diff -Nru yara-python-3.11.0/appveyor.yml yara-python-4.0.2/appveyor.yml --- yara-python-3.11.0/appveyor.yml 2019-10-10 12:26:49.000000000 +0000 +++ yara-python-4.0.2/appveyor.yml 2020-06-26 07:22:29.000000000 +0000 @@ -12,76 +12,52 @@ # a later point release. # See: http://www.appveyor.com/docs/installed-software#python - - PYTHON: "C:\\Python27" - PYTHON_VERSION: "2.7.x" # currently 2.7.16 - PYTHON_ARCH: "32" - OPENSSL_LIB: "openssl-1.1.0e-vs2008" - VS: "Visual Studio 9 2008" - - - PYTHON: "C:\\Python27-x64" - PYTHON_VERSION: "2.7.x" # currently 2.7.16 - PYTHON_ARCH: "64" - OPENSSL_LIB: "openssl-1.1.0e-vs2008" - VS: "Visual Studio 9 2008 Win64" - - - PYTHON: "C:\\Python33" - PYTHON_VERSION: "3.3.x" # currently 3.3.5 - PYTHON_ARCH: "32" - OPENSSL_LIB: "openssl-1.1.0e-vs2010" - VS: "Visual Studio 10 2010" - - - PYTHON: "C:\\Python33-x64" - PYTHON_VERSION: "3.3.x" # currently 3.3.5 - PYTHON_ARCH: "64" - OPENSSL_LIB: "openssl-1.1.0e-vs2010" - VS: "Visual Studio 10 2010 Win64" - - - PYTHON: "C:\\Python34" - PYTHON_VERSION: "3.4.x" # currently 3.4.4 - PYTHON_ARCH: "32" - OPENSSL_LIB: "openssl-1.1.0e-vs2010" - VS: "Visual Studio 10 2010" - - - PYTHON: "C:\\Python34-x64" - PYTHON_VERSION: "3.4.x" # currently 3.4.4 - PYTHON_ARCH: "64" - OPENSSL_LIB: "openssl-1.1.0e-vs2010" - VS: "Visual Studio 10 2010 Win64" - - PYTHON: "C:\\Python35" PYTHON_VERSION: "3.5.x" # currently 3.5.4 PYTHON_ARCH: "32" - OPENSSL_LIB: "openssl-1.1.0e-vs2015" + OPENSSL_LIB: "https://ci.appveyor.com/api/buildjobs/fakubeldw67e9pmg/artifacts/YARA.OpenSSL.x86.1.1.1.nupkg" VS: "Visual Studio 14 2015" - PYTHON: "C:\\Python35-x64" PYTHON_VERSION: "3.5.x" # currently 3.5.4 PYTHON_ARCH: "64" - OPENSSL_LIB: "openssl-1.1.0e-vs2015" + OPENSSL_LIB: "https://ci.appveyor.com/api/buildjobs/q63539qt9yqaqspo/artifacts/YARA.OpenSSL.x64.1.1.1.nupkg" VS: "Visual Studio 14 2015 Win64" - PYTHON: "C:\\Python36" PYTHON_VERSION: "3.6.x" # currently 3.6.8 PYTHON_ARCH: "32" - OPENSSL_LIB: "openssl-1.1.0e-vs2015" + OPENSSL_LIB: "https://ci.appveyor.com/api/buildjobs/fakubeldw67e9pmg/artifacts/YARA.OpenSSL.x86.1.1.1.nupkg" VS: "Visual Studio 14 2015" - PYTHON: "C:\\Python36-x64" PYTHON_VERSION: "3.6.x" # currently 3.6.8 PYTHON_ARCH: "64" - OPENSSL_LIB: "openssl-1.1.0e-vs2015" + OPENSSL_LIB: "https://ci.appveyor.com/api/buildjobs/q63539qt9yqaqspo/artifacts/YARA.OpenSSL.x64.1.1.1.nupkg" VS: "Visual Studio 14 2015 Win64" - PYTHON: "C:\\Python37" PYTHON_VERSION: "3.7.x" # currently 3.7.0 PYTHON_ARCH: "32" - OPENSSL_LIB: "openssl-1.1.0e-vs2015" + OPENSSL_LIB: "https://ci.appveyor.com/api/buildjobs/fakubeldw67e9pmg/artifacts/YARA.OpenSSL.x86.1.1.1.nupkg" VS: "Visual Studio 14 2015" - PYTHON: "C:\\Python37-x64" PYTHON_VERSION: "3.7.x" # currently 3.7.0 PYTHON_ARCH: "64" - OPENSSL_LIB: "openssl-1.1.0e-vs2015" + OPENSSL_LIB: "https://ci.appveyor.com/api/buildjobs/q63539qt9yqaqspo/artifacts/YARA.OpenSSL.x64.1.1.1.nupkg" + VS: "Visual Studio 14 2015 Win64" + + - PYTHON: "C:\\Python38" + PYTHON_VERSION: "3.8.x" # currently 3.8.0 + PYTHON_ARCH: "32" + OPENSSL_LIB: "https://ci.appveyor.com/api/buildjobs/fakubeldw67e9pmg/artifacts/YARA.OpenSSL.x86.1.1.1.nupkg" + VS: "Visual Studio 14 2015" + + - PYTHON: "C:\\Python38-x64" + PYTHON_VERSION: "3.8.x" # currently 3.8.0 + PYTHON_ARCH: "64" + OPENSSL_LIB: "https://ci.appveyor.com/api/buildjobs/q63539qt9yqaqspo/artifacts/YARA.OpenSSL.x64.1.1.1.nupkg" VS: "Visual Studio 14 2015 Win64" install: @@ -126,25 +102,14 @@ # latest version of wheel. - "%CMD_IN_ENV% pip install wheel==0.29.0" + # We are in projects/yara-python, lets go out to projects. - cd .. - - ps: Invoke-WebRequest "https://www.npcglib.org/~stathis/downloads/$env:OPENSSL_LIB.7z" -OutFile "openssl.7z" - - 7z x openssl.7z - - cd yara-python - - - ps: >- - If ($env:PYTHON_ARCH -Match "32") { - $env:OPENSSL_LIB_DIR="lib" - } Else { - $env:OPENSSL_LIB_DIR="lib64" - } - - # This is workaround for solving an issue caused by CMake not finding an - # appropriate compilet for Visual Studio 9 2008 Win64. This workaround was - # copied from: https://github.com/conda/conda-build/blob/master/appveyor.yml - - call appveyor\setup_x64.bat - # Download and build jansson library - - cd .. + # Download precompiled OpenSSL library. + - ps: Invoke-WebRequest "$env:OPENSSL_LIB" -OutFile "openssl.zip" + - ps: Expand-Archive openssl.zip -DestinationPath openssl + + # Download and build jansson library. - ps: Invoke-WebRequest "https://github.com/akheron/jansson/archive/v$env:JANSSON_VERSION.zip" -OutFile "jansson.zip" - ps: Expand-Archive jansson.zip -DestinationPath . - cd jansson-%JANSSON_VERSION% @@ -152,6 +117,9 @@ - cd build - cmake -DJANSSON_BUILD_DOCS=OFF -DJANSSON_WITHOUT_TESTS=ON -G "%VS%" .. - cmake --build . --config Release + + # We are in projects/jansson-%JANSSON_VERSION%/build, lets move to + # projects/yara-python - cd ../../yara-python @@ -162,16 +130,15 @@ build_script: # Build the compiled extension - "%CMD_IN_ENV% python setup.py build_ext --enable-cuckoo --enable-dotnet - -L../jansson-%JANSSON_VERSION%/build/lib/Release;../%OPENSSL_LIB%/%OPENSSL_LIB_DIR% - -I../jansson-%JANSSON_VERSION%/build/include;../%OPENSSL_LIB%/include + -L../jansson-%JANSSON_VERSION%/build/lib/Release;../openssl/lib + -I../jansson-%JANSSON_VERSION%/build/include;../openssl/include -DHASH_MODULE,HAVE_LIBCRYPTO - -llibcryptoMT" + -llibcrypto" after_build: - "%CMD_IN_ENV% python setup.py install" test_script: - # Run the project tests - "%CMD_IN_ENV% python tests.py" after_test: @@ -199,5 +166,5 @@ # # Uncomment these lines for enabling Remote Desktop for debugging purposes. -# on_finish: -# - ps: $blockRdp = $true; iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1')) +#on_finish: +# - ps: $blockRdp = $true; iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1')) diff -Nru yara-python-3.11.0/debian/changelog yara-python-4.0.2/debian/changelog --- yara-python-3.11.0/debian/changelog 2020-02-18 09:26:41.000000000 +0000 +++ yara-python-4.0.2/debian/changelog 2020-06-27 13:23:57.000000000 +0000 @@ -1,8 +1,23 @@ -yara-python (3.11.0-1build1) focal; urgency=medium +yara-python (4.0.2-1) unstable; urgency=medium - * No-change rebuild to drop python3.7. + * New upstream version 4.0.2 - -- Matthias Klose Tue, 18 Feb 2020 10:26:41 +0100 + -- Hilko