Skip to content

Commit

Permalink
fix: fix YR_STRING conversion that was picking only the first string
Browse files Browse the repository at this point in the history
  • Loading branch information
@Hugal31
Hugal31 committed Jun 6, 2022
1 parent 2078269 commit daea8e2
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 12 deletions.
5 changes: 2 additions & 3 deletions src/internals/string.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,9 +51,8 @@ impl<'a> From<(&'a YR_SCAN_CONTEXT, &'a YR_STRING)> for YrString<'a> {
let identifier = unsafe { CStr::from_ptr(string.get_identifier()) }
.to_str()
.unwrap();
let matches = unsafe { context.matches.as_ref() }
.map(|matches| MatchIterator::from(matches).map(Match::from).collect())
.unwrap_or_else(Vec::new);
let matches = unsafe { &*context.matches.offset(string.idx as isize) };
let matches = MatchIterator::from(matches).map(Match::from).collect();

YrString {
identifier,
Expand Down
25 changes: 16 additions & 9 deletions tests/tests.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,17 +107,24 @@ fn test_compile_fd_rules() {
#[test]
fn test_scan_mem() {
let rules = get_default_rules();
let result = rules.scan_mem("I love Rust!".as_bytes(), 10);
let result = rules.scan_mem("I love Rust! And go is ok".as_bytes(), 10);

let result = result.expect("Should be Ok");
let rule = &result[0];
assert_eq!(1, result.len());
assert_eq!("is_awesome", rule.identifier);
assert_eq!(1, rule.strings.len());
assert_eq!("$rust", rule.strings[0].identifier);
assert_eq!(1, rule.strings[0].matches.len());
assert_eq!(7, rule.strings[0].matches[0].offset);
assert_eq!(b"Rust", rule.strings[0].matches[0].data.as_slice());
assert_eq!(3, result.len());
{
let rule = &result[0];
assert_eq!("is_awesome", rule.identifier);
assert_eq!(1, rule.strings.len());
assert_eq!("$rust", rule.strings[0].identifier);
assert_eq!(1, rule.strings[0].matches.len());
assert_eq!(7, rule.strings[0].matches[0].offset);
assert_eq!(b"Rust", rule.strings[0].matches[0].data.as_slice());
}
{
let rule = &result[1];
assert_eq!("is_ok", rule.identifier);
assert_eq!(b"go", rule.strings[0].matches[0].data.as_slice());
}
}

#[test]
Expand Down

0 comments on commit daea8e2

Please sign in to comment.