yara-x 1.1.0__cp38-abi3-manylinux_2_28_aarch64.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of yara-x might be problematic. Click here for more details.

Files changed (7) hide show
  1. yara_x/__init__.py +5 -0
  2. yara_x/__init__.pyi +309 -0
  3. yara_x/py.typed +0 -0
  4. yara_x/yara_x.abi3.so +0 -0
  5. yara_x-1.1.0.dist-info/METADATA +47 -0
  6. yara_x-1.1.0.dist-info/RECORD +7 -0
  7. yara_x-1.1.0.dist-info/WHEEL +5 -0
yara_x/__init__.py ADDED
@@ -0,0 +1,5 @@
1
+ from .yara_x import *
2
+
3
+ __doc__ = yara_x.__doc__
4
+ if hasattr(yara_x, "__all__"):
5
+ __all__ = yara_x.__all__
yara_x/__init__.pyi ADDED
@@ -0,0 +1,309 @@
1
+ import typing
2
+
3
+ class Compiler:
4
+ r"""
5
+ Compiles YARA source code producing a set of compiled [`Rules`].
6
+ """
7
+ def new(self, relaxed_re_syntax: bool, error_on_slow_pattern: bool) -> Compiler:
8
+ r"""
9
+ Creates a new [`Compiler`].
10
+
11
+ The `relaxed_re_syntax` argument controls whether the compiler should
12
+ adopt a more relaxed syntax check for regular expressions, allowing
13
+ constructs that YARA-X doesn't accept by default.
14
+
15
+ YARA-X enforces stricter regular expression syntax compared to YARA.
16
+ For instance, YARA accepts invalid escape sequences and treats them
17
+ as literal characters (e.g., \R is interpreted as a literal 'R'). It
18
+ also allows some special characters to appear unescaped, inferring
19
+ their meaning from the context (e.g., `{` and `}` in `/foo{}bar/` are
20
+ literal, but in `/foo{0,1}bar/` they form the repetition operator
21
+ `{0,1}`).
22
+
23
+ The `error_on_slow_pattern` argument tells the compiler to treat slow
24
+ patterns as errors, instead of warnings.
25
+ """
26
+ ...
27
+
28
+ def add_source(self, src: str, origin: typing.Optional[str]) -> None:
29
+ r"""
30
+ Adds a YARA source code to be compiled.
31
+
32
+ This function may be invoked multiple times to add several sets of YARA
33
+ rules before calling [`Compiler::build`]. If the rules provided in
34
+ `src` contain errors that prevent compilation, the function will raise
35
+ an exception with the first error encountered. Additionally, the
36
+ compiler will store this error, along with any others discovered during
37
+ compilation, which can be accessed using [`Compiler::errors`].
38
+
39
+ Even if a previous invocation resulted in a compilation error, you can
40
+ continue calling this function. In such cases, any rules that failed to
41
+ compile will not be included in the final compiled set.
42
+
43
+ The optional parameter `origin` allows to specify the origin of the
44
+ source code. This usually receives the path of the file from where the
45
+ code was read, but it can be any arbitrary string that conveys information
46
+ about the source code's origin.
47
+ """
48
+ ...
49
+
50
+ def define_global(self, ident: str, value: typing.Any) -> None:
51
+ r"""
52
+ Defines a global variable and sets its initial value.
53
+
54
+ Global variables must be defined before calling [`Compiler::add_source`]
55
+ with some YARA rule that uses the variable. The variable will retain its
56
+ initial value when the [`Rules`] are used for scanning data, however
57
+ each scanner can change the variable's value by calling
58
+ [`crate::Scanner::set_global`].
59
+
60
+ The type of `value` must be: bool, str, bytes, int or float.
61
+
62
+ # Raises
63
+
64
+ [TypeError](https://docs.python.org/3/library/exceptions.html#TypeError)
65
+ if the type of `value` is not one of the supported ones.
66
+ """
67
+ ...
