Merge branch 'main' into count

go/compiler_test.go

@@ -107,7 +107,7 @@ func TestVariables(t *testing.T) {
 
 func TestError(t *testing.T) {
 	_, err := Compile("rule test { condition: foo }")
-	assert.EqualError(t, err, `error[E107]: unknown identifier `+"`foo`"+`
+	assert.EqualError(t, err, `error[E009]: unknown identifier `+"`foo`"+`
  --> line:1:24
   |
 1 | rule test { condition: foo }

lib/src/modules/pe/asn1.rs

@@ -29,7 +29,7 @@ use x509_parser::x509::X509Name;
 #[allow(dead_code)]
 pub mod oid {
     use const_oid::ObjectIdentifier;
-    
+
     pub const JURISDICTION_L: ObjectIdentifier =
         ObjectIdentifier::new_unwrap("1.3.6.1.4.1.311.60.2.1.1");
 
@@ -38,7 +38,7 @@ pub mod oid {
 
     pub const JURISDICTION_C: ObjectIdentifier =
         ObjectIdentifier::new_unwrap("1.3.6.1.4.1.311.60.2.1.3");
-    
+
     pub const MS_SPC_NESTED_SIGNATURE: ObjectIdentifier =
         ObjectIdentifier::new_unwrap("1.3.6.1.4.1.311.2.4.1");
 
@@ -47,15 +47,15 @@ pub mod oid {
 
     pub const MS_SPC_OPUS_INFO: ObjectIdentifier =
         ObjectIdentifier::new_unwrap("1.3.6.1.4.1.311.2.1.12");
-    
+
     pub const MS_COUNTERSIGN: ObjectIdentifier =
         ObjectIdentifier::new_unwrap("1.3.6.1.4.1.311.3.3.1");
-    
+
     /// Similar to 1.2.840.113549.1.1.5. Obsolete, but still present in some files
     /// like: 111aeddc6a6dbf64b28cb565aa12af9ee3cc0a56ce31e4da0068cf6b474c3288
     pub const SHA1_WITH_RSA_ENCRYPTION_OBSOLETE: ObjectIdentifier =
         ObjectIdentifier::new_unwrap("1.3.14.3.2.29");
-    
+
 }
 
 #[inline]
@@ -278,7 +278,7 @@ impl<'a> TryFrom<Any<'a>> for SignedData<'a> {
 ///
 /// [1]: https://datatracker.ietf.org/doc/html/rfc5652#section-5.3
 pub struct SignerInfo<'a> {
-    pub version: i32,
+    pub _version: i32,
     /// Unsigned attributes that contain information about the signer.
     /// These attributes are not protected by the signature, they are usually
     /// added after the signature has been generated. For example, they
@@ -301,7 +301,7 @@ pub struct SignerInfo<'a> {
     pub digest_algorithm: AlgorithmIdentifier<'a>,
     /// The signature algorithm (RSA, DSA, ECDSA) used for producing the
     /// signature.
-    pub signature_algorithm: AlgorithmIdentifier<'a>,
+    pub _signature_algorithm: AlgorithmIdentifier<'a>,
     /// The signature itself. This signature can be validated by using
     /// the public key stored in the certified identified by `serial_number`.
     pub signature: &'a [u8],
@@ -334,7 +334,7 @@ impl<'a> SignerInfo<'a> {
             },
         )?;
 
-        let (remainder, signature_algorithm) =
+        let (remainder, _signature_algorithm) =
             AlgorithmIdentifier::from_ber(remainder)
                 .map_err(|_| BerValueError)?;
 
@@ -351,15 +351,15 @@ impl<'a> SignerInfo<'a> {
         Ok((
             remainder,
             Self {
-                version: version.as_i32()?,
+                _version: version.as_i32()?,
                 signed_attrs,
                 raw_signed_attrs,
                 unsigned_attrs: unsigned_attrs.unwrap_or_default(),
                 signature: signature.content.as_slice()?,
                 issuer,
                 serial_number,
                 digest_algorithm,
-                signature_algorithm,
+                _signature_algorithm,
             },
         ))
     }

lib/src/modules/pe/parser.rs

@@ -1840,7 +1840,9 @@ impl<'a> PE<'a> {
 
             let mut funcs = Vec::new();
 
-            for (i, mut thunk) in &mut thunks.enumerate() {
+            for (i, mut thunk) in
+                &mut thunks.take(Self::MAX_PE_IMPORTS).enumerate()
+            {
                 // If the most significant bit is set, this is an import by
                 // ordinal. The most significant bit depends on whether this
                 // is a 64-bits PE.
@@ -1896,6 +1898,10 @@ impl<'a> PE<'a> {
             if !funcs.is_empty() {
                 imported_funcs.push((dll_name, funcs));
             }
+
+            if imported_funcs.len() >= Self::MAX_PE_IMPORTS {
+                break;
+            }
         }
 
