[Forensics-changes] [yara] 400/407: Implement float external variables
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:28:49 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.3.0
in repository yara.
commit e55f989a7ff677a203d2e0a8a980bfbf753b1783
Author: Victor Manuel Alvarez <vmalvarez at virustotal.com>
Date: Tue Feb 10 00:11:31 2015 +0100
Implement float external variables
---
docs/capi.rst | 4 +++
libyara/compiler.c | 51 +++++++++++++++++++++++++++++++++-----
libyara/include/yara/compiler.h | 6 +++++
libyara/include/yara/rules.h | 6 +++++
libyara/include/yara/types.h | 19 ++++++++------
libyara/libyara.sym | 2 ++
libyara/object.c | 13 +++++++---
libyara/rules.c | 38 ++++++++++++++++++++++------
yara-python/tests.py | 9 +++++++
yara-python/yara-python.c | 30 ++++++++++++++++++----
yara.c | 55 +++++++++++++++++++++++++++++++++++++----
11 files changed, 200 insertions(+), 33 deletions(-)
diff --git a/docs/capi.rst b/docs/capi.rst
index 87b15ab..0ab97df 100644
--- a/docs/capi.rst
+++ b/docs/capi.rst
@@ -327,6 +327,10 @@ Functions
Defines an integer external variable.
+.. c:function:: int yr_compiler_define_float_variable(YR_COMPILER* compiler, const char* identifier, double value)
+
+ Defines a float external variable.
+
.. c:function:: int yr_compiler_define_boolean_variable(YR_COMPILER* compiler, const char* identifier, int value)
Defines a boolean external variable.
diff --git a/libyara/compiler.c b/libyara/compiler.c
index fd7fab1..1af2996 100644
--- a/libyara/compiler.c
+++ b/libyara/compiler.c
@@ -571,13 +571,11 @@ YR_API int yr_compiler_define_integer_variable(
sizeof(YR_EXTERNAL_VARIABLE),
(void**) &external,
offsetof(YR_EXTERNAL_VARIABLE, identifier),
- offsetof(YR_EXTERNAL_VARIABLE, string),
EOL));
external->type = EXTERNAL_VARIABLE_TYPE_INTEGER;
external->identifier = id;
- external->integer = value;
- external->string = NULL;
+ external->value.i = value;
FAIL_ON_COMPILER_ERROR(yr_object_from_external_variable(
external,
@@ -605,6 +603,48 @@ YR_API int yr_compiler_define_boolean_variable(
}
+YR_API int yr_compiler_define_float_variable(
+ YR_COMPILER* compiler,
+ const char* identifier,
+ double value)
+{
+ YR_EXTERNAL_VARIABLE* external;
+ YR_OBJECT* object;
+
+ char* id;
+
+ compiler->last_result = ERROR_SUCCESS;
+
+ FAIL_ON_COMPILER_ERROR(yr_arena_write_string(
+ compiler->sz_arena,
+ identifier,
+ &id));
+
+ FAIL_ON_COMPILER_ERROR(yr_arena_allocate_struct(
+ compiler->externals_arena,
+ sizeof(YR_EXTERNAL_VARIABLE),
+ (void**) &external,
+ offsetof(YR_EXTERNAL_VARIABLE, identifier),
+ EOL));
+
+ external->type = EXTERNAL_VARIABLE_TYPE_FLOAT;
+ external->identifier = id;
+ external->value.f = value;
+
+ FAIL_ON_COMPILER_ERROR(yr_object_from_external_variable(
+ external,
+ &object));
+
+ FAIL_ON_COMPILER_ERROR(yr_hash_table_add(
+ compiler->objects_table,
+ external->identifier,
+ NULL,
+ (void*) object));
+
+ return ERROR_SUCCESS;
+}
+
+
YR_API int yr_compiler_define_string_variable(
YR_COMPILER* compiler,
const char* identifier,
@@ -633,13 +673,12 @@ YR_API int yr_compiler_define_string_variable(
sizeof(YR_EXTERNAL_VARIABLE),
(void**) &external,
offsetof(YR_EXTERNAL_VARIABLE, identifier),
- offsetof(YR_EXTERNAL_VARIABLE, string),
