Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Metas ¶
type Metas map[string][]interface{}
Metas is a map which should only be used with values of type int, string, bool. Duplicate keys are allowed in YARA, so the values will be appended to the slice of interfaces.
type Rule ¶
type Rule struct {
Modifiers RuleModifiers `json:"modifiers"`
Identifier string `json:"identifier"`
Tags []string `json:"tags"`
Meta Metas `json:"meta"`
Strings map[string]*String `json:"strings"`
Condition string `json:"condition"`
}
A Rule is a single yara rule
type RuleModifiers ¶
RuleModifiers denote whether a Rule is global, private, neither, or both.
type RuleSet ¶
type RuleSet struct {
File string `json:"file"` // Name of the yara file
Imports []string `json:"imports"`
Includes []string `json:"includes"`
Rules []Rule `json:"rules"`
}
RuleSet represents the contents of a yara file
type String ¶
type String struct {
ID string `json:"id"`
Type StringType `json:"type"`
Text string `json:"text"`
Modifiers StringModifiers `json:"modifiers"`
}
String is a string, regex, or byte pair sequence
type StringModifiers ¶
type StringModifiers struct {
Nocase bool `json:"nocase"`
ASCII bool `json:"ascii"`
Wide bool `json:"wide"`
Fullword bool `json:"fullword"`
I bool `json:"i"` // for regex
S bool `json:"s"` // for regex
}
StringModifiers denote the status of the possible modifiers for strings
type StringType ¶
type StringType int
StringType is used to differentiate between string, hex bytes, and regex
const ( TypeString StringType = iota TypeHexString TypeRegex )
Type of String
Source Files
Click to show internal directories.
Click to hide internal directories.