Crate yara_x

Expand description

A YARA compiler and scanner completely written in Rust from scratch.

It is 99% compatible with existing YARA rules and intends to be a safer, more efficient implementation of YARA.

There are two main types in this crate: Compiler and Scanner. A compiler takes YARA source code and produces compiled Rules that are passed to the scanner for scanning files or in-memory data. The Rules produced by the compiler can be safely passed to multiple instances of Scanner, but each instance of the scanner can be used for scanning a single file or memory buffer at a time. The scanner can be re-used for scanning multiple files or memory-buffers, though.

§Example

// Create a compiler.
let mut compiler = yara_x::Compiler::new();

// Add some YARA source code to compile.
compiler.add_source(r#"
    rule lorem_ipsum {
      strings:
        $ = "Lorem ipsum"
      condition:
        all of them
    }
"#).unwrap();

// Obtain the compiled YARA rules.
let rules = compiler.build();

// Create a scanner that uses the compiled rules.
let mut scanner = yara_x::Scanner::new(&rules);

// Scan some data.
let results = scanner.scan("Lorem ipsum".as_bytes()).unwrap();

assert_eq!(results.matching_rules().len(), 1);

Modules§

errors: Errors returned by this crate.
linters: Linters that can be added to the compiler for performing additional checks.
mods: Utility functions and structures for invoking YARA modules directly.
warnings: Warnings returned while compiling rules.

Structs§

Compiler: Compiles YARA source code producing a set of compiled Rules.
Match: Represents a match.
Matches: Iterator that returns the matches for a pattern.
MatchingRules: Iterator that yields the rules that matched during a scan.
Metadata: Iterator that returns the metadata associated to a rule.
ModuleOutputs: Iterator that returns the outputs produced by YARA modules.
NonMatchingRules: Iterator that yields the rules that didn’t match during a scan.
Pattern: Represents a pattern defined by a rule.
Patterns: An iterator that returns the patterns defined by a rule.
ProfilingDatarules-profiling: Contains information about the time spent on a rule.
Rule: A structure that describes a rule.
Rules: A set of YARA rules in compiled form.
RulesIter: Iterator that yields the of the compiled rules.
ScanOptions: Optional information for the scan operation.
ScanResults: Results of a scan operation.
Scanner: Scans data with already compiled YARA rules.
SourceCode: A structure that describes some YARA source code.
Variable: Represents a YARA variable.

Enums§

MetaValue: A metadata value.
PatternKind: Kinds of patterns.
ScanError: Error returned when a scan operation fails.

Functions§