public IPrivilege GetPrivilege(Object entity, params ISecurityScope[] securityScopes) { IList <IObjRef> objRefs = ObjRefHelper.ExtractObjRefList(entity, null); IPrivilegeResult result = GetPrivileges(objRefs, securityScopes); return(result.GetPrivileges()[0]); }
public ScanResult(YR_RULE matchingRule) { MatchingRule = new Rule(matchingRule); Matches = new Dictionary <string, List <Match> >(); ObjRefHelper.ForEachYaraStringInObjRef(matchingRule.strings, str => { var identifier = str.identifier; if (identifier == IntPtr.Zero) { return; } ObjRefHelper.ForEachStringMatches(str, match => { string matchText = ObjRefHelper.GetYRString(identifier); if (!Matches.ContainsKey(matchText)) { Matches.Add(matchText, new List <Match>()); } Matches[matchText].Add(new Match(match)); }); }); }
public Rule(YR_RULE rule) { IntPtr ptr = rule.identifier; Identifier = Marshal.PtrToStringAnsi(ptr); Tags = ObjRefHelper.IterateCStrings(rule.tags).ToList(); Metas = ObjRefHelper.GetMetas(rule.metas).Select(ExtractMetaValue).ToDictionary(); AtomsCount = rule.num_atoms; }
public Rule(YR_RULE rule) { IntPtr ptr = rule.identifier; Identifier = Marshal.PtrToStringAnsi(ptr); Tags = new List <string>(); ObjRefHelper.ForEachStringInObjRef(rule.tags, Tags.Add); Metas = ObjRefHelper.GetMetas(rule.metas).Select(ExtractMetaValue).ToDictionary(); TimeCost = rule.time_cost; }
public Rule(YR_RULE rule) { IntPtr ptr = rule.identifier; Identifier = Marshal.PtrToStringAnsi(ptr); Tags = new List <string>(); ObjRefHelper.ForEachStringInObjRef(rule.tags, Tags.Add); }
private void ExtractData() { var ruleStruct = Marshal.PtrToStructure <YR_RULES>(BasePtr); Rules = ObjRefHelper .GetRules(ruleStruct.rules_list_head) .Select(rule => new Rule(rule)) .ToList(); RuleCount = ruleStruct.num_rules; StringsCount = ruleStruct.num_strings; NamespacesCount = ruleStruct.num_namespaces; }
private void ExtractRules() { if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { var ruleStruct = Marshal.PtrToStructure <YR_RULES_WINDOWS>(BasePtr); Rules = ObjRefHelper .GetRules(ruleStruct.rules_list_head) .Select(rule => new Rule(rule)) .ToList(); } else { var ruleStruct = Marshal.PtrToStructure <YR_RULES_UNIX>(BasePtr); Rules = ObjRefHelper .GetRules(ruleStruct.rules_list_head) .Select(rule => new Rule(rule)) .ToList(); } }
public ScanResult(IntPtr scanContext, YR_RULE matchingRule) { IntPtr matchesPtr = GetMatchesPtr(scanContext); IntPtr profilingInfoPtr = GetProfilingInfoPtr(scanContext); MatchingRule = new Rule(matchingRule); Matches = new Dictionary <string, List <Match> >(); var matchingStrings = ObjRefHelper.GetYaraStrings(matchingRule.strings); foreach (var str in matchingStrings) { var identifier = str.identifier; if (identifier == IntPtr.Zero) { return; } var matches = ObjRefHelper.GetStringMatches(matchesPtr, str); foreach (var match in matches) { string matchText = ObjRefHelper.ReadYaraString(str); if (!Matches.ContainsKey(matchText)) { Matches.Add(matchText, new List <Match>()); } Matches[matchText].Add(new Match(match)); if (ProfilingInfo == null) { var profInfo = ObjRefHelper.TryGetProfilingInfoForRule(profilingInfoPtr, (int)str.rule_idx); if (profInfo.HasValue) { ProfilingInfo = new ProfilingInfo(profInfo.Value); } } } } }
public ICacheWalkerResult WalkEntities <T>(params T[] entities) { IList <IObjRef> objRefs = new List <IObjRef>(entities.Length); objRefs = ObjRefHelper.ExtractObjRefList(entities, null, objRefs); IdentityHashSet <ICache> allCachesSet = new IdentityHashSet <ICache>(); foreach (Object entity in entities) { if (entity is IValueHolderContainer) { ICache targetCache = ((IValueHolderContainer)entity).__TargetCache; if (targetCache != null) { allCachesSet.Add(targetCache); } } } return(WalkIntern(ListUtil.ToArray(objRefs), allCachesSet)); }
public IPrivilegeResult GetPrivileges <V>(IList <V> entities, params ISecurityScope[] securityScopes) { IList <IObjRef> objRefs = ObjRefHelper.ExtractObjRefList(entities, null); return(GetPrivilegesByObjRef(objRefs, securityScopes)); }
protected CacheWalkerResult BuildWalkedEntry(ICache cache, IObjRef[] objRefs, IdentityHashMap <ICache, List <ICache> > cacheToChildCaches, IdentityHashMap <ICache, ICache> cacheToProxyCache) { List <ICache> childCaches = cacheToChildCaches.Get(cache); CacheWalkerResult[] childCacheEntries; if (childCaches == null) { childCacheEntries = null; } else { childCacheEntries = new CacheWalkerResult[childCaches.Count]; for (int a = childCaches.Count; a-- > 0;) { childCacheEntries[a] = BuildWalkedEntry(childCaches[a], objRefs, cacheToChildCaches, cacheToProxyCache); } } ICache proxyCache = cacheToProxyCache.Get(cache); bool transactional = false, threadLocal = false; if (proxyCache != null) { threadLocal = true; if (TransactionState != null && TransactionState.IsTransactionActive) { transactional = true; } } IList <Object> cacheValues; if (objRefs != allEntityRefs) { if (cache is ChildCache) { cacheValues = cache.GetObjects(objRefs, CacheDirective.FailEarly | CacheDirective.ReturnMisses); } else { cacheValues = cache.GetObjects(objRefs, CacheDirective.FailEarly | CacheDirective.CacheValueResult | CacheDirective.ReturnMisses); } } else { IdentityHashSet <Object> fCacheValues = new IdentityHashSet <Object>(); cache.GetContent(new HandleContentDelegate(delegate(Type entityType, sbyte idIndex, Object id, Object value) { fCacheValues.Add(value); })); cacheValues = fCacheValues.ToList(); // generate ad-hoc objRefs objRefs = cacheValues.Count > 0 ? ListUtil.ToArray(ObjRefHelper.ExtractObjRefList(cacheValues, null)) : ObjRef.EMPTY_ARRAY; } Object childEntries = childCacheEntries; if (childCacheEntries != null && childCacheEntries.Length == 1) { childEntries = childCacheEntries[0]; } CacheWalkerResult parentEntry = new CacheWalkerResult(cache, transactional, threadLocal, objRefs, ListUtil.ToArray(cacheValues), childEntries); if (childCacheEntries != null) { for (int a = childCacheEntries.Length; a-- > 0;) { childCacheEntries[a].ParentEntry = parentEntry; } } if (objRefs != allEntityRefs) { parentEntry.UpdatePendingChanges(); } return(parentEntry); }