Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve links between individual constructs in internal representation #73

Closed
metthal opened this issue Mar 4, 2020 · 1 comment
Closed

Improve links between individual constructs in internal representation #73

metthal opened this issue Mar 4, 2020 · 1 comment
Assignees
@TadeasKucera
Labels
C-core C-parser enhancement

Comments

@metthal
Copy link
Member

metthal commented Mar 4, 2020

Right now, the internal representation many times forgets link between individual construct in individual representation. One such example is this one

rule abc
{
        condition:
                true
}

rule def
{
        condition:
                abc
}

In this case, even though we check that abc must exist in symbol table while parsing condition of def, we forget this link and there is no way to get directly from abc in def condition to Rule instance of abc rule without looking up all rules in YARA file.

This ticket aims for improving the internal representation in such a way, that we'll keep these links and so it will be much easier to reach other parts of YARA file without doing whole file lookups.

Use-case:

I would like to rename rule and all links to it. So then if I do

abc_rule.name = 'XYZ'

then I would expect output to be

rule XYZ
{
        condition:
                true
}

rule def
{
        condition:
                XYZ
}

and not

rule XYZ
{
        condition:
                true
}

rule def
{
        condition:
                abc
}

These changes relate mostly to link between rules but I would also like to have something similar for strings.

Technical details:

It can be easier for rules since it can be solved just by some pointer to symbol table and renaming a rule would rename the record in symbol table (thus effectively renaming it everywhere else with zero cost) but it can be harder for strings since they are stored in trie-like structure for better lookup with string prefix. But that can possibly be solved by storing a pointer directly to the string itself which shouldn't change even if we move the string in trie to somewhere else.
@metthal metthal mentioned this issue Mar 6, 2020
Closed
TadeasKucera added a commit that referenced this issue Apr 15, 2020
@TadeasKucera
Solve #73 for rule names - renaming rule also renames all references …
56020c2 
…to it
@TadeasKucera TadeasKucera self-assigned this Apr 16, 2020
TadeasKucera added a commit that referenced this issue Apr 16, 2020
@TadeasKucera
Solve #73 for rule names - renaming rule also renames all references …
e9de3f4 
…to it
metthal pushed a commit that referenced this issue Apr 28, 2020
@TadeasKucera
Improve links between individual constructs in internal representatio…
c98c014 
…n (issue #73) (#96)

* Add TokenType and ExpressionType and put in separate files to allow import of symbol.h from literal.h

* Solve #73 for rule names - renaming rule also renames all references to it

* Each string reference was just string, now it is linked to string definition so renaming will be easier.

* Remove ParserMode::Incomplete to be part of anothoer PR

* Cleanup: Remove some asserts and printouts

Co-authored-by: Tadeáš Kučera <tadeas.kucera@avast.com>
@TadeasKucera
Copy link
Contributor

Solved in #96

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TadeasKucera TadeasKucera

Labels
C-core C-parser enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@metthal @TadeasKucera