yara 1.4.3 → 1.4.4

data/History.txt

@@ -1,3 +1,7 @@
+== 1.4.3 / 2011-04-11
+  * Support optional namespaces when calling compile_file or compile_string
+  * Better yardoc tags
+
 == 1.4.3 / 2011-02-21
   * Improved documentation 
   * More intuitive 'inspect' features for testing in IRB.

data/VERSION

@@ -1 +1 @@
-1.4.3
+1.4.4

data/ext/yara_native/Match.c

@@ -177,7 +177,7 @@ Match_NEW_from_rule(RULE *rule, unsigned char *buffer, VALUE *match) {
  * call-seq:
  *      match.rule() -> String
  *
- * @return String The rule identifier string for this match.
+ * @return [String] The rule identifier string for this match.
  */
 static VALUE match_rule(VALUE self) {
   match_info *mi;
@@ -191,7 +191,7 @@ static VALUE match_rule(VALUE self) {
  * call-seq:
  *      match.namespace() -> String
  *
- * @return String The namespace for this match.
+ * @return [String] The namespace for this match.
  */
 static VALUE match_namespace(VALUE self) {
   match_info *mi;
@@ -233,7 +233,7 @@ static VALUE match_strings(VALUE self) {
  * call-seq:
  *      match.meta() -> Hash
  *
- * @return Hash   Keyed values of metadata for the match object.
+ * @return [Hash]   Keyed values of metadata for the match object.
  */
 static VALUE match_meta(VALUE self) {
   match_info *mi;
@@ -247,7 +247,7 @@ static VALUE match_meta(VALUE self) {
  * call-seq:
  *      matchstring.identifier() -> String
  *
- * @return String   The identification label for the string.
+ * @return [String]   The identification label for the string.
  */
 static VALUE matchstring_identifier(VALUE self) {
   match_string *ms;
@@ -261,7 +261,7 @@ static VALUE matchstring_identifier(VALUE self) {
  * call-seq:
  *      matchstring.offset() -> Fixnum
  *
- * @return Fixnum   The offset where the match occurred.
+ * @return [Fixnum]   The offset where the match occurred.
  */
 static VALUE matchstring_offset(VALUE self) {
   match_string *ms;
@@ -275,7 +275,7 @@ static VALUE matchstring_offset(VALUE self) {
  * call-seq:
  *      matchstring.buffer() -> String
  *
- * @return String   The data matched in the buffer.
+ * @return [String]   The data matched in the buffer.
  */
 static VALUE matchstring_buffer(VALUE self) {
   match_string *ms;

data/ext/yara_native/Rules.c

@@ -36,11 +36,23 @@ VALUE rules_allocate(VALUE klass) {
   return Data_Wrap_Struct(klass, rules_mark, rules_free, ctx);
 }
 
+/* used internally to lookup namespaces */
+NAMESPACE * find_namespace(YARA_CONTEXT *ctx, const char *name) {
+  NAMESPACE *ns = ctx->namespaces;
+
+  while(ns && ns->name) {
+    if(strcmp(name, ns->name) == 0)
+      return(ns);
+    else
+      ns = ns->next;
+  }
+  return (NAMESPACE*) NULL;
+}
+
+
 /* 
- * Document-method: compile_file
- *
  * call-seq:
- *      rules.compile_file(filename) -> nil
+ *      rules.compile_file(filename, ns=nil) -> nil
  *
  * Compiles rules taken from a file by its filename. This method
  * can be called more than once using multiple rules strings and
@@ -49,24 +61,46 @@ VALUE rules_allocate(VALUE klass) {
  * To avoid namespace conflicts, you can use set_namespace
  * before compiling rules.
  *
- * @param String filename The name of a yara rules file to compile.
+ * @param [String]     filename  The name of a yara rules file to compile.
  *
- * @raise Yara::CompileError An exception is raised if a compile error occurs.
+ * @param [String,nil] ns        Optional namespace for the rules.
+ *
+ * @raise [Yara::CompileError] An exception is raised if a compile error occurs.
  */
-VALUE rules_compile_file(VALUE self, VALUE rb_fname) {
-  FILE * file;
-  char * fname;
+VALUE rules_compile_file(int argc, VALUE *argv, VALUE self) {
+  FILE *file;
+  char *fname;
   YARA_CONTEXT *ctx;
   char error_message[256];
+  NAMESPACE *orig_ns, *ns;
+
+  VALUE rb_fname;
+  VALUE rb_ns;
+
+  orig_ns = ns = NULL;
+
+  rb_scan_args(argc, argv, "11", &rb_fname, &rb_ns);
 
