Documentation
¶
Overview ¶
Package types contain main types used in the API + some minimal logic. They have been gathered here to avoid cyclic dependencies in other parts of the code
Index ¶
- Constants
- func FileDataGetHelp()
- func OperatorFind(name string) (*util.Function, bool)
- func OperatorHelp()
- func OperatorRegister(name string, fun interface{}) error
- type Action
- type Analysis
- type Configuration
- type Env
- func (e *Env) Create(name string) (*os.File, *FileData, error)
- func (e *Env) CreateLog(name string) (*os.File, error)
- func (e Env) GetFile() string
- func (e Env) GetSize() uint64
- func (e Env) HasPermission(p Permission) bool
- func (e *Env) Mkdir(path string) (*FileData, error)
- func (e *Env) New(name string, islog bool) (*FileData, error)
- func (e *Env) PopRule()
- func (e *Env) PushRule(newrule *Rule)
- func (e *Env) SetInput(r io.ReadSeeker, d *FileData)
- func (e *Env) StartRule(rule *Rule)
- func (e Env) String() string
- type Expression
- type FileData
- func (fd FileData) Empty() bool
- func (fd FileData) Get(name string) (interface{}, bool)
- func (fd *FileData) GetTime() time.Time
- func (fd *FileData) RegisterAnalysis(name string, data interface{}, err error)
- func (fd *FileData) RegisterError(err error)
- func (fd *FileData) RegisterErrorf(format string, v ...interface{})
- func (fd *FileData) RegisterWarning(format string, v ...interface{})
- func (fd *FileData) SetTime(t time.Time)
- type FlatMatch
- type Match
- type Molly
- type Permission
- type Report
- type Rule
- type RuleSet
- type Scope
Constants ¶
const ( ActionModeNormal = 0 ActionModeIgnore = 1 ActionModeExit = 2 RulePassMin = 0 RulePassMax = 2 )
Variables ¶
This section is empty.
Functions ¶
func FileDataGetHelp ¶
func FileDataGetHelp()
FileDataGetHelp dump help about the special variables such as $time
func OperatorFind ¶
OperatorFind finds among registered functions
func OperatorRegister ¶
OperatorRegister registers a new operator in molly
Types ¶
type Action ¶
type Action struct {
Mode int
Action Expression
}
type Configuration ¶
type Configuration struct {
OutDir string
MaxDepth int
Verbose bool
Permissions Permission
OnMatchRule func(file *FileData, match *Match)
OnMatchTag func(file *FileData, tag string)
}
Configuration contains all runtime parameters used by molly
func (Configuration) HasPermission ¶
func (c Configuration) HasPermission(p Permission) bool
HasPermission checks if a permission is set
func (*Configuration) SetPermission ¶
func (c *Configuration) SetPermission(p Permission, val bool)
SetPermission sets or clears a Permission
type Env ¶
type Env struct {
// Input is valid while we are scanning a file
Reader io.ReadSeeker
Current *FileData
// Scope is valid while we are scanning a file and a rule
Scope *Scope
// contains filtered or unexported fields
}
Env is the current environment during scanning
func (Env) HasPermission ¶
func (e Env) HasPermission(p Permission) bool
type Expression ¶
type Expression interface {
Eval(env *Env) (Expression, error)
Simplify() (Expression, error)
}
Expression is a node in the AST
type FileData ¶
type FileData struct {
Parent *FileData
Filename string
FilenameOut string
Filesize int64
Checksum []byte
// hierarchy
Depth int
Children []*FileData
DuplicateOf *FileData
// These are filled as we scan the file
Processed bool
Matches []*Match
Errors []error
Warnings []string
Logs []string
Analyses map[string]*Analysis
// contains filtered or unexported fields
}
func NewFileData ¶
func (FileData) Get ¶
Get returns variables associated with this file. These can be referensed in rules as $name or in the actions as {name}
func (*FileData) RegisterAnalysis ¶
func (*FileData) RegisterError ¶
RegisterError registers an error
func (*FileData) RegisterErrorf ¶
RegisterErrorf registers an error
func (*FileData) RegisterWarning ¶
RegisterWarning registers a warning
type FlatMatch ¶
type FlatMatch struct {
Rule *Rule `json:"-"` // dont need this for the reports
Name string
Vars map[string]interface{}
}
FlatMatch is a flatten version of Match
type Match ¶
type Match struct {
Rule *Rule
Vars map[string]interface{}
Children []*Match
Parent *Match `json:"-"` // this will avoid circular marshalling
FailedChildren []*Rule `json:"-"` // this will avoid circular marshalling
}
Match represents a rule match on a file
type Molly ¶
type Molly struct {
Config *Configuration
Rules *RuleSet
Files map[string]*FileData
// FilesByHash is mainly need to ignore duplicate files
FilesByHash map[string]*FileData
}
Molly represents the context of a molly program
func (*Molly) CreateFile ¶
type Permission ¶
type Permission uint32
Permission defines a molly permission such as the ability to create new files
const ( Create Permission = 1 << iota Execute )
type Rule ¶
type Rule struct {
ID string
Metadata *util.Register
Parent *Rule `json:"-"` // this will avoid circular marshalling
Children []*Rule
Conditions []Expression
Actions []Action
Variables map[string]Expression
}
Rule defines a single rule
type RuleSet ¶
RuleSet represents a group of rules parsed from one or more file it also includes the rule hierarchy
func NewRuleSet ¶
func NewRuleSet() *RuleSet
NewRuleSet creates a new set of rules, to be populated by a rule scanner
type Scope ¶
Scope is the current scope while scanning a file for some rule. Since rules are in hierarchy, so does the scope
func (Scope) Get ¶
func (s Scope) Get(id string) (Expression, bool)
Get reads a variable from scope or parent scope
func (Scope) GetAll ¶
func (s Scope) GetAll() map[string]Expression
GetAll returns all scope variables
Source Files