Documentation
¶
Index ¶
- Constants
- type ArgType
- type ArgsValidation
- type Base
- type CIDRContains
- type Concat
- type Dir
- type Entropy
- type Ext
- type Fn
- type FunctionArgDesc
- type FunctionDesc
- type GetRegValue
- type Glob
- type IndexOf
- type IndexPosition
- type IsAbs
- type IsMinidump
- type Length
- type Lower
- type Ltrim
- type MD5
- type Regex
- type Replace
- type Rtrim
- type Split
- type Substr
- type Symlink
- type Upper
- type Volume
- type Yara
Constants ¶
const ( // Shannon computes the string entropy by employing // the Shannon algorithm. // https://en.wikipedia.org/wiki/Entropy_(information_theory) Shannon = "shannon" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ArgType ¶
type ArgType uint8
ArgType is the type alias for the argument value type.
const ( // String represents the string argument type. String ArgType = iota // Number represents the scalar argument type. Number // IP represents the IP argument type. IP // Field represents the argument type that is derived // from the field literal. Field literal values can // be simple primitive types. Field // Func represents the argument type that is derived // from the function return value. Func // Slice represents the string slice argument type. Slice // Bool represents the boolean argument type. Bool // Unknown is the unknown argument type. Unknown )
type ArgsValidation ¶ added in v1.5.0
ArgsValidation is a function for the custom argument validation logic.
type Base ¶ added in v1.10.0
type Base struct{}
Base returns the last element of the path.
func (Base) Desc ¶ added in v1.10.0
func (f Base) Desc() FunctionDesc
type CIDRContains ¶
type CIDRContains struct{}
CIDRContains determines if the specified IP is contained within the block referenced by the given CIDR mask. The first argument in the slice represents the IP address and the rest of the args represent IP addresses in CIDR notation.
func (CIDRContains) Call ¶
func (f CIDRContains) Call(args []interface{}) (interface{}, bool)
func (CIDRContains) Desc ¶
func (f CIDRContains) Desc() FunctionDesc
func (CIDRContains) Name ¶
func (f CIDRContains) Name() Fn
type Concat ¶ added in v1.5.0
type Concat struct{}
Concat returns a concatenated string of all input arguments.
func (Concat) Desc ¶ added in v1.5.0
func (f Concat) Desc() FunctionDesc
type Dir ¶ added in v1.10.0
type Dir struct{}
Dir returns all but the last element of the path, typically the path's directory.
func (Dir) Desc ¶ added in v1.10.0
func (f Dir) Desc() FunctionDesc
type Entropy ¶ added in v1.5.0
type Entropy struct{}
Entropy measures the string entropy
func (Entropy) Desc ¶ added in v1.5.0
func (f Entropy) Desc() FunctionDesc
type Ext ¶ added in v1.10.0
type Ext struct{}
Ext returns the file name extension used by the path.
func (Ext) Desc ¶ added in v1.10.0
func (f Ext) Desc() FunctionDesc
type Fn ¶
type Fn uint16
Fn is the type alias for function definitions.
const ( // CIDRContainsFn identifies the CIDR_CONTAINS function CIDRContainsFn Fn = iota + 1 // MD5Fn represents the MD5 function MD5Fn // ConcatFn represents the CONCAT function ConcatFn // LtrimFn represents the LTRIM function LtrimFn // RtrimFn represents the RTRIM function RtrimFn // LowerFn represents the LOWER function LowerFn // UpperFn represents the UPPER function UpperFn // ReplaceFn represents the REPLACE function ReplaceFn // SplitFn represents the SPLIT function SplitFn // LengthFn represents the LENGTH function LengthFn // IndexOfFn represents the INDEXOF function IndexOfFn // SubstrFn represents the SUBSTR function SubstrFn // EntropyFn represents the ENTROPY function EntropyFn // RegexFn represents the REGEX function RegexFn // IsMinidumpFn represents the ISMINIDUMP function IsMinidumpFn // BaseFn represents the BASE function BaseFn // DirFn represents the DIR function DirFn // SymlinkFn represents the SYMLINK function SymlinkFn // ExtFn represents the EXT function ExtFn // GlobFn represents the GLOB function GlobFn // IsAbsFn represents the IS_ABS function IsAbsFn // VolumeFn represents the VOLUME function VolumeFn // GetRegValueFn represents the GET_REG_VALUE function GetRegValueFn // YaraFn represents the YARA function YaraFn )
type FunctionArgDesc ¶
FunctionArgDesc described each function argument.
func (FunctionArgDesc) ContainsType ¶
func (arg FunctionArgDesc) ContainsType(typ ArgType) bool
ContainsType returns true if the argument satisfies the given argument type.
type FunctionDesc ¶
type FunctionDesc struct {
Name Fn
Args []FunctionArgDesc
ArgsValidationFunc ArgsValidation
}
FunctionDesc contains the function signature that particular filter function has to satisfy.
