module bytes_match
BytesMatch class for tracking regex and YARA matches against binary data.
Global Variables
- ALERT_STYLE
- GREY_ADDRESS
class BytesMatch
Simple class to keep track of regex matches against binary data.
Basically a Regex re.match object with some (not many) extra bells and whistles, most notably the surrounding_bytes property.
method __init__
__init__(
matched_against: bytes,
start_idx: int,
length: int,
label: str,
ordinal: int,
match: Optional[Match] = None,
highlight_style: str = 'orange1'
) → None
Initialize a BytesMatch object representing a match against binary data.
Args:
matched_against(bytes): The full byte sequence that was searched.start_idx(int): Start index of the match in the byte sequence.length(int): Length of the match in bytes.label(str): Label for the match (e.g., regex or YARA rule name).ordinal(int): This was the Nth match for this pattern (used for labeling only).match(Optional[re.Match]): Regexmatchobject, if available.highlight_style(str): Style to use for highlighting the match.
method bytes_hashes_table
bytes_hashes_table() → Table
Build a table of MD5/SHA hashes for the matched bytes.
Returns:
Table: RichTableobject with hashes.
classmethod from_regex_match
from_regex_match(
matched_against: bytes,
match: Match,
ordinal: int,
highlight_style: str = 'orange1'
) → BytesMatch
Alternate constructor to build a BytesMatch from a regex match object.
Args:
matched_against(bytes): The bytes searched.match(re.Match): The regexmatchobject.ordinal(int): This was the Nth match for this pattern (used for labeling only).highlight_style(str): Style for highlighting.
Returns:
BytesMatch: The constructedBytesMatchinstance.
classmethod from_yara_match
from_yara_match(
matched_against: bytes,
yara_match: dict,
highlight_style: str = 'orange1'
) → Iterator[ForwardRef('BytesMatch')]
Yield a BytesMatch for each string returned as part of a YARA match result dict.
Args:
matched_against(bytes): The bytes searched.yara_match(dict): YARA match result dictionary.highlight_style(str): Style for highlighting.
Yields:
BytesMatch: For each string match in the YARA result.
classmethod from_yara_str
from_yara_str(
matched_against: bytes,
rule_name: str,
yara_str_match: StringMatch,
yara_str_match_instance: StringMatchInstance,
ordinal: int,
highlight_style: str = 'orange1'
) → BytesMatch
Alternate constructor to build a BytesMatch from a YARA string match instance.
Args:
matched_against(bytes): The bytes searched.rule_name(str): Name of the YARA rule.yara_str_match(StringMatch): YARA string match object.yara_str_match_instance(StringMatchInstance): Instance of the string match.ordinal(int): The Nth match for this pattern.highlight_style(str): Style for highlighting.
Returns:
BytesMatch: The constructed BytesMatch instance.
method is_decodable
is_decodable() → bool
Determine if the matched bytes should be decoded.
Whether the bytes are decodable depends on whether SUPPRESS_DECODES_TABLE is set and whether the match length is between MIN/MAX_DECODE_LENGTH.
Returns:
bool:Trueif decodable,Falseotherwise.
method location
location() → Text
Get a styled Text object describing the start and end index of the match.
Returns:
Text: Rich Text object like '(start idx: 348190, end idx: 348228)'.
method style_at_position
style_at_position(idx) → str
Get the style for the byte at position idx within the matched bytes.
Args:
idx(int): Index within the surrounding bytes.
Returns:
str: The style to use for this byte (highlight or greyed out).
method suppression_notice
suppression_notice() → Text
Generate a message for when the match is too short or too long to decode.
Returns:
Text: RichTextobject with the suppression notice.
method to_json
to_json() → dict
Convert this BytesMatch to a JSON-serializable dictionary.
Returns:
dict: Dictionary representation of the match, suitable for JSON serialization.
This file was automatically generated via lazydocs.