+ offsetof(YR_EXTERNAL_VARIABLE, value.s),
EOL));
external->type = EXTERNAL_VARIABLE_TYPE_STRING;
external->identifier = id;
- external->integer = 0;
- external->string = val;
+ external->value.s = val;
FAIL_ON_COMPILER_ERROR(yr_object_from_external_variable(
external,
diff --git a/libyara/include/yara/compiler.h b/libyara/include/yara/compiler.h
index c413056..eaa20ff 100644
--- a/libyara/include/yara/compiler.h
+++ b/libyara/include/yara/compiler.h
@@ -176,6 +176,12 @@ YR_API int yr_compiler_define_boolean_variable(
int value);
+YR_API int yr_compiler_define_float_variable(
+ YR_COMPILER* compiler,
+ const char* identifier,
+ double value);
+
+
YR_API int yr_compiler_define_string_variable(
YR_COMPILER* compiler,
const char* identifier,
diff --git a/libyara/include/yara/rules.h b/libyara/include/yara/rules.h
index c65f0fd..da069e7 100644
--- a/libyara/include/yara/rules.h
+++ b/libyara/include/yara/rules.h
@@ -109,6 +109,12 @@ YR_API int yr_rules_define_boolean_variable(
int value);
+YR_API int yr_rules_define_float_variable(
+ YR_RULES* rules,
+ const char* identifier,
+ double value);
+
+
YR_API int yr_rules_define_string_variable(
YR_RULES* rules,
const char* identifier,
diff --git a/libyara/include/yara/types.h b/libyara/include/yara/types.h
index b5794be..d886265 100644
--- a/libyara/include/yara/types.h
+++ b/libyara/include/yara/types.h
@@ -238,11 +238,12 @@ typedef struct _YR_RULE
} YR_RULE;
-#define EXTERNAL_VARIABLE_TYPE_NULL 0
-#define EXTERNAL_VARIABLE_TYPE_INTEGER 2
-#define EXTERNAL_VARIABLE_TYPE_BOOLEAN 3
-#define EXTERNAL_VARIABLE_TYPE_STRING 4
-#define EXTERNAL_VARIABLE_TYPE_MALLOC_STRING 5
+#define EXTERNAL_VARIABLE_TYPE_NULL 0
+#define EXTERNAL_VARIABLE_TYPE_FLOAT 1
+#define EXTERNAL_VARIABLE_TYPE_INTEGER 2
+#define EXTERNAL_VARIABLE_TYPE_BOOLEAN 3
+#define EXTERNAL_VARIABLE_TYPE_STRING 4
+#define EXTERNAL_VARIABLE_TYPE_MALLOC_STRING 5
#define EXTERNAL_VARIABLE_IS_NULL(x) \
@@ -252,10 +253,14 @@ typedef struct _YR_RULE
typedef struct _YR_EXTERNAL_VARIABLE
{
int32_t type;
- int64_t integer;
+
+ union {
+ int64_t i;
+ double f;
+ char* s;
+ } value;
DECLARE_REFERENCE(char*, identifier);
- DECLARE_REFERENCE(char*, string);
} YR_EXTERNAL_VARIABLE;
diff --git a/libyara/libyara.sym b/libyara/libyara.sym
index 0d624b0..0c45c77 100644
--- a/libyara/libyara.sym
+++ b/libyara/libyara.sym
@@ -15,6 +15,7 @@ yr_compiler_get_error_message
yr_compiler_get_current_file_name
yr_compiler_define_integer_variable
yr_compiler_define_boolean_variable
+yr_compiler_define_float_variable
yr_compiler_define_string_variable
yr_compiler_get_rules
yr_rules_scan_mem
@@ -25,5 +26,6 @@ yr_rules_load
yr_rules_destroy
yr_rules_define_integer_variable
yr_rules_define_boolean_variable
+yr_rules_define_float_variable
yr_rules_define_string_variable
yr_rules_print_profiling_info
\ No newline at end of file
diff --git a/libyara/object.c b/libyara/object.c
index 9bb8323..d4586c9 100644
--- a/libyara/object.c
+++ b/libyara/object.c
@@ -255,6 +255,10 @@ int yr_object_from_external_variable(
obj_type = OBJECT_TYPE_INTEGER;
break;
+ case EXTERNAL_VARIABLE_TYPE_FLOAT:
+ obj_type = OBJECT_TYPE_FLOAT;
+ break;
+
case EXTERNAL_VARIABLE_TYPE_STRING:
case EXTERNAL_VARIABLE_TYPE_MALLOC_STRING:
