WIP: Changes for YARA 4 API

Signed-off-by: Christian Blichmann <cblichmann@google.com>

compiler.go

@@ -16,7 +16,7 @@ package yara
 
 #include <yara.h>
 
-void compilerCallback(int, char*, int, char*, void*);
+void compilerCallback(int, char*, int, YR_RULE*, char*, void*);
 */
 import "C"
 import (
@@ -26,7 +26,7 @@ import (
 )
 
 //export compilerCallback
-func compilerCallback(errorLevel C.int, filename *C.char, linenumber C.int, message *C.char, userData unsafe.Pointer) {
+func compilerCallback(errorLevel C.int, filename *C.char, linenumber C.int, rule *C.YR_RULE, message *C.char, userData unsafe.Pointer) {
 	c := callbackData.Get(userData).(*Compiler)
 	msg := CompilerMessage{
 		Filename: C.GoString(filename),

rule.go

@@ -77,10 +77,10 @@ static const char* string_identifier(YR_STRING* s) {
 
 // string_matches returns pointers to the string match objects
 // associated with a string, using YARA's macro-based implementation.
-static void string_matches(YR_STRING* s, const YR_MATCH *matches[], int *n) {
+static void string_matches(YR_SCAN_CONTEXT* ctx, YR_STRING* s, const YR_MATCH *matches[], int *n) {
 	const YR_MATCH *match;
 	int i = 0;
-	yr_string_matches_foreach(s, match) {
+	yr_string_matches_foreach(ctx, s, match) {
 		if (i < *n)
 			matches[i] = match;
 		i++;
@@ -143,8 +143,8 @@ func (r *Rule) MetaList() (metas []Meta) {
 		id := C.GoString(cid)
 		var val interface{}
 		switch cptr._type {
-		case C.META_TYPE_NULL:
-			val = nil
+		// case C.META_TYPE_NULL:
+		//   val = nil
 		case C.META_TYPE_STRING:
 			val = C.GoString(cstr)
 		case C.META_TYPE_INTEGER:
@@ -187,12 +187,12 @@ func (r *Rule) Metas() (metas map[string]interface{}) {
 
 // IsPrivate returns true if the rule is marked as private.
 func (r *Rule) IsPrivate() bool {
-	return (r.cptr.g_flags & C.RULE_GFLAGS_PRIVATE) != 0
+	return (r.cptr.flags & C.RULE_FLAGS_PRIVATE) != 0
 }
 
 // IsGlobal returns true if the rule is marked as global.
 func (r *Rule) IsGlobal() bool {
-	return (r.cptr.g_flags & C.RULE_GFLAGS_GLOBAL) != 0
+	return (r.cptr.flags & C.RULE_FLAGS_GLOBAL) != 0
 }
 
 // String represents a string as part of a rule.
@@ -222,14 +222,14 @@ func (s *String) Identifier() string {
 type Match struct{ cptr *C.YR_MATCH }
 
 // Matches returns all matches that have been recorded for the string.
-func (s *String) Matches() (matches []Match) {
+func (s *String) Matches(ctx *C.YR_SCAN_CONTEXT) (matches []Match) {
 	var size C.int
-	C.string_matches(s.cptr, nil, &size)
+	C.string_matches(ctx, s.cptr, nil, &size)
 	ptrs := make([]*C.YR_MATCH, int(size))
 	if size == 0 {
 		return
 	}
-	C.string_matches(s.cptr, &ptrs[0], &size)
+	C.string_matches(ctx, s.cptr, &ptrs[0], &size)
 	for _, ptr := range ptrs {
 		matches = append(matches, Match{ptr})
 	}
@@ -247,9 +247,9 @@ func (m *Match) Offset() int64 {
 	return int64(m.cptr.offset)
 }
 
