[Forensics-changes] [yara] 60/368: Escape special characters when printing metadata strings
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:30:11 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.5.0
in repository yara.
commit c3e7487738489939213ef82d488c628430bf828e
Author: Victor Manuel Alvarez <vmalvarez at virustotal.com>
Date: Tue Sep 22 12:06:03 2015 +0200
Escape special characters when printing metadata strings
---
yara.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 49 insertions(+), 2 deletions(-)
diff --git a/yara.c b/yara.c
index 890e7a0..1f353cc 100644
--- a/yara.c
+++ b/yara.c
@@ -402,6 +402,45 @@ void print_string(
}
+static char cescapes[] =
+{
+ 0 , 0 , 0 , 0 , 0 , 0 , 0 , 'a',
+ 'b', 't', 'n', 'v', 'f', 'r', 0 , 0 ,
+ 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 ,
+ 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 ,
+};
+
+
+void print_escaped(
+ uint8_t* data,
+ int length)
+{
+ int i;
+
+ for (i = 0; i < length; i++)
+ {
+ switch (data[i])
+ {
+ case '\"':
+ case '\'':
+ case '\\':
+ printf("\\%c", data[i]);
+ break;
+
+ default:
+ if (data[i] >= 127)
+ printf("\\%03o", data[i]);
+ else if (data[i] >= 32)
+ putchar(data[i]);
+ else if (cescapes[data[i]] != 0)
+ printf("\\%c", cescapes[data[i]]);
+ else
+ printf("\\%03o", data[i]);
+ }
+ }
+}
+
+
void print_hex_string(
uint8_t* data,
int length)
@@ -551,11 +590,19 @@ int handle_message(int message, YR_RULE* rule, void* data)
printf(",");
if (meta->type == META_TYPE_INTEGER)
+ {
printf("%s=%" PRId64, meta->identifier, meta->integer);
+ }
else if (meta->type == META_TYPE_BOOLEAN)
+ {
printf("%s=%s", meta->identifier, meta->integer ? "true" : "false");
- else
- printf("%s=\"%s\"", meta->identifier, meta->string);
+ }
+ else
+ {
+ printf("%s=\"", meta->identifier);
+ print_escaped((uint8_t*) (meta->string), strlen(meta->string));
+ putchar('"');
+ }
}
printf("] ");
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list