Skip to main content

skill_veil_core/rules/
condition.rs

1use crate::findings::ArtifactKind;
2use serde::{Deserialize, Serialize};
3
4/// Condition for rule matching
5///
6/// Conditions define when a rule should trigger. Multiple condition types
7/// are supported, and conditions can be combined using `Any` or `All`.
8#[derive(Debug, Clone, Serialize, Deserialize)]
9#[serde(rename_all = "snake_case")]
10pub enum RuleCondition {
11    /// Match a regex pattern
12    Regex { pattern: String },
13    /// Match content in a specific section
14    SectionContains {
15        section: String,
16        values: Vec<String>,
17    },
18    /// Match a regex within a specific section
19    SectionRegex { section: String, pattern: String },
20    /// Restrict the rule to a specific artifact class
21    ArtifactKind { kinds: Vec<ArtifactKind> },
22    /// Match a YARA rule (requires yara feature)
23    #[cfg(feature = "yara")]
24    Yara { rule: String },
25    /// Any of the conditions must match
26    Any(Vec<RuleCondition>),
27    /// All conditions must match
28    All(Vec<RuleCondition>),
29    /// Match specific code block languages
30    CodeLanguage { languages: Vec<String> },
31}