-func (r *Rule) getMatchStrings() (matchstrings []MatchString) {
+func (r *Rule) getMatchStrings(ctx *C.YR_SCAN_CONTEXT) (matchstrings []MatchString) {
 	for _, s := range r.Strings() {
-		for _, m := range s.Matches() {
+		for _, m := range s.Matches(ctx) {
 			matchstrings = append(matchstrings, MatchString{
 				Name:   s.Identifier(),
 				Base:   uint64(m.Base()),

rules.go

@@ -225,8 +225,8 @@ func (r *Rules) GetRules() (rv []Rule) {
 	// #define yr_rules_foreach(rules, rule) \
 	//     for (rule = rules->rules_list_head; !RULE_IS_NULL(rule); rule++)
 	// #define RULE_IS_NULL(x) \
-	//     (((x)->g_flags) & RULE_GFLAGS_NULL)
-	for p := r.cptr.rules_list_head; p.g_flags&C.RULE_GFLAGS_NULL == 0; p = (*C.YR_RULE)(unsafe.Pointer(uintptr(unsafe.Pointer(p)) + unsafe.Sizeof(*p))) {
+	//     (((x)->g_flags) & RULE_FLAGS_NULL)
+	for p := r.cptr.rules_list_head; p.flags&C.RULE_FLAGS_NULL == 0; p = (*C.YR_RULE)(unsafe.Pointer(uintptr(unsafe.Pointer(p)) + unsafe.Sizeof(*p))) {
 		rv = append(rv, Rule{p})
 	}
 	return

rules_callback.go

@@ -25,7 +25,7 @@ type ScanCallback interface{}
 // scan. The RuleMatching method corresponds to YARA's
 // CALLBACK_MSG_RULE_MATCHING message.
 type ScanCallbackMatch interface {
-	RuleMatching(*Rule) (bool, error)
+	RuleMatching(*C.YR_SCAN_CONTEXT, *Rule) (bool, error)
 }
 
 // ScanCallbackNoMatch is used to record rules that did not match
@@ -88,7 +88,7 @@ func (c *scanCallbackContainer) finalize() {
 }
 
 //export scanCallbackFunc
-func scanCallbackFunc(message C.int, messageData, userData unsafe.Pointer) C.int {
+func scanCallbackFunc(scanContext unsafe.Pointer, message C.int, messageData, userData unsafe.Pointer) C.int {
 	cbc, ok := callbackData.Get(userData).(*scanCallbackContainer)
 	if !ok {
 		return C.CALLBACK_ERROR
@@ -99,7 +99,7 @@ func scanCallbackFunc(message C.int, messageData, userData unsafe.Pointer) C.int
 	case C.CALLBACK_MSG_RULE_MATCHING:
 		if c, ok := cbc.ScanCallback.(ScanCallbackMatch); ok {
 			r := (*C.YR_RULE)(messageData)
-			abort, err = c.RuleMatching(&Rule{r})
+			abort, err = c.RuleMatching((*C.YR_SCAN_CONTEXT)(scanContext), &Rule{r})
 		}
 	case C.CALLBACK_MSG_RULE_NOT_MATCHING:
 		if c, ok := cbc.ScanCallback.(ScanCallbackNoMatch); ok {
@@ -147,7 +147,7 @@ type MatchRules []MatchRule
 
 // RuleMatching implements the ScanCallbackMatch interface for
 // MatchRules.
-func (mr *MatchRules) RuleMatching(r *Rule) (abort bool, err error) {
+func (mr *MatchRules) RuleMatching(ctx *C.YR_SCAN_CONTEXT, r *Rule) (abort bool, err error) {
 	metas := r.Metas()
 	// convert int to int32 for code that relies on previous behavior
 	for s := range metas {
@@ -160,7 +160,7 @@ func (mr *MatchRules) RuleMatching(r *Rule) (abort bool, err error) {
 		Namespace: r.Namespace(),
 		Tags:      r.Tags(),
 		Meta:      metas,
-		Strings:   r.getMatchStrings(),
+		Strings:   r.getMatchStrings(ctx),
 	})
 	return
 }

rules_test.go

@@ -1,5 +1,10 @@
 package yara
 
+/*
+#include <stdlib.h>
+#include <yara.h>
+*/
+import "C"
 import (
 	"bytes"
 	"compress/bzip2"
@@ -281,7 +286,7 @@ func newTestCallback(t *testing.T) *testCallback {
 	}
 }
 
-func (c *testCallback) RuleMatching(r *Rule) (bool, error) {
+func (c *testCallback) RuleMatching(ctx *C.YR_SCAN_CONTEXT, r *Rule) (bool, error) {
 	c.t.Logf("RuleMatching callback called: rule=%s", r.Identifier())
 	c.matched[r.Identifier()] = struct{}{}
 	return false, nil