yara 1.4.2 → 1.4.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.document +1 -0
- data/History.txt +5 -0
- data/Rakefile +6 -4
- data/VERSION +1 -1
- data/ext/yara_native/Match.c +28 -20
- data/ext/yara_native/Rules.c +30 -6
- data/lib/yara.rb +0 -8
- metadata +6 -3
data/.document
CHANGED
data/History.txt
CHANGED
data/Rakefile
CHANGED
|
@@ -22,18 +22,20 @@ Jeweler::Tasks.new do |gem|
|
|
|
22
22
|
gem.authors = ["Eric Monti"]
|
|
23
23
|
|
|
24
24
|
gem.extensions = FileList['ext/**/extconf.rb']
|
|
25
|
+
gem.extra_rdoc_files += Dir['ext/**/*.c']
|
|
25
26
|
|
|
26
|
-
# Include your dependencies below. Runtime dependencies are required when using your gem,
|
|
27
|
-
# and development dependencies are only needed for development (ie running rake tasks, tests, etc)
|
|
28
|
-
# gem.add_runtime_dependency 'jabber4r', '> 0.1'
|
|
29
|
-
# gem.add_development_dependency 'rspec', '> 1.2.3'
|
|
30
27
|
end
|
|
28
|
+
|
|
31
29
|
Jeweler::RubygemsDotOrgTasks.new
|
|
32
30
|
|
|
33
31
|
Rake::ExtensionTask.new("yara_native")
|
|
34
32
|
|
|
35
33
|
CLEAN.include("lib/*.bundle")
|
|
36
34
|
CLEAN.include("lib/*.so")
|
|
35
|
+
CLEAN.include("tmp/")
|
|
36
|
+
CLEAN.include("doc/")
|
|
37
|
+
CLEAN.include("rdoc/")
|
|
38
|
+
CLEAN.include("coverage/")
|
|
37
39
|
|
|
38
40
|
require 'rspec/core'
|
|
39
41
|
require 'rspec/core/rake_task'
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.4.
|
|
1
|
+
1.4.3
|
data/ext/yara_native/Match.c
CHANGED
|
@@ -76,22 +76,28 @@ typedef struct {
|
|
|
76
76
|
static VALUE
|
|
77
77
|
MatchString_NEW(int offset, char *ident, char *buf, size_t buflen) {
|
|
78
78
|
match_string *ms;
|
|
79
|
+
VALUE rb_ms = Qnil;
|
|
79
80
|
|
|
80
81
|
ms = (match_string *) malloc(sizeof(match_string));
|
|
81
82
|
|
|
82
83
|
if (! ms)
|
|
83
|
-
|
|
84
|
+
rb_sys_fail("Can't allocate MatchString");
|
|
84
85
|
|
|
85
|
-
|
|
86
|
-
ms->identifier = rb_obj_freeze(rb_str_new2(ident));
|
|
87
|
-
ms->buffer = rb_obj_freeze(rb_str_new(buf, buflen));
|
|
86
|
+
rb_ms = Data_Wrap_Struct(class_MatchString, 0, free, ms);
|
|
88
87
|
|
|
89
|
-
|
|
88
|
+
ms->offset = rb_iv_set(rb_ms, "@offset", INT2NUM(offset));
|
|
89
|
+
ms->identifier = rb_iv_set(rb_ms, "@identifier",
|
|
90
|
+
rb_obj_freeze(rb_str_new2(ident)));
|
|
91
|
+
ms->buffer = rb_iv_set(rb_ms, "@buffer",
|
|
92
|
+
rb_obj_freeze(rb_str_new(buf, buflen)));
|
|
93
|
+
|
|
94
|
+
return rb_obj_freeze(rb_ms);
|
|
90
95
|
}
|
|
91
96
|
|
|
92
97
|
int
|
|
93
98
|
Match_NEW_from_rule(RULE *rule, unsigned char *buffer, VALUE *match) {
|
|
94
99
|
match_info *mi;
|
|
100
|
+
VALUE rb_mi = Qnil;
|
|
95
101
|
|
|
96
102
|
TAG *tag;
|
|
97
103
|
STRING *string;
|
|
@@ -105,11 +111,13 @@ Match_NEW_from_rule(RULE *rule, unsigned char *buffer, VALUE *match) {
|
|
|
105
111
|
if (! mi )
|
|
106
112
|
return 1;
|
|
107
113
|
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
mi->
|
|
111
|
-
mi->
|
|
112
|
-
mi->
|
|
114
|
+
rb_mi = Data_Wrap_Struct(class_Match, 0, free, mi);
|
|
115
|
+
|
|
116
|
+
mi->rule = rb_iv_set(rb_mi, "@rule", rb_obj_freeze(rb_str_new2(rule->identifier)));