68
+
69
+ def new_namespace(self, namespace: str) -> None:
70
+ r"""
71
+ Creates a new namespace.
72
+
73
+ Further calls to [`Compiler::add_source`] will put the rules under the
74
+ newly created namespace.
75
+ """
76
+ ...
77
+
78
+ def ignore_module(self, module: str) -> None:
79
+ r"""
80
+ Tell the compiler that a YARA module is not supported.
81
+
82
+ Import statements for unsupported modules will be ignored without
83
+ errors, but a warning will be issued. Any rule that make use of an
84
+ ignored module will be ignored, while the rest of rules that
85
+ don't rely on that module will be correctly compiled.
86
+ """
87
+ ...
88
+
89
+ def build(self) -> Rules:
90
+ r"""
91
+ Builds the source code previously added to the compiler.
92
+
93
+ This function returns an instance of [`Rules`] containing all the rules
94
+ previously added with [`Compiler::add_source`] and sets the compiler
95
+ to its initial empty state.
96
+ """
97
+ ...
98
+
99
+ def errors(self) -> typing.Any:
100
+ r"""
101
+ Retrieves all errors generated by the compiler.
102
+
103
+ This method returns every error encountered during the compilation,
104
+ across all invocations of [`Compiler::add_source`].
105
+ """
106
+ ...
107
+
108
+ def warnings(self) -> typing.Any:
109
+ r"""
110
+ Retrieves all warnings generated by the compiler.
111
+
112
+ This method returns every warning encountered during the compilation,
113
+ across all invocations of [`Compiler::add_source`].
114
+ """
115
+ ...
116
+
117
+ def rule_name_regexp(self, regexp: str) -> None:
118
+ r"""
119
+ Tell the compiler that any rule must match this regular expression or it
120
+ will result in a compiler warning.
121
+
122
+ # Raises
123
+
124
+ [ValueError](https://docs.python.org/3/library/exceptions.html#ValueError)
125
+ if the regular expression is invalid.
126
+ """
127
+ ...
128
+
129
+ def required_metadata(self, regexp: typing.Dict[str, str]) -> None:
130
+ r"""
131
+ Specify required metadata identifiers and types for the values in each
132
+ rule. Any rule which does not meet these requirements will result in a
133
+ compiler warning.
134
+
135
+ The key in your dictionary corresponds to the metadata identifier and
136
+ the value in your dictionary corresponds to the required type for that
137
+ metadata in the rule.
138
+
139
+ Acceptable values are documented in [the config file](https://virustotal.github.io/yara-x/docs/cli/config-file/).
140
+ """
141
+ ...
142
+
143
+ class Formatter:
144
+ r"""
145
+ Formats YARA rules.
146
+ """
147
+ def new(
148
+ self,
149
+ align_metadata: bool,
150
+ align_patterns: bool,
151
+ indent_section_headers: bool,
152
+ indent_section_contents: bool,
153
+ indent_spaces: int,
154
+ newline_before_curly_brace: bool,
155
+ empty_line_before_section_header: bool,
156
+ empty_line_after_section_header: bool,
157
+ ) -> Formatter:
158
+ r"""
159
+ Creates a new [`Formatter`].
160
+
161
+ `align_metadata` allows for aligning the equals signs in metadata definitions.
162
+ `align_patterns` allows for aligning the equals signs in pattern definitions.
163
+ `indent_section_headers` allows for indenting section headers.
164
+ `indent_section_contents` allows for indenting section contents.
165
+ `indent_spaces` is the number of spaces to use for indentation.
166
+ `newline_before_curly_brace` controls whether a newline is inserted before a curly brace.
167
+ `empty_line_before_section_header` controls whether an empty line is inserted before a section header.
168
+ `empty_line_after_section_header` controls whether an empty line is inserted after a section header.
169
+ """
170
+ ...
171
+
172
+ def format(self, input: typing.Any, output: typing.Any) -> str:
173
+ r"""
174
+ Format a YARA rule
175
+ """
176
+ ...
