Class: YaraTools::Splitter

Inherits:

Object

Object
YaraTools::Splitter

show all

Defined in:: lib/yara-normalize/yara-normalize.rb

Overview

Splits a multi-rule YARA file into individual YaraRule objects.

Class Method Summary collapse

.split(ruleset) ⇒ Object

Parse a string containing one or more YARA rules and return an Array of YaraRule instances, one per rule found in ruleset.

Class Method Details

.split(ruleset) ⇒ `Object`

Parse a string containing one or more YARA rules and return an Array of YaraRule instances, one per rule found in ruleset.

# File 'lib/yara-normalize/yara-normalize.rb', line 147

def self.split(ruleset)
  # Strip line endings and single-line comments before scanning so that
  # comment text cannot interfere with the rule boundary regex.
  clean = ruleset.gsub(/[\r\n]+/, "\n").gsub(/^\s*\/\/.*$/, '')
  rule_re = /(rule\s+([\w\-]+)(\s*:\s*(\w[\w\s]+\w))?\s*\{\s*(meta:\s*(.*?))?strings:\s*(.*?)\s*condition:\s*(.*?)\s*\})/m
  clean.scan(rule_re).map { |rule| YaraRule.new(rule[0]) }
end

Class: YaraTools::Splitter

Overview

Class Method Summary collapse

Class Method Details

.split(ruleset) ⇒ Object

.split(ruleset) ⇒ `Object`