Bengen Sat, 27 Jun 2020 15:23:57 +0200 + +yara-python (4.0.1-1) unstable; urgency=medium + + * New upstream version 4.0.1 + + -- Hilko Bengen Sat, 16 May 2020 15:59:55 +0200 + +yara-python (4.0.0-1) experimental; urgency=medium + + * New upstream version 4.0.0 + * Bump libyara build-dependency + * Add Provides, Python-Version headers + * Bump Standards-Version + + -- Hilko Bengen Mon, 04 May 2020 23:56:18 +0200 yara-python (3.11.0-1) unstable; urgency=medium diff -Nru yara-python-3.11.0/debian/control yara-python-4.0.2/debian/control --- yara-python-3.11.0/debian/control 2020-02-12 00:21:18.000000000 +0000 +++ yara-python-4.0.2/debian/control 2020-05-16 13:57:19.000000000 +0000 @@ -5,8 +5,8 @@ Uploaders: Debian Security Tools Build-Depends: debhelper (>= 12~), dh-python, python3-all-dev, python3-setuptools, - libyara-dev (>= 3.9), -Standards-Version: 4.3.0 + libyara-dev (>= 4), +Standards-Version: 4.5.0 Homepage: https://pypi.python.org/pypi/yara-python Vcs-Git: https://salsa.debian.org/pkg-security-team/yara-python.git Vcs-Browser: https://salsa.debian.org/pkg-security-team/yara-python @@ -14,6 +14,8 @@ Package: python3-yara Architecture: any Depends: ${python3:Depends}, ${shlibs:Depends}, ${misc:Depends}, +Provides: ${python3:Provides}, +XB-Python-Version: ${python3:Versions}, Description: Python 3 bindings for YARA YARA is a tool aimed at helping malware researchers to identify and classify malware samples. With YARA, it is possible to create diff -Nru yara-python-3.11.0/README.rst yara-python-4.0.2/README.rst --- yara-python-3.11.0/README.rst 2019-10-10 12:26:49.000000000 +0000 +++ yara-python-4.0.2/README.rst 2020-06-26 07:22:29.000000000 +0000 @@ -53,7 +53,7 @@ .. code-block:: bash - $ sudo python setup.py install --dynamic-linking + $ python setup.py build --dynamic-linking For this option to work you must build and install `YARA `_ separately before installing diff -Nru yara-python-3.11.0/setup.py yara-python-4.0.2/setup.py --- yara-python-3.11.0/setup.py 2019-10-10 12:26:49.000000000 +0000 +++ yara-python-4.0.2/setup.py 2020-06-26 07:22:29.000000000 +0000 @@ -30,7 +30,6 @@ import shutil import subprocess - OPTIONS = [ ('dynamic-linking', None, 'link dynamically against libyara'), ('enable-cuckoo', None, 'enable "cuckoo" module'), @@ -182,7 +181,9 @@ building_for_openbsd = 'openbsd' in self.plat_name # need testing if building_for_linux: + module.define_macros.append(('_GNU_SOURCE', '1')) module.define_macros.append(('USE_LINUX_PROC', '1')) + module.extra_compile_args.append('-std=c99') elif building_for_windows: module.define_macros.append(('USE_WINDOWS_PROC', '1')) module.define_macros.append(('_CRT_SECURE_NO_WARNINGS', '1')) @@ -192,26 +193,33 @@ module.libraries.append('crypt32') module.libraries.append('ws2_32') elif building_for_osx: + module.define_macros.append(('_GNU_SOURCE', '1')) module.define_macros.append(('USE_MACH_PROC', '1')) + module.extra_compile_args.append('-std=c99') module.include_dirs.append('/usr/local/opt/openssl/include') module.include_dirs.append('/opt/local/include') module.library_dirs.append('/opt/local/lib') module.include_dirs.append('/usr/local/include') module.library_dirs.append('/usr/local/lib') elif