177
+
178
+ class Match:
179
+ r"""
180
+ Represents a match found for a pattern.
181
+ """
182
+ def offset(self) -> int:
183
+ r"""
184
+ Offset where the match occurred.
185
+ """
186
+ ...
187
+
188
+ def length(self) -> int:
189
+ r"""
190
+ Length of the match in bytes.
191
+ """
192
+ ...
193
+
194
+ def xor_key(self) -> typing.Optional[int]:
195
+ r"""
196
+ XOR key used for decrypting the data if the pattern had the xor
197
+ modifier, or None if otherwise.
198
+ """
199
+ ...
200
+
201
+ class Pattern:
202
+ r"""
203
+ Represents a pattern in a YARA rule.
204
+ """
205
+ def identifier(self) -> str:
206
+ r"""
207
+ Pattern identifier (e.g: '$a', '$foo').
208
+ """
209
+ ...
210
+
211
+ def matches(self) -> tuple:
212
+ r"""
213
+ Matches found for this pattern.
214
+ """
215
+ ...
216
+
217
+ class Rule:
218
+ r"""
219
+ Represents a rule that matched while scanning some data.
220
+ """
221
+ def identifier(self) -> str:
222
+ r"""
223
+ Returns the rule's name.
224
+ """
225
+ ...
226
+
227
+ def namespace(self) -> str:
228
+ r"""
229
+ Returns the rule's namespace.
230
+ """
231
+ ...
232
+
233
+ def tags(self) -> tuple:
234
+ r"""
235
+ Returns the rule's tags.
236
+ """
237
+ ...
238
+
239
+ def metadata(self) -> tuple:
240
+ r"""
241
+ A tuple of pairs `(identifier, value)` with the metadata associated to
242
+ the rule.
243
+ """
244
+ ...
245
+
246
+ def patterns(self) -> tuple:
247
+ r"""
248
+ Patterns defined by the rule.
249
+ """
250
+ ...
251
+
252
+ class Rules:
253
+ r"""
254
+ A set of YARA rules in compiled form.
255
+
256
+ This is the result of [`Compiler::build`].
257
+ """
258
+ def scan(self, data: bytes) -> ScanResults:
259
+ r"""
260
+ Scans in-memory data with these rules.
261
+ """
262
+ ...
263
+
264
+ def serialize_into(self, file: typing.Any) -> None:
265
+ r"""
266
+ Serializes the rules into a file-like object.
267
+ """
268
+ ...
269
+
270
+ @staticmethod
271
+ def deserialize_from(self, file: typing.Any) -> Rules:
272
+ r"""
273
+ Deserializes rules from a file-like object.
274
+ """
275
+ ...
276
+
277
+ class ScanResults:
278
+ r"""
279
+ Results produced by a scan operation.
280
+ """
281
+ def matching_rules(self) -> tuple:
282
+ r"""
283
+ Rules that matched during the scan.
284
+ """
285
+ ...
286
+
287
+ def module_outputs(self) -> dict:
288
+ r"""
289
+ Module output from the scan.
290
+ """
291
+ ...
292
+
293
+ def compile(src: str) -> Rules:
294
+ r"""
295
+ Compiles a YARA source code producing a set of compiled [`Rules`].
296
+
297
+ This function allows compiling simple rules that don't depend on external
298
+ variables. For more complex use cases you will need to use a [`Compiler`].
299
+ """
300
+ ...
301
+
302
+ class Module:
303
+ r"""A YARA-X module."""
304
+ def new(self, name: str) -> Module:
305
+ ...
306
+
307
+ def invoke(data: str) -> dict:
308
+ r"""Parse the data and collect module metadata."""
