diff --git a/docs/capi.rst b/docs/capi.rst index 8eca9a1286..79094ec08a 100644 --- a/docs/capi.rst +++ b/docs/capi.rst @@ -63,6 +63,40 @@ contains the file name and line number where the error or warning occurs. you're using :c:func:`yr_compiler_add_string`. The ``user_data`` pointer is the same you passed to :c:func:`yr_compiler_set_callback`. +By default, for rules containing references to other files +(``include "filename.yara"``), yara will try to find those files on disk. +However, if you want to fetch the imported rules from another source (eg: from a +database or remote service), a callback function can be set with +:c:func:`yr_compiler_set_include_callback`. +The callback receives the following parameters: + * ``include_name``: name of the requested file. + * ``calling_rule_filename``: the requesting file name (NULL if not a file). + * ``calling_rule_namespace``: namespace (NULL if undefined). + * ``user_data`` pointer is the same you passed to :c:func:`yr_compiler_set_include_callback`. +It should return the requested file's content as a string. The memory for this +string should be allocated by the callback function. Once it is safe to free the +memory used to return the callback's result, the include_free function passed to +:c:func:`yr_compiler_set_include_callback` will be called. If the memory does +not need to be freed, NULL can be passed as include_free instead. + +The callback function has the following prototype: + +.. code-block:: c + + const char* include_callback( + const char* include_name, + const char* calling_rule_filename, + const char* calling_rule_namespace, + void* user_data); + +The free function has the following prototype: + +.. code-block:: c + + void include_free( + const char* callback_result_ptr, + void* user_data); + After you successfully added some sources you can get the compiled rules using the :c:func:`yr_compiler_get_rules()` function. You'll get a pointer to a :c:type:`YR_RULES` structure which can be used to scan your data as @@ -402,6 +436,15 @@ Functions pointer is passed to the callback function. +.. c:function:: void yr_compiler_set_include_callback(YR_COMPILER* compiler, YR_COMPILER_INCLUDE_CALLBACK_FUNC callback, YR_COMPILER_INCLUDE_FREE_FUNC include_free, void* user_data) + + Set a callback to provide rules from a custom source when ``include`` + directive is invoked. The *user_data* pointer is untouched and passed back to + the callback function and to the free function. Once the callback's result + is no longer needed, the include_free function will be called. If the memory + does not need to be freed, include_free can be set to NULL. + + .. c:function:: int yr_compiler_add_file(YR_COMPILER* compiler, FILE* file, const char* namespace, const char* file_name) Compile rules from a *file*. Rules are put into the specified *namespace*, @@ -668,6 +711,7 @@ Functions Enables the specified rule. After being disabled with :c:func:`yr_rule_disable` a rule can be enabled again by using this function. + Error codes ----------- diff --git a/docs/yarapython.rst b/docs/yarapython.rst index 81b57aad08..3a586814d8 100644 --- a/docs/yarapython.rst +++ b/docs/yarapython.rst @@ -74,6 +74,36 @@ should be accepted in the source files, for example: If the source file contains include directives the previous