Struct boreal_parser::Rule

pub struct Rule {
    pub name: String,
    pub name_span: Range<usize>,
    pub tags: Vec<RuleTag>,
    pub metadatas: Vec<Metadata>,
    pub variables: Vec<VariableDeclaration>,
    pub condition: Expression,
    pub is_private: bool,
    pub is_global: bool,
}

A Yara rule.

Fields

name: String

Name of the rule.

name_span: Range<usize>

Span for the rule name.

tags: Vec<RuleTag>

Tags associated with the rule.

metadatas: Vec<Metadata>

Metadata associated with the rule.

variables: Vec<VariableDeclaration>

Variables associated with the rule.

In Yara terms, those are “strings” (and they are declared with the “strings:” declaration in a rule). However, the “string” denomination is exceedingly confusing in the implementation. Instead, name those “variables”, as they are declared with a prefix ‘$’, which in multiple languages indicates variables.

condition: Expression

Condition of the rule.

is_private: bool

Is the rule private.

is_global: bool

Is the rule global.

Trait Implementations

impl Clone for Rule

fn clone(&self) -> Rule

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Rule

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl PartialEq<Rule> for Rule

fn eq(&self, other: &Rule) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl StructuralPartialEq for Rule