admin/ghost
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix YARA compiler move issue in error path

Browse Source 
When add_rules_str() fails, the compiler is already consumed.
Changed from 'continue' to 'return Err' to avoid trying to use
the moved compiler in the next loop iteration. This properly
handles the builder pattern where the value is consumed on error.
This commit is contained in:
pandaadir05
2025-11-21 14:37:46 +02:00
parent c1643a9c15
commit 8e22e2d92d
1 changed files with 19 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
ghost-core/src/yara_engine.rs
View File

@@ -171,24 +171,28 @@ impl DynamicYaraEngine {
.and_then(|s| s.to_str())
.unwrap_or("default");
compiler = match compiler.add_rules_str(&content) {
Ok(c) => c,
match compiler.add_rules_str(&content) {
Ok(c) => {
compiler = c;
log::info!("Compiled YARA rule: {}", rule_file.display());
self.rule_metadata.push(YaraRuleMetadata {
name: namespace.to_string(),
file_path: rule_file.display().to_string(),
threat_level: ThreatLevel::Medium,
last_updated: SystemTime::now(),
});
rule_count += 1;
}
Err(e) => {
log::error!("Failed to compile {}: {}", rule_file.display(), e);
continue;
// Don't continue - compiler was consumed, return with error
return Err(GhostError::Configuration {
message: format!("Failed to compile {}: {}", rule_file.display(), e),
});
}
};
log::info!("Compiled YARA rule: {}", rule_file.display());
self.rule_metadata.push(YaraRuleMetadata {
name: namespace.to_string(),
file_path: rule_file.display().to_string(),
threat_level: ThreatLevel::Medium,
last_updated: SystemTime::now(),
});
rule_count += 1;
}
}
Err(e) => {
log::error!("Failed to read {}: {}", rule_file.display(), e);