|
|
117
|
+
mi->namespace = rb_iv_set(rb_mi, "@namespace", rb_obj_freeze(rb_str_new2(rule->namespace->name)));
|
|
118
|
+
mi->tags = rb_iv_set(rb_mi, "@tags", rb_ary_new());
|
|
119
|
+
mi->strings = rb_iv_set(rb_mi, "@strings", rb_ary_new());
|
|
120
|
+
mi->meta = rb_iv_set(rb_mi, "@meta", rb_hash_new());
|
|
113
121
|
|
|
114
122
|
tag = rule->tag_list_head;
|
|
115
123
|
while (tag) {
|
|
@@ -158,7 +166,7 @@ Match_NEW_from_rule(RULE *rule, unsigned char *buffer, VALUE *match) {
|
|
|
158
166
|
}
|
|
159
167
|
rb_obj_freeze(mi->meta);
|
|
160
168
|
|
|
161
|
-
*(match) = rb_obj_freeze(
|
|
169
|
+
*(match) = rb_obj_freeze(rb_mi);
|
|
162
170
|
|
|
163
171
|
return 0;
|
|
164
172
|
}
|
|
@@ -169,7 +177,7 @@ Match_NEW_from_rule(RULE *rule, unsigned char *buffer, VALUE *match) {
|
|
|
169
177
|
* call-seq:
|
|
170
178
|
* match.rule() -> String
|
|
171
179
|
*
|
|
172
|
-
*
|
|
180
|
+
* @return String The rule identifier string for this match.
|
|
173
181
|
*/
|
|
174
182
|
static VALUE match_rule(VALUE self) {
|
|
175
183
|
match_info *mi;
|
|
@@ -183,7 +191,7 @@ static VALUE match_rule(VALUE self) {
|
|
|
183
191
|
* call-seq:
|
|
184
192
|
* match.namespace() -> String
|
|
185
193
|
*
|
|
186
|
-
*
|
|
194
|
+
* @return String The namespace for this match.
|
|
187
195
|
*/
|
|
188
196
|
static VALUE match_namespace(VALUE self) {
|
|
189
197
|
match_info *mi;
|
|
@@ -197,7 +205,7 @@ static VALUE match_namespace(VALUE self) {
|
|
|
197
205
|
* call-seq:
|
|
198
206
|
* match.tags() -> Array
|
|
199
207
|
*
|
|
200
|
-
*
|
|
208
|
+
* @return [String] An array of tags for this match.
|
|
201
209
|
*/
|
|
202
210
|
static VALUE match_tags(VALUE self) {
|
|
203
211
|
match_info *mi;
|
|
@@ -211,7 +219,7 @@ static VALUE match_tags(VALUE self) {
|
|
|
211
219
|
* call-seq:
|
|
212
220
|
* match.strings() -> Array
|
|
213
221
|
*
|
|
214
|
-
*
|
|
222
|
+
* @return [Yara::MatchString] An array of MatchString objects for this match.
|
|
215
223
|
*/
|
|
216
224
|
static VALUE match_strings(VALUE self) {
|
|
217
225
|
match_info *mi;
|
|
@@ -225,7 +233,7 @@ static VALUE match_strings(VALUE self) {
|
|
|
225
233
|
* call-seq:
|
|
226
234
|
* match.meta() -> Hash
|
|
227
235
|
*
|
|
228
|
-
*
|
|
236
|
+
* @return Hash Keyed values of metadata for the match object.
|
|
229
237
|
*/
|
|
230
238
|
static VALUE match_meta(VALUE self) {
|
|
231
239
|
match_info *mi;
|
|
@@ -239,7 +247,7 @@ static VALUE match_meta(VALUE self) {
|
|
|
239
247
|
* call-seq:
|
|
240
248
|
* matchstring.identifier() -> String
|
|
241
249
|
*
|
|
242
|
-
*
|
|
250
|
+
* @return String The identification label for the string.
|
|
243
251
|
*/
|
|
244
252
|
static VALUE matchstring_identifier(VALUE self) {
|
|
245
253
|
match_string *ms;
|
|
@@ -251,9 +259,9 @@ static VALUE matchstring_identifier(VALUE self) {
|
|
|
251
259
|
* Document-method: offset
|
|
252
260
|
*
|
|
253
261
|
* call-seq:
|
|
254
|
-
* matchstring.offset() ->
|
|
262
|
+
* matchstring.offset() -> Fixnum
|
|
255
263
|
*
|
|
256
|
-
*
|
|
264
|
+
* @return Fixnum The offset where the match occurred.
