feat(go): expose rule's metadata in Go API

VirusTotal / yara-x

A rewrite of YARA in Rust.

https://virustotal.github.io/yara-x/

BSD 3-Clause "New" or "Revised" License

631 stars 50 forks source link

feat(go): expose rule's metadata in Go API #123

Closed codedninja closed 4 months ago

codedninja commented 4 months ago

Reference issue: #120 & #118

google-cla[bot] commented 4 months ago

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

plusvic commented 4 months ago

Now that I see an implementation I'm reconsidering the use of JSON as a format for exchanging metadata information. There are some issues with JSON that make it far from ideal:

We lose information about whether a number is actually a float or an integer.
For non-UTF8 strings we are going to get an array of numbers, which will be translated to []float instead of []byte.

codedninja commented 4 months ago

When I wrote the tests I noticed that as well, maybe a similar implementation as the original Yara did? Which is what I was originally aiming for when attempting to implement it in the C-API.

struct YR_META
{
  DECLARE_REFERENCE(const char*, identifier);
  DECLARE_REFERENCE(const char*, string);

  int64_t integer;
  int32_t type;
  int32_t flags;
};

plusvic commented 4 months ago

I've refactored the C API for obtaining the rule's metadata. See: 9f90eaab37a764cc90c40881fc60e448483bb7bf

codedninja commented 4 months ago

There is a slight error with the float variant inside of the YRX_METADATA_VALUE union. When the header file gets generated it makes it into "two or more data types in declared specifier" due to float being a reserved keyword.

While you decide on the new name for the float variant, I shall temporary rename to get the go package working.

plusvic commented 4 months ago

There is a slight error with the float variant inside of the YRX_METADATA_VALUE union. When the header file gets generated it makes it into "two or more data types in declared specifier" due to float being a reserved keyword.

While you decide on the new name for the float variant, I shall temporary rename to get the go package working.

Fixed in 497c678cb288dbfdfc12415741e301d724735c97

codedninja commented 4 months ago

Union types are represented as byte arrays in golang but I was able to get it working with that limitation.

plusvic commented 4 months ago

I've added some helper functions for accessing the metadata values in a safer, more legible way.