Merge pull request #210 from avast/add_console_module

YARA-1823: Add console module
avast · Mar 22, 2022 · 1bca6d9 · 1bca6d9
2 parents 52b2c05 + 4ec50ec
commit 1bca6d9
Show file tree

Hide file tree

Showing 3 changed files with 134 additions and 0 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -31,6 +31,7 @@ set(YARAMOD_DEPS_DIR    "${PROJECT_SOURCE_DIR}/deps")
 set(YARAMOD_MODULES_DIR     "${PROJECT_SOURCE_DIR}/modules")
 set(YARAMOD_MODULES_GENERATED_DIR     "${YARAMOD_INCLUDE_DIR}/yaramod/types/modules/generated")
 set(WRAP_MODULE_SOURCES
+	${YARAMOD_MODULES_GENERATED_DIR}/module_console.h
 	${YARAMOD_MODULES_GENERATED_DIR}/module_cuckoo_deprecated_generated.h
 	${YARAMOD_MODULES_GENERATED_DIR}/module_cuckoo_generated.h
 	${YARAMOD_MODULES_GENERATED_DIR}/module_dex_generated.h

diff --git a/modules/module_console.json b/modules/module_console.json
@@ -0,0 +1,108 @@
+{
+    "kind": "struct",
+    "name": "console",
+    "attributes": [
+        {
+            "kind": "function",
+            "name": "log",
+            "return_type": "i",
+            "overloads": [
+                {
+                    "arguments": [
+                        {
+                            "type": "s",
+                            "name": "string"
+                        }
+                    ],
+                    "documentation": "Function which sends the string to the main callback.\n\nExample: ```console.log(pe.imphash())```"
+                },
+                {
+                    "arguments": [
+                        {
+                            "type": "s",
+                            "name": "message"
+                        },
+                        {
+                            "type": "s",
+                            "name": "string"
+                        }
+                    ],
+                    "documentation": "Function which sends the message and string to the main callback.\n\nExample: ```console.log(\"The imphash is: \", pe.imphash())```"
+                },
+                {
+                    "arguments": [
+                        {
+                            "type": "i",
+                            "name": "integer"
+                        }
+                    ],
+                    "documentation": "Function which sends the integer to the main callback.\n\nExample: ```console.log(uint32(0))```"
+                },
+                {
+                    "arguments": [
+                        {
+                            "type": "s",
+                            "name": "message"
+                        },
+                        {
+                            "type": "i",
+                            "name": "integer"
+                        }
+                    ],
+                    "documentation": "Function which sends the message and integer to the main callback.\n\nExample: ```console.log(\"32bits at 0: \", uint32(0))```"
+                },
+                {
+                    "arguments": [
+                        {
+                            "type": "f",
+                            "name": "float"
+                        }
+                    ],
+                    "documentation": "Function which sends the floating point value to the main callback.\n\nExample: ```console.log(math.entropy(0, filesize))```"
+                },
+                {
+                    "arguments": [
+                        {
+                            "type": "s",
+                            "name": "message"
+                        },
+                        {
+                            "type": "f",
+                            "name": "float"
+                        }
+                    ],
+                    "documentation": "Function which sends the message and the floating point value to the main callback.\n\nExample: ```console.log(\"Entropy: \", math.entropy(0, filesize))```"
+                }
+            ]
+        },
+        {
+            "kind": "function",
+            "name": "hex",
+            "return_type": "i",
+            "overloads": [
+                {
+                    "arguments": [
+                        {
+                            "type": "i",
+                            "name": "integer"
+                        }
+                    ],
+                    "documentation": "Function which sends the integer to the main callback, formatted as a hex string.\n\nExample: ```console.hex(uint32(0))```"
+                },
+                {
+                    "arguments": [
+                        {
+                            "type": "s",
+                            "name": "message"
+                        },
+                        {
+                            "type": "i",
+                            "name": "integer"
+                        }
+                    ],
+                    "documentation": "Function which sends the integer to the main callback, formatted as a hex string.\n\nExample: ```console.hex(\"Hex at 0: \", uint32(0))```"
+                }
+            ]
+        }
+    ]
+}
diff --git a/tests/cpp/parser_tests.cpp b/tests/cpp/parser_tests.cpp
@@ -3438,6 +3438,31 @@ rule rule_with_float_value_in_condition
 	EXPECT_EQ(input_text, driver.getParsedFile().getTextFormatted());
 }
 
+TEST_F(ParserTests,
+ConsoleModuleWorks) {
+	prepareInput(
+R"(
+import "console"
+
+rule console_module
+{
+	condition:
+		console.log("Hello") and
+		console.log("32bits at 0: ", uint32(0))
+}
+)");
+
+	EXPECT_TRUE(driver.parse(input));
+	ASSERT_EQ(1u, driver.getParsedFile().getRules().size());
+
+	const auto& rule = driver.getParsedFile().getRules()[0];
+	EXPECT_EQ(R"(console.log("Hello") and console.log("32bits at 0: ", uint32(0)))", rule->getCondition()->getText());
+	EXPECT_EQ("console", rule->getCondition()->getFirstTokenIt()->getPureText());
+	EXPECT_EQ(")", rule->getCondition()->getLastTokenIt()->getPureText());
+
+	EXPECT_EQ(input_text, driver.getParsedFile().getTextFormatted());
+}
+
 TEST_F(ParserTests,
 CuckooModuleWorks) {
 	prepareInput(