Documentation
¶
Index ¶
- Constants
- func ACNext(matches []*[]int, nodes []*ACNode, input []byte)
- func ACNextNocase(matches []*[]int, nodes []*ACNode, input []byte)
- func Eval(rule *CompiledRule, matches []*[]int, static []int64) (int64, error)
- func ToLower(b byte) byte
- type ACNode
- type CompiledRule
- type CompiledRules
- type Op
- type Pattern
- type ScanOutput
Constants ¶
View Source
const ( LOADCOUNT = iota LOADOFFSET LOADSTATIC PUSH AND OR EQUAL NOTEQUAL GT GTE LT LTE ADD MINUS MINUSU BAND BOR BXOR SHIFTLEFT SHIFTRIGHT AT IN OF MOVR ADDR INCR DECR PUSHR LOOP CLEAR )
View Source
const ( RC = iota REG1 REG2 REG3 )
Variables ¶
This section is empty.
Functions ¶
func ACNext ¶
ACNext will perform a single byte transition of the automata, returning any indexes where a pattern is hit
func ACNextNocase ¶
Types ¶
type CompiledRule ¶
type CompiledRule struct {
// contains filtered or unexported fields
}
type CompiledRules ¶
type CompiledRules struct {
// contains filtered or unexported fields
}
func Compile ¶
func Compile(input string) (*CompiledRules, error)
Compile an input Yara rule(s) and create both the pattern objects that will be matched on, add the patterns to the aho-corasick automatons, and create the instructions to evaluate each rule
func (*CompiledRules) Debug ¶
func (c *CompiledRules) Debug()
func (*CompiledRules) Scan ¶
func (c *CompiledRules) Scan(input []byte, s bool, timeout int) ([]*ScanOutput, error)
type Pattern ¶
type Pattern struct {
Name string
// pattern to be used in the automta
Pattern []byte
// what rule this pattern is tied to.
MatchIndex int
// if Pattern is not the complete string, full match is the
// complete string with 0x10000 as place holders for bytes with ??
FullMatch []int
IsPartial bool
Re *regexp.Regexp
}
type ScanOutput ¶
Source Files
Click to show internal directories.
Click to hide internal directories.