int main(
int argc,
const char** argv)
{
COMPILER_RESULTS cr;
YR_COMPILER* compiler = NULL;
YR_RULES* rules = NULL;
int result;
argc = args_parse(options, argc, argv);
if (show_version)
{
printf("%s\n", YR_VERSION);
return EXIT_SUCCESS;
}
if (show_help)
{
printf("%s\n\n", USAGE_STRING);
args_print_usage(options, 35);
printf("\nSend bug reports and suggestions to: [email protected]\n");
return EXIT_SUCCESS;
}
if (argc < 2)
{
fprintf(stderr, "yarac: wrong number of arguments\n");
fprintf(stderr, "%s\n\n", USAGE_STRING);
fprintf(stderr, "Try `--help` for more options\n");
exit_with_code(EXIT_FAILURE);
}
result = yr_initialize();
if (result != ERROR_SUCCESS)
exit_with_code(EXIT_FAILURE);
if (yr_compiler_create(&compiler) != ERROR_SUCCESS)
exit_with_code(EXIT_FAILURE);
if (!define_external_variables(compiler))
exit_with_code(EXIT_FAILURE);
cr.errors = 0;
cr.warnings = 0;
yr_set_configuration(YR_CONFIG_MAX_STRINGS_PER_RULE, &max_strings_per_rule);
yr_compiler_set_callback(compiler, report_error, &cr);
if (!compile_files(compiler, argc, argv))
exit_with_code(EXIT_FAILURE);
if (cr.errors > 0)
exit_with_code(EXIT_FAILURE);
if (fail_on_warnings && cr.warnings > 0)
exit_with_code(EXIT_FAILURE);
result = yr_compiler_get_rules(compiler, &rules);
if (result != ERROR_SUCCESS)
{
fprintf(stderr, "error: %d\n", result);
exit_with_code(EXIT_FAILURE);
}
result = yr_rules_save(rules, argv[argc - 1]);
if (result != ERROR_SUCCESS)
{
fprintf(stderr, "error: %d\n", result);
exit_with_code(EXIT_FAILURE);
}
result = EXIT_SUCCESS;
_exit:
if (compiler != NULL)
yr_compiler_destroy(compiler);
if (rules != NULL)
yr_rules_destroy(rules);
yr_finalize();
return result;
}
int main(
int argc,
const char** argv)
{
YR_COMPILER* compiler = NULL;
YR_RULES* rules = NULL;
int result;
argc = args_parse(options, argc, argv);
if (show_version)
{
printf("%s\n", PACKAGE_STRING);
printf("\nSend bug reports and suggestions to: %s.\n", PACKAGE_BUGREPORT);
return EXIT_FAILURE;
}
if (show_help)
{
printf("%s\n\n", USAGE_STRING);
args_print_usage(options, 25);
printf("\nSend bug reports and suggestions to: %s.\n", PACKAGE_BUGREPORT);
return EXIT_FAILURE;
}
if (argc < 2)
{
fprintf(stderr, "yarac: wrong number of arguments\n");
fprintf(stderr, "%s\n\n", USAGE_STRING);
fprintf(stderr, "Try `--help` for more options\n");
exit_with_code(EXIT_FAILURE);
}
result = yr_initialize();
if (result != ERROR_SUCCESS)
exit_with_code(EXIT_FAILURE);
if (yr_compiler_create(&compiler) != ERROR_SUCCESS)
exit_with_code(EXIT_FAILURE);
if (!define_external_variables(compiler))
exit_with_code(EXIT_FAILURE);
yr_compiler_set_callback(compiler, report_error, NULL);
for (int i = 0; i < argc - 1; i++)
{
const char* ns;
const char* file_name;
char* colon = (char*) strchr(argv[i], ':');
if (colon)
{
file_name = colon + 1;
*colon = '\0';
ns = argv[i];
}
else
{
file_name = argv[i];
ns = NULL;
}
FILE* rule_file = fopen(file_name, "r");
if (rule_file != NULL)
{
int errors = yr_compiler_add_file(
compiler, rule_file, ns, file_name);
fclose(rule_file);
if (errors) // errors during compilation
exit_with_code(EXIT_FAILURE);
}
else
{
fprintf(stderr, "error: could not open file: %s\n", file_name);
}
}
result = yr_compiler_get_rules(compiler, &rules);
if (result != ERROR_SUCCESS)
{
fprintf(stderr, "error: %d\n", result);
exit_with_code(EXIT_FAILURE);
}
result = yr_rules_save(rules, argv[argc - 1]);
if (result != ERROR_SUCCESS)
{
fprintf(stderr, "error: %d\n", result);
exit_with_code(EXIT_FAILURE);
}
result = EXIT_SUCCESS;
_exit:
if (compiler != NULL)
yr_compiler_destroy(compiler);
if (rules != NULL)
yr_rules_destroy(rules);
yr_finalize();
return result;
}
bool Yara::load_rules(const std::string& rule_filename)
{
if (_current_rules == rule_filename) {
return true;
}
else { // The previous rules and compiler have to be freed manually.
