Home Explore Help
Register Sign In
miuye
/
standard
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
standard
/
yara
/
test.go

test.go 994 B
Permalink History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849 
  1. package main
    2. 

  2. 

  3. import (
    4. 

  4. 	yara "github.com/hillu/go-yara"
    5. 

  5. 	"io/ioutil"
    6. 

  6. 	"os"
    7. 

  7. 	"fmt"
    8. 

  8. )
    9. 

  9. 

  10. func main() {
    11. 

  11. 	//rule := "rule test : tag1 { meta: author = \"Matt Blewitt\" strings: $a = \"abc\" fullword condition: $a }"
    12. 

  12. 	rule := `rule test
    13. 

  13. 	{
    14. 

  14. 	meta:
    15. 

  15. 		date = "2021-07-26"
    16. 

  16. 		description = "this is a test"
    17. 

  17.         tag = "test"
    18. 

  18. 	strings:
    19. 

  19. 		$dev = "xiaomi" nocase
    20. 

  20. 	condition:
    21. 

  21. 		$dev
    22. 

  22. 	}`
    23. 

  23. 	compiler, err := yara.NewCompiler()
    24. 

  24. 	if compiler == nil || err != nil {
    25. 

  25. 		return
    26. 

  26. 	}
    27. 

  27. 	if err = compiler.AddString(rule, ""); err != nil {
    28. 

  28. 		return
    29. 

  29. 	}
    30. 

  30. 	rules, err := compiler.GetRules()
    31. 

  31. 	if err != nil {
    32. 

  32. 		return
    33. 

  33. 	}
    34. 

  34. 	s, err := yara.NewScanner(rules)
    35. 

  35. 	if err != nil {
    36. 

  36. 		return
    37. 

  37. 	}
    38. 

  38. 	testFile, _ := ioutil.TempFile("", "TestFile")
    39. 

  39. 	defer os.Remove(testFile.Name())
    40. 

  40. 	testFile.Write([]byte("xiaomi10"))
    41. 

  41. 	testFile.Close()
    42. 

  42. 	var matchRules yara.MatchRules
    43. 

  43. 	if err := s.SetCallback(&matchRules).ScanFile(testFile.Name()); err != nil {
    44. 

  44. 		return
    45. 

  45. 	} else if len(matchRules) != 1 {
    46. 

  46. 		return
    47. 

  47. 	}
    48. 

  48. 	fmt.Printf("Matches: %+v", matchRules)
    49. 

  49. }
    50.