static PyObject * Match_NEW(
const char* rule,
const char* ns,
PyObject* tags,
PyObject* meta,
PyObject* strings)
{
Match* object;
object = PyObject_NEW(Match, &Match_Type);
if (object != NULL)
{
object->rule = PY_STRING(rule);
object->ns = PY_STRING(ns);
object->tags = tags;
object->meta = meta;
object->strings = strings;
Py_INCREF(tags);
Py_INCREF(meta);
Py_INCREF(strings);
}
return (PyObject *)object;
}
yr_rule_metas_foreach(rule, meta)
{
if (meta->type == META_TYPE_INTEGER)
object = Py_BuildValue("i", meta->integer);
else if (meta->type == META_TYPE_BOOLEAN)
object = PyBool_FromLong((long) meta->integer);
else
object = PY_STRING(meta->string);
PyDict_SetItemString(meta_list, meta->identifier, object);
Py_DECREF(object);
}
int yara_callback(
int message,
YR_RULE* rule,
void* data)
{
YR_STRING* string;
YR_MATCH* m;
YR_META* meta;
char* tag_name;
size_t tag_length;
PyObject* tag_list = NULL;
PyObject* string_list = NULL;
PyObject* meta_list = NULL;
PyObject* match;
PyObject* callback_dict;
PyObject* object;
PyObject* tuple;
PyObject* matches = ((CALLBACK_DATA*) data)->matches;
PyObject* callback = ((CALLBACK_DATA*) data)->callback;
PyObject* callback_result;
PyGILState_STATE gil_state;
int result = CALLBACK_CONTINUE;
if (message == CALLBACK_MSG_SCAN_FINISHED)
return CALLBACK_CONTINUE;
if (message == CALLBACK_MSG_RULE_NOT_MATCHING && callback == NULL)
return CALLBACK_CONTINUE;
gil_state = PyGILState_Ensure();
tag_list = PyList_New(0);
string_list = PyList_New(0);
meta_list = PyDict_New();
if (tag_list == NULL || string_list == NULL || meta_list == NULL)
{
Py_XDECREF(tag_list);
Py_XDECREF(string_list);
Py_XDECREF(meta_list);
PyGILState_Release(gil_state);
return CALLBACK_ERROR;
}
tag_name = rule->tags;
tag_length = tag_name != NULL ? strlen(tag_name) : 0;
while (tag_length > 0)
{
object = PY_STRING(tag_name);
PyList_Append(tag_list, object);
Py_DECREF(object);
tag_name += tag_length + 1;
tag_length = strlen(tag_name);
}
meta = rule->metas;
while(!META_IS_NULL(meta))
{
if (meta->type == META_TYPE_INTEGER)
object = Py_BuildValue("I", meta->integer);
else if (meta->type == META_TYPE_BOOLEAN)
object = PyBool_FromLong(meta->integer);
else
object = PY_STRING(meta->string);
PyDict_SetItemString(meta_list, meta->identifier, object);
Py_DECREF(object);
meta++;
}
string = rule->strings;
while (!STRING_IS_NULL(string))
{
if (STRING_FOUND(string))
{
m = STRING_MATCHES(string).head;
while (m != NULL)
{
object = PyBytes_FromStringAndSize((char*) m->data, m->length);
tuple = Py_BuildValue(
"(L,s,O)",
m->offset,
string->identifier,
object);
PyList_Append(string_list, tuple);
Py_DECREF(object);
Py_DECREF(tuple);
m = m->next;
}
}
string++;
}
if (message == CALLBACK_MSG_RULE_MATCHING)
{
match = Match_NEW(
rule->identifier,
rule->ns->name,
tag_list,
meta_list,
string_list);
if (match != NULL)
{
PyList_Append(matches, match);
Py_DECREF(match);
}
else
{
Py_DECREF(tag_list);
Py_DECREF(string_list);
Py_DECREF(meta_list);
PyGILState_Release(gil_state);
return CALLBACK_ERROR;
}
}
if (callback != NULL)
{
Py_INCREF(callback);
callback_dict = PyDict_New();
