Skip to content

Contributing

Jump to bottom
Haze4269 edited this page Dec 28, 2025 · 1 revision

Contributing to MLVScan.Core

We welcome contributions to the detection engine! Whether you're adding a new security rule or optimizing the IL analysis, here's how to get started.

Adding a New Detection Rule

All detection logic lives in Models/Rules. To add a new rule:

  1. Create the Rule Class: Add a new file in Models/Rules/MyNewRule.cs.
  2. Implement IScanRule: 
    using Mono.Cecil;
using Mono.Cecil.Cil;

namespace MLVScan.Models.Rules
{
    public class MyNewRule : IScanRule
    {
        public string Description => "Detects usage of DangerousAPI";
        public Severity Severity => Severity.High;

        public bool IsSuspicious(MethodDefinition method)
        {
            if (!method.HasBody) return false;

            foreach (var instruction in method.Body.Instructions)
            {
                 // Example: Detect checking for a specific string
                 if (instruction.OpCode == OpCodes.Ldstr && 
                     instruction.Operand.ToString().Contains("dangerous_string"))
                 {
                     return true;
                 }
            }
            return false;
        }
    }
}
  3. Register the Rule: Add your new rule to RuleFactory.cs: 
    public static List<IScanRule> CreateDefaultRules()
{
    return new List<IScanRule> 
    {
        // ... existing rules ...
        new MyNewRule(),
    };
}
  4. Test It: Run the scanner against an assembly that should trigger the rule.

Development Setup

  1. Clone the Repo: 
    git clone https://github.com/ifBars/MLVScan.Core.git
  2. Build: 
    dotnet build

Style Guide

  • Use standard C# coding conventions.
  • Ensure rules are performant (avoid heavy computations in IsSuspicious if possible).
  • Add comments explaining why a pattern is considered malicious.

Clone this wiki locally