_clean_compiler_and_rules();
}
bool res = false;
int retval;
// Look for a compiled version of the rule file first.
if (boost::filesystem::exists(rule_filename + "c")) { // File extension is .yarac instead of .yara.
retval = yr_rules_load((rule_filename + "c").c_str(), &_rules);
}
else {
retval = yr_rules_load(rule_filename.c_str(), &_rules);
}
// Yara rules compiled with a previous Yara version. Delete and recompile.
if (retval == ERROR_UNSUPPORTED_FILE_VERSION) {
boost::filesystem::remove(rule_filename + "c");
}
if (retval != ERROR_SUCCESS && retval != ERROR_INVALID_FILE && retval != ERROR_UNSUPPORTED_FILE_VERSION)
{
PRINT_ERROR << "Could not load yara rules (" << translate_error(retval) << ")." << std::endl;
return false;
}
if (retval == ERROR_SUCCESS) {
return true;
}
else if (retval == ERROR_INVALID_FILE || retval == ERROR_UNSUPPORTED_FILE_VERSION) // Uncompiled rules
{
if (yr_compiler_create(&_compiler) != ERROR_SUCCESS) {
return false;
}
yr_compiler_set_callback(_compiler, compiler_callback, nullptr);
FILE* rule_file = fopen(rule_filename.c_str(), "r");
if (rule_file == nullptr) {
return false;
}
retval = yr_compiler_add_file(_compiler, rule_file, nullptr, rule_filename.c_str());
if (retval != 0)
{
PRINT_ERROR << "Could not compile yara rules (" << retval << " error(s))." << std::endl;
goto END;
}
retval = yr_compiler_get_rules(_compiler, &_rules);
if (retval != ERROR_SUCCESS) {
goto END;
}
// Save the compiled rules to improve load times.
// /!\ The compiled rules will have to be deleted if the original (readable) rule file is updated!
// TODO: Compare timestamps and recompile automatically.
retval = yr_rules_save(_rules, (rule_filename + "c").c_str());
if (retval != ERROR_SUCCESS) {
goto END;
}
res = true;
_current_rules = rule_filename;
END:
if (rule_file != nullptr) {
fclose(rule_file);
}
}
return res;
}
int main(
int argc,
char const* argv[])
{
int i, result, errors;
YR_COMPILER* compiler;
YR_RULES* rules;
FILE* rule_file;
yr_initialize();
if (yr_compiler_create(&compiler) != ERROR_SUCCESS)
{
yr_finalize();
return EXIT_FAILURE;
}
if (!process_cmd_line(compiler, argc, argv))
{
yr_compiler_destroy(compiler);
yr_finalize();
return EXIT_FAILURE;
}
if (argc == 1 || optind == argc)
{
show_help();
yr_compiler_destroy(compiler);
yr_finalize();
return EXIT_FAILURE;
}
compiler->error_report_function = report_error;
for (i = optind; i < argc - 1; i++)
{
rule_file = fopen(argv[i], "r");
if (rule_file != NULL)
{
yr_compiler_push_file_name(compiler, argv[i]);
errors = yr_compiler_add_file(compiler, rule_file, NULL);
fclose(rule_file);
if (errors) // errors during compilation
{
yr_compiler_destroy(compiler);
yr_finalize();
return EXIT_FAILURE;
}
}
else
{
fprintf(stderr, "could not open file: %s\n", argv[i]);
}
}
result = yr_compiler_get_rules(compiler, &rules);
if (result != ERROR_SUCCESS)
{
fprintf(stderr, "error: %d\n", result);
return EXIT_FAILURE;
}
result = yr_rules_save(rules, argv[argc - 1]);
if (result != ERROR_SUCCESS)
{
fprintf(stderr, "error: %d\n", result);
return EXIT_FAILURE;
}
yr_rules_destroy(rules);
yr_compiler_destroy(compiler);
yr_finalize();
return EXIT_SUCCESS;
}
