Module binsec::rule_engine

Implements a YARA-based interface for deploying rule checks against a binary. While this does not implement a foreign function interface directly with the system-installed YARA library component, this is used instead since the currently available Rust bindings to YARA only support up to 3.11.

Structs

YaraCollection	A YaraCollection is denoted as a single file in a ruleset that stores all of the rules grouped together for the type of analysis being done. Each file that is apart of the collection must have a Name and Description comment parsed for informational display.
YaraExecutor	Defines a builder executor that calls yara directly through the command line rather than bindings, and is able to consume rules and executables to match those rules against. The output format that is generated is a YaraMatches -typed mapping.
YaraMatches	Represents a strongly typed collection of YARA rules, and their statuses when executed against a binary. This is to be what ends up being serialized and returned to the user, or displayed as a table.