[Forensics-changes] [yara] 88/415: Removed require_file and require_executable functions
Hilko Bengen
bengen at moszumanska.debian.org
Thu Apr 3 05:42:48 UTC 2014
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to branch debian
in repository yara.
commit 83f2dfae1588387c70c164e5f213cac10e7296a8
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Tue Mar 22 12:41:58 2011 +0000
Removed require_file and require_executable functions
---
libyara/ast.c | 113 +-----------------------------------------------------
libyara/grammar.c | 10 +++--
libyara/grammar.y | 9 +++--
libyara/libyara.c | 3 +-
libyara/yara.h | 3 +-
5 files changed, 18 insertions(+), 120 deletions(-)
diff --git a/libyara/ast.c b/libyara/ast.c
index 10b390d..145edcc 100644
--- a/libyara/ast.c
+++ b/libyara/ast.c
@@ -114,106 +114,6 @@ VARIABLE* lookup_variable(VARIABLE* variable_list_head, const char* identifier)
}
-int require_file(TERM* term)
-{
- switch(term->type)
- {
- case TERM_TYPE_FILESIZE:
- return TRUE;
-
- case TERM_TYPE_STRING_AT:
- return require_file(((TERM_STRING*)term)->offset);
-
- case TERM_TYPE_STRING_IN_RANGE:
- return require_file(((TERM_STRING*)term)->range);
-
- case TERM_TYPE_RANGE:
- return require_file(((TERM_RANGE*)term)->min) || require_file(((TERM_RANGE*)term)->max);
-
- case TERM_TYPE_AND:
- case TERM_TYPE_OR:
- case TERM_TYPE_ADD:
- case TERM_TYPE_SUB:
- case TERM_TYPE_MUL:
- case TERM_TYPE_DIV:
- case TERM_TYPE_GT:
- case TERM_TYPE_LT:
- case TERM_TYPE_GE:
- case TERM_TYPE_LE:
- case TERM_TYPE_EQ:
- case TERM_TYPE_NOT_EQ:
- case TERM_TYPE_OF:
- return require_file(((TERM_BINARY_OPERATION*)term)->op1) || require_file(((TERM_BINARY_OPERATION*)term)->op2);
-
- case TERM_TYPE_NOT:
- case TERM_TYPE_INT8_AT_OFFSET:
- case TERM_TYPE_INT16_AT_OFFSET:
- case TERM_TYPE_INT32_AT_OFFSET:
- case TERM_TYPE_UINT8_AT_OFFSET:
- case TERM_TYPE_UINT16_AT_OFFSET:
- case TERM_TYPE_UINT32_AT_OFFSET:
- return require_file(((TERM_UNARY_OPERATION*)term)->op);
-
- case TERM_TYPE_STRING_FOR:
-// case TERM_TYPE_STRING_FOR_OCCURRENCES:
- return require_file(((TERM_TERNARY_OPERATION*)term)->op1) || require_file(((TERM_TERNARY_OPERATION*)term)->op3);
-
- default:
- return FALSE;
- }
-}
-
-
-int require_exe_file(TERM* term)
-{
- switch(term->type)
- {
- case TERM_TYPE_ENTRYPOINT:
- case TERM_TYPE_STRING_IN_SECTION_BY_NAME:
- return TRUE;
-
- case TERM_TYPE_STRING_AT:
- return require_exe_file(((TERM_STRING*)term)->offset);
-
- case TERM_TYPE_STRING_IN_RANGE:
- return require_exe_file((TERM*) ((TERM_STRING*)term)->range);
-
- case TERM_TYPE_RANGE:
- return require_exe_file(((TERM_RANGE*)term)->min) || require_exe_file(((TERM_RANGE*)term)->max);
-
- case TERM_TYPE_AND:
- case TERM_TYPE_OR:
- case TERM_TYPE_ADD:
- case TERM_TYPE_SUB:
- case TERM_TYPE_MUL:
- case TERM_TYPE_DIV:
- case TERM_TYPE_GT:
- case TERM_TYPE_LT:
- case TERM_TYPE_GE:
- case TERM_TYPE_LE:
- case TERM_TYPE_EQ:
- case TERM_TYPE_NOT_EQ:
- case TERM_TYPE_OF:
- return require_exe_file(((TERM_BINARY_OPERATION*)term)->op1) || require_exe_file(((TERM_BINARY_OPERATION*)term)->op2);
-
- case TERM_TYPE_NOT:
- case TERM_TYPE_INT8_AT_OFFSET:
- case TERM_TYPE_INT16_AT_OFFSET:
- case TERM_TYPE_INT32_AT_OFFSET:
- case TERM_TYPE_UINT8_AT_OFFSET:
- case TERM_TYPE_UINT16_AT_OFFSET:
- case TERM_TYPE_UINT32_AT_OFFSET:
- return require_exe_file(((TERM_UNARY_OPERATION*)term)->op);
-
- case TERM_TYPE_STRING_FOR:
-// case TERM_TYPE_STRING_FOR_OCCURRENCES:
- return require_exe_file(((TERM_TERNARY_OPERATION*)term)->op1) || require_exe_file(((TERM_TERNARY_OPERATION*)term)->op3);
-
- default:
- return FALSE;
- }
-}
-
int new_rule(RULE_LIST* rules, char* identifier, NAMESPACE* ns, int flags, TAG* tag_list_head, META* meta_list_head, STRING* string_list_head, TERM* condition)
{
RULE* new_rule;
@@ -244,18 +144,7 @@ int new_rule(RULE_LIST* rules, char* identifier, NAMESPACE* ns, int flags, TAG*
{
rules->tail->next = new_rule;
rules->tail = new_rule;
- }
-
- if (require_file(condition))
- {
- new_rule->flags |= RULE_FLAGS_REQUIRE_FILE;
