Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for filesize and similar expressions #10

Closed
MatejKastak opened this issue Sep 23, 2022 · 1 comment · Fixed by #11
Closed

Add support for filesize and similar expressions #10

MatejKastak opened this issue Sep 23, 2022 · 1 comment · Fixed by #11
Labels
enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed

Comments

@MatejKastak
Copy link
Member

MatejKastak commented Sep 23, 2022
edited
Loading

We do not support the built-in symbols that are not from modules. The other symbol is deprecated entrypoint.

  • they should be documented here
#[test]
fn test_eval_filesize() {
    let mut context = common::context_with_pe_sample_and_rule();
    let res = context.eval("filesize").unwrap();
    assert_eq!(res, YrValue::Integer(123));
}

Make sure this is also supported in complex expressions when comparing against 1200KB for example.
@MatejKastak MatejKastak added enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed labels Sep 23, 2022
@MatejKastak MatejKastak linked a pull request Sep 23, 2022 that will close this issue
feat: Add support for entrypoint and filesize #11
Merged
@MatejKastak
Copy link
Member Author

Looks like mapping it directly to YrValue::Integer is not possible since filesize is u64 and integer is i64 like the underlying YARA VALUE. There was a bug where it was not possible to evaluate complex conditions with filesize. That is fixed for now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: Add support for entrypoint and filesize avast/yari
1 participant
@MatejKastak