yara 1.4.2 → 1.4.3
Sign up to get free protection for your applications and to get access to all the features.
- data/.document +1 -0
- data/History.txt +5 -0
- data/Rakefile +6 -4
- data/VERSION +1 -1
- data/ext/yara_native/Match.c +28 -20
- data/ext/yara_native/Rules.c +30 -6
- data/lib/yara.rb +0 -8
- metadata +6 -3
data/.document
CHANGED
data/History.txt
CHANGED
data/Rakefile
CHANGED
|
@@ -22,18 +22,20 @@ Jeweler::Tasks.new do |gem|
|
|
|
22
22
|
gem.authors = ["Eric Monti"]
|
|
23
23
|
|
|
24
24
|
gem.extensions = FileList['ext/**/extconf.rb']
|
|
25
|
+
gem.extra_rdoc_files += Dir['ext/**/*.c']
|
|
25
26
|
|
|
26
|
-
# Include your dependencies below. Runtime dependencies are required when using your gem,
|
|
27
|
-
# and development dependencies are only needed for development (ie running rake tasks, tests, etc)
|
|
28
|
-
# gem.add_runtime_dependency 'jabber4r', '> 0.1'
|
|
29
|
-
# gem.add_development_dependency 'rspec', '> 1.2.3'
|
|
30
27
|
end
|
|
28
|
+
|
|
31
29
|
Jeweler::RubygemsDotOrgTasks.new
|
|
32
30
|
|
|
33
31
|
Rake::ExtensionTask.new("yara_native")
|
|
34
32
|
|
|
35
33
|
CLEAN.include("lib/*.bundle")
|
|
36
34
|
CLEAN.include("lib/*.so")
|
|
35
|
+
CLEAN.include("tmp/")
|
|
36
|
+
CLEAN.include("doc/")
|
|
37
|
+
CLEAN.include("rdoc/")
|
|
38
|
+
CLEAN.include("coverage/")
|
|
37
39
|
|
|
38
40
|
require 'rspec/core'
|
|
39
41
|
require 'rspec/core/rake_task'
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.4.
|
|
1
|
+
1.4.3
|
data/ext/yara_native/Match.c
CHANGED
|
@@ -76,22 +76,28 @@ typedef struct {
|
|
|
76
76
|
static VALUE
|
|
77
77
|
MatchString_NEW(int offset, char *ident, char *buf, size_t buflen) {
|
|
78
78
|
match_string *ms;
|
|
79
|
+
VALUE rb_ms = Qnil;
|
|
79
80
|
|
|
80
81
|
ms = (match_string *) malloc(sizeof(match_string));
|
|
81
82
|
|
|
82
83
|
if (! ms)
|
|
83
|
-
|
|
84
|
+
rb_sys_fail("Can't allocate MatchString");
|
|
84
85
|
|
|
85
|
-
|
|
86
|
-
ms->identifier = rb_obj_freeze(rb_str_new2(ident));
|
|
87
|
-
ms->buffer = rb_obj_freeze(rb_str_new(buf, buflen));
|
|
86
|
+
rb_ms = Data_Wrap_Struct(class_MatchString, 0, free, ms);
|
|
88
87
|
|
|
89
|
-
|
|
88
|
+
ms->offset = rb_iv_set(rb_ms, "@offset", INT2NUM(offset));
|
|
89
|
+
ms->identifier = rb_iv_set(rb_ms, "@identifier",
|
|
90
|
+
rb_obj_freeze(rb_str_new2(ident)));
|
|
91
|
+
ms->buffer = rb_iv_set(rb_ms, "@buffer",
|
|
92
|
+
rb_obj_freeze(rb_str_new(buf, buflen)));
|
|
93
|
+
|
|
94
|
+
return rb_obj_freeze(rb_ms);
|
|
90
95
|
}
|
|
91
96
|
|
|
92
97
|
int
|
|
93
98
|
Match_NEW_from_rule(RULE *rule, unsigned char *buffer, VALUE *match) {
|
|
94
99
|
match_info *mi;
|
|
100
|
+
VALUE rb_mi = Qnil;
|
|
95
101
|
|
|
96
102
|
TAG *tag;
|
|
97
103
|
STRING *string;
|
|
@@ -105,11 +111,13 @@ Match_NEW_from_rule(RULE *rule, unsigned char *buffer, VALUE *match) {
|
|
|
105
111
|
if (! mi )
|
|
106
112
|
return 1;
|
|
107
113
|
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
mi->
|
|
111
|
-
mi->
|
|
112
|
-
mi->
|
|
114
|
+
rb_mi = Data_Wrap_Struct(class_Match, 0, free, mi);
|
|
115
|
+
|
|
116
|
+
mi->rule = rb_iv_set(rb_mi, "@rule", rb_obj_freeze(rb_str_new2(rule->identifier)));