building_for_freebsd: + module.define_macros.append(('_GNU_SOURCE', '1')) module.define_macros.append(('USE_FREEBSD_PROC', '1')) module.include_dirs.append('/opt/local/include') module.library_dirs.append('/opt/local/lib') module.include_dirs.append('/usr/local/include') module.library_dirs.append('/usr/local/lib') elif building_for_openbsd: + module.define_macros.append(('_GNU_SOURCE', '1')) module.define_macros.append(('USE_OPENBSD_PROC', '1')) + module.extra_compile_args.append('-std=c99') module.include_dirs.append('/opt/local/include') module.library_dirs.append('/opt/local/lib') module.include_dirs.append('/usr/local/include') module.library_dirs.append('/usr/local/lib') else: + module.define_macros.append(('_GNU_SOURCE', '1')) module.define_macros.append(('USE_NO_PROC', '1')) + module.extra_compile_args.append('-std=c99') if has_function('memmem'): module.define_macros.append(('HAVE_MEMMEM', '1')) @@ -221,7 +229,7 @@ module.define_macros.append(('HAVE_STRLCAT', '1')) if self.enable_profiling: - module.define_macros.append(('PROFILING_ENABLED', '1')) + module.define_macros.append(('YR_PROFILING_ENABLED', '1')) if self.dynamic_linking: module.libraries.append('yara') @@ -233,34 +241,38 @@ module.define_macros.append(('HAVE_LIBCRYPTO', '1')) module.libraries.append('crypto') else: - exclusions.append('yara/libyara/modules/hash.c') + exclusions.append('yara/libyara/modules/hash/hash.c') if self.enable_magic: module.define_macros.append(('MAGIC_MODULE', '1')) module.libraries.append('magic') else: - exclusions.append('yara/libyara/modules/magic.c') + exclusions.append('yara/libyara/modules/magic/magic.c') if self.enable_cuckoo: module.define_macros.append(('CUCKOO_MODULE', '1')) module.libraries.append('jansson') else: - exclusions.append('yara/libyara/modules/cuckoo.c') + exclusions.append('yara/libyara/modules/cuckoo/cuckoo.c') if self.enable_dotnet: module.define_macros.append(('DOTNET_MODULE', '1')) else: - exclusions.append('yara/libyara/modules/dotnet.c') + exclusions.append('yara/libyara/modules/dotnet/dotnet.c') if self.enable_dex: module.define_macros.append(('DEX_MODULE', '1')) else: - exclusions.append('yara/libyara/modules/dex.c') + exclusions.append('yara/libyara/modules/dex/dex.c') if self.enable_macho: module.define_macros.append(('MACHO_MODULE', '1')) else: - exclusions.append('yara/libyara/modules/macho.c') + exclusions.append('yara/libyara/modules/macho/macho.c') + + # exclude pb_tests module + exclusions.append('yara/libyara/modules/pb_tests/pb_tests.c') + exclusions.append('yara/libyara/modules/pb_tests/pb_tests.pb-c.c') exclusions = [os.path.normpath(x) for x in exclusions] @@ -311,7 +323,7 @@ setup( name='yara-python', - version='3.11.0', + version='4.0.2', description='Python interface for YARA', long_description=readme, license='Apache 2.0', diff -Nru yara-python-3.11.0/tests.py yara-python-4.0.2/tests.py --- yara-python-3.11.0/tests.py 2019-10-10 12:26:49.000000000 +0000 +++ yara-python-4.0.2/tests.py 2020-06-26 07:22:29.000000000 +0000 @@ -1,3 +1,5 @@ +#!