[Forensics-changes] [yara] 233/368: Re-styling changes
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:30:43 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.5.0
in repository yara.
commit bd355684861298934c7df5057f420fc394b25dfd
Author: plusvic <plusvic at gmail.com>
Date: Mon Mar 21 16:19:28 2016 +0100
Re-styling changes
---
libyara/exec.c | 4 +--
libyara/include/yara/libyara.h | 13 +++++++---
libyara/libyara.c | 56 ++++++++++++++++++++++++++++--------------
tests/test-rules.c | 54 ++++++++++++++++++++++------------------
tests/util.c | 37 ++++++++++++++++------------
5 files changed, 99 insertions(+), 65 deletions(-)
diff --git a/libyara/exec.c b/libyara/exec.c
index 9899447..61a02a2 100644
--- a/libyara/exec.c
+++ b/libyara/exec.c
@@ -189,9 +189,9 @@ int yr_execute_code(
clock_t start = clock();
#endif
- yr_get_configuration(YR_CONFIG_STACK_SIZE, (void*)&stack_size);
+ yr_get_configuration(YR_CONFIG_STACK_SIZE, (void*) &stack_size);
- stack = (STACK_ITEM *) yr_malloc(stack_size * sizeof(STACK_ITEM));
+ stack = (STACK_ITEM*) yr_malloc(stack_size * sizeof(STACK_ITEM));
if (stack == NULL)
return ERROR_INSUFICIENT_MEMORY;
diff --git a/libyara/include/yara/libyara.h b/libyara/include/yara/libyara.h
index 14932d6..8a352f8 100644
--- a/libyara/include/yara/libyara.h
+++ b/libyara/include/yara/libyara.h
@@ -26,16 +26,21 @@ limitations under the License.
// Version as a string
#define YR_VERSION "3.4.0"
+
// Version as a single 4-byte hex number, e.g. 0x030401 == 3.4.1.
#define YR_VERSION_HEX ((YR_MAJOR_VERSION << 16) | \
(YR_MINOR_VERSION << 8) | \
(YR_MICRO_VERSION << 0))
+
// Enumerated type listing configuration options
-enum yr_cfg_name {
+typedef enum _YR_CONFIG_NAME
+{
YR_CONFIG_STACK_SIZE,
YR_CONFIG_MAX
-};
+
+} YR_CONFIG_NAME;
+
#define DEFAULT_STACK_SIZE 16384
@@ -55,9 +60,9 @@ YR_API int yr_get_tidx(void);
YR_API void yr_set_tidx(int);
-YR_API int yr_set_configuration(enum yr_cfg_name, void *);
+YR_API int yr_set_configuration(YR_CONFIG_NAME, void*);
-YR_API int yr_get_configuration(enum yr_cfg_name, void *);
+YR_API int yr_get_configuration(YR_CONFIG_NAME, void*);
#endif
diff --git a/libyara/libyara.c b/libyara/libyara.c
index f6a0277..8da0423 100644
--- a/libyara/libyara.c
+++ b/libyara/libyara.c
@@ -44,17 +44,23 @@ pthread_key_t recovery_state_key;
static int init_count = 0;
-struct yr_config_var {
- union {
- size_t sz;
- unsigned int ui;
- char *str;
- } data; // The data content
+static struct yr_config_var
+{
+ union
+ {
+ size_t sz;
+ uint32_t ui32;
+ uint64_t ui64;
+ char* str;
+ };
+
} yr_cfgs[YR_CONFIG_MAX];
+
char lowercase[256];
char altercase[256];
+
#ifdef HAVE_LIBCRYPTO
pthread_mutex_t *locks;
@@ -81,8 +87,8 @@ void locking_function(int mode, int n, const char *file, int line)
YR_API int yr_initialize(void)
{
+ uint32_t def_stack_size = DEFAULT_STACK_SIZE;
int i;
- unsigned int def_stack_size = DEFAULT_STACK_SIZE;
if (init_count > 0)
{
@@ -186,7 +192,7 @@ YR_API int yr_finalize(void)
}
//
-// _yr_set_tidx
+// yr_set_tidx
//
// Set the thread index (tidx) for the current thread. The tidx is the index
// that will be used by the thread to access thread-specific data stored in
@@ -208,7 +214,7 @@ YR_API void yr_set_tidx(int tidx)
//
-// _yr_get_tidx
+// yr_get_tidx
//
// Get the thread index (tidx) for the current thread.
