-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathruleset.go
86 lines (68 loc) · 1.6 KB
/
ruleset.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
package main
import (
// standard
"bufio"
"fmt"
"os"
"strings"
// external
"github.com/hillu/go-yara/v4"
)
type RuleSet struct {
Name string
FilePath string
Compiler *yara.Compiler
Rules *yara.Rules
}
func (self *RuleSet) ListRules() ([]string, error) {
rules := []string{}
fmt.Printf("ListRules called")
file, err := os.Open(self.FilePath)
if err != nil {
return nil, err
}
defer file.Close()
reader := bufio.NewScanner(file)
for reader.Scan() {
rules = append(rules, reader.Text())
}
if err := reader.Err(); err != nil {
return nil, err
}
return rules, nil
}
func NewRuleSet(indexpath string) (*RuleSet, error) {
filehandle, err := os.Open(indexpath)
if err != nil {
return nil, err
}
info.Println("NewRuleSet index: " + indexpath)
fields := strings.Split(indexpath, "/")
filename := fields[len(fields)-1]
namespacestr := strings.Split(filename, "_")[0]
info.Println("NewRuleSet fields: " + strings.Join(fields,","))
info.Println("NewRuleSet filename: " + filename)
info.Println("NewRuleSet namespacestr: " + namespacestr)
info.Println("NewRuleSet indexpath: " + indexpath)
compiler, err := yara.NewCompiler()
if err != nil {
return nil, err
}
err = compiler.AddFile(filehandle, namespacestr)
filehandle.Close()
if err != nil {
info.Println("NewRuleSet err: " + err.Error())
elog.Println(err)
return nil, err
}
rules, err := compiler.GetRules()
if err != nil {
return nil, err
}
namespace := new(RuleSet)
namespace.FilePath = indexpath
namespace.Name = namespacestr
namespace.Compiler = compiler
namespace.Rules = rules
return namespace, nil
}