309
+ ...
yara_x/py.typed ADDED
File without changes
yara_x/yara_x.abi3.so ADDED
Binary file
yara_x-1.1.0.dist-info/METADATA ADDED
@@ -0,0 +1,47 @@
1
+ Metadata-Version: 2.4
2
+ Name: yara-x
3
+ Version: 1.1.0
4
+ Classifier: Programming Language :: Rust
5
+ Classifier: Programming Language :: Python :: Implementation :: CPython
6
+ Classifier: Programming Language :: Python :: Implementation :: PyPy
7
+ Classifier: License :: OSI Approved :: BSD License
8
+ Summary: Python bindings for YARA-X
9
+ Keywords: pattern-matching,cybersecurity,forensics,malware,yara
10
+ Home-Page: https://virustotal.github.io/yara-x
11
+ License: BSD-3-Clause
12
+ Requires-Python: >=3.9
13
+ Description-Content-Type: text/markdown; charset=UTF-8; variant=GFM
14
+ Project-URL: homepage, https://virustotal.github.io/yara-x
15
+ Project-URL: repository, https://github.com/VirusTotal/yara-x.git
16
+
17
+ ![PyPI - Version](https://img.shields.io/pypi/v/yara-x)
18
+ ![PyPI - License](https://img.shields.io/pypi/l/yara-x)
19
+ [![Documentation](https://img.shields.io/badge/doc-latest-blue.svg)](https://virustotal.github.io/yara-x/docs/api/python)
20
+ [![Downloads](https://pepy.tech/badge/yara-x)](https://pepy.tech/project/yara-x)
21
+ [![Downloads per week](https://pepy.tech/badge/yara-x/week)](https://pepy.tech/project/yara-x)
22
+ ![GitHub Repo stars](https://img.shields.io/github/stars/VirusTotal/yara-x)
23
+
24
+ The official Python library for [YARA-X](https://virustotal.github.io/yara-x).
25
+ Supports Python 3.9+ in Linux, MacOS and Windows.
26
+
27
+ ```python
28
+ import yara_x
29
+
30
+ rules = yara_x.compile('''
31
+ rule test {
32
+ strings:
33
+ $a = "foobar"
34
+ condition:
35
+ $a
36
+ }''')
37
+
38
+ results = rules.scan(b"foobar")
39
+
40
+ assert results.matching_rules[0].identifier == "test"
41
+ assert results.matching_rules[0].patterns[0].identifier == "$a"
42
+ assert results.matching_rules[0].patterns[0].matches[0].offset == 0
43
+ assert results.matching_rules[0].patterns[0].matches[0].length == 6
44
+ ```
45
+
46
+ For more information about how to use this library, please check
47
+ the [documentation](https://virustotal.github.io/yara-x/docs/api/python).
yara_x-1.1.0.dist-info/RECORD ADDED
@@ -0,0 +1,7 @@
1
+ yara_x/__init__.py,sha256=nMyCIYe2XAcE0xoh-kWfMlEZjVx9_cnT6O6Iaxh9JoM,107
2
+ yara_x/__init__.pyi,sha256=XHHI2JILfrN55nB7Mf2ySKBF2vLGrp6LijAkCQESekc,9621
3
+ yara_x/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
4
+ yara_x/yara_x.abi3.so,sha256=cAo-6CW5whE3OFXQgQhsS1F8HNh1pywQSeujzuSMr40,27612424
5
+ yara_x-1.1.0.dist-info/METADATA,sha256=IHBADkwrFgLtcVbVIFrvP186FYgUs7OIaoGlGFcHYcI,1853
6
+ yara_x-1.1.0.dist-info/WHEEL,sha256=zqUn6NGNCGU3wup4QkVoC4bAfbNkNK50WWolCJpEBJU,108
7
+ yara_x-1.1.0.dist-info/RECORD,,
yara_x-1.1.0.dist-info/WHEEL ADDED
@@ -0,0 +1,5 @@
1
+ Wheel-Version: 1.0
2
+ Generator: maturin (1.8.7)
3
+ Root-Is-Purelib: false
4
+ Tag: cp38-abi3-manylinux_2_28_aarch64
5
+