/usr/local/bin/python +# -*- coding: utf-8 -*- # # Copyright (c) 2007-2014. The YARA Authors. All Rights Reserved. # @@ -140,8 +142,8 @@ ('a[0-9]*b', 'a0123456789b', SUCCEED, 'a0123456789b'), ('[0-9a-f]+', '0123456789abcdef', SUCCEED, '0123456789abcdef'), ('[0-9a-f]+', 'xyz0123456789xyz', SUCCEED, '0123456789'), - ('a[\s\S]b', 'a b', SUCCEED, 'a b'), - ('a[\d\D]b', 'a1b', SUCCEED, 'a1b'), + (r'a[\s\S]b', 'a b', SUCCEED, 'a b'), + (r'a[\d\D]b', 'a1b', SUCCEED, 'a1b'), ('[x-z]+', 'abc', FAIL), ('a[-]?c', 'ac', SUCCEED, 'ac'), ('a[-b]', 'a-', SUCCEED, 'a-'), @@ -161,7 +163,7 @@ ('a[\\', '', SYNTAX_ERROR), ('a]', 'a]', SUCCEED, 'a]'), ('a[]]b', 'a]b', SUCCEED, 'a]b'), - ('a[\]]b', 'a]b', SUCCEED, 'a]b'), + (r'a[\]]b', 'a]b', SUCCEED, 'a]b'), ('a[^bc]d', 'aed', SUCCEED, 'aed'), ('a[^bc]d', 'abd', FAIL), ('a[^-b]c', 'adc', SUCCEED, 'adc'), @@ -192,16 +194,16 @@ (r'[\x5D-\x5F]', '\x5E', SUCCEED, '\x5E'), (r'[\x5C-\x5F]', '\x5E', SUCCEED, '\x5E'), (r'[\x5D-\x5F]', '\x5E', SUCCEED, '\x5E'), - ('a\wc', 'abc', SUCCEED, 'abc'), - ('a\wc', 'a_c', SUCCEED, 'a_c'), - ('a\wc', 'a0c', SUCCEED, 'a0c'), - ('a\wc', 'a*c', FAIL), - ('\w+', '--ab_cd0123--', SUCCEED, 'ab_cd0123'), - ('[\w]+', '--ab_cd0123--', SUCCEED, 'ab_cd0123'), - ('\D+', '1234abc5678', SUCCEED, 'abc'), - ('[\d]+', '0123456789', SUCCEED, '0123456789'), - ('[\D]+', '1234abc5678', SUCCEED, 'abc'), - ('[\da-fA-F]+', '123abc', SUCCEED, '123abc'), + (r'a\wc', 'abc', SUCCEED, 'abc'), + (r'a\wc', 'a_c', SUCCEED, 'a_c'), + (r'a\wc', 'a0c', SUCCEED, 'a0c'), + (r'a\wc', 'a*c', FAIL), + (r'\w+', '--ab_cd0123--', SUCCEED, 'ab_cd0123'), + (r'[\w]+', '--ab_cd0123--', SUCCEED, 'ab_cd0123'), + (r'\D+', '1234abc5678', SUCCEED, 'abc'), + (r'[\d]+', '0123456789', SUCCEED, '0123456789'), + (r'[\D]+', '1234abc5678', SUCCEED, 'abc'), + (r'[\da-fA-F]+', '123abc', SUCCEED, '123abc'), ('^(ab|cd)e', 'abcde', FAIL), ('(abc|)ef', 'abcdef', SUCCEED, 'ef'), ('(abc|)ef', 'abcef', SUCCEED, 'abcef'), @@ -360,11 +362,11 @@ def testArithmeticOperators(self): self.assertTrueRules([ - 'rule test { condition: (1 + 1) * 2 == (9 - 1) \ 2 }', + r'rule test { condition: (1 + 1) * 2 == (9 - 1) \ 2 }', 'rule test { condition: 5 % 2 == 1 }', 'rule test { condition: 1.5 + 1.5 == 3}', - 'rule test { condition: 3 \ 2 == 1}', - 'rule test { condition: 3.0 \ 2 == 1.5}', + r'rule test { condition: 3 \ 2 == 1}', + r'rule test { condition: 3.0 \ 2 == 1.5}', 'rule test { condition: 1 + -1 == 0}', 'rule test { condition: -1 + -1 == -2}', 'rule test { condition: 4 --2 * 2 == 8}', @@ -655,7 +657,7 @@ 'rule test { strings: $a = /[M-N]iss/ nocase condition: $a }', 'rule test { strings: $a = /(Mi|ssi)ssippi/ nocase condition: $a }', 'rule test { strings: $a = /ppi\tmi/ condition: $a }', - 'rule test { strings: $a = /ppi\.mi/ condition: $a }', + r'rule test { strings: $a = /ppi\.mi/ condition: $a }', 'rule test { strings: $a = /^mississippi/ fullword condition: $a }', 'rule test { strings: $a = /mississippi.