- }
-
- if (require_exe_file(condition))
- {
- new_rule->flags |= RULE_FLAGS_REQUIRE_EXECUTABLE;
- }
-
+ }
}
else
{
diff --git a/libyara/grammar.c b/libyara/grammar.c
index bb35c9e..225a514 100644
--- a/libyara/grammar.c
+++ b/libyara/grammar.c
@@ -2671,12 +2671,12 @@ int reduce_rule_declaration( yyscan_t yyscanner,
context->last_result = new_rule(&context->rule_list,
identifier,
context->current_namespace,
- flags,
+ flags | context->current_rule_flags,
tag_list_head,
meta_list_head,
string_list_head,
condition);
-
+
if (context->last_result != ERROR_SUCCESS)
{
strncpy(context->last_error_extra_info, identifier, sizeof(context->last_error_extra_info));
@@ -2698,6 +2698,8 @@ int reduce_rule_declaration( yyscan_t yyscanner,
}
}
+ context->current_rule_flags = 0;
+
return context->last_result;
}
@@ -2858,6 +2860,7 @@ TERM* reduce_filesize(yyscan_t yyscanner)
TERM* term = NULL;
context->last_result = new_simple_term(TERM_TYPE_FILESIZE, &term);
+ context->current_rule_flags |= RULE_FLAGS_REQUIRE_FILE;
return (TERM*) term;
}
@@ -2866,7 +2869,8 @@ TERM* reduce_entrypoint(yyscan_t yyscanner)
YARA_CONTEXT* context = yyget_extra(yyscanner);
TERM* term = NULL;
- context->last_result = new_simple_term(TERM_TYPE_ENTRYPOINT, &term);
+ context->last_result = new_simple_term(TERM_TYPE_ENTRYPOINT, &term);
+ context->current_rule_flags |= RULE_FLAGS_REQUIRE_EXECUTABLE;
return (TERM*) term;
}
diff --git a/libyara/grammar.y b/libyara/grammar.y
index a1dbdde..9bb8537 100644
--- a/libyara/grammar.y
+++ b/libyara/grammar.y
@@ -678,12 +678,12 @@ int reduce_rule_declaration( yyscan_t yyscanner,
context->last_result = new_rule(&context->rule_list,
identifier,
context->current_namespace,
- flags,
+ flags | context->current_rule_flags,
tag_list_head,
meta_list_head,
string_list_head,
condition);
-
+
if (context->last_result != ERROR_SUCCESS)
{
strncpy(context->last_error_extra_info, identifier, sizeof(context->last_error_extra_info));
@@ -705,6 +705,7 @@ int reduce_rule_declaration( yyscan_t yyscanner,
}
}
+ context->current_rule_flags = 0;
return context->last_result;
}
@@ -865,6 +866,7 @@ TERM* reduce_filesize(yyscan_t yyscanner)
TERM* term = NULL;
context->last_result = new_simple_term(TERM_TYPE_FILESIZE, &term);
+ context->current_rule_flags |= RULE_FLAGS_REQUIRE_FILE;
return (TERM*) term;
}
@@ -873,7 +875,8 @@ TERM* reduce_entrypoint(yyscan_t yyscanner)
YARA_CONTEXT* context = yyget_extra(yyscanner);
TERM* term = NULL;
- context->last_result = new_simple_term(TERM_TYPE_ENTRYPOINT, &term);
+ context->last_result = new_simple_term(TERM_TYPE_ENTRYPOINT, &term);
+ context->current_rule_flags |= RULE_FLAGS_REQUIRE_EXECUTABLE;
return (TERM*) term;
}
diff --git a/libyara/libyara.c b/libyara/libyara.c
index 697c8f4..c5abeda 100644
--- a/libyara/libyara.c
+++ b/libyara/libyara.c
@@ -52,6 +52,7 @@ YARA_CONTEXT* yr_create_context()
context->last_result = ERROR_SUCCESS;
context->file_name_stack_ptr = 0;
context->current_rule_strings = NULL;
+ context->current_rule_flags = 0;
context->inside_for = 0;
context->namespaces = NULL;
context->variables = NULL;
@@ -59,7 +60,7 @@ YARA_CONTEXT* yr_create_context()
context->current_namespace = yr_create_namespace(context, "default");
context->fast_match = FALSE;
context->scanning_process_memory = FALSE;
-
+
memset(context->hash_table.hashed_strings_2b, 0, sizeof(context->hash_table.hashed_strings_2b));
memset(context->hash_table.hashed_strings_1b, 0, sizeof(context->hash_table.hashed_strings_1b));
diff --git a/libyara/yara.h b/libyara/yara.h
index 6bf15c9..0e508ec 100644
--- a/libyara/yara.h
+++ b/libyara/yara.h
@@ -276,6 +276,7 @@ typedef struct _YARA_CONTEXT
VARIABLE* variables;
STRING* current_rule_strings;
+ int current_rule_flags;
int inside_for;
char* file_name_stack[MAX_INCLUDE_DEPTH];
@@ -290,7 +291,7 @@ typedef struct _YARA_CONTEXT
int fast_match;
int allow_includes;
int scanning_process_memory;
-
+
char include_base_dir[MAX_PATH];
} YARA_CONTEXT;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list