public IPrivilege GetPrivilege(Object entity, params ISecurityScope[] securityScopes)
{
IList <IObjRef> objRefs = ObjRefHelper.ExtractObjRefList(entity, null);
IPrivilegeResult result = GetPrivileges(objRefs, securityScopes);
return(result.GetPrivileges()[0]);
}
public ScanResult(YR_RULE matchingRule)
{
MatchingRule = new Rule(matchingRule);
Matches = new Dictionary <string, List <Match> >();
ObjRefHelper.ForEachYaraStringInObjRef(matchingRule.strings, str =>
{
var identifier = str.identifier;
if (identifier == IntPtr.Zero)
{
return;
}
ObjRefHelper.ForEachStringMatches(str, match =>
{
string matchText = ObjRefHelper.GetYRString(identifier);
if (!Matches.ContainsKey(matchText))
{
Matches.Add(matchText, new List <Match>());
}
Matches[matchText].Add(new Match(match));
});
});
}
public Rule(YR_RULE rule)
{
IntPtr ptr = rule.identifier;
Identifier = Marshal.PtrToStringAnsi(ptr);
Tags = ObjRefHelper.IterateCStrings(rule.tags).ToList();
Metas = ObjRefHelper.GetMetas(rule.metas).Select(ExtractMetaValue).ToDictionary();
AtomsCount = rule.num_atoms;
}
public Rule(YR_RULE rule)
{
IntPtr ptr = rule.identifier;
Identifier = Marshal.PtrToStringAnsi(ptr);
Tags = new List <string>();
ObjRefHelper.ForEachStringInObjRef(rule.tags, Tags.Add);
Metas = ObjRefHelper.GetMetas(rule.metas).Select(ExtractMetaValue).ToDictionary();
TimeCost = rule.time_cost;
}
public Rule(YR_RULE rule)
{
IntPtr ptr = rule.identifier;
Identifier = Marshal.PtrToStringAnsi(ptr);
Tags = new List <string>();
ObjRefHelper.ForEachStringInObjRef(rule.tags, Tags.Add);
}
private void ExtractData()
{
var ruleStruct = Marshal.PtrToStructure <YR_RULES>(BasePtr);
Rules = ObjRefHelper
.GetRules(ruleStruct.rules_list_head)
.Select(rule => new Rule(rule))
.ToList();
RuleCount = ruleStruct.num_rules;
StringsCount = ruleStruct.num_strings;
NamespacesCount = ruleStruct.num_namespaces;
}
private void ExtractRules()
{
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
var ruleStruct = Marshal.PtrToStructure <YR_RULES_WINDOWS>(BasePtr);
Rules = ObjRefHelper
.GetRules(ruleStruct.rules_list_head)
.Select(rule => new Rule(rule))
.ToList();
}
else
{
var ruleStruct = Marshal.PtrToStructure <YR_RULES_UNIX>(BasePtr);
Rules = ObjRefHelper
.GetRules(ruleStruct.rules_list_head)
.Select(rule => new Rule(rule))
.ToList();
}
}
public ScanResult(IntPtr scanContext, YR_RULE matchingRule)
{
IntPtr matchesPtr = GetMatchesPtr(scanContext);
IntPtr profilingInfoPtr = GetProfilingInfoPtr(scanContext);
MatchingRule = new Rule(matchingRule);
Matches = new Dictionary <string, List <Match> >();
var matchingStrings = ObjRefHelper.GetYaraStrings(matchingRule.strings);
foreach (var str in matchingStrings)
{
var identifier = str.identifier;
if (identifier == IntPtr.Zero)
{
return;
}
var matches = ObjRefHelper.GetStringMatches(matchesPtr, str);
foreach (var match in matches)
{
string matchText = ObjRefHelper.ReadYaraString(str);
if (!Matches.ContainsKey(matchText))
{
Matches.Add(matchText, new List <Match>());
}
Matches[matchText].Add(new Match(match));
if (ProfilingInfo == null)