|
|
257
265
|
*/
|
|
258
266
|
static VALUE matchstring_offset(VALUE self) {
|
|
259
267
|
match_string *ms;
|
|
@@ -267,7 +275,7 @@ static VALUE matchstring_offset(VALUE self) {
|
|
|
267
275
|
* call-seq:
|
|
268
276
|
* matchstring.buffer() -> String
|
|
269
277
|
*
|
|
270
|
-
*
|
|
278
|
+
* @return String The data matched in the buffer.
|
|
271
279
|
*/
|
|
272
280
|
static VALUE matchstring_buffer(VALUE self) {
|
|
273
281
|
match_string *ms;
|
data/ext/yara_native/Rules.c
CHANGED
|
@@ -48,6 +48,10 @@ VALUE rules_allocate(VALUE klass) {
|
|
|
48
48
|
*
|
|
49
49
|
* To avoid namespace conflicts, you can use set_namespace
|
|
50
50
|
* before compiling rules.
|
|
51
|
+
*
|
|
52
|
+
* @param String filename The name of a yara rules file to compile.
|
|
53
|
+
*
|
|
54
|
+
* @raise Yara::CompileError An exception is raised if a compile error occurs.
|
|
51
55
|
*/
|
|
52
56
|
VALUE rules_compile_file(VALUE self, VALUE rb_fname) {
|
|
53
57
|
FILE * file;
|
|
@@ -87,6 +91,10 @@ VALUE rules_compile_file(VALUE self, VALUE rb_fname) {
|
|
|
87
91
|
*
|
|
88
92
|
* To avoid namespace conflicts, you can use set_namespace
|
|
89
93
|
* before compiling rules.
|
|
94
|
+
*
|
|
95
|
+
* @param String rules_string A string containing yara rules text.
|
|
96
|
+
*
|
|
97
|
+
* @raise Yara::CompileError An exception is raised if a compile error occurs.
|
|
90
98
|
*/
|
|
91
99
|
VALUE rules_compile_string(VALUE self, VALUE rb_rules) {
|
|
92
100
|
YARA_CONTEXT *ctx;
|
|
@@ -109,9 +117,10 @@ VALUE rules_compile_string(VALUE self, VALUE rb_rules) {
|
|
|
109
117
|
* Document-method: weight
|
|
110
118
|
*
|
|
111
119
|
* call-seq:
|
|
112
|
-
* rules.weight() ->
|
|
120
|
+
* rules.weight() -> Fixnum
|
|
113
121
|
*
|
|
114
|
-
*
|
|
122
|
+
* @return Fixnum
|
|
123
|
+
* returns a weight value for the compiled rules.
|
|
115
124
|
*/
|
|
116
125
|
|
|
117
126
|
VALUE rules_weight(VALUE self) {
|
|
@@ -126,7 +135,7 @@ VALUE rules_weight(VALUE self) {
|
|
|
126
135
|
* call-seq:
|
|
127
136
|
* rules.current_namespace() -> String
|
|
128
137
|
*
|
|
129
|
-
* Returns the name of the currently active namespace.
|
|
138
|
+
* @return String Returns the name of the currently active namespace.
|
|
130
139
|
*/
|
|
131
140
|
VALUE rules_current_namespace(VALUE self) {
|
|
132
141
|
YARA_CONTEXT *ctx;
|
|
@@ -143,7 +152,7 @@ VALUE rules_current_namespace(VALUE self) {
|
|
|
143
152
|
* call-seq:
|
|
144
153
|
* rules.namespaces() -> Array
|
|
145
154
|
*
|
|
146
|
-
* Returns the namespaces available in this rules context.
|
|
155
|
+
* @return [String] Returns the namespaces available in this rules context.
|
|
147
156
|
*/
|
|
148
157
|
VALUE rules_namespaces(VALUE self) {
|
|
149
158
|
YARA_CONTEXT *ctx;
|
|
@@ -182,6 +191,8 @@ NAMESPACE * find_namespace(YARA_CONTEXT *ctx, const char *name) {
|
|
|
182
191
|
*
|
|
183
192
|
* To avoid namespace conflicts, you can use set_namespace
|
|
184
193
|
* before compiling rules.
|
|
194
|
+
*
|
|
195
|
+
* @param String name The namespace to set.
