open_detect/
scan_result.rs

1type Detections = Vec<Detection>;
2
3/// Result of a malware scan operation.
4///
5/// Represents whether the scanned content is clean or contains detected threats.
6///
7/// # Examples
8///
9/// ```
10/// use open_detect::ScanResult;
11///
12/// let clean = ScanResult::Clean;
13/// assert_eq!(clean, ScanResult::Clean);
14/// ```
15#[derive(Debug, Clone, PartialEq, Eq)]
16pub enum ScanResult {
17    /// No threats detected - the content is clean.
18    Clean,
19    /// One or more threats detected, with details about each detection.
20    Malicious(Detections),
21}
22
23impl From<yara_x::ScanResults<'_, '_>> for ScanResult {
24    fn from(results: yara_x::ScanResults) -> Self {
25        if results.matching_rules().len() == 0 {
26            ScanResult::Clean
27        } else {
28            let detections = results
29                .matching_rules()
30                .map(|rule| rule.identifier().into())
31                .collect();
32
33            ScanResult::Malicious(detections)
34        }
35    }
36}
37
38impl From<String> for ScanResult {
39    fn from(name: String) -> Self {
40        ScanResult::Malicious(vec![Detection { name }])
41    }
42}
43
44impl From<&str> for ScanResult {
45    fn from(name: &str) -> Self {
46        ScanResult::Malicious(vec![Detection {
47            name: name.to_string(),
48        }])
49    }
50}
51
52impl From<Vec<&str>> for ScanResult {
53    fn from(names: Vec<&str>) -> Self {
54        let detections = names
55            .into_iter()
56            .map(|name| Detection { name: name.into() })
57            .collect();
58        ScanResult::Malicious(detections)
59    }
60}
61
62/// Details about a detected threat.
63///
64/// Contains information about a YARA rule that matched during scanning.
65///
66/// # Examples
67///
68/// ```
69/// use open_detect::Detection;
70///
71/// let detection = Detection {
72///     name: "MalwareRule".to_string(),
73/// };
74/// assert_eq!(detection.name, "MalwareRule");
75/// ```
76#[derive(Debug, Clone, PartialEq, Eq)]
77pub struct Detection {
78    /// The name/identifier of the YARA rule that matched.
79    pub name: String,
80}
81
82impl From<&str> for Detection {
83    fn from(name: &str) -> Self {
84        Detection {
85            name: name.to_string(),
86        }
87    }
88}