functions

package
v1.10.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 31, 2023 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// Shannon computes the string entropy by employing
	// the Shannon algorithm.
	// https://en.wikipedia.org/wiki/Entropy_(information_theory)
	Shannon = "shannon"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type ArgType 

type ArgType uint8

ArgType is the type alias for the argument value type. 

const (
	// String represents the string argument type.
	String ArgType = iota
	// Number represents the scalar argument type.
	Number
	// IP represents the IP argument type.
	IP
	// Field represents the argument type that is derived
	// from the field literal. Field literal values can
	// be simple primitive types.
	Field
	// Func represents the argument type that is derived
	// from the function return value.
	Func
	// Slice represents the string slice argument type.
	Slice
	// Bool represents the boolean argument type.
	Bool
	// Unknown is the unknown argument type.
	Unknown
)

func (ArgType) String 

func (typ ArgType) String() string

String returns the argument type as a string value.

type ArgsValidation added in v1.5.0 

type ArgsValidation func(args []string) error

ArgsValidation is a function for the custom argument validation logic.

type Base added in v1.10.0 

type Base struct{}

Base returns the last element of the path.

func (Base) Call added in v1.10.0 

func (f Base) Call(args []interface{}) (interface{}, bool)

func (Base) Desc added in v1.10.0 

func (f Base) Desc() FunctionDesc

func (Base) Name added in v1.10.0 

func (f Base) Name() Fn

type CIDRContains 

type CIDRContains struct{}

CIDRContains determines if the specified IP is contained within the block referenced by the given CIDR mask. The first argument in the slice represents the IP address and the rest of the args represent IP addresses in CIDR notation.

func (CIDRContains) Call 

func (f CIDRContains) Call(args []interface{}) (interface{}, bool)

func (CIDRContains) Desc 

func (f CIDRContains) Desc() FunctionDesc

func (CIDRContains) Name 

func (f CIDRContains) Name() Fn

type Concat added in v1.5.0 

type Concat struct{}

Concat returns a concatenated string of all input arguments.

func (Concat) Call added in v1.5.0 

func (f Concat) Call(args []interface{}) (interface{}, bool)

func (Concat) Desc added in v1.5.0 

func (f Concat) Desc() FunctionDesc

func (Concat) Name added in v1.5.0 

func (f Concat) Name() Fn

type Dir added in v1.10.0 

type Dir struct{}

Dir returns all but the last element of the path, typically the path's directory.

func (Dir) Call added in v1.10.0 

func (f Dir) Call(args []interface{}) (interface{}, bool)

func (Dir) Desc added in v1.10.0 

func (f Dir) Desc() FunctionDesc

func (Dir) Name added in v1.10.0 

func (f Dir) Name() Fn

type Entropy added in v1.5.0 

type Entropy struct{}

Entropy measures the string entropy

func (Entropy) Call added in v1.5.0 

func (f Entropy) Call(args []interface{}) (interface{}, bool)

func (Entropy) Desc added in v1.5.0 

func (f Entropy) Desc() FunctionDesc

func (Entropy) Name added in v1.5.0 

func (f Entropy) Name() Fn

type Ext added in v1.10.0 

type Ext struct{}

Ext returns the file name extension used by the path.

func (Ext) Call added in v1.10.0 

func (f Ext) Call(args []interface{}) (interface{}, bool)

func (Ext) Desc added in v1.10.0 

func (f Ext) Desc() FunctionDesc

func (Ext) Name added in v1.10.0 

func (f Ext) Name() Fn

type Fn 

type Fn uint16

Fn is the type alias for function definitions. 

const (
	// CIDRContainsFn identifies the CIDR_CONTAINS function
	CIDRContainsFn Fn = iota + 1
	// MD5Fn represents the MD5 function
	MD5Fn
	// ConcatFn represents the CONCAT function
	ConcatFn
	// LtrimFn represents the LTRIM function
	LtrimFn
	// RtrimFn represents the RTRIM function
	RtrimFn
	// LowerFn represents the LOWER function
	LowerFn
	// UpperFn represents the UPPER function
	UpperFn
	// ReplaceFn represents the REPLACE function
	ReplaceFn
	// SplitFn represents the SPLIT function
	SplitFn
	// LengthFn represents the LENGTH function
	LengthFn
	// IndexOfFn represents the INDEXOF function
	IndexOfFn
	// SubstrFn represents the SUBSTR function
	SubstrFn
	// EntropyFn represents the ENTROPY function
	EntropyFn
	// RegexFn represents the REGEX function
	RegexFn
	// IsMinidumpFn represents the ISMINIDUMP function
	IsMinidumpFn
	// BaseFn represents the BASE function
	BaseFn
	// DirFn represents the DIR function
	DirFn
	// SymlinkFn represents the SYMLINK function
	SymlinkFn
	// ExtFn represents the EXT function
	ExtFn
	// GlobFn represents the GLOB function
	GlobFn
	// IsAbsFn represents the IS_ABS function
	IsAbsFn
	// VolumeFn represents the VOLUME function
	VolumeFn
	// GetRegValueFn represents the GET_REG_VALUE function
	GetRegValueFn
	// YaraFn represents the YARA function
	YaraFn
)

func (Fn) String 

func (f Fn) String() string

String returns the function name in upper case.