object = PyBool_FromLong(message == CALLBACK_MSG_RULE_MATCHING);
PyDict_SetItemString(callback_dict, "matches", object);
Py_DECREF(object);
object = PY_STRING(rule->identifier);
PyDict_SetItemString(callback_dict, "rule", object);
Py_DECREF(object);
object = PY_STRING(rule->ns->name);
PyDict_SetItemString(callback_dict, "namespace", object);
Py_DECREF(object);
PyDict_SetItemString(callback_dict, "tags", tag_list);
PyDict_SetItemString(callback_dict, "meta", meta_list);
PyDict_SetItemString(callback_dict, "strings", string_list);
callback_result = PyObject_CallFunctionObjArgs(
callback,
callback_dict,
NULL);
if (callback_result != NULL)
{
#if PY_MAJOR_VERSION >= 3
if (PyLong_Check(callback_result))
#else
if (PyLong_Check(callback_result) || PyInt_Check(callback_result))
#endif
{
result = (int) PyLong_AsLong(callback_result);
}
Py_DECREF(callback_result);
}
else
{
result = CALLBACK_ERROR;
}
Py_DECREF(callback_dict);
Py_DECREF(callback);
}
Py_DECREF(tag_list);
Py_DECREF(string_list);
Py_DECREF(meta_list);
PyGILState_Release(gil_state);
return result;
}
static gboolean
glade_python_setup ()
{
GString *command;
const gchar *module_path;
const GList *paths;
Py_SetProgramName (PY_STRING (PACKAGE_NAME));
/* Initialize the Python interpreter */
python_init ();
/* Check and init pygobject */
PyErr_Clear ();
glade_python_init_pygobject_check (PYGOBJECT_REQUIRED_MAJOR,
PYGOBJECT_REQUIRED_MINOR,
PYGOBJECT_REQUIRED_MICRO);
if (PyErr_Occurred ())
{
PyObject *ptype, *pvalue, *ptraceback, *pstr;
char *pvalue_char = "";
PyErr_Fetch (&ptype, &pvalue, &ptraceback);
PyErr_NormalizeException (&ptype, &pvalue, &ptraceback);
if ((pstr = PyObject_Str (pvalue)))
pvalue_char = STRING_FROM_PYSTR (pstr);
g_warning ("Unable to load pygobject module >= %d.%d.%d, "
"please make sure it is in python's path (sys.path). "
"(use PYTHONPATH env variable to specify non default paths)\n%s",
PYGOBJECT_REQUIRED_MAJOR, PYGOBJECT_REQUIRED_MINOR,
PYGOBJECT_REQUIRED_MICRO, pvalue_char);
Py_DecRef (ptype);
Py_DecRef (pvalue);
Py_DecRef (ptraceback);
Py_DecRef (pstr);
PyErr_Clear ();
Py_Finalize ();
return TRUE;
}
pyg_disable_warning_redirections ();
/* Generate system path array */
command = g_string_new ("import sys; sys.path+=[");
/* GLADE_ENV_MODULE_PATH has priority */
module_path = g_getenv (GLADE_ENV_MODULE_PATH);
if (module_path)
g_string_append_printf (command, "'%s', ", module_path);
/* Append modules directory */
g_string_append_printf (command, "'%s'", glade_app_get_modules_dir ());
/* Append extra paths (declared in the Preferences) */
for (paths = glade_catalog_get_extra_paths (); paths; paths = g_list_next (paths))
g_string_append_printf (command, ", '%s'", (gchar *) paths->data);
/* Close python statement */
g_string_append (command, "];\n");
/* Make sure we load Gtk 3 */
g_string_append (command, "import gi; gi.require_version('Gtk', '3.0');\n");
/* Finally run statement in vm */
PyRun_SimpleString (command->str);
g_string_free (command, TRUE);
return FALSE;
}
int yara_callback(
int message,
void* message_data,
void* user_data)
{
