yara-x 1.5.0__cp38-abi3-win_amd64.whl → 1.7.0__cp38-abi3-win_amd64.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of yara-x might be problematic. Click here for more details.
yara_x/__init__.pyi
CHANGED
|
@@ -1,6 +1,23 @@
|
|
|
1
|
-
import typing
|
|
2
1
|
import collections
|
|
3
2
|
|
|
3
|
+
from typing import Any, Dict, BinaryIO, TextIO, Optional, Tuple, final
|
|
4
|
+
|
|
5
|
+
class CompileError(Exception):
|
|
6
|
+
r"""
|
|
7
|
+
Error occurred while compiling rules.
|
|
8
|
+
"""
|
|
9
|
+
|
|
10
|
+
class ScanError(Exception):
|
|
11
|
+
r"""
|
|
12
|
+
Error occurred during a scan operation.
|
|
13
|
+
"""
|
|
14
|
+
|
|
15
|
+
class TimeoutError(Exception):
|
|
16
|
+
r"""
|
|
17
|
+
Error indicating that a timeout occurred during a scan operation.
|
|
18
|
+
"""
|
|
19
|
+
|
|
20
|
+
@final
|
|
4
21
|
class Compiler:
|
|
5
22
|
r"""
|
|
6
23
|
Compiles YARA source code producing a set of compiled [`Rules`].
|
|
@@ -34,7 +51,7 @@ class Compiler:
|
|
|
34
51
|
"""
|
|
35
52
|
...
|
|
36
53
|
|
|
37
|
-
def add_source(self, src: str, origin:
|
|
54
|
+
def add_source(self, src: str, origin: Optional[str] = None) -> None:
|
|
38
55
|
r"""
|
|
39
56
|
Adds a YARA source code to be compiled.
|
|
40
57
|
|
|
@@ -56,7 +73,20 @@ class Compiler:
|
|
|
56
73
|
"""
|
|
57
74
|
...
|
|
58
75
|
|
|
59
|
-
def
|
|
76
|
+
def add_include_dir(self, dir: str) -> None:
|
|
77
|
+
r"""
|
|
78
|
+
Adds a directory to the list of directories where the compiler should
|
|
79
|
+
look for included files.
|
|
80
|
+
"""
|
|
81
|
+
...
|
|
82
|
+
|
|
83
|
+
def enable_includes(self, yes: bool) -> None:
|
|
84
|
+
r"""
|
|
85
|
+
Enables or disables the inclusion of files with the `include` directive.
|
|
86
|
+
"""
|
|
87
|
+
...
|
|
88
|
+
|
|
89
|
+
def define_global(self, ident: str, value: Any) -> None:
|
|
60
90
|
r"""
|
|
61
91
|
Defines a global variable and sets its initial value.
|
|
62
92
|
|
|
@@ -105,7 +135,7 @@ class Compiler:
|
|
|
105
135
|
"""
|
|
106
136
|
...
|
|
107
137
|
|
|
108
|
-
def errors(self) ->
|
|
138
|
+
def errors(self) -> Any:
|
|
109
139
|
r"""
|
|
110
140
|
Retrieves all errors generated by the compiler.
|
|
111
141
|
|
|
@@ -114,7 +144,7 @@ class Compiler:
|
|
|
114
144
|
"""
|
|
115
145
|
...
|
|
116
146
|
|
|
117
|
-
def warnings(self) ->
|
|
147
|
+
def warnings(self) -> Any:
|
|
118
148
|
r"""
|
|
119
149
|
Retrieves all warnings generated by the compiler.
|
|
120
150
|
|
|
@@ -135,20 +165,7 @@ class Compiler:
|
|
|
135
165
|
"""
|
|
136
166
|
...
|
|
137
167
|
|
|
138
|
-
|
|
139
|
-
r"""
|
|
140
|
-
Specify required metadata identifiers and types for the values in each
|
|
141
|
-
rule. Any rule which does not meet these requirements will result in a
|
|
142
|
-
compiler warning.
|
|
143
|
-
|
|
144
|
-
The key in your dictionary corresponds to the metadata identifier and
|
|
145
|
-
the value in your dictionary corresponds to the required type for that
|
|
146
|
-
metadata in the rule.
|
|
147
|
-
|
|
148
|
-
Acceptable values are documented in [the config file](https://virustotal.github.io/yara-x/docs/cli/config-file/).
|
|
149
|
-
"""
|
|
150
|
-
...
|
|
151
|
-
|
|
168
|
+
@final
|
|
152
169
|
class Scanner:
|
|
153
170
|
r"""
|
|
154
171
|
Scans data with already compiled YARA rules.
|
|
@@ -170,13 +187,13 @@ class Scanner:
|
|
|
170
187
|
"""
|
|
171
188
|
...
|
|
172
189
|
|
|
173
|
-
def scan_file(self,
|
|
190
|
+
def scan_file(self, path: str) -> ScanResults:
|
|
174
191
|
r"""
|
|
175
192
|
Scans a file
|
|
176
193
|
"""
|
|
177
194
|
...
|
|
178
195
|
|
|
179
|
-
def set_global(self, ident: str, value:
|
|
196
|
+
def set_global(self, ident: str, value: Any) -> None:
|
|
180
197
|
r"""
|
|
181
198
|
Sets the value of a global variable.
|
|
182
199
|
|
|
@@ -196,7 +213,7 @@ class Scanner:
|
|
|
196
213
|
"""
|
|
197
214
|
...
|
|
198
215
|
|
|
199
|
-
def set_timeout(self, seconds: int):
|
|
216
|
+
def set_timeout(self, seconds: int) -> None:
|
|
200
217
|
r"""
|
|
201
218
|
Sets a timeout for each scan.
|
|
202
219
|
|
|
@@ -204,7 +221,15 @@ class Scanner:
|
|
|
204
221
|
"""
|
|
205
222
|
...
|
|
206
223
|
|
|
207
|
-
def
|
|
224
|
+
def max_matches_per_pattern(self, matches: int) -> None:
|
|
225
|
+
r"""
|
|
226
|
+
Sets the maximum number of matches per pattern.
|
|
227
|
+
|
|
228
|
+
When some pattern reaches the specified number of `matches` it won't produce more matches.
|
|
229
|
+
"""
|
|
230
|
+
...
|
|
231
|
+
|
|
232
|
+
def console_log(self, callback: collections.abc.Callable[[str], Any]) -> None:
|
|
208
233
|
r"""
|
|
209
234
|
Sets a callback that is invoked every time a YARA rule calls the
|
|
210
235
|
`console` module.
|
|
@@ -216,20 +241,21 @@ class Scanner:
|
|
|
216
241
|
"""
|
|
217
242
|
...
|
|
218
243
|
|
|
244
|
+
@final
|
|
219
245
|
class Formatter:
|
|
220
246
|
r"""
|
|
221
247
|
Formats YARA rules.
|
|
222
248
|
"""
|
|
223
249
|
def __new__(
|
|
224
250
|
cls,
|
|
225
|
-
align_metadata: bool,
|
|
226
|
-
align_patterns: bool,
|
|
227
|
-
indent_section_headers: bool,
|
|
228
|
-
indent_section_contents: bool,
|
|
229
|
-
indent_spaces: int,
|
|
230
|
-
newline_before_curly_brace: bool,
|
|
231
|
-
empty_line_before_section_header: bool,
|
|
232
|
-
empty_line_after_section_header: bool,
|
|
251
|
+
align_metadata: bool = True,
|
|
252
|
+
align_patterns: bool = True,
|
|
253
|
+
indent_section_headers: bool = True,
|
|
254
|
+
indent_section_contents: bool = True,
|
|
255
|
+
indent_spaces: int = 2,
|
|
256
|
+
newline_before_curly_brace: bool = False,
|
|
257
|
+
empty_line_before_section_header: bool = True,
|
|
258
|
+
empty_line_after_section_header: bool = False,
|
|
233
259
|
) -> Formatter:
|
|
234
260
|
r"""
|
|
235
261
|
Creates a new [`Formatter`].
|
|
@@ -245,73 +271,87 @@ class Formatter:
|
|
|
245
271
|
"""
|
|
246
272
|
...
|
|
247
273
|
|
|
248
|
-
def format(self, input:
|
|
274
|
+
def format(self, input: TextIO, output: TextIO) -> None:
|
|
249
275
|
r"""
|
|
250
276
|
Format a YARA rule
|
|
251
277
|
"""
|
|
252
278
|
...
