The yara_scan API parses the file generated by the daemon counterpart function and returns the list of yara_detection structs to the user.
It writes the daemon's command output on a temporary file and parses it, deserialising the XDR formatted yara_detection structs. It returns to the caller the list of yara_detection structs generated by the internal_yara_scan command. Signed-off-by: Matteo Cafasso <noxda...@gmail.com> --- generator/actions.ml | 3 +- lib/Makefile.am | 1 + lib/yara.c | 127 +++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 130 insertions(+), 1 deletion(-) create mode 100644 lib/yara.c diff --git a/generator/actions.ml b/generator/actions.ml index 4df3b2a32..d36a4f8a9 100644 --- a/generator/actions.ml +++ b/generator/actions.ml @@ -38,7 +38,8 @@ let non_daemon_functions = Actions_inspection_deprecated.non_daemon_functions @ Actions_properties.non_daemon_functions @ Actions_properties_deprecated.non_daemon_functions @ - Actions_tsk.non_daemon_functions + Actions_tsk.non_daemon_functions @ + Actions_yara.non_daemon_functions (* daemon_functions are any functions which cause some action * to take place in the daemon. diff --git a/lib/Makefile.am b/lib/Makefile.am index 063706f8f..fc55c2dcf 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -127,6 +127,7 @@ libguestfs_la_SOURCES = \ wait.c \ whole-file.c \ version.c \ + yara.c \ libguestfs.syms libguestfs_la_CPPFLAGS = \ diff --git a/lib/yara.c b/lib/yara.c new file mode 100644 index 000000000..864766e7a --- /dev/null +++ b/lib/yara.c @@ -0,0 +1,127 @@ +/* libguestfs + * Copyright (C) 2016 Red Hat Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#include <config.h> + +#include <stdio.h> +#include <stdlib.h> +#include <fcntl.h> +#include <unistd.h> +#include <sys/stat.h> +#include <sys/types.h> +#include <string.h> +#include <rpc/xdr.h> +#include <rpc/types.h> + +#include "guestfs.h" +#include "guestfs_protocol.h" +#include "guestfs-internal.h" +#include "guestfs-internal-all.h" +#include "guestfs-internal-actions.h" + +static struct guestfs_yara_detection_list *parse_yara_detection_file (guestfs_h *, const char *); +static int deserialise_yara_detection_list (guestfs_h *, FILE *, struct guestfs_yara_detection_list *); + +struct guestfs_yara_detection_list * +guestfs_impl_yara_scan (guestfs_h *g, const char *path) +{ + int ret = 0; + CLEANUP_UNLINK_FREE char *tmpfile = NULL; + + tmpfile = guestfs_int_make_temp_path (g, "yara_scan"); + if (tmpfile == NULL) + return NULL; + + ret = guestfs_internal_yara_scan (g, path, tmpfile); + if (ret < 0) + return NULL; + + return parse_yara_detection_file (g, tmpfile); /* caller frees */ +} + +/* Parse the file content and return detections list. + * Return a list of yara_detection on success, NULL on error. + */ +static struct guestfs_yara_detection_list * +parse_yara_detection_file (guestfs_h *g, const char *tmpfile) +{ + int ret = 0; + CLEANUP_FCLOSE FILE *fp = NULL; + struct guestfs_yara_detection_list *detections = NULL; + + fp = fopen (tmpfile, "r"); + if (fp == NULL) { + perrorf (g, "fopen: %s", tmpfile); + return NULL; + } + + /* Initialise results array. */ + detections = safe_malloc (g, sizeof (*detections)); + detections->len = 8; + detections->val = safe_malloc (g, detections->len * + sizeof (*detections->val)); + + /* Deserialise buffer into detection list. */ + ret = deserialise_yara_detection_list (g, fp, detections); + if (ret < 0) { + guestfs_free_yara_detection_list (detections); + return NULL; + } + + return detections; +} + +/* Deserialise the file content and populate the detection list. + * Return the number of deserialised detections, -1 on error. + */ +static int +deserialise_yara_detection_list (guestfs_h *g, FILE *fp, + struct guestfs_yara_detection_list *detections) +{ + XDR xdr; + int ret = 0; + uint32_t index = 0; + struct stat statbuf; + + ret = fstat (fileno(fp), &statbuf); + if (ret == -1) + return -1; + + xdrstdio_create (&xdr, fp, XDR_DECODE); + + for (index = 0; xdr_getpos (&xdr) < statbuf.st_size; index++) { + if (index == detections->len) { + detections->len = 2 * detections->len; + detections->val = safe_realloc (g, detections->val, + detections->len * + sizeof (*detections->val)); + } + + /* Clear the entry so xdr logic will allocate necessary memory. */ + memset (&detections->val[index], 0, sizeof (*detections->val)); + ret = xdr_guestfs_int_yara_detection (&xdr, (guestfs_int_yara_detection *) + &detections->val[index]); + if (ret == 0) + break; + } + + xdr_destroy (&xdr); + detections->len = index; + + return ret ? 0 : -1; +} -- 2.11.0 _______________________________________________ Libguestfs mailing list Libguestfs@redhat.com https://www.redhat.com/mailman/listinfo/libguestfs