|
|
185
196
|
*/
|
|
186
197
|
VALUE rules_set_namespace(VALUE self, VALUE rb_namespace) {
|
|
187
198
|
YARA_CONTEXT *ctx;
|
|
@@ -205,6 +216,7 @@ VALUE rules_set_namespace(VALUE self, VALUE rb_namespace) {
|
|
|
205
216
|
|
|
206
217
|
}
|
|
207
218
|
|
|
219
|
+
/* an internal callback function used with scan_file and scan_string */
|
|
208
220
|
static int
|
|
209
221
|
scan_callback(RULE *rule, unsigned char *buffer, unsigned int buffer_size, void *data) {
|
|
210
222
|
int match_ret;
|
|
@@ -224,10 +236,16 @@ scan_callback(RULE *rule, unsigned char *buffer, unsigned int buffer_size, void
|
|
|
224
236
|
* Document-method: scan_file
|
|
225
237
|
*
|
|
226
238
|
* call-seq:
|
|
227
|
-
* rules.scan_file(filename) ->
|
|
239
|
+
* rules.scan_file(filename) -> Array
|
|
228
240
|
*
|
|
229
241
|
* Scans a file using the compiled rules supplied
|
|
230
242
|
* with either compile_file or compile_string (or both).
|
|
243
|
+
*
|
|
244
|
+
* @param String filename The name of a file to scan with yara.
|
|
245
|
+
*
|
|
246
|
+
* @return [Yara::Match] An array of Yara::Match objects found in the file.
|
|
247
|
+
*
|
|
248
|
+
* @raise Yara::ScanError Raised if an error occurs while scanning the file.
|
|
231
249
|
*/
|
|
232
250
|
VALUE rules_scan_file(VALUE self, VALUE rb_fname) {
|
|
233
251
|
YARA_CONTEXT *ctx;
|
|
@@ -255,10 +273,16 @@ VALUE rules_scan_file(VALUE self, VALUE rb_fname) {
|
|
|
255
273
|
* Document-method: scan_file
|
|
256
274
|
*
|
|
257
275
|
* call-seq:
|
|
258
|
-
* rules.scan_string(
|
|
276
|
+
* rules.scan_string(buf) -> Array
|
|
259
277
|
*
|
|
260
278
|
* Scans a ruby string using the compiled rules supplied
|
|
261
279
|
* with either compile_file or compile_string (or both).
|
|
280
|
+
*
|
|
281
|
+
* @param String buf The string buffer to scan with yara.
|
|
282
|
+
*
|
|
283
|
+
* @return [Yara::Match] An array of Yara::Match objects found in the string.
|
|
284
|
+
*
|
|
285
|
+
* @raise Yara::ScanError Raised if an error occurs while scanning the string.
|
|
262
286
|
*/
|
|
263
287
|
VALUE rules_scan_string(VALUE self, VALUE rb_dat) {
|
|
264
288
|
YARA_CONTEXT *ctx;
|
data/lib/yara.rb
CHANGED
|
@@ -30,10 +30,6 @@ module Yara
|
|
|
30
30
|
:strings => self.strings }
|
|
31
31
|
end
|
|
32
32
|
|
|
33
|
-
def inspect
|
|
34
|
-
h=to_hash
|
|
35
|
-
h.inspect
|
|
36
|
-
end
|
|
37
33
|
end
|
|
38
34
|
|
|
39
35
|
class MatchString
|
|
@@ -52,10 +48,6 @@ module Yara
|
|
|
52
48
|
{ :offset => self.offset, :identifier => self.ident, :buffer => self.buffer}
|
|
53
49
|
end
|
|
54
50
|
|
|
55
|
-
def inspect
|
|
56
|
-
h=to_a
|
|
57
|
-
h.inspect
|
|
58
|
-
end
|
|
59
51
|
end
|
|
60
52
|
|
|
61
53
|
end
|
metadata
CHANGED
|
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
|
5
5
|
segments:
|
|
6
6
|
- 1
|
|
7
7
|
- 4
|
|
8
|
-
-
|
|
9
|
-
version: 1.4.
|
|
8
|
+
- 3
|
|
9
|
+
version: 1.4.3
|
|
10
10
|
platform: ruby
|
|
11
11
|
authors:
|
|
12
12
|
- Eric Monti
|
|
@@ -14,7 +14,7 @@ autorequire:
|
|
|
14
14
|
bindir: bin
|
|
15
15
|
cert_chain: []
|
|
16
16
|
|
|
17
|
-
date: 2011-02-
|
|
17
|
+
date: 2011-02-21 00:00:00 -06:00
|
|
18
18
|
default_executable:
|
|
19
19
|
dependencies:
|
|
20
20
|
- !ruby/object:Gem::Dependency
|
|
@@ -106,6 +106,9 @@ extensions:
|
|
|
106
106
|
extra_rdoc_files:
|
|
107
107
|
- LICENSE.txt
|
|
108
108
|
- README.rdoc
|
|
109
|
+
- ext/yara_native/Match.c
|
|
110
|
+
- ext/yara_native/Rules.c
|
|
111
|
+
- ext/yara_native/Yara_native.c
|
|
109
112
|
files:
|
|
110
113
|
- .document
|
|
111
114
|
- .rspec
|