line would raise an exception. +If includes are used, a python callback can be set to define a custom source for +the imported files (by default they are read from disk). This callback function +is set through the ``include_callback`` optional parameter. +It receives the following parameters: + *``requested_filename``: file requested with 'include' + *``filename``: file containing the 'include' directive if applicable, else None + *``namespace``: namespace +And returns the requested rules sources as a single string. + +.. code-block:: python + import yara + import sys + if sys.version_info >= (3, 0): + import urllib.request as urllib + else: + import urllib as urllib + + def mycallback(requested_filename, filename, namespace): + if requested_filename == 'req.yara': + uf = urllib.urlopen('https://pastebin.com/raw/siZ2sMTM') + sources = uf.read() + if sys.version_info >= (3, 0): + sources = str(sources, 'utf-8') + return sources + else: + raise Exception(filename+": Can't fetch "+requested_filename) + + rules = yara.compile(source='include "req.yara" rule r{ condition: true }', + include_callback=mycallback) + If you are using external variables in your rules you must define those external variables either while compiling the rules, or while applying the rules to some file. To define your variables at the moment of compilation you diff --git a/libyara/compiler.c b/libyara/compiler.c index 4280c3061e..c32ba687ac 100644 --- a/libyara/compiler.c +++ b/libyara/compiler.c @@ -56,11 +56,12 @@ YR_API int yr_compiler_create( new_compiler->errors = 0; new_compiler->callback = NULL; + new_compiler->include_callback = _yr_compiler_default_include_callback; + new_compiler->include_free = _yr_compiler_default_include_free; new_compiler->last_error = ERROR_SUCCESS; new_compiler->last_error_line = 0; new_compiler->current_line = 0; new_compiler->last_result = ERROR_SUCCESS; - new_compiler->file_stack_ptr = 0; new_compiler->file_name_stack_ptr = 0; new_compiler->fixup_stack_head = NULL; new_compiler->allow_includes = 1; @@ -182,38 +183,119 @@ YR_API void yr_compiler_set_callback( } -int _yr_compiler_push_file( - YR_COMPILER* compiler, - FILE* fh) +const char* _yr_compiler_default_include_callback( + const char* include_name, + const char* calling_rule_filename, + const char* calling_rule_namespace, + void* user_data) { - if (compiler->file_stack_ptr < MAX_INCLUDE_DEPTH) + char* buffer; + char* s = NULL; + #ifdef _WIN32 + char* b = NULL; + #endif + char* f; + FILE* fh; + char* file_buffer; + size_t file_length; + + if(calling_rule_filename != NULL) { - compiler->file_stack[compiler->file_stack_ptr] = fh; - compiler->file_stack_ptr++; - return ERROR_SUCCESS; + buffer = (char*) calling_rule_filename; } else { - compiler->last_result = ERROR_INCLUDE_DEPTH_EXCEEDED; - return ERROR_INCLUDE_DEPTH_EXCEEDED; + buffer = "\0"; + } + + s = strrchr(buffer, '/'); + + #ifdef _WIN32 + b = strrchr(buffer, '\\'); // in Windows both path delimiters are accepted + #endif + #ifdef _WIN32 + if (s != NULL || b != NULL) + #else + if (s != NULL) + #endif + { + #ifdef _WIN32 + f = (b > s)? (b + 1): (s + 1); + #else + f = s + 1; + #endif + strlcpy(f, include_name, sizeof(buffer) - (f - buffer)); + f = buffer; + // SECURITY: Potential for directory traversal here. + fh = fopen(buffer, "rb"); + // if include file was not found relative to current source file, + // try to open it with path as specified by user (maybe user wrote + // a full path) + if (fh == NULL) + { + f = (char*) include_name; + // SECURITY: Potential for directory traversal here. + fh = fopen(include_name, "rb"); + } + } + else + { + f = (char*) include_name; + // SECURITY: Potential for directory traversal here. + fh = fopen(include_name, "rb"); + } + if (fh != NULL) + { + file_buffer = NULL; + file_length = 0; + + fseek(fh, 0, SEEK_END); + file_length = ftell(fh); + fseek(fh, 0, SEEK_SET); + file_buffer = (char*) yr_malloc(file_length+1); + if(file_buffer) + { + if(file_length != fread(file_buffer, 1, file_length, fh)) + { + return NULL; + } + else + { + file_buffer[file_length]='\0'; + } + } + fclose(fh); + return file_buffer; + } + else{ + return NULL; } } -FILE* _yr_compiler_pop_file( - YR_COMPILER* compiler) +void _yr_compiler_default_include_free( + const char* callback_result_ptr, + void* user_data) { - FILE* result = NULL; - - if (compiler->file_stack_ptr > 0) + if(callback_result_ptr != NULL) { - compiler->file_stack_ptr--; - result = compiler->file_stack[compiler->file_stack_ptr]; + yr_free((void*)callback_result_ptr); } +} - return result; + +YR_API void yr_compiler_set_include_callback( + YR_COMPILER* compiler, + YR_COMPILER_INCLUDE_CALLBACK_FUNC include_callback, + YR_COMPILER_INCLUDE_FREE_FUNC include_free, + void* user_data) +{ + compiler->include_callback = include_callback; + compiler->include_free = include_free; + compiler->incl_clbk_user_data = user_data; } + int _yr_compiler_push_file_name( YR_COMPILER* compiler, const char* file_name) diff --git a/libyara/include/yara/compiler.h b/libyara/include/yara/compiler.h index 356380f269..2b2df0a900 100644 --- a/libyara/include/yara/compiler.h +++ b/libyara/include/yara/compiler.h @@ -52,6 +52,17 @@ typedef void (*YR_COMPILER_CALLBACK_FUNC)( void* user_data); +typedef const char* (*YR_COMPILER_INCLUDE_CALLBACK_FUNC)( + const char* include_name, + const char* calling_rule_filename, + const char* calling_rule_namespace, + void* user_data); + +typedef void (*YR_COMPILER_INCLUDE_FREE_FUNC)( + const char* callback_result_ptr, + void* user_data ); + + typedef struct _YR_FIXUP { void* address; @@ -103,9 +114,6 @@ typedef struct _YR_COMPILER char* file_name_stack[MAX_INCLUDE_DEPTH]; int file_name_stack_ptr; - FILE* file_stack[MAX_INCLUDE_DEPTH]; - int file_stack_ptr; - char last_error_extra_info[MAX_COMPILER_ERROR_EXTRA_INFO]; char lex_buf[LEX_BUF_SIZE]; @@ -114,8 +122,12 @@ typedef struct _YR_COMPILER char include_base_dir[MAX_PATH]; void* user_data; + void* incl_clbk_user_data; YR_COMPILER_CALLBACK_FUNC callback; + YR_COMPILER_INCLUDE_CALLBACK_FUNC include_callback; + YR_COMPILER_INCLUDE_FREE_FUNC include_free; + } YR_COMPILER; @@ -134,14 +146,6 @@ typedef struct _YR_COMPILER fmt, __VA_ARGS__); -int _yr_compiler_push_file( - YR_COMPILER* compiler, - FILE* fh); - - -FILE* _yr_compiler_pop_file( - YR_COMPILER* compiler); - int _yr_compiler_push_file_name( YR_COMPILER* compiler, @@ -151,6 +155,15 @@ int _yr_compiler_push_file_name( void _yr_compiler_pop_file_name( YR_COMPILER* compiler); +const char* _yr_compiler_default_include_callback( + const char* include_name, + const