[Forensics-changes] [yara] 137/415: Implement modulus and bitwise xor operators (issue 54)
Hilko Bengen
bengen at moszumanska.debian.org
Thu Apr 3 05:42:55 UTC 2014
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to branch debian
in repository yara.
commit 673895b5912837c9a7f23537e484e00ed419d4cc
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Wed Jul 4 08:23:02 2012 +0000
Implement modulus and bitwise xor operators (issue 54)
---
libyara/ast.c | 2 +
libyara/ast.h | 2 +
libyara/eval.c | 6 +
libyara/grammar.c | 445 ++++++++++++++++++++++++++++-----------------------
libyara/grammar.y | 2 +
yara-python/tests.py | 8 +-
6 files changed, 259 insertions(+), 206 deletions(-)
diff --git a/libyara/ast.c b/libyara/ast.c
index 966ba25..c14ca7f 100644
--- a/libyara/ast.c
+++ b/libyara/ast.c
@@ -934,6 +934,7 @@ void free_term(TERM* term)
case TERM_TYPE_SUB:
case TERM_TYPE_MUL:
case TERM_TYPE_DIV:
+ case TERM_TYPE_MOD:
case TERM_TYPE_GT:
case TERM_TYPE_LT:
case TERM_TYPE_GE:
@@ -944,6 +945,7 @@ void free_term(TERM* term)
case TERM_TYPE_SHIFT_LEFT:
case TERM_TYPE_SHIFT_RIGHT:
case TERM_TYPE_BITWISE_OR:
+ case TERM_TYPE_BITWISE_XOR:
case TERM_TYPE_BITWISE_AND:
free_term(((TERM_BINARY_OPERATION*)term)->op1);
diff --git a/libyara/ast.h b/libyara/ast.h
index 989153c..010e506 100644
--- a/libyara/ast.h
+++ b/libyara/ast.h
@@ -85,6 +85,8 @@ limitations under the License.
#define TERM_TYPE_BITWISE_NOT 41
#define TERM_TYPE_SHIFT_LEFT 42
#define TERM_TYPE_SHIFT_RIGHT 43
+#define TERM_TYPE_BITWISE_XOR 44
+#define TERM_TYPE_MOD 45
#define MAX_VECTOR_SIZE 64
diff --git a/libyara/eval.c b/libyara/eval.c
index fad8103..846c744 100644
--- a/libyara/eval.c
+++ b/libyara/eval.c
@@ -275,7 +275,13 @@ long long evaluate(TERM* term, EVALUATION_CONTEXT* context)
case TERM_TYPE_DIV:
ARITHMETIC_OPERATOR(/, term_binary, context);
+
+ case TERM_TYPE_MOD:
+ ARITHMETIC_OPERATOR(%, term_binary, context);
+ case TERM_TYPE_BITWISE_XOR:
+ ARITHMETIC_OPERATOR(^, term_binary, context);
+
case TERM_TYPE_BITWISE_AND:
ARITHMETIC_OPERATOR(&, term_binary, context);
diff --git a/libyara/grammar.c b/libyara/grammar.c
index 4443d57..0999168 100644
--- a/libyara/grammar.c
+++ b/libyara/grammar.c
@@ -577,16 +577,16 @@ union yyalloc
/* YYFINAL -- State number of the termination state. */
#define YYFINAL 2
/* YYLAST -- Last index in YYTABLE. */
-#define YYLAST 374
+#define YYLAST 500
/* YYNTOKENS -- Number of terminals. */
-#define YYNTOKENS 82
+#define YYNTOKENS 84
/* YYNNTS -- Number of nonterminals. */
#define YYNNTS 29
/* YYNRULES -- Number of rules. */
-#define YYNRULES 103
+#define YYNRULES 105
/* YYNRULES -- Number of states. */
-#define YYNSTATES 203
+#define YYNSTATES 207
/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */
#define YYUNDEFTOK 2
@@ -601,13 +601,13 @@ static const yytype_uint8 yytranslate[] =
0, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 54, 2,
+ 2, 2, 2, 2, 2, 2, 2, 82, 54, 2,
76, 77, 67, 65, 78, 66, 79, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 74, 2,
2, 75, 2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 80, 68, 81, 2, 2, 2, 2, 2, 2,
+ 2, 80, 68, 81, 83, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 71, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 72, 55, 73, 70, 2, 2, 2,
@@ -646,49 +646,49 @@ static const yytype_uint16 yyprhs[] =
202, 206, 210, 214, 218, 222, 224, 226, 230, 234,
236, 238, 242, 244, 246, 253, 255, 257, 259, 261,
263, 268, 273, 278, 283, 288, 293, 295, 300, 302,