YR_STRING* string;
YR_MATCH* m;
YR_META* meta;
YR_RULE* rule;
YR_MODULE_IMPORT* module_import;
const char* tag;
PyObject* tag_list = NULL;
PyObject* string_list = NULL;
PyObject* meta_list = NULL;
PyObject* match;
PyObject* callback_dict;
PyObject* object;
PyObject* tuple;
PyObject* matches = ((CALLBACK_DATA*) user_data)->matches;
PyObject* callback = ((CALLBACK_DATA*) user_data)->callback;
PyObject* modules_data = ((CALLBACK_DATA*) user_data)->modules_data;
PyObject* modules_callback = ((CALLBACK_DATA*) user_data)->modules_callback;
PyObject* module_data;
PyObject* callback_result;
PyObject* module_info_dict;
Py_ssize_t data_size;
PyGILState_STATE gil_state;
int result = CALLBACK_CONTINUE;
if (message == CALLBACK_MSG_SCAN_FINISHED)
return CALLBACK_CONTINUE;
if (message == CALLBACK_MSG_RULE_NOT_MATCHING && callback == NULL)
return CALLBACK_CONTINUE;
if (message == CALLBACK_MSG_IMPORT_MODULE && modules_data == NULL)
return CALLBACK_CONTINUE;
if (message == CALLBACK_MSG_MODULE_IMPORTED && modules_callback == NULL)
return CALLBACK_CONTINUE;
if (message == CALLBACK_MSG_IMPORT_MODULE)
{
gil_state = PyGILState_Ensure();
module_import = (YR_MODULE_IMPORT*) message_data;
module_data = PyDict_GetItemString(
modules_data,
module_import->module_name);
#if PY_MAJOR_VERSION >= 3
if (module_data != NULL && PyBytes_Check(module_data))
#else
if (module_data != NULL && PyString_Check(module_data))
#endif
{
#if PY_MAJOR_VERSION >= 3
PyBytes_AsStringAndSize(
module_data,
(char**) &module_import->module_data,
&data_size);
#else
PyString_AsStringAndSize(
module_data,
(char**) &module_import->module_data,
&data_size);
#endif
module_import->module_data_size = data_size;
}
PyGILState_Release(gil_state);
return CALLBACK_CONTINUE;
}
if (message == CALLBACK_MSG_MODULE_IMPORTED)
{
gil_state = PyGILState_Ensure();
module_info_dict = convert_structure_to_python(
(YR_OBJECT_STRUCTURE*) message_data);
if (module_info_dict == NULL)
return CALLBACK_CONTINUE;
object = PY_STRING(((YR_OBJECT_STRUCTURE*) message_data)->identifier);
PyDict_SetItemString(module_info_dict, "module", object);
Py_DECREF(object);
Py_INCREF(modules_callback);
callback_result = PyObject_CallFunctionObjArgs(
modules_callback,
module_info_dict,
NULL);
if (callback_result != NULL)
{
#if PY_MAJOR_VERSION >= 3
if (PyLong_Check(callback_result))
#else
if (PyLong_Check(callback_result) || PyInt_Check(callback_result))
#endif
{
result = (int) PyLong_AsLong(callback_result);
}
Py_DECREF(callback_result);
}
else
{
result = CALLBACK_ERROR;
}
Py_DECREF(module_info_dict);
Py_DECREF(modules_callback);
PyGILState_Release(gil_state);
return result;
}
rule = (YR_RULE*) message_data;
gil_state = PyGILState_Ensure();
tag_list = PyList_New(0);
string_list = PyList_New(0);
meta_list = PyDict_New();
if (tag_list == NULL || string_list == NULL || meta_list == NULL)
{
Py_XDECREF(tag_list);
Py_XDECREF(string_list);
Py_XDECREF(meta_list);
PyGILState_Release(gil_state);
return CALLBACK_ERROR;
}
yr_rule_tags_foreach(rule, tag)
{
object = PY_STRING(tag);
PyList_Append(tag_list, object);
Py_DECREF(object);
}