char* calling_rule_filename, + const char* calling_rule_namespace, + void* user_data); + +void _yr_compiler_default_include_free( + const char* callback_result_ptr, + void* user_data); YR_API int yr_compiler_create( YR_COMPILER** compiler); @@ -166,6 +179,13 @@ YR_API void yr_compiler_set_callback( void* user_data); +YR_API void yr_compiler_set_include_callback( + YR_COMPILER* compiler, + YR_COMPILER_INCLUDE_CALLBACK_FUNC include_callback, + YR_COMPILER_INCLUDE_FREE_FUNC include_free, + void* user_data); + + YR_API int yr_compiler_add_file( YR_COMPILER* compiler, FILE* rules_file, diff --git a/libyara/lexer.c b/libyara/lexer.c index 291124570e..ae7388d7f9 100644 --- a/libyara/lexer.c +++ b/libyara/lexer.c @@ -1354,80 +1354,25 @@ YY_RULE_SETUP #line 188 "lexer.l" { - char buffer[1024]; - char *current_file_name; - char *s = NULL; - #ifdef _WIN32 - char *b = NULL; - #endif - char *f; - FILE* fh; - if (compiler->allow_includes) { *yyextra->lex_buf_ptr = '\0'; // null-terminate included file path // move path of current source file into buffer - current_file_name = yr_compiler_get_current_file_name(compiler); - - if (current_file_name != NULL) - { - strlcpy(buffer, current_file_name, sizeof(buffer)); - } - else - { - buffer[0] = '\0'; - } - - // make included file path relative to current source file - s = strrchr(buffer, '/'); - - #ifdef _WIN32 - b = strrchr(buffer, '\\'); // in Windows both path delimiters are accepted - #endif - - #ifdef _WIN32 - if (s != NULL || b != NULL) - #else - if (s != NULL) - #endif - { - #ifdef _WIN32 - f = (b > s)? (b + 1): (s + 1); - #else - f = s + 1; - #endif + char* current_file_name = yr_compiler_get_current_file_name( + compiler); - strlcpy(f, yyextra->lex_buf, sizeof(buffer) - (f - buffer)); + const char* res = compiler->include_callback( + yyextra->lex_buf, + current_file_name, + compiler->current_namespace->name, + compiler->incl_clbk_user_data); - f = buffer; - - // SECURITY: Potential for directory traversal here. - fh = fopen(buffer, "r"); - - // if include file was not found relative to current source file, - // try to open it with path as specified by user (maybe user wrote - // a full path) - - if (fh == NULL) - { - f = yyextra->lex_buf; - - // SECURITY: Potential for directory traversal here. - fh = fopen(yyextra->lex_buf, "r"); - } - } - else + if (res != NULL) { - f = yyextra->lex_buf; - - // SECURITY: Potential for directory traversal here. - fh = fopen(yyextra->lex_buf, "r"); - } - if (fh != NULL) - { - int error_code = _yr_compiler_push_file_name(compiler, f); + int error_code = _yr_compiler_push_file_name( compiler, + yyextra->lex_buf); if (error_code != ERROR_SUCCESS) { @@ -1439,19 +1384,42 @@ YY_RULE_SETUP { yyerror(yyscanner, compiler, "includes depth exceeded"); } - + if(compiler->include_free != NULL) + { + compiler->include_free(res, compiler->incl_clbk_user_data); + } yyterminate(); } - _yr_compiler_push_file(compiler, fh); - yara_yypush_buffer_state(yara_yy_create_buffer(fh,YY_BUF_SIZE,yyscanner),yyscanner); + // Workaround for flex issue: https://github.com/westes/flex/issues/58 + yara_yypush_buffer_state(YY_CURRENT_BUFFER,yyscanner); + yara_yy_scan_string(res,yyscanner); + yara_yyset_lineno(1,yyscanner); + if(compiler->include_free != NULL) + { + compiler->include_free(res, compiler->incl_clbk_user_data); + } } else { - snprintf(buffer, sizeof(buffer), - "can't open include file: %s", yyextra->lex_buf); - yyerror(yyscanner, compiler, buffer); + char* base_err_msg = NULL; + if(compiler->include_callback == _yr_compiler_default_include_callback) + { + base_err_msg = "can't open include file: %s"; + } + else + { + base_err_msg = "callback failed to provide include resource: %s"; + } + size_t err_buff_len = sizeof(base_err_msg) + sizeof(yyextra->lex_buf); + char* error_buffer = (char*) yr_malloc(err_buff_len); + snprintf( error_buffer, + err_buff_len, + base_err_msg, + yyextra->lex_buf); + yyerror(yyscanner, compiler, error_buffer); } + } else // not allowing includes { @@ -1467,16 +1435,10 @@ case YY_STATE_EOF(str): case YY_STATE_EOF(regexp): case YY_STATE_EOF(include): case YY_STATE_EOF(comment): -#line 300 "lexer.l" +#line 267 "lexer.l" { YR_COMPILER* compiler = yara_yyget_extra(yyscanner); - FILE* file = _yr_compiler_pop_file(compiler); - - if (file != NULL) - { - fclose(file); - } _yr_compiler_pop_file_name(compiler); yara_yypop_buffer_state(yyscanner); @@ -1485,11 +1447,12 @@ case YY_STATE_EOF(comment): { yyterminate(); } + } YY_BREAK case 44: YY_RULE_SETUP -#line 320 "lexer.l" +#line 282 "lexer.l" { yylval->c_string = yr_strdup(yytext); @@ -1505,7 +1468,7 @@ YY_RULE_SETUP YY_BREAK case 45: YY_RULE_SETUP -#line 334 "lexer.l" +#line 296 "lexer.l" { yylval->c_string = yr_strdup(yytext); @@ -1521,7 +1484,7 @@ YY_RULE_SETUP YY_BREAK case 46: YY_RULE_SETUP -#line 348 "lexer.l" +#line 310 "lexer.l" { yylval->c_string = yr_strdup(yytext); @@ -1538,7 +1501,7 @@ YY_RULE_SETUP YY_BREAK case 47: YY_RULE_SETUP -#line 363 "lexer.l" +#line 325 "lexer.l" { yylval->c_string = yr_strdup(yytext); @@ -1555,7 +1518,7 @@ YY_RULE_SETUP YY_BREAK case 48: YY_RULE_SETUP -#line 378 "lexer.l" +#line 340 "lexer.l" { yylval->c_string = yr_strdup(yytext); @@ -1572,7 +1535,7 @@ YY_RULE_SETUP YY_BREAK case 49: YY_RULE_SETUP -#line 393 "lexer.l" +#line 355 "lexer.l" { char* text = yytext; @@ -1613,7 +1576,7 @@ YY_RULE_SETUP YY_BREAK case 50: YY_RULE_SETUP -#line 432 "lexer.l" +#line 394 "lexer.l" { if (strlen(yytext) > 128) @@ -1634,7 +1597,7 @@ YY_RULE_SETUP YY_BREAK case 51: YY_RULE_SETUP -#line 451 "lexer.l" +#line 413 "lexer.l" { #ifdef _MSC_VER @@ -1656,7 +1619,7 @@ YY_RULE_SETUP YY_BREAK case 52: YY_RULE_SETUP -#line 470 "lexer.l" +#line 432 "lexer.l" { yylval->double_ = atof(yytext); return _DOUBLE_; @@ -1664,7 +1627,7 @@ YY_RULE_SETUP YY_BREAK case 53: YY_RULE_SETUP -#line 475 "lexer.l" +#line 437 "lexer.l" { yylval->integer = xtoi(yytext + 2); return _NUMBER_; @@ -1672,7 +1635,7 @@ YY_RULE_SETUP YY_BREAK case 54: YY_RULE_SETUP -#line 480 "lexer.l" +#line 442 "lexer.l" { yylval->integer = otoi(yytext + 2); return _NUMBER_; @@ -1680,7 +1643,7 @@ YY_RULE_SETUP YY_BREAK case 55: YY_RULE_SETUP -#line 486 "lexer.l" +#line 448 "lexer.l" { /* saw closing quote - all done */ ALLOC_SIZED_STRING(s, yyextra->lex_buf_len); @@ -1696,7 +1659,7 @@ YY_RULE_SETUP YY_BREAK case 56: YY_RULE_SETUP -#line 500 "lexer.l" +#line 462 "lexer.l" { LEX_CHECK_SPACE_OK("\t", yyextra->lex_buf_len, LEX_BUF_SIZE); @@ -1706,7 +1669,7 @@ YY_RULE_SETUP YY_BREAK case 57: YY_RULE_SETUP -#line 508 "lexer.l" +#line 470 "lexer.l" { LEX_CHECK_SPACE_OK("\n", yyextra->lex_buf_len, LEX_BUF_SIZE); @@ -1716,7 +1679,7 @@ YY_RULE_SETUP YY_BREAK case 58: YY_RULE_SETUP -#line 516 "lexer.l" +#line 478 "lexer.l" { LEX_CHECK_SPACE_OK("\"", yyextra->lex_buf_len, LEX_BUF_SIZE); @@ -1726,7 +1689,7 @@ YY_RULE_SETUP YY_BREAK case 59: YY_RULE_SETUP -#line 524 "lexer.l" +#line 486 "lexer.l" { LEX_CHECK_SPACE_OK("\\", yyextra->lex_buf_len, LEX_BUF_SIZE); @@ -1736,7 +1699,7 @@ YY_RULE_SETUP YY_BREAK case 60: YY_RULE_SETUP -#line 532 "lexer.l" +#line 494 "lexer.l" { int result; @@ -1749,13 +1712,13 @@ YY_RULE_SETUP YY_BREAK case 61: YY_RULE_SETUP -#line 543 "lexer.l" +#line 505 "lexer.l" { YYTEXT_TO_BUFFER; } YY_BREAK case 62: /* rule 62 can match eol */ YY_RULE_SETUP -#line 546 "lexer.l" +#line 508 "lexer.l" { yyerror(yyscanner, compiler, "unterminated string"); @@ -1765,7 +1728,7 @@ YY_RULE_SETUP case 63: /* rule 63 can match eol */ YY_RULE_SETUP -#line 552 "lexer.l" +#line 514 "lexer.l" { yyerror(yyscanner, compiler, "illegal escape sequence"); @@ -1774,7 +1737,7 @@ YY_RULE_SETUP YY_BREAK case 64: YY_RULE_SETUP -#line 559 "lexer.l" +#line 521 "lexer.l" { if (yyextra->lex_buf_len > 0) @@ -1803,7 +1766,7 @@ YY_RULE_SETUP YY_BREAK case 65: YY_RULE_SETUP -#line 586 "lexer.l" +#line 548 "lexer.l" { LEX_CHECK_SPACE_OK("/", yyextra->lex_buf_len, LEX_BUF_SIZE); @@ -1813,7 +1776,7 @@ YY_RULE_SETUP YY_BREAK case 66: YY_RULE_SETUP -#line 594 "lexer.l" +#line 556 "lexer.l" { LEX_CHECK_SPACE_OK("\\.", yyextra->lex_buf_len, LEX_BUF_SIZE); @@ -1831,13 +1794,13 @@ YY_RULE_SETUP YY_BREAK case 67: YY_RULE_SETUP -#line 610 "lexer.l" +#line 572 "lexer.l" { YYTEXT_TO_BUFFER; } YY_BREAK case 68: /* rule 68 can match eol */ YY_RULE_SETUP -#line 613 "lexer.l" +#line 575 "lexer.l" { yyerror(yyscanner, compiler, "unterminated regular expression"); @@ -1846,7 +1809,7 @@ YY_RULE_SETUP YY_BREAK case 69: YY_RULE_SETUP -#line 620 "lexer.l" +#line 582 "lexer.l" { yyextra->lex_buf_ptr = yyextra->lex_buf; @@ -1856,7 +1819,7 @@ YY_RULE_SETUP YY_BREAK case 70: YY_RULE_SETUP -#line 628 "lexer.l" +#line 590 "lexer.l" { yyextra->lex_buf_ptr = yyextra->lex_buf; @@ -1867,7 +1830,7 @@ YY_RULE_SETUP case 71: /* rule 71 can match eol */ YY_RULE_SETUP -#line 636 "lexer.l" +#line 598 "lexer.l" { // Match hex-digits with whitespace or comments. The latter are stripped // out by hex_lexer.l @@ -1883,12 +1846,12 @@ YY_RULE_SETUP case 72: /* rule 72 can match eol */ YY_RULE_SETUP -#line 649 "lexer.l" +#line 611 "lexer.l" /* skip whitespace */ YY_BREAK case 73: YY_RULE_SETUP -#line 651 "lexer.l" +#line 613 "lexer.l" { if (yytext[0] >= 32 && yytext[0] < 127) @@ -1904,10 +1867,10 @@ YY_RULE_SETUP YY_BREAK case 74: YY_RULE_SETUP -#line 664 "lexer.l" +#line 626 "lexer.l" ECHO; YY_BREAK -#line 1911 "lexer.c" +#line 1874 "lexer.c" case YY_END_OF_BUFFER: { @@ -3056,7 +3019,7 @@ void yara_yyfree (void * ptr , yyscan_t yyscanner) #define YYTABLES_NAME "yytables" -#line 664 "lexer.l" +#line 626 "lexer.l" diff --git a/libyara/lexer.l b/libyara/lexer.l index 032bbd274a..6a8a5baa57 100644 --- a/libyara/lexer.l +++ b/libyara/lexer.l @@ -187,80 +187,25 @@ include[ \t]+\" { \" { - char buffer[1024]; - char *current_file_name; - char *s = NULL; - #ifdef _WIN32 - char *b = NULL; - #endif - char *f; - FILE* fh; - if (compiler->allow_includes) { *yyextra->lex_buf_ptr = '\0'; // null-terminate included file