[Forensics-changes] [yara] 114/407: Issue warning on regular expressions containing .*

Hilko Bengen bengen at moszumanska.debian.org
Sat Jul 1 10:28:16 UTC 2017 

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to annotated tag v3.3.0
in repository yara.

commit f9fbd866c2dceb0475b23482ef85d8316ff119ae
Author: Victor M. Alvarez <plusvic at gmail.com>
Date:   Wed Oct 15 11:47:31 2014 +0200

    Issue warning on regular expressions containing .*
---
 libyara/include/yara/re.h |  4 ++++
 libyara/parser.c          | 11 +++++++++++
 libyara/re.c              | 23 +++++++++++++++++++++++
 3 files changed, 38 insertions(+)

diff --git a/libyara/include/yara/re.h b/libyara/include/yara/re.h
index ad1ee15..d7cc915 100644
--- a/libyara/include/yara/re.h
+++ b/libyara/include/yara/re.h
@@ -189,6 +189,10 @@ SIZED_STRING* yr_re_extract_literal(
     RE* re);
 
 
+int yr_re_contains_dot_star(
+    RE* re);
+
+
 int yr_re_split_at_chaining_point(
     RE* re,
     RE** result_re,
diff --git a/libyara/parser.c b/libyara/parser.c
index 7802a64..99cb882 100644
--- a/libyara/parser.c
+++ b/libyara/parser.c
@@ -485,6 +485,17 @@ YR_STRING* yr_parser_reduce_string_declaration(
     if (re->flags & RE_FLAGS_FAST_HEX_REGEXP)
       string_flags |= STRING_GFLAGS_FAST_HEX_REGEXP;
 
+    if (yr_re_contains_dot_star(re))
+    {
+      snprintf(
+        message,
+        sizeof(message),
+        "%s contains .*, consider using .{N} with a reasonable value for N",
+        identifier);
+
+        yywarning(yyscanner, message);
+    }
+
     compiler->last_result = yr_re_split_at_chaining_point(
         re, &re, &remainder_re, &min_gap, &max_gap);
 
diff --git a/libyara/re.c b/libyara/re.c
index c1382f1..f418e87 100644
--- a/libyara/re.c
+++ b/libyara/re.c
@@ -416,6 +416,29 @@ SIZED_STRING* yr_re_extract_literal(
 }
 
 
+int _yr_re_node_contains_dot_star(
+    RE_NODE* re_node)
+{
+  if (re_node->type == RE_NODE_STAR && re_node->left->type == RE_NODE_ANY)
+    return TRUE;
+
+  if (re_node->left != NULL && _yr_re_node_contains_dot_star(re_node->left))
+    return TRUE;
+
+  if (re_node->right != NULL && _yr_re_node_contains_dot_star(re_node->right))
+    return TRUE;
+
+  return FALSE;
+}
+
+
+int yr_re_contains_dot_star(
+    RE* re)
+{
+  return _yr_re_node_contains_dot_star(re->root_node);
+}
+
+
 int yr_re_split_at_chaining_point(
     RE* re,
     RE** result_re,

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git

More information about the forensics-changes mailing list