{
var profInfo = ObjRefHelper.TryGetProfilingInfoForRule(profilingInfoPtr, (int)str.rule_idx);
if (profInfo.HasValue)
{
ProfilingInfo = new ProfilingInfo(profInfo.Value);
}
}
}
}
}
public ICacheWalkerResult WalkEntities <T>(params T[] entities)
{
IList <IObjRef> objRefs = new List <IObjRef>(entities.Length);
objRefs = ObjRefHelper.ExtractObjRefList(entities, null, objRefs);
IdentityHashSet <ICache> allCachesSet = new IdentityHashSet <ICache>();
foreach (Object entity in entities)
{
if (entity is IValueHolderContainer)
{
ICache targetCache = ((IValueHolderContainer)entity).__TargetCache;
if (targetCache != null)
{
allCachesSet.Add(targetCache);
}
}
}
return(WalkIntern(ListUtil.ToArray(objRefs), allCachesSet));
}
public IPrivilegeResult GetPrivileges <V>(IList <V> entities, params ISecurityScope[] securityScopes)
{
IList <IObjRef> objRefs = ObjRefHelper.ExtractObjRefList(entities, null);
return(GetPrivilegesByObjRef(objRefs, securityScopes));
}
protected CacheWalkerResult BuildWalkedEntry(ICache cache, IObjRef[] objRefs, IdentityHashMap <ICache, List <ICache> > cacheToChildCaches,
IdentityHashMap <ICache, ICache> cacheToProxyCache)
{
List <ICache> childCaches = cacheToChildCaches.Get(cache);
CacheWalkerResult[] childCacheEntries;
if (childCaches == null)
{
childCacheEntries = null;
}
else
{
childCacheEntries = new CacheWalkerResult[childCaches.Count];
for (int a = childCaches.Count; a-- > 0;)
{
childCacheEntries[a] = BuildWalkedEntry(childCaches[a], objRefs, cacheToChildCaches, cacheToProxyCache);
}
}
ICache proxyCache = cacheToProxyCache.Get(cache);
bool transactional = false, threadLocal = false;
if (proxyCache != null)
{
threadLocal = true;
if (TransactionState != null && TransactionState.IsTransactionActive)
{
transactional = true;
}
}
IList <Object> cacheValues;
if (objRefs != allEntityRefs)
{
if (cache is ChildCache)
{
cacheValues = cache.GetObjects(objRefs, CacheDirective.FailEarly | CacheDirective.ReturnMisses);
}
else
{
cacheValues = cache.GetObjects(objRefs, CacheDirective.FailEarly | CacheDirective.CacheValueResult | CacheDirective.ReturnMisses);
}
}
else
{
IdentityHashSet <Object> fCacheValues = new IdentityHashSet <Object>();
cache.GetContent(new HandleContentDelegate(delegate(Type entityType, sbyte idIndex, Object id, Object value)
{
fCacheValues.Add(value);
}));
cacheValues = fCacheValues.ToList();
// generate ad-hoc objRefs
objRefs = cacheValues.Count > 0 ? ListUtil.ToArray(ObjRefHelper.ExtractObjRefList(cacheValues, null)) : ObjRef.EMPTY_ARRAY;
}
Object childEntries = childCacheEntries;
if (childCacheEntries != null && childCacheEntries.Length == 1)
{
childEntries = childCacheEntries[0];
}
CacheWalkerResult parentEntry = new CacheWalkerResult(cache, transactional, threadLocal, objRefs, ListUtil.ToArray(cacheValues), childEntries);
if (childCacheEntries != null)
{
for (int a = childCacheEntries.Length; a-- > 0;)
{
childCacheEntries[a].ParentEntry = parentEntry;
}
}
if (objRefs != allEntityRefs)
{
parentEntry.UpdatePendingChanges();
}
return(parentEntry);
}
