[Forensics-changes] [yara] 89/135: Implement iteration macros
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:27:35 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.1.0
in repository yara.
commit 6d1a26bc3c46ca6b7116a9285384f157df2878a0
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Mon Aug 11 12:48:53 2014 +0200
Implement iteration macros
---
libyara/include/yara/rules.h | 19 +++++++++++++
yara-python/yara-python.c | 52 ++++++++++-----------------------
yara.c | 68 +++++++++++++-------------------------------
3 files changed, 54 insertions(+), 85 deletions(-)
diff --git a/libyara/include/yara/rules.h b/libyara/include/yara/rules.h
index a2edf73..c07be12 100644
--- a/libyara/include/yara/rules.h
+++ b/libyara/include/yara/rules.h
@@ -31,6 +31,25 @@ limitations under the License.
#define CALLBACK_ERROR 2
+#define yr_rule_tags_foreach(rule, tag_name) \
+ for (tag_name = rule->tags; \
+ tag_name != NULL && *tag_name != '\0'; \
+ tag_name += strlen(tag_name) + 1)
+
+
+#define yr_rule_metas_foreach(rule, meta) \
+ for (meta = rule->metas; !META_IS_NULL(meta); meta++)
+
+
+#define yr_rule_strings_foreach(rule, string) \
+ for (string = rule->strings; !STRING_IS_NULL(string); string++)
+
+
+#define yr_string_matches_foreach(string, match) \
+ for (match = STRING_MATCHES(string).head; match != NULL; match = match->next)
+
+
+
int yr_rules_scan_mem(
YR_RULES* rules,
uint8_t* buffer,
diff --git a/yara-python/yara-python.c b/yara-python/yara-python.c
index f204365..3192f59 100644
--- a/yara-python/yara-python.c
+++ b/yara-python/yara-python.c
@@ -305,8 +305,7 @@ int yara_callback(
YR_RULE* rule;
YR_MODULE_IMPORT* module_import;
- char* tag_name;
- size_t tag_length;
+ const char* tag;
PyObject* tag_list = NULL;
PyObject* string_list = NULL;
@@ -385,22 +384,14 @@ int yara_callback(
return CALLBACK_ERROR;
}
- tag_name = rule->tags;
- tag_length = tag_name != NULL ? strlen(tag_name) : 0;
-
- while (tag_length > 0)
+ yr_rule_tags_foreach(rule, tag)
{
- object = PY_STRING(tag_name);
+ object = PY_STRING(tag);
PyList_Append(tag_list, object);
Py_DECREF(object);
-
- tag_name += tag_length + 1;
- tag_length = strlen(tag_name);
}
- meta = rule->metas;
-
- while(!META_IS_NULL(meta))
+ yr_rule_metas_foreach(rule, meta)
{
if (meta->type == META_TYPE_INTEGER)
object = Py_BuildValue("I", meta->integer);
@@ -411,38 +402,25 @@ int yara_callback(
PyDict_SetItemString(meta_list, meta->identifier, object);
Py_DECREF(object);
-
- meta++;
}
- string = rule->strings;
-
- while (!STRING_IS_NULL(string))
+ yr_rule_strings_foreach(rule, string)
{
- if (STRING_FOUND(string))
+ yr_string_matches_foreach(string, m)
{
- m = STRING_MATCHES(string).head;
+ object = PyBytes_FromStringAndSize((char*) m->data, m->length);
- while (m != NULL)
- {
- object = PyBytes_FromStringAndSize((char*) m->data, m->length);
-
- tuple = Py_BuildValue(
- "(L,s,O)",
- m->offset,
- string->identifier,
- object);
-
- PyList_Append(string_list, tuple);
+ tuple = Py_BuildValue(
+ "(L,s,O)",
+ m->offset,
+ string->identifier,
+ object);
- Py_DECREF(object);
- Py_DECREF(tuple);
+ PyList_Append(string_list, tuple);
- m = m->next;
- }
+ Py_DECREF(object);
+ Py_DECREF(tuple);
}
-
- string++;
}
if (message == CALLBACK_MSG_RULE_MATCHING)
diff --git a/yara.c b/yara.c
index fa40d6e..e9afe1c 100644
--- a/yara.c
+++ b/yara.c
@@ -453,9 +453,8 @@ int handle_message(int message, YR_RULE* rule, void* data)
YR_META* meta;
const char* tag_name;
- size_t tag_length;
+
int is_matching;
- int string_found;
int show = TRUE;
if (show_specified_tags)
@@ -465,19 +464,13 @@ int handle_message(int message, YR_RULE* rule, void* data)
while (tag != NULL)
{
- tag_name = rule->tags;
- tag_length = tag_name != NULL ? strlen(tag_name) : 0;
-
- while (tag_length > 0)
+ yr_rule_tags_foreach(rule, tag_name)
{
if (strcmp(tag_name, tag->identifier) == 0)
{
show = TRUE;
break;
}
-
- tag_name += tag_length + 1;
- tag_length = strlen(tag_name);
}
tag = tag->next;
@@ -514,17 +507,13 @@ int handle_message(int message, YR_RULE* rule, void* data)
{
printf("[");
- tag_name = rule->tags;
- tag_length = tag_name != NULL ? strlen(tag_name) : 0;
-
- while (tag_length > 0)
+ yr_rule_tags_foreach(rule, tag_name)
{
- printf("%s", tag_name);
- tag_name += tag_length + 1;
- tag_length = strlen(tag_name);
-
- if (tag_length > 0)
+ // print a comma except for the first tag
+ if (tag_name != rule->tags)
printf(",");
+
+ printf("%s", tag_name);
}
printf("] ");
@@ -534,23 +523,19 @@ int handle_message(int message, YR_RULE* rule, void* data)
if (show_meta)
{
- meta = rule->metas;
-
printf("[");
- while(!META_IS_NULL(meta))
+ yr_rule_metas_foreach(rule, meta)
{
+ if (meta != rule->metas)
+ printf(",");
+
if (meta->type == META_TYPE_INTEGER)
printf("%s=%d", meta->identifier, meta->integer);
else if (meta->type == META_TYPE_BOOLEAN)
printf("%s=%s", meta->identifier, meta->integer ? "true" : "false");
else
printf("%s=\"%s\"", meta->identifier, meta->string);
-
- meta++;
-
- if (!META_IS_NULL(meta))
- printf(",");
}
printf("] ");
@@ -562,32 +547,19 @@ int handle_message(int message, YR_RULE* rule, void* data)
if (show_strings)
{
- string = rule->strings;
-
- while (!STRING_IS_NULL(string))
+ yr_rule_strings_foreach(rule, string)
{
- string_found = STRING_FOUND(string);
-
- if (string_found)
+ yr_string_matches_foreach(string, match)
{
- match = STRING_MATCHES(string).head;
+ printf("0x%" PRIx64 ":%s: ",
+ match->base + match->offset,
+ string->identifier);
- while (match != NULL)
- {
- printf("0x%" PRIx64 ":%s: ",
- match->base + match->offset,
- string->identifier);
-
- if (STRING_IS_HEX(string))
- print_hex_string(match->data, match->length);
- else
- print_string(match->data, match->length);
-
- match = match->next;
- }
+ if (STRING_IS_HEX(string))
+ print_hex_string(match->data, match->length);
+ else
+ print_string(match->data, match->length);
}
-
- string++;
}
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list