These rule fields can be roughly divided into three categories:
- Metadata: Includes information such as the author and rule name, providing context about the rule itself.
- Filtering: Defines the conditions under which the rule should be executed, such as the target platform or architecture.
- Detection: Specifies the core logic of the rule, including signatures, types, and scopes used to identify a vulnerability in a binary file.
Example
The following example shows a sample value for each of the rule fields. A comprehensive overview and the valid values for the fields can be found in the VulHunt Reference.examples/rule-fields.lua