admin/ghost
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix YARA engine: remove unused Scanner import, fix compiler move issue, remove non-existent description field

Browse Source
This commit is contained in:
pandaadir05
2025-11-21 01:42:57 +02:00
parent de355e4faa
commit 67d3ab9ed5
2 changed files with 13 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
ghost-core/src/detection.rs
View File

@@ -263,12 +263,11 @@ impl DetectionEngine {
// YARA rule scanning // YARA rule scanning
if let Some(yara_engine) = &self.yara_engine { if let Some(yara_engine) = &self.yara_engine {
let yara_result = match tokio::runtime::Handle::try_current() { let yara_result = match tokio::runtime::Handle::try_current() {
Ok(handle) => handle.block_on(async { yara_engine.scan_process(process, memory_regions).await }), Ok(handle) => handle
Err(_) => { .block_on(async { yara_engine.scan_process(process, memory_regions).await }),
tokio::runtime::Runtime::new() Err(_) => tokio::runtime::Runtime::new()
.unwrap() .unwrap()
.block_on(async { yara_engine.scan_process(process, memory_regions).await }) .block_on(async { yara_engine.scan_process(process, memory_regions).await }),
}
}; };
if let Ok(yara_result) = yara_result { if let Ok(yara_result) = yara_result {

11
ghost-core/src/yara_engine.rs
View File

@@ -4,7 +4,7 @@ use std::collections::HashMap;
use std::fs; use std::fs;
use std::path::{Path, PathBuf}; use std::path::{Path, PathBuf};
use std::time::SystemTime; use std::time::SystemTime;
use yara::{Compiler, Rules, Scanner}; use yara::{Compiler, Rules};
#[derive(Serialize, Deserialize)] #[derive(Serialize, Deserialize)]
pub struct DynamicYaraEngine { pub struct DynamicYaraEngine {
@@ -127,10 +127,7 @@ impl DynamicYaraEngine {
if !rules_dir.exists() { if !rules_dir.exists() {
return Err(GhostError::Configuration { return Err(GhostError::Configuration {
message: format!( message: format!("Rules directory does not exist: {}", rules_dir.display()),
"Rules directory does not exist: {}",
rules_dir.display()
),
}); });
} }
@@ -300,7 +297,9 @@ impl DynamicYaraEngine {
data: &[u8], data: &[u8],
base_address: usize, base_address: usize,
) -> Result<Vec<RuleMatch>, GhostError> { ) -> Result<Vec<RuleMatch>, GhostError> {
let scan_results = rules.scan_mem(data, 300).map_err(|e| GhostError::Detection { let scan_results = rules
.scan_mem(data, 300)
.map_err(|e| GhostError::Detection {
message: format!("Scan failed: {}", e), message: format!("Scan failed: {}", e),
})?; })?;