obj_type = OBJECT_TYPE_STRING;
@@ -276,14 +280,17 @@ int yr_object_from_external_variable(
{
case EXTERNAL_VARIABLE_TYPE_INTEGER:
case EXTERNAL_VARIABLE_TYPE_BOOLEAN:
- yr_object_set_integer(
- external->integer, obj, NULL);
+ yr_object_set_integer(external->value.i, obj, NULL);
+ break;
+
+ case EXTERNAL_VARIABLE_TYPE_FLOAT:
+ yr_object_set_float(external->value.f, obj, NULL);
break;
case EXTERNAL_VARIABLE_TYPE_STRING:
case EXTERNAL_VARIABLE_TYPE_MALLOC_STRING:
yr_object_set_string(
- external->string, strlen(external->string), obj, NULL);
+ external->value.s, strlen(external->value.s), obj, NULL);
break;
}
diff --git a/libyara/rules.c b/libyara/rules.c
index 28a0c07..3b692f9 100644
--- a/libyara/rules.c
+++ b/libyara/rules.c
@@ -73,7 +73,7 @@ YR_API int yr_rules_define_integer_variable(
{
if (strcmp(external->identifier, identifier) == 0)
{
- external->integer = value;
+ external->value.i = value;
break;
}
@@ -97,7 +97,31 @@ YR_API int yr_rules_define_boolean_variable(
{
if (strcmp(external->identifier, identifier) == 0)
{
- external->integer = value;
+ external->value.i = value;
+ break;
+ }
+
+ external++;
+ }
+
+ return ERROR_SUCCESS;
+}
+
+
+YR_API int yr_rules_define_float_variable(
+ YR_RULES* rules,
+ const char* identifier,
+ double value)
+{
+ YR_EXTERNAL_VARIABLE* external;
+
+ external = rules->externals_list_head;
+
+ while (!EXTERNAL_VARIABLE_IS_NULL(external))
+ {
+ if (strcmp(external->identifier, identifier) == 0)
+ {
+ external->value.f = value;
break;
}
@@ -122,15 +146,15 @@ YR_API int yr_rules_define_string_variable(
if (strcmp(external->identifier, identifier) == 0)
{
if (external->type == EXTERNAL_VARIABLE_TYPE_MALLOC_STRING &&
- external->string != NULL)
+ external->value.s != NULL)
{
- yr_free(external->string);
+ yr_free(external->value.s);
}
external->type = EXTERNAL_VARIABLE_TYPE_MALLOC_STRING;
- external->string = yr_strdup(value);
+ external->value.s = yr_strdup(value);
- if (external->string == NULL)
+ if (external->value.s == NULL)
return ERROR_INSUFICIENT_MEMORY;
else
return ERROR_SUCCESS;
@@ -636,7 +660,7 @@ YR_API int yr_rules_destroy(
while (!EXTERNAL_VARIABLE_IS_NULL(external))
{
if (external->type == EXTERNAL_VARIABLE_TYPE_MALLOC_STRING)
- yr_free(external->string);
+ yr_free(external->value.s);
external++;
}
diff --git a/yara-python/tests.py b/yara-python/tests.py
index 91859b6..b5c1d22 100644
--- a/yara-python/tests.py
+++ b/yara-python/tests.py
@@ -694,6 +694,15 @@ class TestYara(unittest.TestCase):
r = yara.compile(source='rule test { condition: ext_int == 15 }', externals={'ext_int': 15})
self.assertTrue(r.match(data='dummy'))
+ r = yara.compile(source='rule test { condition: ext_int == -15}', externals={'ext_int': -15})
+ self.assertTrue(r.match(data='dummy'))
+
+ r = yara.compile(source='rule test { condition: ext_float == 3.14 }', externals={'ext_float': 3.14})
+ self.assertTrue(r.match(data='dummy'))
+
+ r = yara.compile(source='rule test { condition: ext_float == -0.5 }', externals={'ext_float': -0.5})
+ self.assertTrue(r.match(data='dummy'))
+
r = yara.compile(source='rule test { condition: ext_bool }', externals={'ext_bool': True})
self.assertTrue(r.match(data='dummy'))
diff --git a/yara-python/yara-python.c b/yara-python/yara-python.c
