yara-x 1.4.0__pp310-pypy310_pp73-manylinux_2_28_aarch64.whl → 1.5.0__pp310-pypy310_pp73-manylinux_2_28_aarch64.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of yara-x might be problematic. Click here for more details.
yara_x/__init__.pyi
CHANGED
|
@@ -1,10 +1,16 @@
|
|
|
1
1
|
import typing
|
|
2
|
+
import collections
|
|
2
3
|
|
|
3
4
|
class Compiler:
|
|
4
5
|
r"""
|
|
5
6
|
Compiles YARA source code producing a set of compiled [`Rules`].
|
|
6
7
|
"""
|
|
7
|
-
def
|
|
8
|
+
def __new__(
|
|
9
|
+
cls,
|
|
10
|
+
relaxed_re_syntax: bool = False,
|
|
11
|
+
error_on_slow_pattern: bool = False,
|
|
12
|
+
includes_enabled: bool = True,
|
|
13
|
+
) -> Compiler:
|
|
8
14
|
r"""
|
|
9
15
|
Creates a new [`Compiler`].
|
|
10
16
|
|
|
@@ -22,6 +28,9 @@ class Compiler:
|
|
|
22
28
|
|
|
23
29
|
The `error_on_slow_pattern` argument tells the compiler to treat slow
|
|
24
30
|
patterns as errors, instead of warnings.
|
|
31
|
+
|
|
32
|
+
The `includes_enabled` argument controls whether the compiler should
|
|
33
|
+
enable or disable the inclusion of files with the `include` directive.
|
|
25
34
|
"""
|
|
26
35
|
...
|
|
27
36
|
|
|
@@ -140,12 +149,79 @@ class Compiler:
|
|
|
140
149
|
"""
|
|
141
150
|
...
|
|
142
151
|
|
|
152
|
+
class Scanner:
|
|
153
|
+
r"""
|
|
154
|
+
Scans data with already compiled YARA rules.
|
|
155
|
+
|
|
156
|
+
The scanner receives a set of compiled [`Rules`] and scans data with those
|
|
157
|
+
rules. The same scanner can be used for scanning multiple files or in-memory
|
|
158
|
+
data sequentially, but you need multiple scanners for scanning in parallel.
|
|
159
|
+
"""
|
|
160
|
+
|
|
161
|
+
def __new__(cls, rules: Rules) -> Scanner:
|
|
162
|
+
r"""
|
|
163
|
+
Creates a new [`Scanner`] with a given set of [`Rules`].
|
|
164
|
+
"""
|
|
165
|
+
...
|
|
166
|
+
|
|
167
|
+
def scan(self, data: bytes) -> ScanResults:
|
|
168
|
+
r"""
|
|
169
|
+
Scans in-memory data.
|
|
170
|
+
"""
|
|
171
|
+
...
|
|
172
|
+
|
|
173
|
+
def scan_file(self, file: str) -> ScanResults:
|
|
174
|
+
r"""
|
|
175
|
+
Scans a file
|
|
176
|
+
"""
|
|
177
|
+
...
|
|
178
|
+
|
|
179
|
+
def set_global(self, ident: str, value: typing.Any):
|
|
180
|
+
r"""
|
|
181
|
+
Sets the value of a global variable.
|
|
182
|
+
|
|
183
|
+
The variable must has been previously defined by calling
|
|
184
|
+
[`Compiler::define_global`], and the type it has during the definition
|
|
185
|
+
must match the type of the new value.
|
|
186
|
+
|
|
187
|
+
The variable will retain the new value in subsequent scans, unless this
|
|
188
|
+
function is called again for setting a new value.
|
|
189
|
+
|
|
190
|
+
The type of `value` must be: `bool`, `str`, `bytes`, `int` or `float`.
|
|
191
|
+
|
|
192
|
+
# Raises
|
|
193
|
+
|
|
194
|
+
[TypeError](https://docs.python.org/3/library/exceptions.html#TypeError)
|
|
195
|
+
if the type of `value` is not one of the supported ones.
|
|
196
|
+
"""
|
|
197
|
+
...
|
|
198
|
+
|
|
199
|
+
def set_timeout(self, seconds: int):
|
|
200
|
+
r"""
|
|
201
|
+
Sets a timeout for each scan.
|
|
202
|
+
|
|
203
|
+
After setting a timeout scans will abort after the specified `seconds`.
|
|
204
|
+
"""
|
|
205
|
+
...
|
|
206
|
+
|
|
207
|
+
def console_log(self, callback: collections.abc.Callable[str]):
|
|
208
|
+
r"""
|
|
209
|
+
Sets a callback that is invoked every time a YARA rule calls the
|
|
210
|
+
`console` module.
|
|
211
|
+
|
|
212
|
+
The `callback` function is invoked with a string representing the
|
|
213
|
+
message being logged. The function can print the message to stdout,
|
|
214
|
+
append it to a file, etc. If no callback is set these messages are
|
|
215
|
+
ignored.
|
|
216
|
+
"""
|
|
217
|
+
...