         Some(imported_funcs)

lib/src/re/thompson/instr.rs

@@ -98,7 +98,7 @@ impl SplitId {
     }
 
     /// Add a given amount to the split id, returning [`None`] if the result
-    /// is exceeds the maximum allowed value, which depends on the number of
+    /// is exceeding the maximum allowed value, which depends on the number of
     /// bits indicated by [`SplitId::BITS`].
     #[inline]
     pub fn add(self, amount: u16) -> Option<Self> {

lib/src/scanner/mod.rs

@@ -131,13 +131,13 @@ impl<'r> Scanner<'r> {
 
         // The ScanContext structure belongs to the WASM store, but at the same
         // time it must have a reference to the store because it is required
-        // for accessing the WASM memory from code that only has a reference
-        // to ScanContext. This kind of circular data structures are not
-        // natural to Rust, and they can be achieved either by using unsafe
-        // pointers, or by using Rc::Weak. In this case we are storing a
-        // pointer to the store in ScanContext. The store is put into a
-        // pinned box in order to make sure that it doesn't move from
-        // its original memory address and the pointer remains valid.
+        // for accessing the WASM memory from code that only has a reference to
+        // ScanContext. This kind of circular data structures are not natural
+        // to Rust, and they can be achieved either by using unsafe pointers,
+        // or by using Rc::Weak. In this case we are storing a pointer to the
+        // store in ScanContext. The store is put into a pinned box in order to
+        // make sure that it doesn't move from its original memory address and
+        // the pointer remains valid.
         let mut wasm_store = Box::pin(Store::new(
             &crate::wasm::ENGINE,
             ScanContext {
@@ -199,10 +199,10 @@ impl<'r> Scanner<'r> {
         .unwrap();
 
         // Compute the base offset for the bitmap that contains matching
-        // information for patterns. This bitmap has 1 bit per pattern,
-        // the N-th bit is set if pattern with PatternId = N matched. The
-        // bitmap starts right after the bitmap that contains matching
-        // information for rules.
+        // information for patterns. This bitmap has 1 bit per pattern, the
+        // N-th bit is set if pattern with PatternId = N matched. The bitmap
+        // starts right after the bitmap that contains matching information
+        // for rules.
         let matching_patterns_bitmap_base =
             MATCHING_RULES_BITMAP_BASE as u32 + num_rules.div_ceil(8);
 
@@ -591,8 +591,8 @@ impl<'r> Scanner<'r> {
             };
 
             if let Some(module_output) = &module_output {
-                // Make sure that the module is returning a protobuf message of the
-                // expected type.
+                // Make sure that the module is returning a protobuf message of
+                // the expected type.
                 debug_assert_eq!(
                     module_output.descriptor_dyn().full_name(),
                     module.root_struct_descriptor.full_name(),
@@ -602,10 +602,10 @@ impl<'r> Scanner<'r> {
                     module_output.descriptor_dyn().full_name(),
                 );
 
-                // Make sure that the module is returning a protobuf message where
-                // all required fields are initialized. This only applies to
-                // proto2, proto3 doesn't have "required" fields, all
-                // fields are optional.
+                // Make sure that the module is returning a protobuf message
+                // where all required fields are initialized. This only applies
+                // to proto2, proto3 doesn't have "required" fields, all fields
+                // are optional.
                 debug_assert!(
                     module_output.is_initialized_dyn(),
                     "module `{}` returned a protobuf `{}` where some required fields are not initialized ",
@@ -736,10 +736,9 @@ impl<'r> Scanner<'r> {
                 .data_mut(self.wasm_store.as_context_mut());
 
             // Starting at MATCHING_RULES_BITMAP in main memory there's a
-            // bitmap were the N-th bit indicates if the rule with
-            // ID = N matched or not, If some rule matched in a
-            // previous call the bitmap will contain some
-            // bits set to 1 and need to be cleared.
+            // bitmap were the N-th bit indicates if the rule with ID = N
+            // matched or not, If some rule matched in a previous call the
+            // bitmap will contain some bits set to 1 and need to be cleared.
             let base = MATCHING_RULES_BITMAP_BASE as usize;
             let bitmap = BitSlice::<_, Lsb0>::from_slice_mut(
                 &mut mem[base..base
@@ -868,8 +867,7 @@ impl<'a, 'r> NonMatchingRules<'a, 'r> {
             data,
             iterator: matching_rules_bitmap.iter_zeros(),
             // The number of non-matching rules is the total number of rules
-            // minus the number of matching rules, both private and
-            // non-private.
+            // minus the number of matching rules, both private and non-private.
             len: ctx.compiled_rules.num_rules()
                 - ctx.private_matching_rules.len()
                 - ctx.non_private_matching_rules.len(),