int process_match_externals( PyObject* externals, YR_RULES* rules) { PyObject *key, *value; Py_ssize_t pos = 0; char* identifier = NULL; while (PyDict_Next(externals, &pos, &key, &value)) { identifier = PY_STRING_TO_C(key); if (PyBool_Check(value)) { yr_rules_define_boolean_variable( rules, identifier, PyObject_IsTrue(value)); } #if PY_MAJOR_VERSION >= 3 else if (PyLong_Check(value)) #else else if (PyLong_Check(value) || PyInt_Check(value)) #endif { yr_rules_define_integer_variable( rules, identifier, PyLong_AsLong(value)); } else if (PY_STRING_CHECK(value)) { yr_rules_define_string_variable( rules, identifier, PY_STRING_TO_C(value)); } else { return FALSE; } } return TRUE; }
int main( int argc, char const* argv[]) { YR_COMPILER* compiler; YR_RULES* rules; FILE* rule_file; EXTERNAL* external; int pid; int i; int errors; int result; THREAD thread[MAX_THREADS]; if (!process_cmd_line(argc, argv)) return 0; if (argc == 1 || optind == argc) { show_help(); return 0; } yr_initialize(); result = yr_rules_load(argv[optind], &rules); if (result == ERROR_UNSUPPORTED_FILE_VERSION || result == ERROR_CORRUPT_FILE) { print_scanning_error(result); return; } if (result == ERROR_SUCCESS) { external = externals_list; while (external != NULL) { switch (external->type) { case EXTERNAL_TYPE_INTEGER: yr_rules_define_integer_variable( rules, external->name, external->integer); break; case EXTERNAL_TYPE_BOOLEAN: yr_rules_define_boolean_variable( rules, external->name, external->boolean); break; case EXTERNAL_TYPE_STRING: yr_rules_define_string_variable( rules, external->name, external->string); break; } external = external->next; } } else { if (yr_compiler_create(&compiler) != ERROR_SUCCESS) return 0; external = externals_list; while (external != NULL) { switch (external->type) { case EXTERNAL_TYPE_INTEGER: yr_compiler_define_integer_variable( compiler, external->name, external->integer); break; case EXTERNAL_TYPE_BOOLEAN: yr_compiler_define_boolean_variable( compiler, external->name, external->boolean); break; case EXTERNAL_TYPE_STRING: yr_compiler_define_string_variable( compiler, external->name, external->string); break; } external = external->next; } compiler->error_report_function = print_compiler_error; rule_file = fopen(argv[optind], "r"); if (rule_file != NULL) { yr_compiler_push_file_name(compiler, argv[optind]); errors = yr_compiler_add_file(compiler, rule_file, NULL); fclose(rule_file); if (errors == 0) yr_compiler_get_rules(compiler, &rules); yr_compiler_destroy(compiler); if (errors > 0) { yr_finalize(); return 0; } } else { fprintf(stderr, "could not open file: %s\n", argv[optind]); return 0; } } mutex_init(&output_mutex); if (is_numeric(argv[argc - 1])) { pid = atoi(argv[argc - 1]); result = yr_rules_scan_proc( rules, pid, callback, (void*) argv[argc - 1], fast_scan, timeout); if (result != ERROR_SUCCESS) print_scanning_error(result); } else if (is_directory(argv[argc - 1])) { file_queue_init(); for (i = 0; i < threads; i++) { if (create_thread(&thread[i], scanning_thread, (void*) rules) != 0) return ERROR_COULD_NOT_CREATE_THREAD; } scan_dir( argv[argc - 1], recursive_search, rules, callback); file_queue_finish(); // Wait for scan threads to finish for (i = 0; i < threads; i++) thread_join(&thread[i]); file_queue_destroy(); } else { result = yr_rules_scan_file( rules, argv[argc - 1], callback, (void*) argv[argc - 1], fast_scan, timeout); if (result != ERROR_SUCCESS) { fprintf(stderr, "Error scanning %s: ", argv[argc - 1]); print_scanning_error(result); } } yr_rules_destroy(rules); yr_finalize(); mutex_destroy(&output_mutex); cleanup(); return 1; }