endpoint-sec 0.5.0

High-level Rust wrappers around the Endpoint Security Framework
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

//! [`EventXpMalwareDetected`]

use std::ffi::OsStr;

use endpoint_sec_sys::es_event_xp_malware_detected_t;

/// XProtect detected malware.
#[doc(alias = "es_event_xp_malware_detected_t")]
pub struct EventXpMalwareDetected<'a> {
    /// Raw event
    pub(crate) raw: &'a es_event_xp_malware_detected_t,
}

impl<'a> EventXpMalwareDetected<'a> {
    /// Version of the signatures used for detection. Currently corresponds to XProtect version.
    #[inline(always)]
    pub fn signature_version(&self) -> &'a OsStr {
        // Safety: 'a tied to self, object obtained through ES
        unsafe { self.raw.signature_version.as_os_str() }
    }

    /// String identifying the malware that was detected.
    #[inline(always)]
    pub fn malware_identifier(&self) -> &'a OsStr {
        // Safety: 'a tied to self, object obtained through ES
        unsafe { self.raw.malware_identifier.as_os_str() }
    }

    /// String identifying the incident, intended for linking multiple malware detected and
    /// remediated events.
    #[inline(always)]
    pub fn incident_identifier(&self) -> &'a OsStr {
        // Safety: 'a tied to self, object obtained through ES
        unsafe { self.raw.incident_identifier.as_os_str() }
    }

    /// Path where malware was detected. This path is not necessarily a malicious binary, it can
    /// also be a legitimate file containing a malicious portion.
    #[inline(always)]
    pub fn detected_path(&self) -> &'a OsStr {
        // Safety: 'a tied to self, object obtained through ES
        unsafe { self.raw.detected_path.as_os_str() }
    }
}

// Safety: safe to send across threads: does not contain any interior mutability nor depend on current thread state
unsafe impl Send for EventXpMalwareDetected<'_> {}
// Safety: safe to share across threads: does not contain any interior mutability nor depend on current thread state
unsafe impl Sync for EventXpMalwareDetected<'_> {}

impl_debug_eq_hash_with_functions!(
    EventXpMalwareDetected<'a>;
    signature_version, malware_identifier, incident_identifier, detected_path,
);