|
|
253
279
|
|
|
280
|
+
@final
|
|
254
281
|
class Match:
|
|
255
282
|
r"""
|
|
256
283
|
Represents a match found for a pattern.
|
|
257
284
|
"""
|
|
285
|
+
@property
|
|
258
286
|
def offset(self) -> int:
|
|
259
287
|
r"""
|
|
260
288
|
Offset where the match occurred.
|
|
261
289
|
"""
|
|
262
290
|
...
|
|
263
291
|
|
|
292
|
+
@property
|
|
264
293
|
def length(self) -> int:
|
|
265
294
|
r"""
|
|
266
295
|
Length of the match in bytes.
|
|
267
296
|
"""
|
|
268
297
|
...
|
|
269
298
|
|
|
270
|
-
|
|
299
|
+
@property
|
|
300
|
+
def xor_key(self) -> Optional[int]:
|
|
271
301
|
r"""
|
|
272
302
|
XOR key used for decrypting the data if the pattern had the xor
|
|
273
303
|
modifier, or None if otherwise.
|
|
274
304
|
"""
|
|
275
305
|
...
|
|
276
306
|
|
|
307
|
+
@final
|
|
277
308
|
class Pattern:
|
|
278
309
|
r"""
|
|
279
310
|
Represents a pattern in a YARA rule.
|
|
280
311
|
"""
|
|
312
|
+
|
|
313
|
+
@property
|
|
281
314
|
def identifier(self) -> str:
|
|
282
315
|
r"""
|
|
283
316
|
Pattern identifier (e.g: '$a', '$foo').
|
|
284
317
|
"""
|
|
285
318
|
...
|
|
286
319
|
|
|
320
|
+
@property
|
|
287
321
|
def matches(self) -> tuple:
|
|
288
322
|
r"""
|
|
289
323
|
Matches found for this pattern.
|
|
290
324
|
"""
|
|
291
325
|
...
|
|
292
326
|
|
|
327
|
+
@final
|
|
293
328
|
class Rule:
|
|
294
329
|
r"""
|
|
295
330
|
Represents a rule that matched while scanning some data.
|
|
296
331
|
"""
|
|
332
|
+
|
|
333
|
+
@property
|
|
297
334
|
def identifier(self) -> str:
|
|
298
335
|
r"""
|
|
299
336
|
Returns the rule's name.
|
|
300
337
|
"""
|
|
301
338
|
...
|
|
302
339
|
|
|
340
|
+
@property
|
|
303
341
|
def namespace(self) -> str:
|
|
304
342
|
r"""
|
|
305
343
|
Returns the rule's namespace.
|
|
306
344
|
"""
|
|
307
345
|
...
|
|
308
346
|
|
|
347
|
+
@property
|
|
309
348
|
def tags(self) -> tuple:
|
|
310
349
|
r"""
|
|
311
350
|
Returns the rule's tags.
|
|
312
351
|
"""
|
|
313
352
|
...
|
|
314
353
|
|
|
354
|
+
@property
|
|
315
355
|
def metadata(self) -> tuple:
|
|
316
356
|
r"""
|
|
317
357
|
A tuple of pairs `(identifier, value)` with the metadata associated to
|
|
@@ -319,12 +359,14 @@ class Rule:
|
|
|
319
359
|
"""
|
|
320
360
|
...
|
|
321
361
|
|
|
362
|
+
@property
|
|
322
363
|
def patterns(self) -> tuple:
|
|
323
364
|
r"""
|
|
324
365
|
Patterns defined by the rule.
|
|
325
366
|
"""
|
|
326
367
|
...
|
|
327
368
|
|
|
369
|
+
@final
|
|
328
370
|
class Rules:
|
|
329
371
|
r"""
|
|
330
372
|
A set of YARA rules in compiled form.
|
|
@@ -337,30 +379,34 @@ class Rules:
|
|
|
337
379
|
"""
|
|
338
380
|
...
|
|
339
381
|
|
|
340
|
-
def serialize_into(self, file:
|
|
382
|
+
def serialize_into(self, file: BinaryIO) -> None:
|
|
341
383
|
r"""
|
|
342
384
|
Serializes the rules into a file-like object.
|
|
343
385
|
"""
|
|
344
386
|
...