type FunctionArgDesc 

type FunctionArgDesc struct {
	Keyword  string
	Required bool
	Types    []ArgType
}

FunctionArgDesc described each function argument.

func (FunctionArgDesc) ContainsType 

func (arg FunctionArgDesc) ContainsType(typ ArgType) bool

ContainsType returns true if the argument satisfies the given argument type.

type FunctionDesc 

type FunctionDesc struct {
	Name               Fn
	Args               []FunctionArgDesc
	ArgsValidationFunc ArgsValidation
}

FunctionDesc contains the function signature that particular filter function has to satisfy.

func (FunctionDesc) RequiredArgs 

func (f FunctionDesc) RequiredArgs() int

RequiredArgs returns the number of the required function args.

type GetRegValue added in v1.10.0 

type GetRegValue struct{}

GetRegValue retrieves the content of the registry value.

func (GetRegValue) Call added in v1.10.0 

func (f GetRegValue) Call(args []interface{}) (interface{}, bool)

func (GetRegValue) Desc added in v1.10.0 

func (f GetRegValue) Desc() FunctionDesc

func (GetRegValue) Name added in v1.10.0 

func (f GetRegValue) Name() Fn

type Glob added in v1.10.0 

type Glob struct{}

Glob returns the names of all files matching the pattern or an empty list if there is no matching file.

func (Glob) Call added in v1.10.0 

func (f Glob) Call(args []interface{}) (interface{}, bool)

func (Glob) Desc added in v1.10.0 

func (f Glob) Desc() FunctionDesc

func (Glob) Name added in v1.10.0 

func (f Glob) Name() Fn

type IndexOf added in v1.5.0 

type IndexOf struct{}

IndexOf returns the index of the instance of substring in a given string depending on the provided search order.

func (IndexOf) Call added in v1.5.0 

func (f IndexOf) Call(args []interface{}) (interface{}, bool)

func (IndexOf) Desc added in v1.5.0 

func (f IndexOf) Desc() FunctionDesc

func (IndexOf) Name added in v1.5.0 

func (f IndexOf) Name() Fn

type IndexPosition added in v1.10.0 

type IndexPosition uint8

IndexPosition is the type alias for the string position search order 

const (
	UnknownIndex IndexPosition = iota
	FirstIndex                 // Index
	AnyIndex                   // IndexAny
	LastIndex                  // LastIndex
	LastAnyIndex               // LastIndexAny
)

type IsAbs added in v1.10.0 

type IsAbs struct{}

IsAbs reports whether the path is absolute.

func (IsAbs) Call added in v1.10.0 

func (f IsAbs) Call(args []interface{}) (interface{}, bool)

func (IsAbs) Desc added in v1.10.0 

func (f IsAbs) Desc() FunctionDesc

func (IsAbs) Name added in v1.10.0 

func (f IsAbs) Name() Fn

type IsMinidump added in v1.8.0 

type IsMinidump struct{}

IsMinidump determines if the specified file contains the minidump signature.

func (IsMinidump) Call added in v1.8.0 

func (f IsMinidump) Call(args []interface{}) (interface{}, bool)

func (IsMinidump) Desc added in v1.8.0 

func (f IsMinidump) Desc() FunctionDesc

func (IsMinidump) Name added in v1.8.0 

func (f IsMinidump) Name() Fn

type Length added in v1.5.0 

type Length struct{}

Length returns the number of characters (runes) for string arguments and the size of the slice for slice arguments.

func (Length) Call added in v1.5.0 

func (f Length) Call(args []interface{}) (interface{}, bool)

func (Length) Desc added in v1.5.0 

func (f Length) Desc() FunctionDesc

func (Length) Name added in v1.5.0 

func (f Length) Name() Fn

type Lower added in v1.5.0 

type Lower struct{}

Lower converts the string with all Unicode letters mapped to their lower case.

