1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
//! Compilation parameters
/// Parameters used during compilation.
#[derive(Clone, Debug)]
pub struct CompilerParams {
/// Maximum depth in a rule's condition AST.
pub(crate) max_condition_depth: u32,
/// Fail adding rules on warnings.
pub(crate) fail_on_warnings: bool,
/// Compute statistics when compiling rules.
pub(crate) compute_statistics: bool,
/// Disable includes in YARA documents.
pub(crate) disable_includes: bool,
/// Maximum number of strings in a single rule.
pub(crate) max_strings_per_rule: usize,
/// Disable unknown escapes in regex warnings.
pub(crate) disable_unknown_escape_warning: bool,
/// Parsing parameters.
pub(crate) parse_params: boreal_parser::Params,
}
impl Default for CompilerParams {
fn default() -> Self {
Self {
max_condition_depth: 40,
fail_on_warnings: false,
compute_statistics: false,
disable_includes: false,
max_strings_per_rule: 10_000,
disable_unknown_escape_warning: false,
parse_params: boreal_parser::Params::default(),
}
}
}
impl CompilerParams {
/// Maximum depth in a rule's condition AST.
///
/// This is a defensive limit to prevent the compilation or evaluation of
/// the rule to trigger a stack overflow.
///
/// This limit should only be reached in rules written to try to trigger
/// a stack overflow. However, should this limit be too low for real rules,
/// it can be raised.
///
/// Default value is `40`.
#[must_use]
pub fn max_condition_depth(mut self, max_condition_depth: u32) -> Self {
self.max_condition_depth = max_condition_depth;
self
}
/// Report all warnings as errors.
///
/// If set, all warnings are returned as errors, aborting adding rules to the
/// compiler.
///
/// Please note that new releases may introduce new warnings. Enabling this flag
/// can thus break existing rules outside of semantic versioning, although new warnings
/// will be reported on every new releases.
///
/// Default value is false.
#[must_use]
pub fn fail_on_warnings(mut self, fail_on_warnings: bool) -> Self {
self.fail_on_warnings = fail_on_warnings;
self
}
/// Compute statistics during compilation.
///
/// This option allows retrieve statistics related to the compilation of strings.
/// See `AddRuleStatus::statistics`.
///
/// Default value is false.
#[must_use]
pub fn compute_statistics(mut self, compute_statistics: bool) -> Self {
self.compute_statistics = compute_statistics;
self
}
/// Disable the possibility to include yara files.
///
/// If true, an error is returned if the `include` keyword is used in a YARA document.
/// Compute statistics during compilation.
///
/// Default value is false.
#[must_use]
pub fn disable_includes(mut self, disable_includes: bool) -> Self {
self.disable_includes = disable_includes;
self
}
/// Set the maximum number of strings in a single rule.
///
/// If a rule contains more strings than this limit, its compilation will fail.
///
/// Default value is 10 000.
#[must_use]
pub fn max_strings_per_rule(mut self, max_strings_per_rule: usize) -> Self {
self.max_strings_per_rule = max_strings_per_rule;
self
}
/// Disable the "unknown escape sequence" warning.
///
/// By default, unknown escape sequences in regexes generate warnings.
/// Setting this parameter to true removes those warnings.
///
/// Default value is false
#[must_use]
pub fn disable_unknown_escape_warning(mut self, disable_unknown_escape_warning: bool) -> Self {
self.disable_unknown_escape_warning = disable_unknown_escape_warning;
self
}
/// Maximum recursion depth allowed when parsing an expression.
///
/// This is a defensive limit to prevent the parsing of the rule to
/// trigger a stack overflow.
///
/// The default value used for this limit should only be reached in
/// rules written to try to trigger a stack overflow. However, should
/// this limit be too low for real rules, it can be raised.
///
/// See [`boreal_parser::Params::expression_recursion_limit`] for more details.
#[must_use]
pub fn parse_expression_recursion_limit(mut self, limit: u8) -> Self {
self.parse_params = self.parse_params.expression_recursion_limit(limit);
self
}
/// Maximum recursion depth allowed when parsing a regex or a hex-string.
///
/// This is a defensive limit to prevent the parsing of the rule to
/// trigger a stack overflow.
///
/// The default value used for this limit should only be reached in
/// rules written to try to trigger a stack overflow. However, should
/// this limit be too low for real rules, it can be raised.
///
/// See [`boreal_parser::Params::string_recursion_limit`] for more details.
#[must_use]
pub fn parse_string_recursion_limit(mut self, limit: u8) -> Self {
self.parse_params = self.parse_params.string_recursion_limit(limit);
self
}
}