   Check_Type(rb_fname, T_STRING);
-  fname = RSTRING_PTR(rb_fname);
 
+  if(rb_ns != Qnil) {
+    Check_Type(rb_ns, T_STRING);
+  }
+
+  fname = RSTRING_PTR(rb_fname);
   if( !(file=fopen(fname, "r")) ) {
     rb_raise(error_CompileError, "No such file: %s", fname);
   } else {
     Data_Get_Struct(self, YARA_CONTEXT, ctx);
 
+    if((rb_ns != Qnil) && (orig_ns = ctx->current_namespace)) {
+
+      if (!(ns = find_namespace(ctx, RSTRING_PTR(rb_ns))))
+        ns = yr_create_namespace(ctx, RSTRING_PTR(rb_ns));
+
+      ctx->current_namespace = ns;
+    }
+
     if( yr_compile_file(file, ctx) != 0 ) {
       yr_get_error_message(ctx, error_message, sizeof(error_message));
       fclose(file);
@@ -74,48 +108,74 @@ VALUE rules_compile_file(VALUE self, VALUE rb_fname) {
     }
 
     yr_push_file_name(ctx, fname);
+
+    if ( orig_ns )
+      ctx->current_namespace = orig_ns;
+
     fclose(file);
+
     return Qtrue;
   }
 }
 
 /* 
- * Document-method: compile_string
- *
  * call-seq:
- *      rules.compile_string(rules_string) -> nil
+ *      rules.compile_string(rules_string, ns=nil) -> nil
  *
  * Compiles rules taken from a ruby string. This method
  * can be called more than once using multiple rules strings
  * and can be used in combination with compile_file.
  *
- * To avoid namespace conflicts, you can use set_namespace
- * before compiling rules.
+ * To avoid namespace conflicts, you can set a namespace using
+ * the optional 'ns' argument.
  *
- * @param String rules_string A string containing yara rules text.
+ * @param [String] rules_string   A string containing yara rules text.
  *
- * @raise Yara::CompileError An exception is raised if a compile error occurs.
+ * @param [String,nil] ns         An optional namespace for the rules.
+ *
+ * @raise [Yara::CompileError] An exception is raised if a compile error occurs.
  */
-VALUE rules_compile_string(VALUE self, VALUE rb_rules) {
+VALUE rules_compile_string(int argc, VALUE *argv, VALUE self) {
   YARA_CONTEXT *ctx;
   char *rules;
   char error_message[256];
+  NAMESPACE *orig_ns, *ns;
+
+  VALUE rb_rules;
+  VALUE rb_ns;
+
+  orig_ns = ns = NULL;
+
+  rb_scan_args(argc, argv, "11", &rb_rules, &rb_ns);
 
   Check_Type(rb_rules, T_STRING);
+  if (rb_ns != Qnil)
+    Check_Type(rb_ns, T_STRING);
+
   rules = RSTRING_PTR(rb_rules);
   Data_Get_Struct(self, YARA_CONTEXT, ctx);
 
+  if((rb_ns != Qnil) && (orig_ns = ctx->current_namespace)) {
+    orig_ns = ctx->current_namespace;
+
+    if (!(ns = find_namespace(ctx, RSTRING_PTR(rb_ns))))
+      ns = yr_create_namespace(ctx, RSTRING_PTR(rb_ns));
+
+    ctx->current_namespace = ns;
+  }
+
   if( yr_compile_string(rules, ctx) != 0) {
       yr_get_error_message(ctx, error_message, sizeof(error_message));
       rb_raise(error_CompileError, "Syntax Error - line(%d): %s", ctx->last_error_line, error_message);
   }
 
+  if ( orig_ns )
+    ctx->current_namespace = orig_ns;
+
   return Qtrue;
 }
 
 /* 
- * Document-method: weight
- *
  * call-seq:
  *      rules.weight() -> Fixnum
  *
@@ -130,8 +190,6 @@ VALUE rules_weight(VALUE self) {
 }
 
 /* 
- * Document-method: current_namespace
- *
  * call-seq:
  *      rules.current_namespace() -> String
  *
@@ -147,8 +205,6 @@ VALUE rules_current_namespace(VALUE self) {
 }
 
 /* 
- * Document-method: namespaces
- *
  * call-seq:
  *      rules.namespaces() -> Array
  *
@@ -168,21 +224,7 @@ VALUE rules_namespaces(VALUE self) {
   return ary;
 }
 
