matchy 2.0.1

Fast database for IP address and pattern matching with rich data storage
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

//! Example: Building a database with custom metadata
//!
//! Shows how to set custom database_type and description fields

use matchy::DataValue;
use matchy::DatabaseBuilder;
use matchy::MatchMode;
use std::collections::HashMap;

fn main() -> Result<(), Box<dyn std::error::Error>> {
    println!("Building database with custom metadata...\n");

    // Create builder with custom metadata
    let mut builder = DatabaseBuilder::new(MatchMode::CaseSensitive)
        .with_database_type("MyCompany-ThreatIntel")
        .with_description("en", "Corporate threat intelligence database")
        .with_description(
            "es",
            "Base de datos de inteligencia de amenazas corporativa",
        )
        .with_description("fr", "Base de données de renseignements sur les menaces");

    // Add some threat data
    let mut malicious_ip = HashMap::new();
    malicious_ip.insert(
        "threat_level".to_string(),
        DataValue::String("critical".to_string()),
    );
    malicious_ip.insert(
        "category".to_string(),
        DataValue::String("botnet".to_string()),
    );
    malicious_ip.insert(
        "first_seen".to_string(),
        DataValue::String("2024-01-15".to_string()),
    );
    builder.add_entry("198.51.100.0/24", malicious_ip)?;

    let mut suspicious_pattern = HashMap::new();
    suspicious_pattern.insert(
        "threat_level".to_string(),
        DataValue::String("medium".to_string()),
    );
    suspicious_pattern.insert(
        "category".to_string(),
        DataValue::String("phishing".to_string()),
    );
    builder.add_entry("*.phishing-site.com", suspicious_pattern)?;

    let mut tracking_pattern = HashMap::new();
    tracking_pattern.insert(
        "threat_level".to_string(),
        DataValue::String("low".to_string()),
    );
    tracking_pattern.insert(
        "category".to_string(),
        DataValue::String("tracker".to_string()),
    );
    builder.add_entry("*tracker*.example.com", tracking_pattern)?;

    // Build and save
    println!("Building database...");
    let database_bytes = builder.build()?;

    let output_file = "custom_metadata.mmdb";
    std::fs::write(output_file, &database_bytes)?;

    println!("✓ Database created: {output_file}");
    println!("  Size: {} bytes", database_bytes.len());
    println!("\nMetadata:");
    println!("  Database Type: MyCompany-ThreatIntel");
    println!("  Descriptions:");
    println!("    [en] Corporate threat intelligence database");
    println!("    [es] Base de datos de inteligencia de amenazas corporativa");
    println!("    [fr] Base de données de renseignements sur les menaces");

    println!("\nYou can query it with:");
    println!("  paraglob query {output_file} 198.51.100.50 --data");
    println!("  paraglob query {output_file} malware.phishing-site.com --data");
    println!("  mmdblookup --file {output_file} --ip 198.51.100.50");

    Ok(())
}