From 8e22e2d92db091166678cafc065ee63a7049885d Mon Sep 17 00:00:00 2001 From: pandaadir05 Date: Fri, 21 Nov 2025 14:37:46 +0200 Subject: [PATCH] Fix YARA compiler move issue in error path When add_rules_str() fails, the compiler is already consumed. Changed from 'continue' to 'return Err' to avoid trying to use the moved compiler in the next loop iteration. This properly handles the builder pattern where the value is consumed on error. --- ghost-core/src/yara_engine.rs | 34 +++++++++++++++++++--------------- 1 file changed, 19 insertions(+), 15 deletions(-) diff --git a/ghost-core/src/yara_engine.rs b/ghost-core/src/yara_engine.rs index e4c4b79..05583dc 100644 --- a/ghost-core/src/yara_engine.rs +++ b/ghost-core/src/yara_engine.rs @@ -171,24 +171,28 @@ impl DynamicYaraEngine { .and_then(|s| s.to_str()) .unwrap_or("default"); - compiler = match compiler.add_rules_str(&content) { - Ok(c) => c, + match compiler.add_rules_str(&content) { + Ok(c) => { + compiler = c; + log::info!("Compiled YARA rule: {}", rule_file.display()); + + self.rule_metadata.push(YaraRuleMetadata { + name: namespace.to_string(), + file_path: rule_file.display().to_string(), + threat_level: ThreatLevel::Medium, + last_updated: SystemTime::now(), + }); + + rule_count += 1; + } Err(e) => { log::error!("Failed to compile {}: {}", rule_file.display(), e); - continue; + // Don't continue - compiler was consumed, return with error + return Err(GhostError::Configuration { + message: format!("Failed to compile {}: {}", rule_file.display(), e), + }); } - }; - - log::info!("Compiled YARA rule: {}", rule_file.display()); - - self.rule_metadata.push(YaraRuleMetadata { - name: namespace.to_string(), - file_path: rule_file.display().to_string(), - threat_level: ThreatLevel::Medium, - last_updated: SystemTime::now(), - }); - - rule_count += 1; + } } Err(e) => { log::error!("Failed to read {}: {}", rule_file.display(), e);