data

package
v0.8.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 21, 2022 License: MIT Imports: 2 Imported by: 5

Documentation

Index

Constants

View Source 
const DefaultAlphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"

DefaultAlphabet is the default alphabet used for the base64 modifier

Variables

View Source 
var ErrInvalidStringModifierCombo = fmt.Errorf(`invalid string modifier combination`)

ErrInvalidStringModifierCombo denotes when an invalid combination of string modifiers is used

Functions

This section is empty.

Types

type Base64 added in v0.8.0 

type Base64 []byte

Base64 represents the base64 modifier that may or may not contain an alphabet. Alphabets must contain exactly 64 bytes.

func (Base64) Serialize added in v0.8.0 

func (b64 Base64) Serialize() (out string, err error)

Serialize for the base64 string modifier returns a representation depending on the provided alphabet. If the Base64 is nil, then the modifier is assumed to be not present, and an empty string is output. If the Base64 is zero-length, then the form of the modifier is assumed to be base64 without an alphabet. If the Base64 is not zero-length, it must be 64 bytes representing a 64-character alphabet

func (Base64) String added in v0.8.0 

func (b64 Base64) String() string

String returns the string representation of the base64 modifier

type Dec added in v0.7.0 

type Dec int64

Dec formats its value using base-10

func (Dec) String added in v0.7.0 

func (d Dec) String() string

String returns the base-10 representation of the underlying int64

func (Dec) Value added in v0.7.0 

func (d Dec) Value() int64

Value --

type Hex added in v0.7.0 

type Hex int64

Hex formats its value using base-16

func (Hex) String added in v0.7.0 

func (h Hex) String() string

String returns the base-16 representation of the underlying int64

func (Hex) Value added in v0.7.0 

func (h Hex) Value() int64

Value --

type Int added in v0.7.0 

type Int interface {
	Value() int64
}

An Int can return its underlying value as int64

type Meta added in v0.2.0 

type Meta struct {
	Key string      `json:"key"`
	Val interface{} `json:"val"`
}

A Meta is a simple key/value pair. Val should be restricted to int, string, and bool.

func (*Meta) Serialize added in v0.5.0 

func (m *Meta) Serialize() (out string, err error)

Serialize for Meta returns the string representation of the key/value pair

func (Meta) String added in v0.5.0 

func (m Meta) String() string

String for Meta returns a string representation of the key/value

type Metas 

type Metas []Meta

Metas are slices of Meta. A single Meta may be duplicated within Metas.

func (*Metas) Serialize added in v0.5.0 

func (ms *Metas) Serialize() (out string, err error)

Serialize for Metas returns the "meta:" section in the YARA rule

func (Metas) String added in v0.5.0 

func (ms Metas) String() string

String for Metas returns a string representation of the keys/values

type Oct added in v0.7.0 

type Oct int64

Oct formats its value using base-8

func (Oct) String added in v0.7.0 

func (o Oct) String() string

String returns the base-8 representation of the underlying int64

func (Oct) Value added in v0.7.0 

func (o Oct) Value() int64

Value --

type Rule 

type Rule struct {
	Modifiers  RuleModifiers `json:"modifiers"`
	Identifier string        `json:"identifier"`
	Tags       []string      `json:"tags"`
	Meta       Metas         `json:"meta"`
	Strings    Strings       `json:"strings"`
	Condition  string        `json:"condition"`
}

A Rule is a single yara rule

func (*Rule) Serialize added in v0.5.0 

func (r *Rule) Serialize() (out string, err error)

Serialize for Rule builds a YARA rule as a string

func (Rule) String added in v0.5.0 

func (r Rule) String() string

String for Rule returns the rule ID

type RuleModifiers 

type RuleModifiers struct {
	Global  bool `json:"global"`
	Private bool `json:"private"`
}

RuleModifiers denote whether a Rule is global, private, neither, or both.

type RuleSet 

type RuleSet struct {
	File     string   `json:"file"` // Name of the yara file
	Imports  []string `json:"imports"`
	Includes []string `json:"includes"`
	Rules    []Rule   `json:"rules"`
}

RuleSet represents the contents of a yara file

func (*RuleSet) Serialize added in v0.5.0 

func (rs *RuleSet) Serialize() (out string, err error)

Serialize for RuleSet builds a complete YARA ruleset

func (RuleSet) String added in v0.5.0 

func (rs RuleSet) String() string

String for RuleSet returns the name of the file

type String 

type String struct {
	ID        string          `json:"id"`
	Type      StringType      `json:"type"`
	Text      string          `json:"text"`
	Modifiers StringModifiers `json:"modifiers"`
}

String is a string, regex, or byte pair sequence

func (*String) Serialize added in v0.5.0 

func (s *String) Serialize() (out string, err error)

Serialize for String returns a String as a string

func (String) String added in v0.5.0 

func (s String) String() string

String returns the identifier of the String

type StringModifiers 

type StringModifiers struct {
	Nocase     bool   `json:"nocase"`
	ASCII      bool   `json:"ascii"`
	Wide       bool   `json:"wide"`
	Fullword   bool   `json:"fullword"`
	Private    bool   `json:"private"`
	Xor        Xor    `json:"xor"`
	Base64     Base64 `json:"base64"`
	Base64Wide Base64 `json:"base64wide"`
	I          bool   `json:"i"` // for regex
	S          bool   `json:"s"` // for regex
}

StringModifiers denote the status of the possible modifiers for strings

func (*StringModifiers) Serialize added in v0.5.0 

func (m *StringModifiers) Serialize() (out string, err error)

Serialize for StringModifiers creates a space-sparated list of string modifiers, excluding the i and s which are appended to /regex/ The returned error must be nil.

func (StringModifiers) String added in v0.5.0 

func (m StringModifiers) String() string

String for StringModifiers returns a string representation of the modifiers

func (*StringModifiers) Validate added in v0.7.0 

func (m *StringModifiers) Validate() error

Validate returns an error that can be unwrapped to ErrInvalidStringModifierCombo if an illegal combination of string modifiers is present

type StringType 

type StringType int

StringType is used to differentiate between string, hex bytes, and regex 

const (
	TypeString StringType = iota
	TypeHexString
	TypeRegex
)

Type of String

func (StringType) String added in v0.5.0 

func (t StringType) String() string

type Strings added in v0.2.0 

type Strings []String

Strings are slices of String. No two String structs may have the same identifier within a Strings, except for the $ anonymous identifier.

func (*Strings) Serialize added in v0.5.0 

func (ss *Strings) Serialize() (out string, err error)

Serialize for Strings returns the "strings:" section in the YARA rule

func (Strings) String added in v0.5.0 

func (ss Strings) String() string

String for Strings returns a string representation of the String IDs

type Xor added in v0.7.0 

type Xor []Int

Xor represents the xor modifier. Xor can have 0-2 members, representing respectively: xor, xor(val), xor(min-max). A nil Xor indicates absence of the xor modifier

func (Xor) Serialize added in v0.7.0 

func (xor Xor) Serialize() (out string, err error)

Serialize for Xor outputs the correct form of the xor modifier and verifies that any specified values are in range

func (Xor) String added in v0.7.0 

func (xor Xor) String() string

type YARAError added in v0.7.0 

type YARAError struct {
	// contains filtered or unexported fields
}

YARAError can be used to wrap an error type and a message to go along with it

func NewYARAError added in v0.7.0 

func NewYARAError(err error, msg string) YARAError

func (YARAError) Error added in v0.7.0 

func (e YARAError) Error() string

func (YARAError) Unwrap added in v0.7.0 

func (e YARAError) Unwrap() error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.