admin/ghost
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: formatting the code for cicd

Browse Source
This commit is contained in:
Adir Shitrit
2025-11-21 00:41:25 +02:00
parent bdcb1b33df
commit 45b95ce7d3
3 changed files with 24 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
ghost-core/src/detection.rs
View File

@@ -262,19 +262,15 @@ impl DetectionEngine {
// YARA rule scanning // YARA rule scanning
if let Some(yara_engine) = &self.yara_engine { if let Some(yara_engine) = &self.yara_engine {
if let Ok(yara_result) = if let Ok(yara_result) = tokio::runtime::Handle::try_current()
tokio::runtime::Handle::try_current()
.and_then(|handle| { .and_then(|handle| {
handle.block_on(async { handle
yara_engine.scan_process(process, memory_regions).await .block_on(async { yara_engine.scan_process(process, memory_regions).await })
})
}) })
.or_else(|_| { .or_else(|_| {
tokio::runtime::Runtime::new() tokio::runtime::Runtime::new()
.unwrap() .unwrap()
.block_on(async { .block_on(async { yara_engine.scan_process(process, memory_regions).await })
yara_engine.scan_process(process, memory_regions).await
})
}) })
{ {
if !yara_result.matches.is_empty() { if !yara_result.matches.is_empty() {

3
ghost-core/src/lib.rs
View File

@@ -110,6 +110,5 @@ pub use threat_intel::{
ThreatContext, ThreatIntelligence, ThreatContext, ThreatIntelligence,
}; };
pub use yara_engine::{ pub use yara_engine::{
DynamicYaraEngine, RuleMatch, ThreatLevel as YaraThreatLevel, YaraRuleMetadata, DynamicYaraEngine, RuleMatch, ThreatLevel as YaraThreatLevel, YaraRuleMetadata, YaraScanResult,
YaraScanResult,
}; };

35
ghost-core/src/yara_engine.rs
View File

@@ -154,11 +154,9 @@ impl DynamicYaraEngine {
)); ));
} }
self.compiled_rules = Some( self.compiled_rules = Some(compiler.compile_rules().map_err(|e| {
compiler GhostError::ConfigurationError(format!("Rule compilation failed: {}", e))
.compile_rules() })?);
.map_err(|e| GhostError::ConfigurationError(format!("Rule compilation failed: {}", e)))?,
);
log::info!("Successfully compiled {} YARA rules", rule_count); log::info!("Successfully compiled {} YARA rules", rule_count);
Ok(rule_count) Ok(rule_count)
@@ -202,9 +200,10 @@ impl DynamicYaraEngine {
) -> Result<YaraScanResult, GhostError> { ) -> Result<YaraScanResult, GhostError> {
let start_time = SystemTime::now(); let start_time = SystemTime::now();
let rules = self.compiled_rules.as_ref().ok_or_else(|| { let rules = self
GhostError::ConfigurationError("YARA rules not compiled".to_string()) .compiled_rules
})?; .as_ref()
.ok_or_else(|| GhostError::ConfigurationError("YARA rules not compiled".to_string()))?;
let mut all_matches = Vec::new(); let mut all_matches = Vec::new();
let mut bytes_scanned = 0u64; let mut bytes_scanned = 0u64;
@@ -322,10 +321,7 @@ impl DynamicYaraEngine {
/// Read memory from a specific process and region /// Read memory from a specific process and region
#[cfg(target_os = "windows")] #[cfg(target_os = "windows")]
fn read_process_memory( fn read_process_memory(pid: u32, region: &MemoryRegion) -> Result<Vec<u8>, GhostError> {
pid: u32,
region: &MemoryRegion,
) -> Result<Vec<u8>, GhostError> {
use windows::Win32::Foundation::{CloseHandle, HANDLE}; use windows::Win32::Foundation::{CloseHandle, HANDLE};
use windows::Win32::System::Diagnostics::Debug::ReadProcessMemory; use windows::Win32::System::Diagnostics::Debug::ReadProcessMemory;
use windows::Win32::System::Threading::{OpenProcess, PROCESS_VM_READ}; use windows::Win32::System::Threading::{OpenProcess, PROCESS_VM_READ};
@@ -360,16 +356,14 @@ impl DynamicYaraEngine {
/// Read memory from a specific process and region (Linux implementation) /// Read memory from a specific process and region (Linux implementation)
#[cfg(target_os = "linux")] #[cfg(target_os = "linux")]
fn read_process_memory( fn read_process_memory(pid: u32, region: &MemoryRegion) -> Result<Vec<u8>, GhostError> {
pid: u32,
region: &MemoryRegion,
) -> Result<Vec<u8>, GhostError> {
use std::fs::File; use std::fs::File;
use std::io::{Read, Seek, SeekFrom}; use std::io::{Read, Seek, SeekFrom};
let mem_path = format!("/proc/{}/mem", pid); let mem_path = format!("/proc/{}/mem", pid);
let mut file = File::open(&mem_path) let mut file = File::open(&mem_path).map_err(|e| {
.map_err(|e| GhostError::MemoryReadError(format!("Failed to open {}: {}", mem_path, e)))?; GhostError::MemoryReadError(format!("Failed to open {}: {}", mem_path, e))
})?;
file.seek(SeekFrom::Start(region.base_address as u64)) file.seek(SeekFrom::Start(region.base_address as u64))
.map_err(|e| GhostError::MemoryReadError(format!("Seek failed: {}", e)))?; .map_err(|e| GhostError::MemoryReadError(format!("Seek failed: {}", e)))?;
@@ -383,10 +377,7 @@ impl DynamicYaraEngine {
/// Read memory from a specific process and region (macOS implementation) /// Read memory from a specific process and region (macOS implementation)
#[cfg(target_os = "macos")] #[cfg(target_os = "macos")]
fn read_process_memory( fn read_process_memory(_pid: u32, _region: &MemoryRegion) -> Result<Vec<u8>, GhostError> {
_pid: u32,
_region: &MemoryRegion,
) -> Result<Vec<u8>, GhostError> {
Err(GhostError::NotImplemented( Err(GhostError::NotImplemented(
"Memory reading not implemented for macOS".to_string(), "Memory reading not implemented for macOS".to_string(),
)) ))