Merge branch 'VirusTotal:main' into numeric_underscores

VirusTotal · Mar 2, 2024 · f0dcf6a · f0dcf6a
2 parents 27d8b57 + 9ad76ce
commit f0dcf6a
Show file tree

Hide file tree

Showing 17 changed files with 553 additions and 204 deletions.
diff --git a/capi/include/yara-x.h b/capi/include/yara-x.h
@@ -15,14 +15,25 @@
 
 
 typedef enum YRX_RESULT {
+  // Everything was OK.
   SUCCESS,
-  PANIC,
+  // A syntax error occurred while compiling YARA rules.
   SYNTAX_ERROR,
+  // An error occurred while defining or setting a global variable. This may
+  // happen when a variable is defined twice and when you try to set a value
+  // that doesn't correspond to the variable's type.
   VARIABLE_ERROR,
+  // An error occurred during a scan operation.
   SCAN_ERROR,
+  // A scan operation was aborted due to a timeout.
   SCAN_TIMEOUT,
-  INVALID_IDENTIFIER,
+  // An error indicating that some of the arguments passed to a function is
+  // invalid. Usually indicates a nil pointer to a scanner or compiler.
   INVALID_ARGUMENT,
+  // An error indicating that some of the strings passed to a function is
+  // not valid UTF-8.
+  INVALID_UTF8,
+  // An error occurred while serializing/deserializing YARA rules.
   SERIALIZATION_ERROR,
 } YRX_RESULT;
 
@@ -288,7 +299,7 @@ enum YRX_RESULT yrx_scanner_on_matching_rule(struct YRX_SCANNER *scanner,
 //
 // The `name` argument is either a YARA module name (i.e: "pe", "elf", "dotnet",
 // etc.) or the fully-qualified name of the protobuf message associated to
-// the module.
+// the module. It must be a valid UTF-8 string.
 enum YRX_RESULT yrx_scanner_set_module_output(struct YRX_SCANNER *scanner,
                                               const char *name,
                                               const uint8_t *data,

diff --git a/capi/src/lib.rs b/capi/src/lib.rs
@@ -35,14 +35,25 @@ thread_local! {
 
 #[repr(C)]
 pub enum YRX_RESULT {
+    /// Everything was OK.
     SUCCESS,
-    PANIC,
+    /// A syntax error occurred while compiling YARA rules.
     SYNTAX_ERROR,
+    /// An error occurred while defining or setting a global variable. This may
+    /// happen when a variable is defined twice and when you try to set a value
+    /// that doesn't correspond to the variable's type.
     VARIABLE_ERROR,
+    /// An error occurred during a scan operation.
     SCAN_ERROR,
+    /// A scan operation was aborted due to a timeout.
     SCAN_TIMEOUT,
-    INVALID_IDENTIFIER,
+    /// An error indicating that some of the arguments passed to a function is
+    /// invalid. Usually indicates a nil pointer to a scanner or compiler.
     INVALID_ARGUMENT,
+    /// An error indicating that some of the strings passed to a function is
+    /// not valid UTF-8.
+    INVALID_UTF8,
+    /// An error occurred while serializing/deserializing YARA rules.
     SERIALIZATION_ERROR,
 }
 

diff --git a/capi/src/scanner.rs b/capi/src/scanner.rs
@@ -179,7 +179,7 @@ pub unsafe extern "C" fn yrx_scanner_on_matching_rule(
 ///
 /// The `name` argument is either a YARA module name (i.e: "pe", "elf", "dotnet",
 /// etc.) or the fully-qualified name of the protobuf message associated to
-/// the module.
+/// the module. It must be a valid UTF-8 string.
 #[no_mangle]
 pub unsafe extern "C" fn yrx_scanner_set_module_output(
     scanner: *mut YRX_SCANNER,
@@ -193,7 +193,10 @@ pub unsafe extern "C" fn yrx_scanner_set_module_output(
 
     let module_name = match CStr::from_ptr(name).to_str() {
         Ok(name) => name,
-        Err(_) => return YRX_RESULT::INVALID_ARGUMENT,
+        Err(err) => {
+            LAST_ERROR.set(Some(CString::new(err.to_string()).unwrap()));
+            return YRX_RESULT::INVALID_UTF8;
+        }
     };
 
     let data = match slice_from_ptr_and_len(data, len) {
@@ -228,7 +231,10 @@ unsafe extern "C" fn yrx_scanner_set_global<
 
