[Forensics-changes] [yara] 167/415: Implemented external variable definition for already compiled rules
Hilko Bengen
bengen at moszumanska.debian.org
Thu Apr 3 05:43:01 UTC 2014
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to branch debian
in repository yara.
commit 2d24a626f0edcecdd7d8f34aee20d48a230aafb4
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Thu May 30 09:15:30 2013 +0000
Implemented external variable definition for already compiled rules
---
libyara/compiler.c | 2 +-
libyara/exec.c | 3 ++-
libyara/parser.c | 2 +-
libyara/rules.c | 52 +++++++++++++++++++++++++++++++++++++++++++++++
libyara/yara.h | 11 +++++-----
yara-python/yara-python.c | 40 ++++++++++++++++++++++++++++++++++++
yara.c | 30 ++++++++++++++++++++++++++-
7 files changed, 131 insertions(+), 9 deletions(-)
diff --git a/libyara/compiler.c b/libyara/compiler.c
index 08d2cc9..88d3996 100644
--- a/libyara/compiler.c
+++ b/libyara/compiler.c
@@ -593,7 +593,7 @@ int yr_compiler_define_string_variable(
if (result == ERROR_SUCCESS)
{
- external->type = EXTERNAL_VARIABLE_TYPE_STRING;
+ external->type = EXTERNAL_VARIABLE_TYPE_FIXED_STRING;
external->identifier = id;
external->integer = 0;
external->string = val;
diff --git a/libyara/exec.c b/libyara/exec.c
index 9d47906..c78cb36 100644
--- a/libyara/exec.c
+++ b/libyara/exec.c
@@ -344,7 +344,8 @@ int yr_execute_code(
case EXT_BOOL:
external = *(EXTERNAL_VARIABLE**)(ip + 1);
ip += sizeof(uint64_t);
- if (external->type == EXTERNAL_VARIABLE_TYPE_STRING)
+ if (external->type == EXTERNAL_VARIABLE_TYPE_FIXED_STRING ||
+ external->type == EXTERNAL_VARIABLE_TYPE_MALLOC_STRING)
push(strlen(external->string) > 0);
else
push(external->integer);
diff --git a/libyara/parser.c b/libyara/parser.c
index 148b5a0..145bf46 100644
--- a/libyara/parser.c
+++ b/libyara/parser.c
@@ -742,7 +742,7 @@ int reduce_external(
NULL);
}
else if (instruction == EXT_STR &&
- external->type == EXTERNAL_VARIABLE_TYPE_STRING)
+ external->type == EXTERNAL_VARIABLE_TYPE_FIXED_STRING)
{
compiler->last_result = emit_with_arg_reloc(
yyscanner,
diff --git a/libyara/rules.c b/libyara/rules.c
index d564695..3fe1c1b 100644
--- a/libyara/rules.c
+++ b/libyara/rules.c
@@ -485,6 +485,19 @@ int yr_rules_define_integer_variable(
{
EXTERNAL_VARIABLE* external;
+ external = rules->externals_list_head;
+
+ while (!EXTERNAL_VARIABLE_IS_NULL(external))
+ {
+ if (strcmp(external->identifier, identifier) == 0)
+ {
+ external->integer = value;
+ break;
+ }
+
+ external++;
+ }
+
return ERROR_SUCCESS;
}
@@ -496,6 +509,19 @@ int yr_rules_define_boolean_variable(
{
EXTERNAL_VARIABLE* external;
+ external = rules->externals_list_head;
+
+ while (!EXTERNAL_VARIABLE_IS_NULL(external))
+ {
+ if (strcmp(external->identifier, identifier) == 0)
+ {
+ external->integer = value;
+ break;
+ }
+
+ external++;
+ }
+
return ERROR_SUCCESS;
}
@@ -507,6 +533,20 @@ int yr_rules_define_string_variable(
{
EXTERNAL_VARIABLE* external;
+ external = rules->externals_list_head;
+
+ while (!EXTERNAL_VARIABLE_IS_NULL(external))
+ {
+ if (strcmp(external->identifier, identifier) == 0)
+ {
+ external->type = EXTERNAL_VARIABLE_TYPE_MALLOC_STRING;
+ external->string = yr_strdup(value);
+ break;
+ }
+
+ external++;
+ }
+
return ERROR_SUCCESS;
}
@@ -866,6 +906,18 @@ int yr_rules_load(
int yr_rules_destroy(
YARA_RULES* rules)
{
+ EXTERNAL_VARIABLE* external;
+
+ external = rules->externals_list_head;
+
+ while (!EXTERNAL_VARIABLE_IS_NULL(external))
+ {
+ if (external->type == EXTERNAL_VARIABLE_TYPE_MALLOC_STRING)
+ yr_free(external->string);
+
+ external++;
+ }
+
yr_rules_free_matches(rules);
yr_arena_destroy(rules->arena);
yr_free(rules);
diff --git a/libyara/yara.h b/libyara/yara.h
index 63832cd..020aef0 100644
--- a/libyara/yara.h
+++ b/libyara/yara.h
@@ -108,11 +108,12 @@ limitations under the License.
