admin/ghost
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix compilation errors: ConfigurationError variants, Scanner API, and tokio runtime handling

Browse Source
This commit is contained in:
pandaadir05
2025-11-21 01:40:10 +02:00
parent 0c8721a08a
commit de355e4faa
2 changed files with 19 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
ghost-core/src/detection.rs
View File

@@ -108,7 +108,7 @@ impl DetectionEngine {
// Initialize YARA engine with default rules directory // Initialize YARA engine with default rules directory
let yara_engine = match DynamicYaraEngine::new(Some("rules")) { let yara_engine = match DynamicYaraEngine::new(Some("rules")) {
Ok(mut engine) => { Ok(engine) => {
if engine.is_compiled() { if engine.is_compiled() {
log::info!( log::info!(
"YARA engine initialized with {} rules", "YARA engine initialized with {} rules",
@@ -262,17 +262,16 @@ impl DetectionEngine {
// YARA rule scanning // YARA rule scanning
if let Some(yara_engine) = &self.yara_engine { if let Some(yara_engine) = &self.yara_engine {
if let Ok(yara_result) = tokio::runtime::Handle::try_current() let yara_result = match tokio::runtime::Handle::try_current() {
.and_then(|handle| { Ok(handle) => handle.block_on(async { yara_engine.scan_process(process, memory_regions).await }),
handle Err(_) => {
.block_on(async { yara_engine.scan_process(process, memory_regions).await })
})
.or_else(|_| {
tokio::runtime::Runtime::new() tokio::runtime::Runtime::new()
.unwrap() .unwrap()
.block_on(async { yara_engine.scan_process(process, memory_regions).await }) .block_on(async { yara_engine.scan_process(process, memory_regions).await })
}) }
{ };
if let Ok(yara_result) = yara_result {
if !yara_result.matches.is_empty() { if !yara_result.matches.is_empty() {
log::info!( log::info!(
"YARA scan found {} matches in {} ms", "YARA scan found {} matches in {} ms",

24
ghost-core/src/yara_engine.rs
View File

@@ -126,10 +126,12 @@ impl DynamicYaraEngine {
})?; })?;
if !rules_dir.exists() { if !rules_dir.exists() {
return Err(GhostError::ConfigurationError(format!( return Err(GhostError::Configuration {
"Rules directory does not exist: {}", message: format!(
rules_dir.display() "Rules directory does not exist: {}",
))); rules_dir.display()
),
});
} }
let mut compiler = Compiler::new().map_err(|e| GhostError::Configuration { let mut compiler = Compiler::new().map_err(|e| GhostError::Configuration {
@@ -175,9 +177,9 @@ impl DynamicYaraEngine {
} }
if rule_count == 0 { if rule_count == 0 {
return Err(GhostError::ConfigurationError( return Err(GhostError::Configuration {
"No YARA rules were successfully compiled".to_string(), message: "No YARA rules were successfully compiled".to_string(),
)); });
} }
self.compiled_rules = self.compiled_rules =
@@ -298,11 +300,7 @@ impl DynamicYaraEngine {
data: &[u8], data: &[u8],
base_address: usize, base_address: usize,
) -> Result<Vec<RuleMatch>, GhostError> { ) -> Result<Vec<RuleMatch>, GhostError> {
let mut scanner = Scanner::new(rules).map_err(|e| GhostError::Detection { let scan_results = rules.scan_mem(data, 300).map_err(|e| GhostError::Detection {
message: format!("Scanner creation failed: {}", e),
})?;
let scan_results = scanner.scan_mem(data).map_err(|e| GhostError::Detection {
message: format!("Scan failed: {}", e), message: format!("Scan failed: {}", e),
})?; })?;
@@ -317,7 +315,7 @@ impl DynamicYaraEngine {
for meta in rule.metadatas { for meta in rule.metadatas {
let value = match meta.value { let value = match meta.value {
yara::MetadataValue::Integer(i) => i.to_string(), yara::MetadataValue::Integer(i) => i.to_string(),
yara::MetadataValue::String(ref s) => s.clone(), yara::MetadataValue::String(ref s) => s.to_string(),
yara::MetadataValue::Boolean(b) => b.to_string(), yara::MetadataValue::Boolean(b) => b.to_string(),
}; };
metadata.insert(meta.identifier.to_string(), value); metadata.insert(meta.identifier.to_string(), value);