//
@@ -226,14 +232,20 @@ YR_API int yr_get_tidx(void)
#endif
}
-YR_API int yr_set_configuration(enum yr_cfg_name cfgname, void *src) {
- if(src == NULL) {
+
+YR_API int yr_set_configuration(
+ YR_CONFIG_NAME cfgname,
+ void *src)
+{
+ if (src == NULL)
return ERROR_INTERNAL_FATAL_ERROR;
- }
- switch(cfgname) { // lump all the cases using same types together in one cascade
+
+ switch (cfgname)
+ { // lump all the cases using same types together in one cascade
case YR_CONFIG_STACK_SIZE:
- yr_cfgs[cfgname].data.ui = *(unsigned int*)src;
+ yr_cfgs[cfgname].ui32 = *(uint32_t*) src;
break;
+
default:
return ERROR_INTERNAL_FATAL_ERROR;
}
@@ -241,14 +253,20 @@ YR_API int yr_set_configuration(enum yr_cfg_name cfgname, void *src) {
return ERROR_SUCCESS;
}
-YR_API int yr_get_configuration(enum yr_cfg_name cfgname, void *dest) {
- if(dest == NULL) {
+
+YR_API int yr_get_configuration(
+ YR_CONFIG_NAME cfgname,
+ void *dest)
+{
+ if (dest == NULL)
return ERROR_INTERNAL_FATAL_ERROR;
- }
- switch(cfgname) { // lump all the cases using same types together in one cascade
+
+ switch (cfgname)
+ { // lump all the cases using same types together in one cascade
case YR_CONFIG_STACK_SIZE:
- *(size_t*)dest = yr_cfgs[cfgname].data.ui;
+ *(uint32_t*) dest = yr_cfgs[cfgname].ui32;
break;
+
default:
return ERROR_INTERNAL_FATAL_ERROR;
}
diff --git a/tests/test-rules.c b/tests/test-rules.c
index 0a0f5a2..a500558 100644
--- a/tests/test-rules.c
+++ b/tests/test-rules.c
@@ -1001,6 +1001,35 @@ static void test_entrypoint()
assert_false_rule(
"rule test { condition: entrypoint >= 0 }",
NULL);
+
+ /* https://github.com/plusvic/yara/issues/373 */
+ assert_true_rule_file(
+ "import \"pe\" \
+ rule test { \
+ condition: pe.entry_point == 0x18 }",
+ "tests/data/old_ArmaFP.exe");
+
+ assert_true_rule_file(
+ "import \"pe\" \
+ rule test { \
+ strings: $right = { BE B0 11 40 00 } \
+ condition: $right at pe.entry_point }",
+ "tests/data/old_ArmaFP.exe");
+ /* $wrong = { 0B 01 4C 6F 61 64 4C } */
+
+ /* https://github.com/plusvic/yara/issues/399 */
+ assert_true_rule_file(
+ "import \"pe\" \
+ rule test { \
+ condition: pe.entry_point == 2 }",
+ "tests/data/cdak_1024x768.exe");
+
+ assert_true_rule_file(
+ "import \"pe\" \
+ rule test { \
+ strings: $a0 = { 68 00 00 42 00 31 C0 40 EB 58 } \
+ condition: $a0 at pe.entry_point }",
+ "tests/data/cdak_1024x768.exe");
}
@@ -1206,29 +1235,6 @@ void test_integer_functions()
}
-void test_file_examples()
-{
- /* https://github.com/plusvic/yara/issues/373 */
- assert_true_rule_file(
- "import \"pe\" rule test { condition: pe.entry_point == 0x18 }",
- "tests/data/old_ArmaFP.exe");
-
- assert_true_rule_file(
- "import \"pe\" rule test { strings: $right = { BE B0 11 40 00 } condition: $right at pe.entry_point }",
- "tests/data/old_ArmaFP.exe");
- /* $wrong = { 0B 01 4C 6F 61 64 4C } */
-
- /* https://github.com/plusvic/yara/issues/399 */
- assert_true_rule_file(
- "import \"pe\" rule test { condition: pe.entry_point == 2 }",
- "tests/data/cdak_1024x768.exe");
-
- assert_true_rule_file(
- "import \"pe\" rule test { strings: $a0 = { 68 00 00 42 00 31 C0 40 EB 58 } condition: $a0 at pe.entry_point }",
- "tests/data/cdak_1024x768.exe");
-}
-
-
int main(int argc, char** argv)
{
yr_initialize();
@@ -1262,7 +1268,7 @@ int main(int argc, char** argv)
test_modules();
test_integer_functions();
// test_string_io();
- test_file_examples();
+ test_entrypoint();
yr_finalize();
diff --git a/tests/util.c b/tests/util.c
index 1719578..495927c 100644
--- a/tests/util.c
+++ b/tests/util.c
@@ -32,7 +32,12 @@ static void callback_function(
const char* message,
void* user_data)
{
- snprintf(compile_error, sizeof(compile_error), "line %d: %s", line_number, message);
+ snprintf(
+ compile_error,
+ sizeof(compile_error),
+ "line %d: %s",
+ line_number,
+ message);
}
@@ -53,16 +58,12 @@ YR_RULES* compile_rule(
yr_compiler_set_callback(compiler, callback_function, NULL);
if (yr_compiler_add_string(compiler, string, NULL) != 0)
- {
goto _exit;
- }
if (yr_compiler_get_rules(compiler, &rules) != ERROR_SUCCESS)
- {
goto _exit;
- }
- _exit:
+_exit:
yr_compiler_destroy(compiler);
return rules;
}
@@ -195,24 +196,28 @@ int capture_string(
int read_file(
- char* filename, char** buf)
+ char* filename,
+ char** buf)
{
int fd;
- if ((fd = open(filename, O_RDONLY)) < 0) {
+
+ if ((fd = open(filename, O_RDONLY)) < 0)
return -1;
- }
+
size_t sz = lseek(fd, 0, SEEK_END);
int rc = -1;
- if (sz == -1) {
+
+ if (sz == -1)
goto _exit;
- }
- if (lseek(fd, 0, SEEK_SET) != 0) {
+
+ if (lseek(fd, 0, SEEK_SET) != 0)
goto _exit;
- }
- if ((*buf = malloc(sz)) == NULL) {
+
+ if ((*buf = malloc(sz)) == NULL)
goto _exit;
- }
- if ((rc = read(fd, *buf, sz)) != sz) {
+
+ if ((rc = read(fd, *buf, sz)) != sz)
+ {
rc = -1;
free(*buf);
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list