static int define_external_variables( YR_COMPILER* compiler) { for (int i = 0; ext_vars[i] != NULL; i++) { char* equal_sign = strchr(ext_vars[i], '='); if (!equal_sign) { fprintf(stderr, "error: wrong syntax for `-d` option.\n"); return FALSE; } // Replace the equal sign with null character to split the external // variable definition (i.e: myvar=somevalue) in two strings: identifier // and value. *equal_sign = '\0'; char* identifier = ext_vars[i]; char* value = equal_sign + 1; if (is_float(value)) { yr_compiler_define_float_variable( compiler, identifier, atof(value)); } else if (is_integer(value)) { yr_compiler_define_integer_variable( compiler, identifier, atoi(value)); } else if (strcmp(value, "true") == 0 || strcmp(value, "false") == 0) { yr_compiler_define_boolean_variable( compiler, identifier, strcmp(value, "true") == 0); } else { yr_compiler_define_string_variable( compiler, identifier, value); } } return TRUE; }
int process_compile_externals( PyObject* externals, YR_COMPILER* compiler) { PyObject *key, *value; Py_ssize_t pos = 0; char* identifier = NULL; while (PyDict_Next(externals, &pos, &key, &value)) { identifier = PY_STRING_TO_C(key); if (PyBool_Check(value)) { yr_compiler_define_boolean_variable( compiler, identifier, PyObject_IsTrue(value)); } #if PY_MAJOR_VERSION >= 3 else if (PyLong_Check(value)) #else else if (PyLong_Check(value) || PyInt_Check(value)) #endif { yr_compiler_define_integer_variable( compiler, identifier, PyLong_AsLong(value)); } else if (PY_STRING_CHECK(value)) { yr_compiler_define_string_variable( compiler, identifier, PY_STRING_TO_C(value)); } else { return FALSE; } } return TRUE; }
int main( int argc, char const* argv[]) { YR_COMPILER* compiler; YR_RULES* rules; FILE* rule_file; EXTERNAL* external; int pid; int i; int errors; int result; THREAD thread[MAX_THREADS]; if (!process_cmd_line(argc, argv)) return 0; if (argc == 1 || optind == argc) { show_help(); return 0; } yr_initialize(); result = yr_rules_load(argv[optind], &rules); if (result == ERROR_UNSUPPORTED_FILE_VERSION || result == ERROR_CORRUPT_FILE) { print_scanning_error(result); return; } if (result == ERROR_SUCCESS) { external = externals_list; while (external != NULL) { switch (external->type) { case EXTERNAL_TYPE_INTEGER: yr_rules_define_integer_variable( rules, external->name, external->integer); break; case EXTERNAL_TYPE_BOOLEAN: yr_rules_define_boolean_variable( rules, external->name, external->boolean); break; case EXTERNAL_TYPE_STRING: yr_rules_define_string_variable( rules, external->name, external->string); break; } external = external->next; } } else { if (yr_compiler_create(&compiler) != ERROR_SUCCESS) return 0; external = externals_list; while (external != NULL) { switch (external->type) { case EXTERNAL_TYPE_INTEGER: yr_compiler_define_integer_variable( compiler, external->name, external->integer); break; case EXTERNAL_TYPE_BOOLEAN: yr_compiler_define_boolean_variable( compiler, external->name, external->boolean); break; case EXTERNAL_TYPE_STRING: yr_compiler_define_string_variable( compiler, external->name, external->string); break; } external = external->next; } compiler->error_report_function = print_compiler_error; rule_file = fopen(argv[optind], "r"); if (rule_file != NULL) { yr_compiler_push_file_name(compiler, argv[optind]); errors = yr_compiler_add_file(compiler, rule_file, NULL); fclose(rule_file); if (errors == 0) yr_compiler_get_rules(compiler, &rules); yr_compiler_destroy(compiler); if (errors > 0) { yr_finalize(); return 0; } } else { fprintf(stderr, "could not open file: %s\n", argv[optind]); return 0; } } mutex_init(&output_mutex); if (is_numeric(argv[argc - 1])) { pid = atoi(argv[argc - 1]); result = yr_rules_scan_proc( rules, pid, callback, (void*) argv[argc - 1], fast_scan, timeout); if (result != ERROR_SUCCESS) print_scanning_error(result); } else if (is_directory(argv[argc - 1])) { file_queue_init(); for (i = 0; i < threads; i++) { if (create_thread(&thread[i], scanning_thread, (void*) rules) != 0) return ERROR_COULD_NOT_CREATE_THREAD; } scan_dir( argv[argc - 1], recursive_search, rules, callback); file_queue_finish(); // Wait for scan threads to finish for (i = 0; i < threads; i++) thread_join(&thread[i]); file_queue_destroy(); } else { result = yr_rules_scan_file( rules, argv[argc - 1], callback, (void*) argv[argc - 1], fast_scan, timeout); if (result != ERROR_SUCCESS) { fprintf(stderr, "Error scanning %s: ", argv[argc - 1]); print_scanning_error(result); } } yr_rules_destroy(rules); yr_finalize(); mutex_destroy(&output_mutex); cleanup(); return 1; }
int process_cmd_line( YR_COMPILER* compiler, int argc, char const* argv[]) { char* equal_sign; char* value; char c; opterr = 0; while ((c = getopt (argc, (char**) argv, "wvd:")) != -1) { switch (c) { case 'v': printf("%s\n", PACKAGE_STRING); return 0; case 'w': show_warnings = FALSE; break; case 'd': equal_sign = strchr(optarg, '='); if (equal_sign != NULL) { *equal_sign = '\0'; value = equal_sign + 1; if (is_numeric(value)) { yr_compiler_define_integer_variable( compiler, optarg, atol(value)); } else if (strcmp(value, "true") == 0 || strcmp(value, "false") == 0) { yr_compiler_define_boolean_variable( compiler, optarg, strcmp(value, "true") == 0); } else { yr_compiler_define_string_variable( compiler, optarg, value); } } break; case '?': if (isprint(optopt)) { fprintf(stderr, "Unknown option `-%c'.\n", optopt); } else { fprintf(stderr, "Unknown option character `\\x%x'.\n", optopt); } return 0; default: abort(); } } return 1; }