static int define_external_variables(
YR_COMPILER* compiler)
{
for (int i = 0; ext_vars[i] != NULL; i++)
{
char* equal_sign = strchr(ext_vars[i], '=');
if (!equal_sign)
{
fprintf(stderr, "error: wrong syntax for `-d` option.\n");
return FALSE;
}
// Replace the equal sign with null character to split the external
// variable definition (i.e: myvar=somevalue) in two strings: identifier
// and value.
*equal_sign = '\0';
char* identifier = ext_vars[i];
char* value = equal_sign + 1;
if (is_float(value))
{
yr_compiler_define_float_variable(
compiler,
identifier,
atof(value));
}
else if (is_integer(value))
{
yr_compiler_define_integer_variable(
compiler,
identifier,
atoi(value));
}
else if (strcmp(value, "true") == 0 || strcmp(value, "false") == 0)
{
yr_compiler_define_boolean_variable(
compiler,
identifier,
strcmp(value, "true") == 0);
}
else
{
yr_compiler_define_string_variable(
compiler,
identifier,
value);
}
}
return TRUE;
}
int process_compile_externals(
PyObject* externals,
YR_COMPILER* compiler)
{
PyObject *key, *value;
Py_ssize_t pos = 0;
char* identifier = NULL;
while (PyDict_Next(externals, &pos, &key, &value))
{
identifier = PY_STRING_TO_C(key);
if (PyBool_Check(value))
{
yr_compiler_define_boolean_variable(
compiler,
identifier,
PyObject_IsTrue(value));
}
#if PY_MAJOR_VERSION >= 3
else if (PyLong_Check(value))
#else
else if (PyLong_Check(value) || PyInt_Check(value))
#endif
{
yr_compiler_define_integer_variable(
compiler,
identifier,
PyLong_AsLong(value));
}
else if (PY_STRING_CHECK(value))
{
yr_compiler_define_string_variable(
compiler,
identifier,
PY_STRING_TO_C(value));
}
else
{
return FALSE;
}
}
return TRUE;
}
int main(
int argc,
char const* argv[])
{
YR_COMPILER* compiler;
YR_RULES* rules;
FILE* rule_file;
EXTERNAL* external;
int pid;
int i;
int errors;
int result;
THREAD thread[MAX_THREADS];
if (!process_cmd_line(argc, argv))
return 0;
if (argc == 1 || optind == argc)
{
show_help();
return 0;
}
yr_initialize();
result = yr_rules_load(argv[optind], &rules);
if (result == ERROR_UNSUPPORTED_FILE_VERSION ||
result == ERROR_CORRUPT_FILE)
{
print_scanning_error(result);
return;
}
if (result == ERROR_SUCCESS)
{
external = externals_list;
while (external != NULL)
{
switch (external->type)
{
case EXTERNAL_TYPE_INTEGER:
yr_rules_define_integer_variable(
rules,
external->name,
external->integer);
break;
case EXTERNAL_TYPE_BOOLEAN:
yr_rules_define_boolean_variable(
rules,
external->name,
external->boolean);
break;
case EXTERNAL_TYPE_STRING:
yr_rules_define_string_variable(
rules,
external->name,
external->string);
break;
}
external = external->next;
}
}
else
{
if (yr_compiler_create(&compiler) != ERROR_SUCCESS)
return 0;
external = externals_list;
while (external != NULL)
{
switch (external->type)
{
case EXTERNAL_TYPE_INTEGER:
yr_compiler_define_integer_variable(
compiler,
external->name,
external->integer);
break;
case EXTERNAL_TYPE_BOOLEAN:
yr_compiler_define_boolean_variable(
compiler,
external->name,
external->boolean);
break;
case EXTERNAL_TYPE_STRING:
yr_compiler_define_string_variable(
compiler,
external->name,
external->string);
break;
}
external = external->next;
}
compiler->error_report_function = print_compiler_error;
rule_file = fopen(argv[optind], "r");
if (rule_file != NULL)
{
yr_compiler_push_file_name(compiler, argv[optind]);
errors = yr_compiler_add_file(compiler, rule_file, NULL);
fclose(rule_file);
if (errors == 0)
yr_compiler_get_rules(compiler, &rules);
yr_compiler_destroy(compiler);
if (errors > 0)
{
yr_finalize();
return 0;
}
}
else
{
fprintf(stderr, "could not open file: %s\n", argv[optind]);
return 0;
}
}
mutex_init(&output_mutex);
if (is_numeric(argv[argc - 1]))
{
pid = atoi(argv[argc - 1]);
result = yr_rules_scan_proc(
rules,
pid,
callback,
(void*) argv[argc - 1],
fast_scan,
timeout);
if (result != ERROR_SUCCESS)
print_scanning_error(result);
}
else if (is_directory(argv[argc - 1]))
{
file_queue_init();
for (i = 0; i < threads; i++)
{
if (create_thread(&thread[i], scanning_thread, (void*) rules) != 0)
return ERROR_COULD_NOT_CREATE_THREAD;
}
scan_dir(
argv[argc - 1],
recursive_search,
rules,
callback);
file_queue_finish();
// Wait for scan threads to finish
for (i = 0; i < threads; i++)
thread_join(&thread[i]);
file_queue_destroy();
}
else
{
result = yr_rules_scan_file(
rules,
argv[argc - 1],
callback,
(void*) argv[argc - 1],
fast_scan,
timeout);
if (result != ERROR_SUCCESS)
{
fprintf(stderr, "Error scanning %s: ", argv[argc - 1]);
print_scanning_error(result);
}
}
yr_rules_destroy(rules);
yr_finalize();
mutex_destroy(&output_mutex);
cleanup();
return 1;
}
int process_cmd_line(
YR_COMPILER* compiler,
int argc,
char const* argv[])
{
char* equal_sign;
char* value;
char c;
opterr = 0;
while ((c = getopt (argc, (char**) argv, "wvd:")) != -1)
{
switch (c)
{
case 'v':
printf("%s\n", PACKAGE_STRING);
return 0;
case 'w':
show_warnings = FALSE;
break;
case 'd':
equal_sign = strchr(optarg, '=');
if (equal_sign != NULL)
{
*equal_sign = '\0';
value = equal_sign + 1;
if (is_numeric(value))
{
yr_compiler_define_integer_variable(
compiler,
optarg,
atol(value));
}
else if (strcmp(value, "true") == 0 || strcmp(value, "false") == 0)
{
yr_compiler_define_boolean_variable(
compiler,
optarg,
strcmp(value, "true") == 0);
}
else
{
yr_compiler_define_string_variable(
compiler,
optarg,
value);
}
}
break;
case '?':
if (isprint(optopt))
{
fprintf(stderr, "Unknown option `-%c'.\n", optopt);
}
else
{
fprintf(stderr, "Unknown option character `\\x%x'.\n", optopt);
}
return 0;
default:
abort();
}
}
return 1;
}