Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added support for xor modifier with arguments and private modifier (#39) #52

Merged
merged 5 commits into from
Jan 15, 2020
Merged

Added support for xor modifier with arguments and private modifier (#39) #52

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
1f50f34
Added support for xor modifier with arguments (#39)
metthal Jan 14, 2020
9e70d20
Fixed Python code for new handling of modifiers
metthal Jan 14, 2020
bd37a70
Cleaning up code and adding more tests for errorous cases
metthal Jan 15, 2020
c59aa9c
Added support for private string modifier (#39)
metthal Jan 15, 2020
b7a72f8
Bump YARA_SYNTAX_VERSION to 3.11
metthal Jan 15, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 19 additions & 3 deletions include/yaramod/builder/yara_rule_builder.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,18 +58,30 @@ class YaraRuleBuilder
YaraRuleBuilder& withHexIntMeta(const std::string& key, std::uint64_t value);
YaraRuleBuilder& withBoolMeta(const std::string& key, bool value);

YaraRuleBuilder& withPlainString(const std::string& id, const std::string& value, std::uint32_t mods = String::Modifiers::Ascii);
YaraRuleBuilder& withPlainString(const std::string& id, const std::string& value);
YaraRuleBuilder& withHexString(const std::string& id, const std::shared_ptr<HexString>& hexString);
YaraRuleBuilder& withRegexp(const std::string& id, const std::string& value,
const std::string& suffixMods = std::string{}, std::uint32_t mods = String::Modifiers::Ascii);
YaraRuleBuilder& withRegexp(const std::string& id, const std::string& value, const std::string& suffixMods = std::string{});

YaraRuleBuilder& withCondition(Expression::Ptr&& condition);
YaraRuleBuilder& withCondition(const Expression::Ptr& condition);
/// @}

/// @name Method modifying last string
/// @{
YaraRuleBuilder& ascii();
YaraRuleBuilder& wide();
YaraRuleBuilder& nocase();
YaraRuleBuilder& fullword();
YaraRuleBuilder& private_();
YaraRuleBuilder& xor_();
YaraRuleBuilder& xor_(std::uint64_t key);
YaraRuleBuilder& xor_(std::uint64_t low, std::uint64_t high);
/// @}

private:
void resetTokens();
void initializeStrings();
void createLastString();

std::shared_ptr<TokenStream> _tokenStream; ///< Storage of all Tokens
std::optional<TokenIt> _mod; ///< Modifier
Expand All @@ -85,6 +97,10 @@ class YaraRuleBuilder
TokenIt _condition_it; ///< iterator pointing at 'condition' token
TokenIt _colon_it; ///< iterator pointing at ':' token
TokenIt _rcb; ///< iterator pointing at '}' token

std::shared_ptr<String> _lastString; ///< Points to the last defined string.
std::vector<std::shared_ptr<StringModifier>> _stringMods; ///< String modifiers for last defined string.
std::shared_ptr<TokenStream> _stringModsTokens; ///< Token stream for building string modifiers.
};

}
39 changes: 23 additions & 16 deletions include/yaramod/parser/parser_driver.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,18 +24,19 @@
#include "yaramod/types/expressions.h"
#include "yaramod/types/hex_string.h"
#include "yaramod/types/hex_string.h"
#include "yaramod/types/token_stream.h"
#include "yaramod/types/meta.h"
#include "yaramod/types/plain_string.h"
#include "yaramod/types/regexp.h"
#include "yaramod/types/rule.h"
#include "yaramod/types/symbol.h"
#include "yaramod/types/token_stream.h"
#include "yaramod/types/yara_file.h"
#include "yaramod/yaramod_error.h"

namespace yaramod {

using RegexpRangePair = std::pair<std::optional<std::uint64_t>, std::optional<std::uint64_t>>;
using StringModifiers = std::vector<std::shared_ptr<StringModifier>>;

// Value is the type of all tokens produced by POG parser. Both token and rule actions return Value. The rule action parameters are also Values.
class Value
Expand All @@ -49,19 +50,20 @@ class Value
Rule, //4
std::vector<Meta>,
std::shared_ptr<Rule::StringsTrie>, //6
std::pair<std::uint32_t, std::vector<TokenIt>>,
Literal, //8
Expression::Ptr,
std::vector<Expression::Ptr>, //10
std::vector<TokenIt>,
std::vector<std::shared_ptr<HexStringUnit>>, //12
std::shared_ptr<HexStringUnit>,
std::vector<std::shared_ptr<HexString>>, //14
std::shared_ptr<String>,
std::shared_ptr<RegexpUnit>, //16
std::vector<std::shared_ptr<RegexpUnit>>,
TokenIt, //18
RegexpRangePair
std::shared_ptr<StringModifier>,
StringModifiers, //8
Literal,
Expression::Ptr, //10
std::vector<Expression::Ptr>,
std::vector<TokenIt>, //12
std::vector<std::shared_ptr<HexStringUnit>>,
std::shared_ptr<HexStringUnit>, //14
std::vector<std::shared_ptr<HexString>>,
std::shared_ptr<String>, //16
std::shared_ptr<RegexpUnit>,
std::vector<std::shared_ptr<RegexpUnit>>, //18
TokenIt,
RegexpRangePair //20
>;

/// @name Constructors
Expand Down Expand Up @@ -116,9 +118,14 @@ class Value
return std::move(moveValue<std::shared_ptr<Rule::StringsTrie>>());
}

std::pair<std::uint32_t, std::vector<TokenIt>>&& getStringMods()
std::shared_ptr<StringModifier>&& getStringMod()
{
return std::move(moveValue<std::shared_ptr<StringModifier>>());
}

StringModifiers&& getStringMods()
{
return std::move(moveValue<std::pair<std::uint32_t, std::vector<TokenIt>>>());
return std::move(moveValue<StringModifiers>());
}

const Literal& getLiteral() const
Expand Down
2 changes: 1 addition & 1 deletion include/yaramod/types/plain_string.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ class PlainString : public String
explicit PlainString(const std::shared_ptr<TokenStream>& ts, const std::string& text);
explicit PlainString(const std::shared_ptr<TokenStream>& ts, std::string&& text);
explicit PlainString(const std::shared_ptr<TokenStream>& ts, TokenIt text);
explicit PlainString(const std::shared_ptr<TokenStream>& ts, TokenIt id, TokenIt equal_sign, std::uint32_t mods, std::vector<TokenIt> mods_strings, TokenIt text);
explicit PlainString(const std::shared_ptr<TokenStream>& ts, TokenIt id, TokenIt assignToken, TokenIt text);
~PlainString() = default;
/// @}

Expand Down
4 changes: 2 additions & 2 deletions include/yaramod/types/regexp.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -630,8 +630,8 @@ class Regexp : public String
{
if (_id)
return _id.value();
else if (_assign_token)
return _assign_token.value();
else if (_assignToken)
return _assignToken.value();
else
return _leftSlash;
}
Expand Down
Loading