|
|
345
387
|
|
|
346
388
|
@staticmethod
|
|
347
|
-
def deserialize_from(file:
|
|
389
|
+
def deserialize_from(file: BinaryIO) -> Rules:
|
|
348
390
|
r"""
|
|
349
391
|
Deserializes rules from a file-like object.
|
|
350
392
|
"""
|
|
351
393
|
...
|
|
352
394
|
|
|
395
|
+
@final
|
|
353
396
|
class ScanResults:
|
|
354
397
|
r"""
|
|
355
398
|
Results produced by a scan operation.
|
|
356
399
|
"""
|
|
357
|
-
|
|
400
|
+
|
|
401
|
+
@property
|
|
402
|
+
def matching_rules(self) -> Tuple[Rule, ...]:
|
|
358
403
|
r"""
|
|
359
404
|
Rules that matched during the scan.
|
|
360
405
|
"""
|
|
361
406
|
...
|
|
362
407
|
|
|
363
|
-
|
|
408
|
+
@property
|
|
409
|
+
def module_outputs(self) -> Dict[str, Any]:
|
|
364
410
|
r"""
|
|
365
411
|
Module output from the scan.
|
|
366
412
|
"""
|
|
@@ -375,11 +421,12 @@ def compile(src: str) -> Rules:
|
|
|
375
421
|
"""
|
|
376
422
|
...
|
|
377
423
|
|
|
424
|
+
@final
|
|
378
425
|
class Module:
|
|
379
426
|
r"""A YARA-X module."""
|
|
380
427
|
def __new__(cls, name: str) -> Module:
|
|
381
428
|
r"""Creates a new [`Module`] with the given name, which must be a valid YARA-X module name."""
|
|
382
429
|
...
|
|
383
|
-
def invoke(self, data: str) ->
|
|
430
|
+
def invoke(self, data: str) -> Any:
|
|
384
431
|
r"""Parse the data and collect module metadata."""
|
|
385
432
|
...
|
yara_x/yara_x.pyd
CHANGED
|
Binary file
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
yara_x-1.7.0.dist-info/METADATA,sha256=sRkkW9B8albMfWEOBQPQFhVS7woB42OUPPQZ7YZqZQg,1861
|
|
2
|
+
yara_x-1.7.0.dist-info/WHEEL,sha256=7bfl5v0wbVhXZba613g0x-n2obNNfpQuN8I1cQ4oaU8,94
|
|
3
|
+
yara_x/__init__.py,sha256=nMyCIYe2XAcE0xoh-kWfMlEZjVx9_cnT6O6Iaxh9JoM,107
|
|
4
|
+
yara_x/__init__.pyi,sha256=AnXvqQJAsdIbgvJ5M5AugW5cFJKWt61u2d5yNHocaTQ,13156
|
|
5
|
+
yara_x/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
6
|
+
yara_x/yara_x.pyd,sha256=0LgSAeCNWtk2ECaj8kXUusWNHW9PeVueEQSOWr-zIzQ,23975936
|
|
7
|
+
yara_x-1.7.0.dist-info/RECORD,,
|
yara_x-1.5.0.dist-info/RECORD
DELETED
|
@@ -1,7 +0,0 @@
|
|
|
1
|
-
yara_x-1.5.0.dist-info/METADATA,sha256=cEYVLuRKZnQ3uxrBF14v058FdtPzRmcB350CC1YtKM4,1861
|
|
2
|
-
yara_x-1.5.0.dist-info/WHEEL,sha256=lvaVdaNOIbpDjZxhxQcXMmDSpIrmQUI6MiaH-nloUu8,94
|
|
3
|
-
yara_x/__init__.py,sha256=nMyCIYe2XAcE0xoh-kWfMlEZjVx9_cnT6O6Iaxh9JoM,107
|
|
4
|
-
yara_x/__init__.pyi,sha256=xR1sQis5Fa4V4Q8PBnEfZB01hBIKdqZ9ABYakMyXMgs,12440
|
|
5
|
-
yara_x/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
6
|
-
yara_x/yara_x.pyd,sha256=GI6XLg0ucRZsQblxwKJ87L9rloZjglJ8Und6_CaOPeY,22222848
|
|
7
|
-
yara_x-1.5.0.dist-info/RECORD,,
|