refactor(yara): Use the new registry data parameter name

rabbitstack · rabbitstack · commit 7fb5a9052cb4 · 2025-07-29T21:30:03.000+02:00
diff --git a/pkg/yara/scanner.go b/pkg/yara/scanner.go
@@ -334,7 +334,7 @@ func (s scanner) Scan(e *event.Event) (bool, error) {
 		if typ := e.Params.TryGetUint32(params.RegValueType); typ != registry.BINARY {
 			return false, nil
 		}
-		v, err := e.Params.Get(params.RegValue)
+		v, err := e.Params.Get(params.RegData)
 		if err != nil {
 			// value not attached to the event
 			return false, nil
diff --git a/pkg/yara/scanner_test.go b/pkg/yara/scanner_test.go
@@ -933,7 +933,7 @@ func TestScan(t *testing.T) {
 					PID:      565,
 					Params: event.Params{
 						params.RegValueType: {Name: params.RegValueType, Type: params.Uint32, Value: uint32(registry.BINARY)},
-						params.RegValue:     {Name: params.RegValue, Type: params.Binary, Value: data},
+						params.RegData:      {Name: params.RegValue, Type: params.Binary, Value: data},
 						params.RegPath:      {Name: params.RegPath, Type: params.UnicodeString, Value: `HKEY_LOCAL_MACHINE\CurrentControlSet\Control\DeviceGuard\Mal`},
 					},
 					Metadata: make(map[event.MetadataKey]any),

Original file line number	Diff line number	Diff line change
`@@ -334,7 +334,7 @@ func (s scanner) Scan(e *event.Event) (bool, error) {`
`334`	`334`	`if typ := e.Params.TryGetUint32(params.RegValueType); typ != registry.BINARY {`
`335`	`335`	`return false, nil`
`336`	`336`	`}`
`337`		`- v, err := e.Params.Get(params.RegValue)`
	`337`	`+ v, err := e.Params.Get(params.RegData)`
`338`	`338`	`if err != nil {`
`339`	`339`	`// value not attached to the event`
`340`	`340`	`return false, nil`