1.0"
+  VERSION = "4.2.0"
 end

data/lib/yara.rb

@@ -5,6 +5,7 @@ require "json"
 require "pry"
 require_relative "yara/ffi"
 require_relative "yara/pattern_match"
+require_relative "yara/rule"
 require_relative "yara/scan_result"
 require_relative "yara/scan_results"
 require_relative "yara/scanner"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: yara-ffi
 version: !ruby/object:Gem::Version
-  version: 4.1.0
+  version: 4.2.0
 platform: ruby
 authors:
 - Jonathan Hoyt
@@ -50,6 +50,7 @@ files:
 - lib/yara/compiler.rb
 - lib/yara/ffi.rb
 - lib/yara/pattern_match.rb
+- lib/yara/rule.rb
 - lib/yara/scan_result.rb
 - lib/yara/scan_results.rb
 - lib/yara/scanner.rb