-NAMESPACE * find_namespace(YARA_CONTEXT *ctx, const char *name) {
-  NAMESPACE *ns = ctx->namespaces;
-
-  while(ns && ns->name) {
-    if(strcmp(name, ns->name) == 0)
-      return(ns);
-    else
-      ns = ns->next;
-  }
-  return (NAMESPACE*) NULL;
-}
-
 /* 
- * Document-method: set_namespace
- *
  * call-seq:
  *      rules.set_namespace(name) -> nil
  *
@@ -192,7 +234,7 @@ NAMESPACE * find_namespace(YARA_CONTEXT *ctx, const char *name) {
  * To avoid namespace conflicts, you can use set_namespace
  * before compiling rules.
  *
- * @param String name The namespace to set.
+ * @param [String] name The namespace to set.
  */
 VALUE rules_set_namespace(VALUE self, VALUE rb_namespace) {
   YARA_CONTEXT *ctx;
@@ -233,19 +275,17 @@ scan_callback(RULE *rule, unsigned char *buffer, unsigned int buffer_size, void
 }
 
 /* 
- * Document-method: scan_file
- *
  * call-seq:
  *      rules.scan_file(filename) -> Array
  *
  * Scans a file using the compiled rules supplied
  * with either compile_file or compile_string (or both).
  *
- * @param String filename The name of a file to scan with yara.
+ * @param [String] filename The name of a file to scan with yara.
  *
  * @return [Yara::Match] An array of Yara::Match objects found in the file.
  *
- * @raise Yara::ScanError Raised if an error occurs while scanning the file.
+ * @raise [Yara::ScanError] Raised if an error occurs while scanning the file.
  */
 VALUE rules_scan_file(VALUE self, VALUE rb_fname) {
   YARA_CONTEXT *ctx;
@@ -270,25 +310,23 @@ VALUE rules_scan_file(VALUE self, VALUE rb_fname) {
 
 
 /* 
- * Document-method: scan_file
- *
  * call-seq:
  *      rules.scan_string(buf) -> Array
  *
  * Scans a ruby string using the compiled rules supplied
  * with either compile_file or compile_string (or both).
  *
- * @param String buf The string buffer to scan with yara.
+ * @param [String] buf The string buffer to scan with yara.
  *
  * @return [Yara::Match] An array of Yara::Match objects found in the string.
  *
- * @raise Yara::ScanError Raised if an error occurs while scanning the string.
+ * @raise [Yara::ScanError] Raised if an error occurs while scanning the string.
  */
 VALUE rules_scan_string(VALUE self, VALUE rb_dat) {
   YARA_CONTEXT *ctx;
   VALUE results;
   char *buf;
-  long buflen;
+  size_t buflen;
   int ret;
 
   Check_Type(rb_dat, T_STRING);
@@ -319,8 +357,8 @@ void init_Rules() {
   class_Rules = rb_define_class_under(module_Yara, "Rules", rb_cObject);
   rb_define_alloc_func(class_Rules, rules_allocate);
 
-  rb_define_method(class_Rules, "compile_file", rules_compile_file, 1);
-  rb_define_method(class_Rules, "compile_string", rules_compile_string, 1);
+  rb_define_method(class_Rules, "compile_file", rules_compile_file, -1);
+  rb_define_method(class_Rules, "compile_string", rules_compile_string, -1);
   rb_define_method(class_Rules, "weight", rules_weight, 0);
   rb_define_method(class_Rules, "current_namespace", rules_current_namespace, 0);
   rb_define_method(class_Rules, "namespaces", rules_namespaces, 0);

data/spec/rules_spec.rb

@@ -213,6 +213,7 @@ describe Yara::Rules do
 
     end
 
+
     it "should raise an error if scanning an invalid string" do
       @rules.compile_file(sample_file("packers.yara"))
       @rules.weight.should > 0
@@ -221,5 +222,95 @@ describe Yara::Rules do
     end
 
