Suggesting following rearrangement as FCI/FDI API functions are dependent on each other so I'm not sure if it's worth to have separate rules for each of them:
FCICreate and FDICreate can be potentially used for shellcode execution via callback functions (TODO) so adding them as library functions:
lib/create-file-compression-interface-context.ymllib/create-file-decompression-interface-context.yml
Rules indicating creation or extraction of data from Cabinet file:
data-manipulation/compression/create-cabinet-file.ymldata-manipulation/compression/extract-files-from-cabinet.yml
Suggesting following rearrangement as FCI/FDI API functions are dependent on each other so I'm not sure if it's worth to have separate rules for each of them:
FCICreate
andFDICreate
can be potentially used for shellcode execution via callback functions (TODO) so adding them as library functions:lib/create-file-compression-interface-context.yml
lib/create-file-decompression-interface-context.yml
Rules indicating creation or extraction of data from Cabinet file:
data-manipulation/compression/create-cabinet-file.yml
data-manipulation/compression/extract-files-from-cabinet.yml
CC: @mike-hunhoff