|
|
218
|
+
|
|
143
219
|
class Formatter:
|
|
144
220
|
r"""
|
|
145
221
|
Formats YARA rules.
|
|
146
222
|
"""
|
|
147
|
-
def
|
|
148
|
-
|
|
223
|
+
def __new__(
|
|
224
|
+
cls,
|
|
149
225
|
align_metadata: bool,
|
|
150
226
|
align_patterns: bool,
|
|
151
227
|
indent_section_headers: bool,
|
|
@@ -268,7 +344,7 @@ class Rules:
|
|
|
268
344
|
...
|
|
269
345
|
|
|
270
346
|
@staticmethod
|
|
271
|
-
def deserialize_from(
|
|
347
|
+
def deserialize_from(file: typing.Any) -> Rules:
|
|
272
348
|
r"""
|
|
273
349
|
Deserializes rules from a file-like object.
|
|
274
350
|
"""
|
|
@@ -301,9 +377,9 @@ def compile(src: str) -> Rules:
|
|
|
301
377
|
|
|
302
378
|
class Module:
|
|
303
379
|
r"""A YARA-X module."""
|
|
304
|
-
def
|
|
380
|
+
def __new__(cls, name: str) -> Module:
|
|
381
|
+
r"""Creates a new [`Module`] with the given name, which must be a valid YARA-X module name."""
|
|
305
382
|
...
|
|
306
|
-
|
|
307
|
-
def invoke(data: str) -> dict:
|
|
383
|
+
def invoke(self, data: str) -> dict:
|
|
308
384
|
r"""Parse the data and collect module metadata."""
|
|
309
|
-
...
|
|
385
|
+
...
|
|
Binary file
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: yara-x
|
|
3
|
-
Version: 1.
|
|
3
|
+
Version: 1.5.0
|
|
4
4
|
Classifier: Programming Language :: Rust
|
|
5
5
|
Classifier: Programming Language :: Python :: Implementation :: CPython
|
|
6
6
|
Classifier: Programming Language :: Python :: Implementation :: PyPy
|
|
@@ -8,7 +8,6 @@ Classifier: License :: OSI Approved :: BSD License
|
|
|
8
8
|
Summary: Python bindings for YARA-X
|
|
9
9
|
Keywords: pattern-matching,cybersecurity,forensics,malware,yara
|
|
10
10
|
Home-Page: https://virustotal.github.io/yara-x
|
|
11
|
-
License: BSD-3-Clause
|
|
12
11
|
Requires-Python: >=3.9
|
|
13
12
|
Description-Content-Type: text/markdown; charset=UTF-8; variant=GFM
|
|
14
13
|
Project-URL: homepage, https://virustotal.github.io/yara-x
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
yara_x/__init__.py,sha256=nMyCIYe2XAcE0xoh-kWfMlEZjVx9_cnT6O6Iaxh9JoM,107
|
|
2
|
+
yara_x/__init__.pyi,sha256=T4g5Ujdu3fJ0Zeh5zoeeCZz7Aw1cIaaRjCoTkmclDzI,12055
|
|
3
|
+
yara_x/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
4
|
+
yara_x/yara_x.pypy310-pp73-aarch64-linux-gnu.so,sha256=h80MRpAhaf2vzZi35V-b-sOcvx5WVJx46PoUpWRJ2p8,29247160
|
|
5
|
+
yara_x-1.5.0.dist-info/METADATA,sha256=R8xh9lqnmE-9i-RuvjJsBPnq8obnorzdn7Lqm9dAkxs,1831
|
|
6
|
+
yara_x-1.5.0.dist-info/WHEEL,sha256=qqxQaU7qryPifNM-G4vC-ENTroHr8lOojZ3f0EjlvEs,117
|
|
7
|
+
yara_x-1.5.0.dist-info/RECORD,,
|
yara_x-1.4.0.dist-info/RECORD
DELETED
|
@@ -1,7 +0,0 @@
|
|
|
1
|
-
yara_x/__init__.py,sha256=nMyCIYe2XAcE0xoh-kWfMlEZjVx9_cnT6O6Iaxh9JoM,107
|
|
2
|
-
yara_x/__init__.pyi,sha256=XHHI2JILfrN55nB7Mf2ySKBF2vLGrp6LijAkCQESekc,9621
|
|
3
|
-
yara_x/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
4
|
-
yara_x/yara_x.pypy310-pp73-aarch64-linux-gnu.so,sha256=Dj-YV6DCR47gCe3lzwvUunU6OxgngT9Hb6zoWy4FDmY,27696104
|
|
5
|
-
yara_x-1.4.0.dist-info/METADATA,sha256=XVKyoxe5wKEIcIWJMX7ZTW8a5QtnHIkrvLkkoV4CL7s,1853
|
|
6
|
-
yara_x-1.4.0.dist-info/WHEEL,sha256=Z4zTVTi5r1QTBrbF9jjHkDUGWaL1FPOqxIXfrI-LFG8,117
|
|
7
|
-
yara_x-1.4.0.dist-info/RECORD,,
|