 
+    it "should take an optional namespace when compiling a file" do
+      @rules.compile_file(sample_file("packers.yara"), "an_optional_namespace1" )
+      @rules.weight.should > 0
+      results = @rules.scan_file(sample_file("DumpMem.exe"))
+      results.should be_kind_of(Array)
+      results.size.should == 1
+
+      m = results.first
+      m.should be_kind_of(Yara::Match)
+      m.should be_frozen
+
+      m.rule.should == "UPX"
+
+      m.namespace.should == "an_optional_namespace1"
+      m.namespace.should be_frozen
+
+      @rules.namespaces.should == ["an_optional_namespace1", "default"]
+      @rules.current_namespace.should == "default"
+    end
+
+    it "should allow the 'default' namespace when compiling a file" do
+      @rules.compile_file(sample_file("packers.yara"), "default" )
+      @rules.weight.should > 0
+      results = @rules.scan_file(sample_file("DumpMem.exe"))
+      results.should be_kind_of(Array)
+      results.size.should == 1
+
+      m = results.first
+      m.should be_kind_of(Yara::Match)
+      m.should be_frozen
+
+      m.rule.should == "UPX"
+
+      m.namespace.should == "default"
+      m.namespace.should be_frozen
+
+      @rules.namespaces.should == ["default"]
+      @rules.current_namespace.should == "default"
+    end
+
+    it "should raise an error when compiling a file with an invalid namespace" do
+      lambda { @rules.compile_file(sample_file("packers.yara"), 1) }.should raise_error(TypeError)
+    end
+
+
+    it "should take an optional namespace when compiling a string" do
+      @rules.compile_string(File.read(sample_file("packers.yara")), "an_optional_namespace2")
+      @rules.weight.should > 0
+      results = @rules.scan_file(sample_file("DumpMem.exe"))
+      results.should be_kind_of(Array)
+      results.size.should == 1
+
+      m = results.first
+      m.should be_kind_of(Yara::Match)
+      m.should be_frozen
+
+      m.rule.should == "UPX"
+
+      m.namespace.should == "an_optional_namespace2"
+      m.namespace.should be_frozen
+
+      @rules.namespaces.should == ["an_optional_namespace2", "default"]
+      @rules.current_namespace.should == "default"
+    end
+
+    it "should allow the 'default' namespace when compiling a string" do
+      @rules.compile_string(File.read(sample_file("packers.yara")), "default")
+      @rules.weight.should > 0
+      results = @rules.scan_file(sample_file("DumpMem.exe"))
+      results.should be_kind_of(Array)
+      results.size.should == 1
+
+      m = results.first
+      m.should be_kind_of(Yara::Match)
+      m.should be_frozen
+
+      m.rule.should == "UPX"
+
+      m.namespace.should == "default"
+      m.namespace.should be_frozen
+
+      @rules.namespaces.should == ["default"]
+      @rules.current_namespace.should == "default"
+    end
+
+
+    it "should raise an error when compiling a string with an invalid namespace" do
+      lambda { @rules.compile_string(File.read(sample_file("packers.yara")), 1) }.should raise_error(TypeError)
+    end
+
   end
 end

metadata

@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
   segments: 
   - 1
   - 4
-  - 3
-  version: 1.4.3
+  - 4
+  version: 1.4.4
 platform: ruby
 authors: 
 - Eric Monti
@@ -14,13 +14,13 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-02-21 00:00:00 -06:00
+date: 2011-04-11 00:00:00 -05:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: rspec
-  prerelease: false
   requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
@@ -30,11 +30,12 @@ dependencies:
         - 0
         version: 2.3.0
   type: :development
+  prerelease: false
   version_requirements: *id001
 - !ruby/object:Gem::Dependency 
   name: yard
-  prerelease: false
   requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
@@ -44,11 +45,12 @@ dependencies:
         - 0
         version: 0.6.0
   type: :development
+  prerelease: false
   version_requirements: *id002
 - !ruby/object:Gem::Dependency 
   name: bundler
-  prerelease: false
   requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
@@ -58,11 +60,12 @@ dependencies:
         - 0
         version: 1.0.0
   type: :development
+  prerelease: false
   version_requirements: *id003
 - !ruby/object:Gem::Dependency 
   name: jeweler
-  prerelease: false
   requirement: &id004 !ruby/object:Gem::Requirement 
+    none: false
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
@@ -72,11 +75,12 @@ dependencies:
         - 2
         version: 1.5.2
   type: :development
+  prerelease: false
   version_requirements: *id004
 - !ruby/object:Gem::Dependency 
   name: rcov
-  prerelease: false
   requirement: &id005 !ruby/object:Gem::Requirement 
+    none: false
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
@@ -84,11 +88,12 @@ dependencies:
         - 0
         version: "0"
   type: :development
+  prerelease: false
   version_requirements: *id005
 - !ruby/object:Gem::Dependency 
   name: rake-compiler
-  prerelease: false
   requirement: &id006 !ruby/object:Gem::Requirement 
+    none: false
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
@@ -96,6 +101,7 @@ dependencies:
         - 0
         version: "0"
   type: :development
+  prerelease: false
   version_requirements: *id006
 description: Ruby bindings for the yara malware analysis library
 email: emonti@trustwave.com
@@ -145,13 +151,16 @@ rdoc_options: []
 require_paths: 
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
+      hash: -3417020004990498226
       segments: 
       - 0
       version: "0"
 required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
@@ -161,7 +170,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: 
-rubygems_version: 1.3.6
+rubygems_version: 1.3.7
 signing_key: 
 specification_version: 3
 summary: Ruby bindings for libyara