func (FunctionDesc) RequiredArgs ¶
func (f FunctionDesc) RequiredArgs() int
RequiredArgs returns the number of the required function args.
type GetRegValue ¶ added in v1.10.0
type GetRegValue struct{}
GetRegValue retrieves the content of the registry value.
func (GetRegValue) Call ¶ added in v1.10.0
func (f GetRegValue) Call(args []interface{}) (interface{}, bool)
func (GetRegValue) Desc ¶ added in v1.10.0
func (f GetRegValue) Desc() FunctionDesc
func (GetRegValue) Name ¶ added in v1.10.0
func (f GetRegValue) Name() Fn
type Glob ¶ added in v1.10.0
type Glob struct{}
Glob returns the names of all files matching the pattern or an empty list if there is no matching file.
func (Glob) Desc ¶ added in v1.10.0
func (f Glob) Desc() FunctionDesc
type IndexOf ¶ added in v1.5.0
type IndexOf struct{}
IndexOf returns the index of the instance of substring in a given string depending on the provided search order.
func (IndexOf) Desc ¶ added in v1.5.0
func (f IndexOf) Desc() FunctionDesc
type IndexPosition ¶ added in v1.10.0
type IndexPosition uint8
IndexPosition is the type alias for the string position search order
const ( UnknownIndex IndexPosition = iota FirstIndex // Index AnyIndex // IndexAny LastIndex // LastIndex LastAnyIndex // LastIndexAny )
type IsAbs ¶ added in v1.10.0
type IsAbs struct{}
IsAbs reports whether the path is absolute.
func (IsAbs) Desc ¶ added in v1.10.0
func (f IsAbs) Desc() FunctionDesc
type IsMinidump ¶ added in v1.8.0
type IsMinidump struct{}
IsMinidump determines if the specified file contains the minidump signature.
func (IsMinidump) Call ¶ added in v1.8.0
func (f IsMinidump) Call(args []interface{}) (interface{}, bool)
func (IsMinidump) Desc ¶ added in v1.8.0
func (f IsMinidump) Desc() FunctionDesc
func (IsMinidump) Name ¶ added in v1.8.0
func (f IsMinidump) Name() Fn
type Length ¶ added in v1.5.0
type Length struct{}
Length returns the number of characters (runes) for string arguments and the size of the slice for slice arguments.
func (Length) Desc ¶ added in v1.5.0
func (f Length) Desc() FunctionDesc
type Lower ¶ added in v1.5.0
type Lower struct{}
Lower converts the string with all Unicode letters mapped to their lower case.
func (Lower) Desc ¶ added in v1.5.0
func (f Lower) Desc() FunctionDesc
type Ltrim ¶ added in v1.5.0
type Ltrim struct{}
Ltrim trims the specified prefix from a string.
func (Ltrim) Desc ¶ added in v1.5.0
func (f Ltrim) Desc() FunctionDesc
type MD5 ¶
type MD5 struct{}
MD5 computes the MD5 hash of the given value.
func (MD5) Desc ¶
func (f MD5) Desc() FunctionDesc
type Regex ¶ added in v1.5.0
type Regex struct {
// contains filtered or unexported fields
}
Regex applies single/multiple regular expressions on the provided string arguments.
func (*Regex) Desc ¶ added in v1.5.0
func (f *Regex) Desc() FunctionDesc
type Replace ¶ added in v1.5.0
type Replace struct{}
Replace replaces occurrences in the string as given by arbitrary old/new replacement pairs.
func (Replace) Desc ¶ added in v1.5.0
func (f Replace) Desc() FunctionDesc
type Rtrim ¶ added in v1.5.0
type Rtrim struct{}
Rtrim trims the specified suffix from a string.
func (Rtrim) Desc ¶ added in v1.5.0
func (f Rtrim) Desc() FunctionDesc
type Split ¶ added in v1.5.0
type Split struct{}
Split produces a slice of substrings separated by the given delimiter.
func (Split) Desc ¶ added in v1.5.0
func (f Split) Desc() FunctionDesc
type Substr ¶ added in v1.5.0
type Substr struct{}
Substr creates a substring of a given string.
func (Substr) Desc ¶ added in v1.5.0
func (f Substr) Desc() FunctionDesc
type Symlink ¶ added in v1.10.0
type Symlink struct{}
Symlink returns the path name after the evaluation of any symbolic links.
func (Symlink) Desc ¶ added in v1.10.0
func (f Symlink) Desc() FunctionDesc
type Upper ¶ added in v1.5.0
type Upper struct{}
Upper converts the string with all Unicode letters mapped to their upper case.
func (Upper) Desc ¶ added in v1.5.0
func (f Upper) Desc() FunctionDesc
Source Files