func (Lower) Call added in v1.5.0 

func (f Lower) Call(args []interface{}) (interface{}, bool)

func (Lower) Desc added in v1.5.0 

func (f Lower) Desc() FunctionDesc

func (Lower) Name added in v1.5.0 

func (f Lower) Name() Fn

type Ltrim added in v1.5.0 

type Ltrim struct{}

Ltrim trims the specified prefix from a string.

func (Ltrim) Call added in v1.5.0 

func (f Ltrim) Call(args []interface{}) (interface{}, bool)

func (Ltrim) Desc added in v1.5.0 

func (f Ltrim) Desc() FunctionDesc

func (Ltrim) Name added in v1.5.0 

func (f Ltrim) Name() Fn

type MD5 

type MD5 struct{}

MD5 computes the MD5 hash of the given value.

func (MD5) Call 

func (f MD5) Call(args []interface{}) (interface{}, bool)

func (MD5) Desc 

func (f MD5) Desc() FunctionDesc

func (MD5) Name 

func (f MD5) Name() Fn

type Regex added in v1.5.0 

type Regex struct {
	// contains filtered or unexported fields
}

Regex applies single/multiple regular expressions on the provided string arguments.

func NewRegex added in v1.5.0 

func NewRegex() *Regex

NewRegex creates a new regex function.

func (*Regex) Call added in v1.5.0 

func (f *Regex) Call(args []interface{}) (interface{}, bool)

func (*Regex) Desc added in v1.5.0 

func (f *Regex) Desc() FunctionDesc

func (*Regex) Name added in v1.5.0 

func (f *Regex) Name() Fn

type Replace added in v1.5.0 

type Replace struct{}

Replace replaces occurrences in the string as given by arbitrary old/new replacement pairs.

func (Replace) Call added in v1.5.0 

func (f Replace) Call(args []interface{}) (interface{}, bool)

func (Replace) Desc added in v1.5.0 

func (f Replace) Desc() FunctionDesc

func (Replace) Name added in v1.5.0 

func (f Replace) Name() Fn

type Rtrim added in v1.5.0 

type Rtrim struct{}

Rtrim trims the specified suffix from a string.

func (Rtrim) Call added in v1.5.0 

func (f Rtrim) Call(args []interface{}) (interface{}, bool)

func (Rtrim) Desc added in v1.5.0 

func (f Rtrim) Desc() FunctionDesc

func (Rtrim) Name added in v1.5.0 

func (f Rtrim) Name() Fn

type Split added in v1.5.0 

type Split struct{}

Split produces a slice of substrings separated by the given delimiter.

func (Split) Call added in v1.5.0 

func (f Split) Call(args []interface{}) (interface{}, bool)

func (Split) Desc added in v1.5.0 

func (f Split) Desc() FunctionDesc

func (Split) Name added in v1.5.0 

func (f Split) Name() Fn

type Substr added in v1.5.0 

type Substr struct{}

Substr creates a substring of a given string.

func (Substr) Call added in v1.5.0 

func (f Substr) Call(args []interface{}) (interface{}, bool)

func (Substr) Desc added in v1.5.0 

func (f Substr) Desc() FunctionDesc

func (Substr) Name added in v1.5.0 

func (f Substr) Name() Fn
type Symlink struct{}

Symlink returns the path name after the evaluation of any symbolic links.

func (Symlink) Call added in v1.10.0 

func (f Symlink) Call(args []interface{}) (interface{}, bool)

func (Symlink) Desc added in v1.10.0 

func (f Symlink) Desc() FunctionDesc

func (Symlink) Name added in v1.10.0 

func (f Symlink) Name() Fn

type Upper added in v1.5.0 

type Upper struct{}

Upper converts the string with all Unicode letters mapped to their upper case.

func (Upper) Call added in v1.5.0 

func (f Upper) Call(args []interface{}) (interface{}, bool)

func (Upper) Desc added in v1.5.0 

func (f Upper) Desc() FunctionDesc

func (Upper) Name added in v1.5.0 

func (f Upper) Name() Fn

type Volume added in v1.10.0 

type Volume struct{}

Volume returns leading volume name.

func (Volume) Call added in v1.10.0 

func (f Volume) Call(args []interface{}) (interface{}, bool)

func (Volume) Desc added in v1.10.0 

func (f Volume) Desc() FunctionDesc

func (Volume) Name added in v1.10.0 

func (f Volume) Name() Fn

type Yara added in v1.10.0 

type Yara struct{}

Yara unsupported function

func (Yara) Call added in v1.10.0 

func (f Yara) Call(args []interface{}) (interface{}, bool)

func (Yara) Desc added in v1.10.0 

func (f Yara) Desc() FunctionDesc

func (Yara) Name added in v1.10.0 

func (f Yara) Name() Fn

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.