index 6368604..20c4f89 100644
--- a/yara-python/yara-python.c
+++ b/yara-python/yara-python.c
@@ -628,6 +628,13 @@ int process_compile_externals(
identifier,
PyLong_AsLong(value));
}
+ else if (PyFloat_Check(value))
+ {
+ yr_compiler_define_float_variable(
+ compiler,
+ identifier,
+ PyFloat_AsDouble(value));
+ }
else if (PY_STRING_CHECK(value))
{
yr_compiler_define_string_variable(
@@ -676,6 +683,13 @@ int process_match_externals(
identifier,
PyLong_AsLong(value));
}
+ else if (PyFloat_Check(value))
+ {
+ yr_rules_define_float_variable(
+ rules,
+ identifier,
+ PyFloat_AsDouble(value));
+ }
else if (PY_STRING_CHECK(value))
{
yr_rules_define_string_variable(
@@ -1034,7 +1048,7 @@ static PyObject * Rules_match(
return PyErr_Format(
PyExc_TypeError,
- "external values must be of type integer, boolean or string");
+ "external values must be of type integer, float, boolean or string");
}
}
else
@@ -1363,7 +1377,7 @@ static PyObject * yara_compile(
yr_compiler_destroy(compiler);
return PyErr_Format(
PyExc_TypeError,
- "external values must be of type integer, boolean or string");
+ "external values must be of type integer, float, boolean or string");
}
}
else
@@ -1569,19 +1583,25 @@ static PyObject * yara_load(
PyDict_SetItemString(
rules->externals,
external->identifier,
- PyBool_FromLong((long) external->integer));
+ PyBool_FromLong((long) external->value.i));
break;
case EXTERNAL_VARIABLE_TYPE_INTEGER:
PyDict_SetItemString(
rules->externals,
external->identifier,
- PyLong_FromLong((long) external->integer));
+ PyLong_FromLong((long) external->value.i));
+ break;
+ case EXTERNAL_VARIABLE_TYPE_FLOAT:
+ PyDict_SetItemString(
+ rules->externals,
+ external->identifier,
+ PyFloat_FromDouble(external->value.f));
break;
case EXTERNAL_VARIABLE_TYPE_STRING:
PyDict_SetItemString(
rules->externals,
external->identifier,
- PY_STRING(external->string));
+ PY_STRING(external->value.s));
break;
}
diff --git a/yara.c b/yara.c
index 75541a9..61fb234 100644
--- a/yara.c
+++ b/yara.c
@@ -676,17 +676,47 @@ void* scanning_thread(void* param)
}
-int is_numeric(
+int is_integer(
const char *str)
{
+ if (*str == '-')
+ str++;
+
while(*str)
{
if (!isdigit(*str))
- return 0;
+ return FALSE;
str++;
}
- return 1;
+ return TRUE;
+}
+
+
+int is_float(
+ const char *str)
+{
+ int point = FALSE;
+
+ if (*str == '-')
+ str++;
+
+ while(*str)
+ {
+ if (*str == '.')
+ {
+ if (point) // two points seen, not a float
+ return FALSE;
+ point = TRUE;
+ }
+ else if (!isdigit(*str))
+ {
+ return FALSE;
+ }
+ str++;
+ }
+
+ return TRUE;
}
@@ -713,7 +743,22 @@ int define_external_variables(
char* identifier = ext_vars[i];
char* value = equal_sign + 1;
- if (is_numeric(value))
+
+ if (is_float(value))
+ {
+ if (rules != NULL)
+ yr_rules_define_float_variable(
+ rules,
+ identifier,
+ atof(value));
+
+ if (compiler != NULL)
+ yr_compiler_define_float_variable(
+ compiler,
+ identifier,
+ atof(value));
+ }
+ else if (is_integer(value))
{
if (rules != NULL)
yr_rules_define_integer_variable(
@@ -935,7 +980,7 @@ int main(
mutex_init(&output_mutex);
- if (is_numeric(argv[1]))
+ if (is_integer(argv[1]))
{
int pid = atoi(argv[1]);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list