|
|
117
|
+
mi->namespace = rb_iv_set(rb_mi, "@namespace", rb_obj_freeze(rb_str_new2(rule->namespace->name)));
|
|
118
|
+
mi->tags = rb_iv_set(rb_mi, "@tags", rb_ary_new());
|
|
119
|
+
mi->strings = rb_iv_set(rb_mi, "@strings", rb_ary_new());
|
|
120
|
+
mi->meta = rb_iv_set(rb_mi, "@meta", rb_hash_new());
|
|
113
121
|
|
|
114
122
|
tag = rule->tag_list_head;
|
|
115
123
|
while (tag) {
|
|
@@ -158,7 +166,7 @@ Match_NEW_from_rule(RULE *rule, unsigned char *buffer, VALUE *match) {
|
|
|
158
166
|
}
|
|
159
167
|
rb_obj_freeze(mi->meta);
|
|
160
168
|
|
|
161
|
-
*(match) = rb_obj_freeze(
|
|
169
|
+
*(match) = rb_obj_freeze(rb_mi);
|
|
162
170
|
|
|
163
171
|
return 0;
|
|
164
172
|
}
|
|
@@ -169,7 +177,7 @@ Match_NEW_from_rule(RULE *rule, unsigned char *buffer, VALUE *match) {
|
|
|
169
177
|
* call-seq:
|
|
170
178
|
* match.rule() -> String
|
|
171
179
|
*
|
|
172
|
-
*
|
|
180
|
+
* @return String The rule identifier string for this match.
|
|
173
181
|
*/
|
|
174
182
|
static VALUE match_rule(VALUE self) {
|
|
175
183
|
match_info *mi;
|
|
@@ -183,7 +191,7 @@ static VALUE match_rule(VALUE self) {
|
|
|
183
191
|
* call-seq:
|
|
184
192
|
* match.namespace() -> String
|
|
185
193
|
*
|
|
186
|
-
*
|
|
194
|
+
* @return String The namespace for this match.
|
|
187
195
|
*/
|
|
188
196
|
static VALUE match_namespace(VALUE self) {
|
|
189
197
|
match_info *mi;
|
|
@@ -197,7 +205,7 @@ static VALUE match_namespace(VALUE self) {
|
|
|
197
205
|
* call-seq:
|
|
198
206
|
* match.tags() -> Array
|
|
199
207
|
*
|
|
200
|
-
*
|
|
208
|
+
* @return [String] An array of tags for this match.
|
|
201
209
|
*/
|
|
202
210
|
static VALUE match_tags(VALUE self) {
|
|
203
211
|
match_info *mi;
|
|
@@ -211,7 +219,7 @@ static VALUE match_tags(VALUE self) {
|
|
|
211
219
|
* call-seq:
|
|
212
220
|
* match.strings() -> Array
|
|
213
221
|
*
|
|
214
|
-
*
|
|
222
|
+
* @return [Yara::MatchString] An array of MatchString objects for this match.
|
|
215
223
|
*/
|
|
216
224
|
static VALUE match_strings(VALUE self) {
|
|
217
225
|
match_info *mi;
|
|
@@ -225,7 +233,7 @@ static VALUE match_strings(VALUE self) {
|
|
|
225
233
|
* call-seq:
|
|
226
234
|
* match.meta() -> Hash
|
|
227
235
|
*
|
|
228
|
-
*
|
|
236
|
+
* @return Hash Keyed values of metadata for the match object.
|
|
229
237
|
*/
|
|
230
238
|
static VALUE match_meta(VALUE self) {
|
|
231
239
|
match_info *mi;
|
|
@@ -239,7 +247,7 @@ static VALUE match_meta(VALUE self) {
|
|
|
239
247
|
* call-seq:
|
|
240
248
|
* matchstring.identifier() -> String
|
|
241
249
|
*
|
|
242
|
-
*
|
|
250
|
+
* @return String The identification label for the string.
|
|
243
251
|
*/
|
|
244
252
|
static VALUE matchstring_identifier(VALUE self) {
|
|
245
253
|
match_string *ms;
|
|
@@ -251,9 +259,9 @@ static VALUE matchstring_identifier(VALUE self) {
|
|
|
251
259
|
* Document-method: offset
|
|
252
260
|
*
|
|
253
261
|
* call-seq:
|
|
254
|
-
* matchstring.offset() ->
|
|
262
|
+
* matchstring.offset() -> Fixnum
|
|
255
263
|
*
|
|
256
|
-
*
|
|
264
|
+
* @return Fixnum The offset where the match occurred.