     let ident = match CStr::from_ptr(ident).to_str() {
         Ok(ident) => ident,
-        Err(_) => return YRX_RESULT::INVALID_ARGUMENT,
+        Err(err) => {
+            LAST_ERROR.set(Some(CString::new(err.to_string()).unwrap()));
+            return YRX_RESULT::INVALID_UTF8;
+        }
     };
 
     let scanner = scanner.as_mut().unwrap();
@@ -240,7 +246,7 @@ unsafe extern "C" fn yrx_scanner_set_global<
         }
         Err(err) => {
             LAST_ERROR.set(Some(CString::new(err.to_string()).unwrap()));
-            YRX_RESULT::SCAN_ERROR
+            YRX_RESULT::VARIABLE_ERROR
         }
     }
 }
@@ -252,13 +258,13 @@ pub unsafe extern "C" fn yrx_scanner_set_global_str(
     ident: *const c_char,
     value: *const c_char,
 ) -> YRX_RESULT {
-    let value = if let Ok(value) = CStr::from_ptr(value).to_str() {
-        value
-    } else {
-        return YRX_RESULT::INVALID_ARGUMENT;
-    };
-
-    yrx_scanner_set_global(scanner, ident, value)
+    match CStr::from_ptr(value).to_str() {
+        Ok(value) => yrx_scanner_set_global(scanner, ident, value),
+        Err(err) => {
+            LAST_ERROR.set(Some(CString::new(err.to_string()).unwrap()));
+            YRX_RESULT::INVALID_UTF8
+        }
+    }
 }
 
 /// Sets the value of a global variable of type bool.

diff --git a/go/compiler.go b/go/compiler.go
@@ -63,6 +63,10 @@ func (c *Compiler) DefineGlobal(ident string, value interface{}) error {
 	switch v := value.(type) {
 	case int:
 		ret = C.int(C.yrx_compiler_define_global_int(c.cCompiler, cIdent, C.int64_t(v)))
+	case int32:
+		ret = C.int(C.yrx_compiler_define_global_int(c.cCompiler, cIdent, C.int64_t(v)))
+	case int64:
+		ret = C.int(C.yrx_compiler_define_global_int(c.cCompiler, cIdent, C.int64_t(v)))
 	case bool:
 		ret = C.int(C.yrx_compiler_define_global_bool(c.cCompiler, cIdent, C.bool(v)))
 	case string:

diff --git a/go/scanner.go b/go/scanner.go
@@ -109,6 +109,10 @@ func (s *Scanner) SetGlobal(ident string, value interface{}) error {
 	switch v := value.(type) {
 	case int:
 		ret = C.int(C.yrx_scanner_set_global_int(s.cScanner, cIdent, C.int64_t(v)))
+	case int32:
+		ret = C.int(C.yrx_scanner_set_global_int(s.cScanner, cIdent, C.int64_t(v)))
+	case int64:
+		ret = C.int(C.yrx_scanner_set_global_int(s.cScanner, cIdent, C.int64_t(v)))
 	case bool:
 		ret = C.int(C.yrx_scanner_set_global_bool(s.cScanner, cIdent, C.bool(v)))
 	case string:

diff --git a/go/scanner_test.go b/go/scanner_test.go
@@ -51,6 +51,28 @@ func TestScanner3(t *testing.T) {
 	assert.Len(t, matchingRules, 0)
 }
 
+func TestScanner4(t *testing.T) {
+	r, _ := Compile(
+		`rule t { condition: var_int == 1}`,
+		GlobalVars(map[string]interface{}{"var_int": 0}))
+
+	s := NewScanner(r)
+	matchingRules, _ := s.Scan([]byte{})
+	assert.Len(t, matchingRules, 0)
+
+	assert.NoError(t, s.SetGlobal("var_int", 1))
+	matchingRules, _ = s.Scan([]byte{})
+	assert.Len(t, matchingRules, 1)
+
+	assert.NoError(t, s.SetGlobal("var_int", int32(1)))
+	matchingRules, _ = s.Scan([]byte{})
+	assert.Len(t, matchingRules, 1)
+
+	assert.NoError(t, s.SetGlobal("var_int", int64(1)))
+	matchingRules, _ = s.Scan([]byte{})
+	assert.Len(t, matchingRules, 1)
+}
+
 func TestScannerTimeout(t *testing.T) {
 	r, _ := Compile("rule t { strings: $a = /a(.*)*a/ condition: $a }")
 	s := NewScanner(r)