Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(go): expose rule's metadata in Go API #123

Merged
merged 5 commits into from
May 25, 2024
Merged

feat(go): expose rule's metadata in Go API #123

merged 5 commits into from
May 25, 2024

Conversation

codedninja
Copy link
Contributor

Reference issue: #120 & #118

@google-cla Google CLA
Copy link

google-cla bot commented May 23, 2024

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

@plusvic plusvic changed the title Exposed rule's metadata in golang package feat(go): expose rule's metadata in Go API May 23, 2024
@plusvic
Copy link
Member

plusvic commented May 23, 2024

Now that I see an implementation I'm reconsidering the use of JSON as a format for exchanging metadata information. There are some issues with JSON that make it far from ideal:

  • We lose information about whether a number is actually a float or an integer.
  • For non-UTF8 strings we are going to get an array of numbers, which will be translated to []float instead of []byte.

@codedninja
Copy link
Contributor Author

When I wrote the tests I noticed that as well, maybe a similar implementation as the original Yara did? Which is what I was originally aiming for when attempting to implement it in the C-API.

struct YR_META
{
  DECLARE_REFERENCE(const char*, identifier);
  DECLARE_REFERENCE(const char*, string);

  int64_t integer;
  int32_t type;
  int32_t flags;
};

@plusvic
Copy link
Member

plusvic commented May 23, 2024

I've refactored the C API for obtaining the rule's metadata. See: 9f90eaa

@codedninja
Copy link
Contributor Author

There is a slight error with the float variant inside of the YRX_METADATA_VALUE union. When the header file gets generated it makes it into "two or more data types in declared specifier" due to float being a reserved keyword.

While you decide on the new name for the float variant, I shall temporary rename to get the go package working.

@plusvic
Copy link
Member

plusvic commented May 24, 2024

There is a slight error with the float variant inside of the YRX_METADATA_VALUE union. When the header file gets generated it makes it into "two or more data types in declared specifier" due to float being a reserved keyword.

While you decide on the new name for the float variant, I shall temporary rename to get the go package working.

Fixed in 497c678

@codedninja
Copy link
Contributor Author

Union types are represented as byte arrays in golang but I was able to get it working with that limitation.

@plusvic
Copy link
Member

plusvic commented May 24, 2024

I've added some helper functions for accessing the metadata values in a safer, more legible way.

@plusvic plusvic merged commit 9ddbbbe into VirusTotal:main May 25, 2024
14 of 15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@codedninja @plusvic