[][src]Struct yara::Rules

pub struct Rules { /* fields omitted */ }

A set of compiled rules.

Obtained from compiling or loading a pre-compiled rule.

Implementations

impl Rules[src]

pub fn scan_mem(
    &self,
    mem: &[u8],
    timeout: u16
) -> Result<Vec<Rule<'_>>, YaraError>[src]

Scan memory.

Returns a Vec of maching rules.

  • mem - Slice to scan.
  • timeout - the timeout is in seconds.

Example

let mut compiler = Compiler::new()?;
compiler.add_rules_str("rule contains_rust {
  strings:
    $rust = \"rust\" nocase
  condition:
    $rust
}")?;
let rules = compiler.compile_rules().unwrap();
let results = rules.scan_mem("I love Rust!".as_bytes(), 5).unwrap();
assert_eq!(1, results.len());

let contains_rust_rule = &results[0];
assert_eq!("contains_rust", contains_rust_rule.identifier);
assert_eq!(1, contains_rust_rule.strings.len());

let string = &contains_rust_rule.strings[0];
assert_eq!("$rust", string.identifier);

let m = &string.matches[0];
assert_eq!(7, m.offset);
assert_eq!(4, m.length);
assert_eq!(b"Rust", m.data.as_slice());

pub fn scan_file<'r, P: AsRef<Path>>(
    &self,
    path: P,
    timeout: u16
) -> Result<Vec<Rule<'r>>, Error>[src]

Scan a file.

Return a Vec of matching rules.

pub fn save(&mut self, filename: &str) -> Result<(), YaraError>[src]

Save the rules to a file.

Note: this method is mut because Yara modifies the Rule arena during serialization.

pub fn save_to_stream<W>(&mut self, writer: W) -> Result<(), Error> where
    W: Write[src]

Save the rules in a Writer.

Note: this method is mut because Yara modifies the Rule arena during serialization.

pub fn load_from_stream<R: Read>(reader: R) -> Result<Self, Error>[src]

Load rules from a pre-compiled rules file.

pub fn load_from_file(filename: &str) -> Result<Self, YaraError>[src]

Load rules from a pre-compiled rules file.

pub fn set_flags(&mut self, flags: u32)[src]

Trait Implementations

impl Drop for Rules[src]

impl Sync for Rules[src]

This is safe because Yara have a mutex on the YR_RULES

impl TryFrom<*mut YR_RULES> for Rules[src]

type Error = YaraError

The type returned in the event of a conversion error.

Auto Trait Implementations

Blanket Implementations

impl<T> Any for T where
    T: 'static + ?Sized[src]

impl<T> Borrow<T> for T where
    T: ?Sized[src]

impl<T> BorrowMut<T> for T where
    T: ?Sized[src]

impl<T> From<T> for T[src]

impl<T, U> Into<U> for T where
    U: From<T>, [src]

impl<T, U> TryFrom<U> for T where
    U: Into<T>, [src]

type Error = Infallible

The type returned in the event of a conversion error.

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>, [src]

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.