|
|
257
265
|
*/
|
|
258
266
|
static VALUE matchstring_offset(VALUE self) {
|
|
259
267
|
match_string *ms;
|
|
@@ -267,7 +275,7 @@ static VALUE matchstring_offset(VALUE self) {
|
|
|
267
275
|
* call-seq:
|
|
268
276
|
* matchstring.buffer() -> String
|
|
269
277
|
*
|
|
270
|
-
*
|
|
278
|
+
* @return String The data matched in the buffer.
|
|
271
279
|
*/
|
|
272
280
|
static VALUE matchstring_buffer(VALUE self) {
|
|
273
281
|
match_string *ms;
|
data/ext/yara_native/Rules.c
CHANGED
|
@@ -48,6 +48,10 @@ VALUE rules_allocate(VALUE klass) {
|
|
|
48
48
|
*
|
|
49
49
|
* To avoid namespace conflicts, you can use set_namespace
|
|
50
50
|
* before compiling rules.
|
|
51
|
+
*
|
|
52
|
+
* @param String filename The name of a yara rules file to compile.
|
|
53
|
+
*
|
|
54
|
+
* @raise Yara::CompileError An exception is raised if a compile error occurs.
|
|
51
55
|
*/
|
|
52
56
|
VALUE rules_compile_file(VALUE self, VALUE rb_fname) {
|
|
53
57
|
FILE * file;
|
|
@@ -87,6 +91,10 @@ VALUE rules_compile_file(VALUE self, VALUE rb_fname) {
|
|
|
87
91
|
*
|
|
88
92
|
* To avoid namespace conflicts, you can use set_namespace
|
|
89
93
|
* before compiling rules.
|
|
94
|
+
*
|
|
95
|
+
* @param String rules_string A string containing yara rules text.
|
|
96
|
+
*
|
|
97
|
+
* @raise Yara::CompileError An exception is raised if a compile error occurs.
|
|
90
98
|
*/
|
|
91
99
|
VALUE rules_compile_string(VALUE self, VALUE rb_rules) {
|
|
92
100
|
YARA_CONTEXT *ctx;
|
|
@@ -109,9 +117,10 @@ VALUE rules_compile_string(VALUE self, VALUE rb_rules) {
|
|
|
109
117
|
* Document-method: weight
|
|
110
118
|
*
|
|
111
119
|
* call-seq:
|
|
112
|
-
* rules.weight() ->
|
|
120
|
+
* rules.weight() -> Fixnum
|
|
113
121
|
*
|
|
114
|
-
*
|
|
122
|
+
* @return Fixnum
|
|
123
|
+
* returns a weight value for the compiled rules.
|
|
115
124
|
*/
|
|
116
125
|
|
|
117
126
|
VALUE rules_weight(VALUE self) {
|
|
@@ -126,7 +135,7 @@ VALUE rules_weight(VALUE self) {
|
|
|
126
135
|
* call-seq:
|
|
127
136
|
* rules.current_namespace() -> String
|
|
128
137
|
*
|
|
129
|
-
* Returns the name of the currently active namespace.
|
|
138
|
+
* @return String Returns the name of the currently active namespace.
|
|
130
139
|
*/
|
|
131
140
|
VALUE rules_current_namespace(VALUE self) {
|
|
132
141
|
YARA_CONTEXT *ctx;
|
|
@@ -143,7 +152,7 @@ VALUE rules_current_namespace(VALUE self) {
|
|
|
143
152
|
* call-seq:
|
|
144
153
|
* rules.namespaces() -> Array
|
|
145
154
|
*
|
|
146
|
-
* Returns the namespaces available in this rules context.
|
|
155
|
+
* @return [String] Returns the namespaces available in this rules context.
|
|
147
156
|
*/
|
|
148
157
|
VALUE rules_namespaces(VALUE self) {
|
|
149
158
|
YARA_CONTEXT *ctx;
|
|
@@ -182,6 +191,8 @@ NAMESPACE * find_namespace(YARA_CONTEXT *ctx, const char *name) {
|
|
|
182
191
|
*
|
|
183
192
|
* To avoid namespace conflicts, you can use set_namespace
|
|
184
193
|
* before compiling rules.
|
|
194
|
+
*
|
|
195
|
+
* @param String name The namespace to set.
