We do not support the built-in symbols that are not from modules. The other symbol is deprecated entrypoint.

• they should be documented here

#[test]
fn test_eval_filesize() {
    let mut context = common::context_with_pe_sample_and_rule();
    let res = context.eval("filesize").unwrap();
    assert_eq!(res, YrValue::Integer(123));
}

Make sure this is also supported in complex expressions when comparing against 1200KB for example.

• integer can be checked by value
• float can be checked for nan
• string can be null, so for this we have to wrap this in Option

This also made the converting to boolean better, since undefined values seems to evaluate to False.

Enable this in complex expressions. This does not work in regular eval because both are represented as u64 and YrValue::Integer has i64.

This might result in losing some information if we just convert it from u64 to i64. We will have to come back to this.

• YARA reference https://github.com/VirusTotal/yara/blob/master/libyara/scanner.c#L657

In order to satisfy LICENSE requirements, yari_sys::LICENSES contains the license information.

On the cli you can print the licenses using following

yari --licenses

From the Python you can print the licenses using following:

>>> import yari
>>> print(yari.LICENSES)

When compiling under Linux, I get the following error message:

• cargo update
• cargo build

error[E0432]: unresolved import `crate::bindings::yr_modules_do_load`
  --> yari-sys/src/lib.rs:23:5
   |
23 | use crate::bindings::yr_modules_do_load;
   |     ^^^^^^^^^^^^^^^^^------------------
   |     |                |
   |     |                help: a similar name exists in the module: `yr_modules_load`
   |     no `yr_modules_do_load` in `bindings`

error[E0432]: unresolved import `crate::bindings::yr_modules_do_unload`
  --> yari-sys/src/lib.rs:24:5
   |
24 | use crate::bindings::yr_modules_do_unload;
   |     ^^^^^^^^^^^^^^^^^--------------------
   |     |                |
   |     |                help: a similar name exists in the module: `yr_modules_load`
   |     no `yr_modules_do_unload` in `bindings`

For more information about this error, try `rustc --explain E0432`.
error: could not compile `yari-sys` due to 2 previous errors

rustc --explain E0432: An import was unresolved.

uname -a: Linux Host 5.10.102.1-microsoft-standard-WSL2 SMP Wed Mar 2 00:30:59 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

lsb_release -a: Ubuntu 20.04.5 LTS

The release process is currently manual. We should try to automate it. At least the builds for different platforms.

• [ ] Linux
• [ ] Windows
• [ ] Mac OS (only after #14 is done)

Currently we support only Linux and Windows platforms.

We should find a way to also build universal MacOS YARI wheels.

• [ ] The first step should be to mention our current limitations in README
• [ ] Then find and document a way to build it on MacOS
• [ ] Optionally prepare a GithubActions workflow for that