path // move path of current source file into buffer - current_file_name = yr_compiler_get_current_file_name(compiler); - - if (current_file_name != NULL) - { - strlcpy(buffer, current_file_name, sizeof(buffer)); - } - else - { - buffer[0] = '\0'; - } + char* current_file_name = yr_compiler_get_current_file_name( + compiler); - // make included file path relative to current source file - s = strrchr(buffer, '/'); + const char* res = compiler->include_callback( + yyextra->lex_buf, + current_file_name, + compiler->current_namespace->name, + compiler->incl_clbk_user_data); - #ifdef _WIN32 - b = strrchr(buffer, '\\'); // in Windows both path delimiters are accepted - #endif - - #ifdef _WIN32 - if (s != NULL || b != NULL) - #else - if (s != NULL) - #endif - { - #ifdef _WIN32 - f = (b > s)? (b + 1): (s + 1); - #else - f = s + 1; - #endif - - strlcpy(f, yyextra->lex_buf, sizeof(buffer) - (f - buffer)); - - f = buffer; - - // SECURITY: Potential for directory traversal here. - fh = fopen(buffer, "r"); - - // if include file was not found relative to current source file, - // try to open it with path as specified by user (maybe user wrote - // a full path) - - if (fh == NULL) - { - f = yyextra->lex_buf; - - // SECURITY: Potential for directory traversal here. - fh = fopen(yyextra->lex_buf, "r"); - } - } - else + if (res != NULL) { - f = yyextra->lex_buf; - // SECURITY: Potential for directory traversal here. - fh = fopen(yyextra->lex_buf, "r"); - } - - if (fh != NULL) - { - int error_code = _yr_compiler_push_file_name(compiler, f); + int error_code = _yr_compiler_push_file_name( compiler, + yyextra->lex_buf); if (error_code != ERROR_SUCCESS) { @@ -272,20 +217,42 @@ include[ \t]+\" { { yyerror(yyscanner, compiler, "includes depth exceeded"); } - + if(compiler->include_free != NULL) + { + compiler->include_free(res, compiler->incl_clbk_user_data); + } yyterminate(); } - _yr_compiler_push_file(compiler, fh); - yypush_buffer_state( - yy_create_buffer(fh, YY_BUF_SIZE, yyscanner), yyscanner); + // Workaround for flex issue: https://github.com/westes/flex/issues/58 + yypush_buffer_state(YY_CURRENT_BUFFER, yyscanner); + yy_scan_string(res, yyscanner); + yyset_lineno(1, yyscanner); + if(compiler->include_free != NULL) + { + compiler->include_free(res, compiler->incl_clbk_user_data); + } } else { - snprintf(buffer, sizeof(buffer), - "can't open include file: %s", yyextra->lex_buf); - yyerror(yyscanner, compiler, buffer); + char* base_err_msg = NULL; + if(compiler->include_callback == _yr_compiler_default_include_callback) + { + base_err_msg = "can't open include file: %s"; + } + else + { + base_err_msg = "callback failed to provide include resource: %s"; + } + size_t err_buff_len = sizeof(base_err_msg) + sizeof(yyextra->lex_buf); + char* error_buffer = (char*) yr_malloc(err_buff_len); + snprintf( error_buffer, + err_buff_len, + base_err_msg, + yyextra->lex_buf); + yyerror(yyscanner, compiler, error_buffer); } + } else // not allowing includes { @@ -300,12 +267,6 @@ include[ \t]+\" { <> { YR_COMPILER* compiler = yyget_extra(yyscanner); - FILE* file = _yr_compiler_pop_file(compiler); - - if (file != NULL) - { - fclose(file); - } _yr_compiler_pop_file_name(compiler); yypop_buffer_state(yyscanner); @@ -314,6 +275,7 @@ include[ \t]+\" { { yyterminate(); } + }