|
|
185
196
|
*/
|
|
186
197
|
VALUE rules_set_namespace(VALUE self, VALUE rb_namespace) {
|
|
187
198
|
YARA_CONTEXT *ctx;
|
|
@@ -205,6 +216,7 @@ VALUE rules_set_namespace(VALUE self, VALUE rb_namespace) {
|
|
|
205
216
|
|
|
206
217
|
}
|
|
207
218
|
|
|
219
|
+
/* an internal callback function used with scan_file and scan_string */
|
|
208
220
|
static int
|
|
209
221
|
scan_callback(RULE *rule, unsigned char *buffer, unsigned int buffer_size, void *data) {
|
|
210
222
|
int match_ret;
|
|
@@ -224,10 +236,16 @@ scan_callback(RULE *rule, unsigned char *buffer, unsigned int buffer_size, void
|
|
|
224
236
|
* Document-method: scan_file
|
|
225
237
|
*
|
|
226
238
|
* call-seq:
|
|
227
|
-
* rules.scan_file(filename) ->
|
|
239
|
+
* rules.scan_file(filename) -> Array
|
|
228
240
|
*
|
|
229
241
|
* Scans a file using the compiled rules supplied
|
|
230
242
|
* with either compile_file or compile_string (or both).
|
|
243
|
+
*
|
|
244
|
+
* @param String filename The name of a file to scan with yara.
|
|
245
|
+
*
|
|
246
|
+
* @return [Yara::Match] An array of Yara::Match objects found in the file.
|
|
247
|
+
*
|
|
248
|
+
* @raise Yara::ScanError Raised if an error occurs while scanning the file.
|
|
231
249
|
*/
|
|
232
250
|
VALUE rules_scan_file(VALUE self, VALUE rb_fname) {
|
|
233
251
|
YARA_CONTEXT *ctx;
|
|
@@ -255,10 +273,16 @@ VALUE rules_scan_file(VALUE self, VALUE rb_fname) {
|
|
|
255
273
|
* Document-method: scan_file
|
|
256
274
|
*
|
|
257
275
|
* call-seq:
|
|
258
|
-
* rules.scan_string(
|
|
276
|
+
* rules.scan_string(buf) -> Array
|
|
259
277
|
*
|
|
260
278
|
* Scans a ruby string using the compiled rules supplied
|
|
261
279
|
* with either compile_file or compile_string (or both).
|
|
280
|
+
*
|
|
281
|
+
* @param String buf The string buffer to scan with yara.
|
|
282
|
+
*
|
|
283
|
+
* @return [Yara::Match] An array of Yara::Match objects found in the string.
|
|
284
|
+
*
|
|
285
|
+
* @raise Yara::ScanError Raised if an error occurs while scanning the string.
|
|
262
286
|
*/
|
|
263
287
|
VALUE rules_scan_string(VALUE self, VALUE rb_dat) {
|
|
264
288
|
YARA_CONTEXT *ctx;
|
data/lib/yara.rb
CHANGED
|
@@ -30,10 +30,6 @@ module Yara
|
|
|
30
30
|
:strings => self.strings }
|
|
31
31
|
end
|
|
32
32
|
|
|
33
|
-
def inspect
|
|
34
|
-
h=to_hash
|
|
35
|
-
h.inspect
|
|
36
|
-
end
|
|
37
33
|
end
|
|
38
34
|
|
|
39
35
|
class MatchString
|
|
@@ -52,10 +48,6 @@ module Yara
|
|
|
52
48
|
{ :offset => self.offset, :identifier => self.ident, :buffer => self.buffer}
|
|
53
49
|
end
|
|
54
50
|
|
|
55
|
-
def inspect
|
|
56
|
-
h=to_a
|
|
57
|
-
h.inspect
|
|
58
|
-
end
|
|
59
51
|
end
|
|
60
52
|
|
|
61
53
|
end
|
metadata
CHANGED
|
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
|
5
5
|
segments:
|
|
6
6
|
- 1
|
|
7
7
|
- 4
|
|
8
|
-
-
|
|
9
|
-
version: 1.4.
|
|
8
|
+
- 3
|
|
9
|
+
version: 1.4.3
|
|
10
10
|
platform: ruby
|
|
11
11
|
authors:
|
|
12
12
|
- Eric Monti
|
|
@@ -14,7 +14,7 @@ autorequire:
|
|
|
14
14
|
bindir: bin
|
|
15
15
|
cert_chain: []
|
|
16
16
|
|
|
17
|
-
date: 2011-02-
|
|
17
|
+
date: 2011-02-21 00:00:00 -06:00
|
|
18
18
|
default_executable:
|
|
19
19
|
dependencies:
|
|
20
20
|
- !ruby/object:Gem::Dependency
|
|
@@ -106,6 +106,9 @@ extensions:
|
|
|
106
106
|
extra_rdoc_files:
|
|
107
107
|
- LICENSE.txt
|
|
108
108
|
- README.rdoc
|
|
109
|
+
- ext/yara_native/Match.c
|
|
110
|
+
- ext/yara_native/Rules.c
|
|
111
|
+
- ext/yara_native/Yara_native.c
|
|
109
112
|
files:
|
|
110
113
|
- .document
|
|
111
114
|
- .rspec
|