#define META_IS_NULL(x) \
((x) != NULL ? (x)->type == META_TYPE_NULL : TRUE)
-#define EXTERNAL_VARIABLE_TYPE_NULL 0
-#define EXTERNAL_VARIABLE_TYPE_ANY 1
-#define EXTERNAL_VARIABLE_TYPE_INTEGER 2
-#define EXTERNAL_VARIABLE_TYPE_STRING 3
-#define EXTERNAL_VARIABLE_TYPE_BOOLEAN 4
+#define EXTERNAL_VARIABLE_TYPE_NULL 0
+#define EXTERNAL_VARIABLE_TYPE_ANY 1
+#define EXTERNAL_VARIABLE_TYPE_INTEGER 2
+#define EXTERNAL_VARIABLE_TYPE_BOOLEAN 3
+#define EXTERNAL_VARIABLE_TYPE_FIXED_STRING 4
+#define EXTERNAL_VARIABLE_TYPE_MALLOC_STRING 5
#define EXTERNAL_VARIABLE_IS_NULL(x) \
((x) != NULL ? (x)->type == EXTERNAL_VARIABLE_TYPE_NULL : TRUE)
diff --git a/yara-python/yara-python.c b/yara-python/yara-python.c
index 0cfcdcc..fb9c6f9 100644
--- a/yara-python/yara-python.c
+++ b/yara-python/yara-python.c
@@ -513,6 +513,46 @@ int process_match_externals(
PyObject* externals,
YARA_RULES* rules)
{
+ PyObject *key, *value;
+ Py_ssize_t pos = 0;
+
+ char* identifier = NULL;
+
+ while (PyDict_Next(externals, &pos, &key, &value))
+ {
+ identifier = PY_STRING_TO_C(key);
+
+ if (PyBool_Check(value))
+ {
+ yr_rules_define_boolean_variable(
+ rules,
+ identifier,
+ PyObject_IsTrue(value));
+ }
+#if PY_MAJOR_VERSION >= 3
+ else if (PyLong_Check(value))
+#else
+ else if (PyLong_Check(value) || PyInt_Check(value))
+#endif
+ {
+ yr_rules_define_integer_variable(
+ rules,
+ identifier,
+ PyLong_AsLong(value));
+ }
+ else if (PY_STRING_CHECK(value))
+ {
+ yr_rules_define_string_variable(
+ rules,
+ identifier,
+ PY_STRING_TO_C(value));
+ }
+ else
+ {
+ return FALSE;
+ }
+ }
+
return TRUE;
}
diff --git a/yara.c b/yara.c
index cfc85b1..b36545e 100644
--- a/yara.c
+++ b/yara.c
@@ -668,7 +668,35 @@ int main(
if (yr_rules_load(argv[optind], &rules) == ERROR_SUCCESS)
{
- // TODO: redefine external variables
+ external = externals_list;
+
+ while (external != NULL)
+ {
+ switch (external->type)
+ {
+ case EXTERNAL_TYPE_INTEGER:
+ yr_rules_define_integer_variable(
+ rules,
+ external->name,
+ external->integer);
+ break;
+
+ case EXTERNAL_TYPE_BOOLEAN:
+ yr_rules_define_boolean_variable(
+ rules,
+ external->name,
+ external->boolean);
+ break;
+
+ case EXTERNAL_TYPE_STRING:
+ yr_rules_define_string_variable(
+ rules,
+ external->name,
+ external->string);
+ break;
+ }
+ external = external->next;
+ }
}
else
{
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list