*mississippi$/s condition: $a }', ], 'mississippi\tmississippi.mississippi\nmississippi') @@ -692,6 +694,59 @@ 'rule test { condition: entrypoint >= 0 }', ]) + # This test ensures that anything after the NULL character is stripped. + def testMetaNull(self): + + r = yara.compile(source=r'rule test { meta: a = "foo\x00bar\x80" condition: true }') + self.assertTrue((list(r)[0].meta['a']) == 'foo') + + def testMeta(self): + + r = yara.compile(source=r""" + rule test { + meta: + a = "foo\x80bar" + b = "ñ" + c = "\xc3\xb1" + condition: + true } + """) + + meta = list(r)[0].meta + + if sys.version_info > (3, 0): + self.assertTrue(meta['a'] == 'foobar') + else: + self.assertTrue(meta['a'] == 'foo\x80bar') + + self.assertTrue(meta['b'] == 'ñ') + self.assertTrue(meta['c'] == 'ñ') + + # This test is similar to testMeta but it tests the meta data generated + # when a Match object is created. + def testScanMeta(self): + + r = yara.compile(source=r""" + rule test { + meta: + a = "foo\x80bar" + b = "ñ" + c = "\xc3\xb1" + condition: + true } + """) + + m = r.match(data='dummy') + meta = list(m)[0].meta + + if sys.version_info > (3, 0): + self.assertTrue(meta['a'] == 'foobar') + else: + self.assertTrue(meta['a'] == 'foo\x80bar') + + self.assertTrue(meta['b'] == 'ñ') + self.assertTrue(meta['c'] == 'ñ') + def testFilesize(self): self.assertTrueRules([ @@ -1019,6 +1074,18 @@ yara.set_config(max_strings_per_rule=10000) + def testGlobalPrivate(self): + + rules = """ + global rule a { condition: true } + private rule b { condition: true } + """ + + # Have to convert to a list because Rules are not subscriptable, yet... + r = list(yara.compile(source=rules)) + self.assertTrue(r[0].is_global == True) + self.assertTrue(r[1].is_private == True) + if __name__ == "__main__": unittest.main() diff -Nru yara-python-3.11.0/yara-python.c yara-python-4.0.2/yara-python.c --- yara-python-3.11.0/yara-python.c 2019-10-10 12:26:49.000000000 +0000 +++ yara-python-4.0.2/yara-python.c 2020-06-26 07:22:29.000000000 +0000 @@ -46,7 +46,7 @@ #endif #if PY_MAJOR_VERSION >= 3 -#define PY_STRING(x) PyUnicode_FromString(x) +#define PY_STRING(x) PyUnicode_DecodeUTF8(x, strlen(x), "ignore" ) #define PY_STRING_TO_C(x) PyUnicode_AsUTF8(x) #define PY_STRING_CHECK(x) PyUnicode_Check(x) #else @@ -121,7 +121,7 @@ T_OBJECT_EX, offsetof(Match, strings), READONLY, - "Dictionary with offsets and strings that matched the file" + "Tuple with offsets and strings that matched the file" }, { NULL } // End marker }; @@ -206,6 +206,8 @@ PyObject* identifier; PyObject* tags; PyObject* meta; + PyObject* global; + PyObject* private; } Rule; static void Rule_dealloc( @@ -217,6 +219,20 @@ static PyMemberDef Rule_members[] = { { + "is_global", + T_OBJECT_EX, + offsetof(Rule, global), + READONLY, + "Rule is global" + }, + { + "is_private", + T_OBJECT_EX, + offsetof(Rule, private), + READONLY, + "Rule is private" + }, + { "identifier", T_OBJECT_EX, offsetof(Rule, identifier), @@ -423,7 +439,7 @@ switch(object->type) { case OBJECT_TYPE_INTEGER: - if (object->value.i != UNDEFINED) + if (object->value.i != YR_UNDEFINED) result = Py_BuildValue("l", object->value.i); break; @@ -508,7 +524,7 @@ if (array->items == NULL) return py_list; - for (i = 0; i < array->items->count; i++) + for (i = 0; i < array->items->length; i++) { py_object = convert_object_to_python(array->items->objects[i]); @@ -546,7 +562,7 @@ { PyDict_SetItemString( py_dict, - dictionary->items->objects[i].key, + dictionary->items->objects[i].key->c_string, py_object); Py_DECREF(py_object); @@ -562,6 +578,7 @@ #define CALLBACK_ALL CALLBACK_MATCHES | CALLBACK_NON_MATCHES int yara_callback( + YR_SCAN_CONTEXT* context, int message, void* message_data, void* user_data) @@ -724,7 +741,7 @@ yr_rule_strings_foreach(rule, string) { - yr_string_matches_foreach(string, m) + yr_string_matches_foreach(context, string, m) { object = PyBytes_FromStringAndSize((char*) m->data, m->data_length); @@ -991,7 +1008,7 @@ result = yr_compiler_define_integer_variable( compiler, identifier, - PyLong_AsLong(value)); + PyLong_AsLongLong(value)); } else if (PyFloat_Check(value)) { @@ -1061,7 +1078,7 @@ result = yr_rules_define_integer_variable( rules, identifier, - PyLong_AsLong(value)); + PyLong_AsLongLong(value)); } else if (PyFloat_Check(value)) { @@ -1239,6 +1256,8 @@ Py_XDECREF(object->identifier); Py_XDECREF(object->tags); Py_XDECREF(object->meta); + Py_XDECREF(object->global); + Py_XDECREF(object->private); PyObject_Del(self); } @@ -1325,6 +1344,8 @@ Py_DECREF(object); } + rule->global = PyBool_FromLong(rules->iter_current_rule->flags & RULE_FLAGS_GLOBAL); + rule->private = PyBool_FromLong(rules->iter_current_rule->flags & RULE_FLAGS_PRIVATE); rule->identifier = PY_STRING(rules->iter_current_rule->identifier); rule->tags = tag_list; rule->meta = meta_list; @@ -1455,7 +1476,6 @@ callback_data.matches = PyList_New(0); Py_BEGIN_ALLOW_THREADS - error = yr_rules_scan_file( object->rules, filepath, @@ -1464,6 +1484,7 @@ &callback_data, timeout); + Py_END_ALLOW_THREADS } else if (data != NULL) @@ -1664,6 +1685,7 @@ int error_level, const char* file_name, int line_number, + const YR_RULE* rule, const char* message, void* user_data) { @@ -1690,6 +1712,7 @@ int error_level, const char* file_name, int line_number, + const YR_RULE* rule, const char* message, void* user_data) { @@ -1837,20 +1860,22 @@ * options present in yara/libyara.c yr_set_configuration(...) - ck */ static char *kwlist[] = { - "stack_size", "max_strings_per_rule", NULL}; + "stack_size", "max_strings_per_rule", "max_match_data", NULL}; unsigned int stack_size = 0; unsigned int max_strings_per_rule = 0; + unsigned int max_match_data = 0; int error = 0; if (PyArg_ParseTupleAndKeywords( args, keywords, - "|II", + "|III", kwlist, &stack_size, - &max_strings_per_rule)) + &max_strings_per_rule, + &max_match_data)) { if (stack_size != 0) { @@ -1871,6 +1896,16 @@ if (error != ERROR_SUCCESS) return handle_error(error, NULL); } + + if (max_match_data != 0) + { + error = yr_set_configuration( + YR_CONFIG_MAX_MATCH_DATA, + &max_match_data); + + if (error != ERROR_SUCCESS) + return handle_error(error, NULL); + } } Py_RETURN_NONE; @@ -2309,7 +2344,7 @@ "set_config", (PyCFunction) yara_set_config, METH_VARARGS | METH_KEYWORDS, - "Set a yara configuration variable (stack_size or max_strings_per_rule)" + "Set a yara configuration variable (stack_size, max_strings_per_rule, or max_match_data)" }, { NULL, NULL } };