- 306, 310, 314, 318, 322, 326, 330, 333, 337, 341,
- 343, 345, 347, 349
+ 306, 310, 314, 318, 322, 326, 330, 334, 338, 341,
+ 345, 349, 351, 353, 355, 357
};
/* YYRHS -- A `-1'-separated list of the rules' RHS. */
static const yytype_int8 yyrhs[] =
{
- 83, 0, -1, -1, 83, 84, -1, 83, 1, 84,
- -1, 83, 1, 71, -1, 88, 3, 10, 90, 72,
- 85, 86, 87, 73, -1, -1, 6, 74, 92, -1,
- -1, 7, 74, 94, -1, 8, 74, 98, -1, -1,
- 88, 89, -1, 4, -1, 5, -1, -1, 74, 91,
- -1, 10, -1, 91, 10, -1, 93, -1, 92, 93,
+ 85, 0, -1, -1, 85, 86, -1, 85, 1, 86,
+ -1, 85, 1, 71, -1, 90, 3, 10, 92, 72,
+ 87, 88, 89, 73, -1, -1, 6, 74, 94, -1,
+ -1, 7, 74, 96, -1, 8, 74, 100, -1, -1,
+ 90, 91, -1, 4, -1, 5, -1, -1, 74, 93,
+ -1, 10, -1, 93, 10, -1, 95, -1, 94, 95,
-1, 10, 75, 18, -1, 10, 75, 16, -1, 10,
- 75, 50, -1, 10, 75, 51, -1, 95, -1, 94,
- 95, -1, 11, 75, 18, 96, -1, 11, 75, 20,
- 96, -1, 11, 75, 19, -1, -1, 96, 97, -1,
+ 75, 50, -1, 10, 75, 51, -1, 97, -1, 96,
+ 97, -1, 11, 75, 18, 98, -1, 11, 75, 20,
+ 98, -1, 11, 75, 19, -1, -1, 98, 99, -1,
22, -1, 21, -1, 23, -1, 24, -1, 50, -1,
51, -1, 10, -1, 10, 44, 20, -1, 10, 45,
- 18, -1, 11, -1, 11, 25, 108, -1, 11, 25,
- 30, 108, -1, 11, 33, 106, -1, 11, 33, 37,
- 76, 18, 77, -1, -1, 35, 107, 10, 33, 101,
- 74, 99, 76, 98, 77, -1, -1, 35, 107, 34,
- 103, 74, 100, 76, 98, 77, -1, 107, 34, 103,
- -1, 32, 56, 110, -1, 76, 98, 77, -1, 69,
- 98, -1, 98, 53, 98, -1, 98, 52, 98, -1,
- 108, 62, 108, -1, 108, 60, 108, -1, 108, 61,
- 108, -1, 108, 59, 108, -1, 108, 58, 108, -1,
- 108, 56, 108, -1, 108, 57, 108, -1, 76, 102,
- 77, -1, 106, -1, 108, -1, 102, 78, 108, -1,
- 76, 104, 77, -1, 36, -1, 105, -1, 104, 78,
- 105, -1, 11, -1, 14, -1, 76, 108, 79, 79,
- 108, 77, -1, 108, -1, 28, -1, 29, -1, 26,
- -1, 27, -1, 38, 76, 108, 77, -1, 39, 76,
- 108, 77, -1, 40, 76, 108, 77, -1, 41, 76,
- 108, 77, -1, 42, 76, 108, 77, -1, 43, 76,
- 108, 77, -1, 12, -1, 13, 80, 108, 81, -1,
- 10, -1, 76, 108, 77, -1, 108, 65, 108, -1,
- 108, 66, 108, -1, 108, 67, 108, -1, 108, 68,
- 108, -1, 108, 54, 108, -1, 108, 55, 108, -1,
- 70, 108, -1, 108, 64, 108, -1, 108, 63, 108,
- -1, 109, -1, 16, -1, 47, -1, 48, -1, 49,
- -1
+ 18, -1, 11, -1, 11, 25, 110, -1, 11, 25,
+ 30, 110, -1, 11, 33, 108, -1, 11, 33, 37,
+ 76, 18, 77, -1, -1, 35, 109, 10, 33, 103,
+ 74, 101, 76, 100, 77, -1, -1, 35, 109, 34,
+ 105, 74, 102, 76, 100, 77, -1, 109, 34, 105,
+ -1, 32, 56, 112, -1, 76, 100, 77, -1, 69,
+ 100, -1, 100, 53, 100, -1, 100, 52, 100, -1,
+ 110, 62, 110, -1, 110, 60, 110, -1, 110, 61,
+ 110, -1, 110, 59, 110, -1, 110, 58, 110, -1,
+ 110, 56, 110, -1, 110, 57, 110, -1, 76, 104,
+ 77, -1, 108, -1, 110, -1, 104, 78, 110, -1,
+ 76, 106, 77, -1, 36, -1, 107, -1, 106, 78,
+ 107, -1, 11, -1, 14, -1, 76, 110, 79, 79,
+ 110, 77, -1, 110, -1, 28, -1, 29, -1, 26,
+ -1, 27, -1, 38, 76, 110, 77, -1, 39, 76,
+ 110, 77, -1, 40, 76, 110, 77, -1, 41, 76,
+ 110, 77, -1, 42, 76, 110, 77, -1, 43, 76,
+ 110, 77, -1, 12, -1, 13, 80, 110, 81, -1,
+ 10, -1, 76, 110, 77, -1, 110, 65, 110, -1,
+ 110, 66, 110, -1, 110, 67, 110, -1, 110, 68,
+ 110, -1, 110, 82, 110, -1, 110, 83, 110, -1,
+ 110, 54, 110, -1, 110, 55, 110, -1, 70, 110,
+ -1, 110, 64, 110, -1, 110, 63, 110, -1, 111,
+ -1, 16, -1, 47, -1, 48, -1, 49, -1
};
/* YYRLINE[YYN] -- source line where rule number YYN was defined. */
@@ -704,7 +704,7 @@ static const yytype_uint16 yyrline[] =
595, 596, 599, 609, 623, 627, 628, 629, 633, 634,
635, 636, 637, 638, 639, 640, 641, 651, 661, 671,
672, 673, 674, 675, 676, 677, 678, 679, 680, 681,
- 684, 687, 688, 689
+ 682, 683, 686, 689, 690, 691
};
#endif
@@ -726,13 +726,14 @@ static const char *const yytname[] =
"_IS_", "_NEQ_", "_EQ_", "_GE_", "_GT_", "_LE_", "_LT_", "_SHIFT_RIGHT_",
"_SHIFT_LEFT_", "'+'", "'-'", "'*'", "'\\\\'", "_NOT_", "'~'",
"'include'", "'{'", "'}'", "':'", "'='", "'('", "')'", "','", "'.'",
- "'['", "']'", "$accept", "rules", "rule", "meta", "strings", "condition",
- "rule_modifiers", "rule_modifier", "tags", "tag_list",
- "meta_declarations", "meta_declaration", "string_declarations",
- "string_declaration", "string_modifiers", "string_modifier",
- "boolean_expression", "@1", "@2", "integer_set", "integer_enumeration",
- "string_set", "string_enumeration", "string_enumeration_item", "range",
- "for_expression", "expression", "number", "type", 0
+ "'['", "']'", "'%'", "'^'", "$accept", "rules", "rule", "meta",
+ "strings", "condition", "rule_modifiers", "rule_modifier", "tags",
+ "tag_list", "meta_declarations", "meta_declaration",
+ "string_declarations", "string_declaration", "string_modifiers",
+ "string_modifier", "boolean_expression", "@1", "@2", "integer_set",
+ "integer_enumeration", "string_set", "string_enumeration",
+ "string_enumeration_item", "range", "for_expression", "expression",
+ "number", "type", 0
};
#endif
@@ -749,24 +750,24 @@ static const yytype_uint16 yytoknum[] =
305, 306, 307, 308, 38, 124, 309, 310, 311, 312,
313, 314, 315, 316, 317, 43, 45, 42, 92, 318,
126, 105, 123, 125, 58, 61, 40, 41, 44, 46,
- 91, 93
+ 91, 93, 37, 94
};
# endif
/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */
static const yytype_uint8 yyr1[] =
{
- 0, 82, 83, 83, 83, 83, 84, 85, 85, 86,
- 86, 87, 88, 88, 89, 89, 90, 90, 91, 91,
- 92, 92, 93, 93, 93, 93, 94, 94, 95, 95,
- 95, 96, 96, 97, 97, 97, 97, 98, 98, 98,
- 98, 98, 98, 98, 98, 98, 98, 99, 98, 100,
- 98, 98, 98, 98, 98, 98, 98, 98, 98, 98,
- 98, 98, 98, 98, 101, 101, 102, 102, 103, 103,
- 104, 104, 105, 105, 106, 107, 107, 107, 108, 108,
- 108, 108, 108, 108, 108, 108, 108, 108, 108, 108,
- 108, 108, 108, 108, 108, 108, 108, 108, 108, 108,
- 109, 110, 110, 110
+ 0, 84, 85, 85, 85, 85, 86, 87, 87, 88,
+ 88, 89, 90, 90, 91, 91, 92, 92, 93, 93,
+ 94, 94, 95, 95, 95, 95, 96, 96, 97, 97,
+ 97, 98, 98, 99, 99, 99, 99, 100, 100, 100,
+ 100, 100, 100, 100, 100, 100, 100, 101, 100, 102,
+ 100, 100, 100, 100, 100, 100, 100, 100, 100, 100,
+ 100, 100, 100, 100, 103, 103, 104, 104, 105, 105,
+ 106, 106, 107, 107, 108, 109, 109, 109, 110, 110,
+ 110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
+ 110, 110, 110, 110, 110, 110, 110, 110, 110, 110,
+ 110, 110, 111, 112, 112, 112
};
/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */
@@ -781,8 +782,8 @@ static const yytype_uint8 yyr2[] =
3, 3, 3, 3, 3, 1, 1, 3, 3, 1,
1, 3, 1, 1, 6, 1, 1, 1, 1, 1,
4, 4, 4, 4, 4, 4, 1, 4, 1, 3,
- 3, 3, 3, 3, 3, 3, 2, 3, 3, 1,
- 1, 1, 1, 1
+ 3, 3, 3, 3, 3, 3, 3, 3, 2, 3,
+ 3, 1, 1, 1, 1, 1
};
/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state
@@ -794,67 +795,67 @@ static const yytype_uint8 yydefact[] =
15, 13, 16, 0, 0, 18, 17, 7, 19, 0,
9, 0, 0, 0, 0, 8, 20, 0, 0, 0,
0, 21, 0, 10, 26, 0, 6, 23, 22, 24,
- 25, 0, 27, 88, 42, 86, 0, 100, 78, 79,
+ 25, 0, 27, 88, 42, 86, 0, 102, 78, 79,
76, 77, 0, 0, 0, 0, 0, 0, 0, 0,
- 37, 38, 0, 0, 0, 11, 0, 75, 99, 31,
+ 37, 38, 0, 0, 0, 11, 0, 75, 101, 31,
30, 31, 0, 0, 0, 0, 0, 0, 88, 0,
- 0, 75, 0, 0, 0, 0, 0, 0, 54, 96,
+ 0, 75, 0, 0, 0, 0, 0, 0, 54, 98,
0, 75, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 28, 29, 40, 41, 0, 43, 0, 0, 45, 0,
- 101, 102, 103, 52, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 53, 89, 56, 55, 69, 0, 51,
- 94, 95, 62, 63, 61, 60, 58, 59, 57, 98,
- 97, 90, 91, 92, 93, 34, 33, 35, 36, 32,
- 44, 0, 0, 87, 0, 0, 80, 81, 82, 83,
- 84, 85, 72, 73, 0, 70, 0, 0, 0, 0,
- 65, 49, 68, 0, 46, 0, 0, 66, 47, 0,
- 71, 0, 64, 0, 0, 0, 74, 67, 0, 0,
- 0, 50, 48
+ 0, 0, 28, 29, 40, 41, 0, 43, 0, 0,
+ 45, 0, 103, 104, 105, 52, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 53, 89, 56, 55, 69,
+ 0, 51, 96, 97, 62, 63, 61, 60, 58, 59,
+ 57, 100, 99, 90, 91, 92, 93, 94, 95, 34,
+ 33, 35, 36, 32, 44, 0, 0, 87, 0, 0,
+ 80, 81, 82, 83, 84, 85, 72, 73, 0, 70,
+ 0, 0, 0, 0, 65, 49, 68, 0, 46, 0,
+ 0, 66, 47, 0, 71, 0, 64, 0, 0, 0,
+ 74, 67, 0, 0, 0, 50, 48
};
/* YYDEFGOTO[NTERM-NUM]. */
static const yytype_int16 yydefgoto[] =
{
-1, 1, 4, 20, 23, 29, 5, 11, 14, 16,
- 25, 26, 33, 34, 110, 159, 65, 194, 189, 179,
- 186, 139, 174, 175, 118, 66, 67, 68, 123
+ 25, 26, 33, 34, 112, 163, 65, 198, 193, 183,
+ 190, 141, 178, 179, 120, 66, 67, 68, 125
};
/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
STATE-NUM. */
-#define YYPACT_NINF -64
+#define YYPACT_NINF -66
static const yytype_int16 yypact[] =
{
- -64, 215, -64, -63, -64, 139, -64, -64, 4, -64,
- -64, -64, -56, 10, -44, -64, 52, 59, -64, -2,
- 73, 71, 9, 76, 16, 71, -64, 85, 33, 41,
- -12, -64, 40, 85, -64, 47, -64, -64, -64, -64,
- -64, 134, -64, 49, -16, -64, 39, -64, -64, -64,
- -64, -64, 75, 108, 57, 63, 69, 79, 80, 86,
- -64, -64, 47, 154, 47, -50, 124, 306, -64, -64,
- -64, -64, 141, 150, 147, -10, 154, 184, -64, 154,
- 61, 45, 154, 154, 154, 154, 154, 154, -64, -64,
- -40, 198, 47, 47, -35, 154, 154, 154, 154, 154,
- 154, 154, 154, 154, 154, 154, 154, 154, 154, 154,
- 82, 82, -64, -64, 154, 45, 89, 154, -64, 144,
- -64, -64, -64, -64, 213, 136, -35, 219, 234, 240,
- 255, 261, 276, -64, -64, 118, -64, -64, 8, -64,
- 137, 137, 45, 45, 45, 45, 45, 45, 45, 62,
- 62, -43, -43, -64, -64, -64, -64, -64, -64, -64,
- 45, 157, 172, -64, 96, 102, -64, -64, -64, -64,
- -64, -64, -64, -64, -8, -64, 105, 100, 154, 109,
- -64, -64, -64, 8, -64, 154, 0, 172, -64, 115,
- -64, 282, -64, 154, 130, 47, -64, 45, 47, -37,
- 15, -64, -64
+ -66, 112, -66, -65, -66, 104, -66, -66, -2, -66,
+ -66, -66, -62, 10, -54, -66, 14, 79, -66, 12,
+ 107, 110, 48, 120, 66, 110, -66, 132, 81, 83,
+ 21, -66, 82, 132, -66, 49, -66, -66, -66, -66,
+ -66, 113, -66, 53, -16, -66, 78, -66, -66, -66,
+ -66, -66, 103, 111, 85, 88, 89, 92, 95, 96,
+ -66, -66, 49, 157, 49, 17, 140, 180, -66, -66,
+ -66, -66, 155, 160, 150, -12, 157, 99, -66, 157,
+ -6, 411, 157, 157, 157, 157, 157, 157, -66, -9,
+ -50, 147, 49, 49, -35, 157, 157, 157, 157, 157,
+ 157, 157, 157, 157, 157, 157, 157, 157, 157, 157,
+ 157, 157, 80, 80, -66, -66, 157, 411, 106, 157,
+ -66, 201, -66, -66, -66, -66, 222, 146, -35, 243,
+ 264, 285, 306, 327, 348, -66, -66, 133, -66, -66,
+ 8, -66, 417, 417, 411, 411, 411, 411, 411, 411,
+ 411, 28, 28, 0, 0, -9, -9, 411, 411, -66,
+ -66, -66, -66, -66, 411, 167, 369, -66, 118, 142,
+ -66, -66, -66, -66, -66, -66, -66, -66, 2, -66,
+ 141, 138, 157, 145, -66, -66, -66, 8, -66, 157,
+ 57, 369, -66, 149, -66, 390, -66, 157, 152, 49,
+ -66, 411, 49, -39, -37, -66, -66
};
/* YYPGOTO[NTERM-NUM]. */
static const yytype_int16 yypgoto[] =
{
- -64, -64, 210, -64, -64, -64, -64, -64, -64, -64,
- -64, 189, -64, 188, 151, -64, -57, -64, -64, -64,
- -64, 103, -64, 51, 64, 190, -53, -64, -64
+ -66, -66, 218, -66, -66, -66, -66, -66, -66, -66,
+ -66, 197, -66, 190, 161, -66, -57, -66, -66, -66,
+ -66, 121, -66, 44, 84, 198, -53, -66, -66
};
/* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If
@@ -864,113 +865,139 @@ static const yytype_int16 yypgoto[] =
#define YYTABLE_NINF -40
static const yytype_int16 yytable[] =
{
- 81, 137, 92, 93, 37, 88, 38, 90, 6, 74,
- 89, 91, 92, 93, 12, 92, 93, 75, 13, 172,
- 15, 115, 173, 119, 108, 109, 124, 116, 17, 127,
- 128, 129, 130, 131, 132, 135, 136, 133, 39, 40,
- 201, 138, 140, 141, 142, 143, 144, 145, 146, 147,
- 148, 149, 150, 151, 152, 153, 154, 43, 44, 45,
- 46, 160, 18, 47, 162, 19, 117, 92, 93, 182,
- 183, 125, 21, 48, 49, 50, 51, 192, 193, 52,
- 22, 24, 53, 27, 28, 54, 55, 56, 57, 58,
- 59, 30, 202, 72, 73, 126, 32, 60, 61, 95,
- 96, -39, -39, 155, 156, 157, 158, 35, 104, 105,
- 106, 107, 108, 109, 36, 41, 62, 63, 78, 76,
- 45, 46, -39, 64, 47, 187, -39, 106, 107, 108,
- 109, 77, 191, 82, 48, 49, 50, 51, 199, 83,
- 197, 200, 8, 9, 10, 84, 54, 55, 56, 57,
- 58, 59, 69, 70, 71, 85, 86, 78, 94, 45,
- 46, 112, 87, 47, 78, 161, 45, 46, 113, 164,
- 47, 93, 178, 48, 49, 176, 181, 114, 63, 185,
- 48, 49, 184, 188, 79, 54, 55, 56, 57, 58,
- 59, 195, 54, 55, 56, 57, 58, 59, 95, 96,
- 104, 105, 106, 107, 108, 109, 198, 104, 105, 106,
- 107, 108, 109, 7, 31, 2, 3, 63, -12, -12,
- -12, 42, 111, 79, 63, 163, 95, 96, 180, 165,
- 79, 120, 121, 122, 190, 104, 105, 106, 107, 108,
- 109, 0, 0, 80, 0, 0, 0, 0, 0, 0,
- 0, 177, 95, 96, 97, 98, 99, 100, 101, 102,
- 103, 104, 105, 106, 107, 108, 109, 95, 96, 0,
- 0, 0, 0, 95, 96, 134, 104, 105, 106, 107,
- 108, 109, 104, 105, 106, 107, 108, 109, 95, 96,
- 134, 0, 0, 0, 95, 96, 166, 104, 105, 106,
- 107, 108, 109, 104, 105, 106, 107, 108, 109, 95,
- 96, 167, 0, 0, 0, 95, 96, 168, 104, 105,
- 106, 107, 108, 109, 104, 105, 106, 107, 108, 109,
- 95, 96, 169, 0, 0, 0, 95, 96, 170, 104,
- 105, 106, 107, 108, 109, 104, 105, 106, 107, 108,
- 109, 0, 0, 171, 0, 0, 0, 0, 0, 196,
- 95, 96, 97, 98, 99, 100, 101, 102, 103, 104,
- 105, 106, 107, 108, 109
+ 81, 139, 92, 93, 127, 88, 6, 90, 12, 74,
+ 89, 91, 13, 92, 93, 92, 93, 75, 17, 176,
+ 15, 117, 177, 121, 18, 118, 126, 135, 128, 129,
+ 130, 131, 132, 133, 134, 137, 138, 37, 205, 38,
+ 206, 140, 142, 143, 144, 145, 146, 147, 148, 149,
+ 150, 151, 152, 153, 154, 155, 156, 157, 158, 43,
+ 44, 45, 46, 164, 119, 47, 166, 108, 109, 92,
+ 93, 39, 40, 110, 111, 48, 49, 50, 51, 186,
+ 187, 52, 110, 111, 53, 19, 21, 54, 55, 56,
+ 57, 58, 59, 106, 107, 108, 109, 72, 73, 60,
+ 61, 159, 160, 161, 162, -39, -39, 8, 9, 10,
+ 110, 111, 2, 3, 22, -12, -12, -12, 62, 63,
+ 24, 78, 27, 45, 46, 64, -39, 47, 28, 191,
+ -39, 69, 70, 71, 196, 197, 195, 48, 49, 50,
+ 51, 30, 203, 32, 201, 204, 122, 123, 124, 54,
+ 55, 56, 57, 58, 59, 35, 36, 41, 76, 77,
+ 78, 82, 45, 46, 83, 84, 47, 78, 85, 45,
+ 46, 86, 87, 47, 94, 114, 48, 49, 115, 168,
+ 116, 63, 165, 48, 49, 180, 93, 79, 54, 55,
+ 56, 57, 58, 59, 182, 54, 55, 56, 57, 58,
+ 59, 95, 96, 97, 98, 99, 100, 101, 102, 103,
+ 104, 105, 106, 107, 108, 109, 185, 189, 188, 192,
+ 63, 7, 31, 42, 136, 199, 79, 63, 202, 110,
+ 111, 194, 113, 79, 95, 96, 97, 98, 99, 100,
+ 101, 102, 103, 104, 105, 106, 107, 108, 109, 169,
+ 0, 80, 184, 0, 0, 95, 96, 0, 0, 0,
+ 0, 0, 110, 111, 104, 105, 106, 107, 108, 109,
+ 0, 0, 0, 0, 0, 0, 95, 96, 0, 0,
+ 0, 0, 167, 110, 111, 104, 105, 106, 107, 108,
+ 109, 0, 0, 0, 0, 0, 0, 95, 96, 136,
+ 0, 0, 0, 0, 110, 111, 104, 105, 106, 107,
+ 108, 109, 0, 0, 0, 0, 0, 0, 95, 96,
+ 170, 0, 0, 0, 0, 110, 111, 104, 105, 106,
+ 107, 108, 109, 0, 0, 0, 0, 0, 0, 95,
+ 96, 171, 0, 0, 0, 0, 110, 111, 104, 105,
+ 106, 107, 108, 109, 0, 0, 0, 0, 0, 0,
+ 95, 96, 172, 0, 0, 0, 0, 110, 111, 104,
+ 105, 106, 107, 108, 109, 0, 0, 0, 0, 0,
+ 0, 95, 96, 173, 0, 0, 0, 0, 110, 111,
+ 104, 105, 106, 107, 108, 109, 0, 0, 0, 0,
+ 0, 0, 95, 96, 174, 0, 0, 0, 0, 110,
+ 111, 104, 105, 106, 107, 108, 109, 0, 0, 0,
+ 0, 0, 0, 95, 96, 175, 0, 0, 0, 0,
+ 110, 111, 104, 105, 106, 107, 108, 109, 0, 0,
+ 0, 0, 0, 0, 95, 96, 0, 0, 181, 0,
+ 0, 110, 111, 104, 105, 106, 107, 108, 109, 0,
+ 0, 0, 0, 0, 0, 95, 96, 200, 0, 0,
+ 0, 0, 110, 111, 104, 105, 106, 107, 108, 109,
+ 104, 105, 106, 107, 108, 109, 0, 0, 0, 0,
+ 0, 0, 0, 110, 111, 0, 0, 0, 0, 110,
+ 111
};
static const yytype_int16 yycheck[] =
{
- 53, 36, 52, 53, 16, 62, 18, 64, 71, 25,
- 63, 64, 52, 53, 10, 52, 53, 33, 74, 11,
- 10, 74, 14, 76, 67, 68, 79, 37, 72, 82,
- 83, 84, 85, 86, 87, 92, 93, 77, 50, 51,
+ 53, 36, 52, 53, 10, 62, 71, 64, 10, 25,
+ 63, 64, 74, 52, 53, 52, 53, 33, 72, 11,
+ 10, 74, 14, 76, 10, 37, 79, 77, 34, 82,
+ 83, 84, 85, 86, 87, 92, 93, 16, 77, 18,
77, 76, 95, 96, 97, 98, 99, 100, 101, 102,
- 103, 104, 105, 106, 107, 108, 109, 10, 11, 12,
- 13, 114, 10, 16, 117, 6, 76, 52, 53, 77,
- 78, 10, 74, 26, 27, 28, 29, 77, 78, 32,
- 7, 10, 35, 74, 8, 38, 39, 40, 41, 42,
- 43, 75, 77, 44, 45, 34, 11, 50, 51, 54,
- 55, 52, 53, 21, 22, 23, 24, 74, 63, 64,
- 65, 66, 67, 68, 73, 75, 69, 70, 10, 80,
- 12, 13, 73, 76, 16, 178, 77, 65, 66, 67,
- 68, 56, 185, 76, 26, 27, 28, 29, 195, 76,
- 193, 198, 3, 4, 5, 76, 38, 39, 40, 41,
- 42, 43, 18, 19, 20, 76, 76, 10, 34, 12,
- 13, 20, 76, 16, 10, 76, 12, 13, 18, 33,
- 16, 53, 76, 26, 27, 18, 74, 30, 70, 79,
- 26, 27, 77, 74, 76, 38, 39, 40, 41, 42,
- 43, 76, 38, 39, 40, 41, 42, 43, 54, 55,
- 63, 64, 65, 66, 67, 68, 76, 63, 64, 65,
- 66, 67, 68, 3, 25, 0, 1, 70, 3, 4,
- 5, 33, 71, 76, 70, 81, 54, 55, 164, 126,
- 76, 47, 48, 49, 183, 63, 64, 65, 66, 67,
- 68, -1, -1, 53, -1, -1, -1, -1, -1, -1,
- -1, 79, 54, 55, 56, 57, 58, 59, 60, 61,
- 62, 63, 64, 65, 66, 67, 68, 54, 55, -1,
- -1, -1, -1, 54, 55, 77, 63, 64, 65, 66,
- 67, 68, 63, 64, 65, 66, 67, 68, 54, 55,
- 77, -1, -1, -1, 54, 55, 77, 63, 64, 65,
- 66, 67, 68, 63, 64, 65, 66, 67, 68, 54,
- 55, 77, -1, -1, -1, 54, 55, 77, 63, 64,
- 65, 66, 67, 68, 63, 64, 65, 66, 67, 68,
- 54, 55, 77, -1, -1, -1, 54, 55, 77, 63,
- 64, 65, 66, 67, 68, 63, 64, 65, 66, 67,
- 68, -1, -1, 77, -1, -1, -1, -1, -1, 77,
- 54, 55, 56, 57, 58, 59, 60, 61, 62, 63,
- 64, 65, 66, 67, 68
+ 103, 104, 105, 106, 107, 108, 109, 110, 111, 10,
+ 11, 12, 13, 116, 76, 16, 119, 67, 68, 52,
+ 53, 50, 51, 82, 83, 26, 27, 28, 29, 77,
+ 78, 32, 82, 83, 35, 6, 74, 38, 39, 40,
+ 41, 42, 43, 65, 66, 67, 68, 44, 45, 50,
+ 51, 21, 22, 23, 24, 52, 53, 3, 4, 5,
+ 82, 83, 0, 1, 7, 3, 4, 5, 69, 70,
+ 10, 10, 74, 12, 13, 76, 73, 16, 8, 182,
+ 77, 18, 19, 20, 77, 78, 189, 26, 27, 28,
+ 29, 75, 199, 11, 197, 202, 47, 48, 49, 38,
+ 39, 40, 41, 42, 43, 74, 73, 75, 80, 56,
+ 10, 76, 12, 13, 76, 76, 16, 10, 76, 12,
+ 13, 76, 76, 16, 34, 20, 26, 27, 18, 33,
+ 30, 70, 76, 26, 27, 18, 53, 76, 38, 39,
+ 40, 41, 42, 43, 76, 38, 39, 40, 41, 42,
+ 43, 54, 55, 56, 57, 58, 59, 60, 61, 62,
+ 63, 64, 65, 66, 67, 68, 74, 79, 77, 74,
+ 70, 3, 25, 33, 77, 76, 76, 70, 76, 82,
+ 83, 187, 71, 76, 54, 55, 56, 57, 58, 59,
+ 60, 61, 62, 63, 64, 65, 66, 67, 68, 128,
+ -1, 53, 168, -1, -1, 54, 55, -1, -1, -1,
+ -1, -1, 82, 83, 63, 64, 65, 66, 67, 68,
+ -1, -1, -1, -1, -1, -1, 54, 55, -1, -1,
+ -1, -1, 81, 82, 83, 63, 64, 65, 66, 67,
+ 68, -1, -1, -1, -1, -1, -1, 54, 55, 77,
+ -1, -1, -1, -1, 82, 83, 63, 64, 65, 66,
+ 67, 68, -1, -1, -1, -1, -1, -1, 54, 55,
+ 77, -1, -1, -1, -1, 82, 83, 63, 64, 65,
+ 66, 67, 68, -1, -1, -1, -1, -1, -1, 54,
+ 55, 77, -1, -1, -1, -1, 82, 83, 63, 64,
+ 65, 66, 67, 68, -1, -1, -1, -1, -1, -1,
+ 54, 55, 77, -1, -1, -1, -1, 82, 83, 63,
+ 64, 65, 66, 67, 68, -1, -1, -1, -1, -1,
+ -1, 54, 55, 77, -1, -1, -1, -1, 82, 83,
+ 63, 64, 65, 66, 67, 68, -1, -1, -1, -1,
+ -1, -1, 54, 55, 77, -1, -1, -1, -1, 82,
+ 83, 63, 64, 65, 66, 67, 68, -1, -1, -1,
+ -1, -1, -1, 54, 55, 77, -1, -1, -1, -1,
+ 82, 83, 63, 64, 65, 66, 67, 68, -1, -1,
+ -1, -1, -1, -1, 54, 55, -1, -1, 79, -1,
+ -1, 82, 83, 63, 64, 65, 66, 67, 68, -1,
+ -1, -1, -1, -1, -1, 54, 55, 77, -1, -1,
+ -1, -1, 82, 83, 63, 64, 65, 66, 67, 68,
+ 63, 64, 65, 66, 67, 68, -1, -1, -1, -1,
+ -1, -1, -1, 82, 83, -1, -1, -1, -1, 82,
+ 83
};
/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
symbol of state STATE-NUM. */
static const yytype_uint8 yystos[] =
{
- 0, 83, 0, 1, 84, 88, 71, 84, 3, 4,
- 5, 89, 10, 74, 90, 10, 91, 72, 10, 6,
- 85, 74, 7, 86, 10, 92, 93, 74, 8, 87,
- 75, 93, 11, 94, 95, 74, 73, 16, 18, 50,
- 51, 75, 95, 10, 11, 12, 13, 16, 26, 27,
+ 0, 85, 0, 1, 86, 90, 71, 86, 3, 4,
+ 5, 91, 10, 74, 92, 10, 93, 72, 10, 6,
+ 87, 74, 7, 88, 10, 94, 95, 74, 8, 89,
+ 75, 95, 11, 96, 97, 74, 73, 16, 18, 50,
+ 51, 75, 97, 10, 11, 12, 13, 16, 26, 27,
28, 29, 32, 35, 38, 39, 40, 41, 42, 43,
- 50, 51, 69, 70, 76, 98, 107, 108, 109, 18,
+ 50, 51, 69, 70, 76, 100, 109, 110, 111, 18,
19, 20, 44, 45, 25, 33, 80, 56, 10, 76,
- 107, 108, 76, 76, 76, 76, 76, 76, 98, 108,
- 98, 108, 52, 53, 34, 54, 55, 56, 57, 58,
+ 109, 110, 76, 76, 76, 76, 76, 76, 100, 110,
+ 100, 110, 52, 53, 34, 54, 55, 56, 57, 58,
59, 60, 61, 62, 63, 64, 65, 66, 67, 68,
- 96, 96, 20, 18, 30, 108, 37, 76, 106, 108,
- 47, 48, 49, 110, 108, 10, 34, 108, 108, 108,
- 108, 108, 108, 77, 77, 98, 98, 36, 76, 103,
- 108, 108, 108, 108, 108, 108, 108, 108, 108, 108,
- 108, 108, 108, 108, 108, 21, 22, 23, 24, 97,
- 108, 76, 108, 81, 33, 103, 77, 77, 77, 77,
- 77, 77, 11, 14, 104, 105, 18, 79, 76, 101,
- 106, 74, 77, 78, 77, 79, 102, 108, 74, 100,
- 105, 108, 77, 78, 99, 76, 77, 108, 76, 98,
- 98, 77, 77
+ 82, 83, 98, 98, 20, 18, 30, 110, 37, 76,
+ 108, 110, 47, 48, 49, 112, 110, 10, 34, 110,
+ 110, 110, 110, 110, 110, 77, 77, 100, 100, 36,
+ 76, 105, 110, 110, 110, 110, 110, 110, 110, 110,
+ 110, 110, 110, 110, 110, 110, 110, 110, 110, 21,
+ 22, 23, 24, 99, 110, 76, 110, 81, 33, 105,
+ 77, 77, 77, 77, 77, 77, 11, 14, 106, 107,
+ 18, 79, 76, 103, 108, 74, 77, 78, 77, 79,
+ 104, 110, 74, 102, 107, 110, 77, 78, 101, 76,
+ 77, 110, 76, 100, 100, 77, 77
};
#define yyerrok (yyerrstatus = 0)
@@ -2455,37 +2482,47 @@ yyreduce:
case 94:
#line 676 "grammar.y"
- { (yyval.term) = reduce_term(yyscanner, TERM_TYPE_BITWISE_AND, (yyvsp[(1) - (3)].term), (yyvsp[(3) - (3)].term), NULL); }
+ { (yyval.term) = reduce_term(yyscanner, TERM_TYPE_MOD, (yyvsp[(1) - (3)].term), (yyvsp[(3) - (3)].term), NULL); }
break;
case 95:
#line 677 "grammar.y"
- { (yyval.term) = reduce_term(yyscanner, TERM_TYPE_BITWISE_OR, (yyvsp[(1) - (3)].term), (yyvsp[(3) - (3)].term), NULL); }
+ { (yyval.term) = reduce_term(yyscanner, TERM_TYPE_BITWISE_XOR, (yyvsp[(1) - (3)].term), (yyvsp[(3) - (3)].term), NULL); }
break;
case 96:
#line 678 "grammar.y"
- { (yyval.term) = reduce_term(yyscanner, TERM_TYPE_BITWISE_NOT, (yyvsp[(2) - (2)].term), NULL, NULL); }
+ { (yyval.term) = reduce_term(yyscanner, TERM_TYPE_BITWISE_AND, (yyvsp[(1) - (3)].term), (yyvsp[(3) - (3)].term), NULL); }
break;
case 97:
#line 679 "grammar.y"
- { (yyval.term) = reduce_term(yyscanner, TERM_TYPE_SHIFT_LEFT, (yyvsp[(1) - (3)].term), (yyvsp[(3) - (3)].term), NULL); }
+ { (yyval.term) = reduce_term(yyscanner, TERM_TYPE_BITWISE_OR, (yyvsp[(1) - (3)].term), (yyvsp[(3) - (3)].term), NULL); }
break;
case 98:
#line 680 "grammar.y"
- { (yyval.term) = reduce_term(yyscanner, TERM_TYPE_SHIFT_RIGHT, (yyvsp[(1) - (3)].term), (yyvsp[(3) - (3)].term), NULL); }
+ { (yyval.term) = reduce_term(yyscanner, TERM_TYPE_BITWISE_NOT, (yyvsp[(2) - (2)].term), NULL, NULL); }
+ break;
+
+ case 99:
+#line 681 "grammar.y"
+ { (yyval.term) = reduce_term(yyscanner, TERM_TYPE_SHIFT_LEFT, (yyvsp[(1) - (3)].term), (yyvsp[(3) - (3)].term), NULL); }
break;
case 100:
-#line 684 "grammar.y"
+#line 682 "grammar.y"
+ { (yyval.term) = reduce_term(yyscanner, TERM_TYPE_SHIFT_RIGHT, (yyvsp[(1) - (3)].term), (yyvsp[(3) - (3)].term), NULL); }
+ break;
+
+ case 102:
+#line 686 "grammar.y"
{ (yyval.term) = reduce_constant(yyscanner, (yyvsp[(1) - (1)].integer)); }
break;
/* Line 1267 of yacc.c. */
-#line 2489 "grammar.c"
+#line 2526 "grammar.c"
default: break;
}
YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
@@ -2699,7 +2736,7 @@ yyreturn:
}
-#line 692 "grammar.y"
+#line 694 "grammar.y"
diff --git a/libyara/grammar.y b/libyara/grammar.y
index 1a6f059..d33abfa 100644
--- a/libyara/grammar.y
+++ b/libyara/grammar.y
@@ -673,6 +673,8 @@ expression : _SIZE_ { $$ = reduce_filesize(yyscanner
| expression '-' expression { $$ = reduce_term(yyscanner, TERM_TYPE_SUB, $1, $3, NULL); }
| expression '*' expression { $$ = reduce_term(yyscanner, TERM_TYPE_MUL, $1, $3, NULL); }
| expression '\\' expression { $$ = reduce_term(yyscanner, TERM_TYPE_DIV, $1, $3, NULL); }
+ | expression '%' expression { $$ = reduce_term(yyscanner, TERM_TYPE_MOD, $1, $3, NULL); }
+ | expression '^' expression { $$ = reduce_term(yyscanner, TERM_TYPE_BITWISE_XOR, $1, $3, NULL); }
| expression '&' expression { $$ = reduce_term(yyscanner, TERM_TYPE_BITWISE_AND, $1, $3, NULL); }
| expression '|' expression { $$ = reduce_term(yyscanner, TERM_TYPE_BITWISE_OR, $1, $3, NULL); }
| '~' expression { $$ = reduce_term(yyscanner, TERM_TYPE_BITWISE_NOT, $2, NULL, NULL); }
diff --git a/yara-python/tests.py b/yara-python/tests.py
index b2d44c8..2cbc1fc 100644
--- a/yara-python/tests.py
+++ b/yara-python/tests.py
@@ -97,21 +97,25 @@ class TestYara(unittest.TestCase):
def testArithmeticOperators(self):
self.assertTrueRules([
- 'rule test { condition: (1 + 1) * 2 == (9 - 1) \ 2 }'
+ 'rule test { condition: (1 + 1) * 2 == (9 - 1) \ 2 }',
+ 'rule test { condition: 5 % 2 == 1 }'
])
def testBitwiseOperators(self):
self.assertTrueRules([
'rule test { condition: 0x55 | 0xAA == 0xFF }',
+ 'rule test { condition: 0x55 ^ 0x5A == 0x0F }',
'rule test { condition: ~0x55 & 0xFF == 0xAA }',
'rule test { condition: 8 >> 2 == 2 }',
- 'rule test { condition: 1 << 3 == 8 }'
+ 'rule test { condition: 1 << 3 == 8 }',
+
])
def testStrings(self):
self.assertTrueRules([
+ 'rule test { strings: $a = "a" condition: $a }',
'rule test { strings: $a = "abc" condition: $a }',
'rule test { strings: $a = "xyz" condition: $a }',
'rule test { strings: $a = "abc" wide nocase fullword condition: $a }',
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list