Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixes and improvements to pattern matching #63

Merged
merged 1 commit into from
Aug 16, 2024
Merged

Fixes and improvements to pattern matching #63

merged 1 commit into from
Aug 16, 2024

Conversation

ViRb3
Copy link
Contributor

@ViRb3 ViRb3 commented Aug 15, 2024

This PR adds a bunch of fixes and improvements to the pattern matching algorithm:

  • Correct tracking of patLen. We want to count the worst possible size for each expression, previously this was not followed in all cases.
  • Lazy evaluate quantifiers (jumps) to match YARA's behavior
  • Use single-line flag for regex to fix mathing when new line byte (0xA, \n) is involved
  • Track needle offset within the pattern, and when expanding needle results to regex windows, do so by the exact amount in each direction based on this offset
  • Check for and return sub-matches, which is unlike regex but YARA does this

Specific examples to some of these cases are inlined as comments.

Copy link

google-cla bot commented Aug 15, 2024

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

@stevemk14ebr
Copy link
Collaborator

This is a fantastic PR thank you so much! As soon as you sign the CLA I can begin the code review and work towards merge

@stevemk14ebr stevemk14ebr merged commit c25fb12 into mandiant:master Aug 16, 2024
2 checks passed
@stevemk14ebr
Copy link
Collaborator

I do not see any issues here, I will do some testing and then cut a release in a few days

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants