Re: [Libguestfs] [PATCH v6 3/7] New API: yara_load

[Richard W.M. Jones]

On Thu, Apr 06, 2017 at 11:41:03PM +0300, Matteo Cafasso wrote:
> +#include 
> +
> +#define CLEANUP_DESTROY_YARA_COMPILER   \
> +  __attribute__((cleanup(cleanup_destroy_yara_compiler)))

While we should probably get rid of HAVE_ATTRIBUTE_CLEANUP, while we
still have it you need to use it here and provide the alternative for
people who don't HAVE_ATTRIBUTE_CLEANUP.

> +/* Has one FileIn parameter.
> + * Takes optional arguments, consult optargs_bitmask.
> + */
> +int
> +do_yara_load (void)
> +{
> +  int ret = 0;

You're not returning 'ret', so call it something else, eg. 'r'.

> +  CLEANUP_CLOSE int fd = -1;
> +  char tmpfile[] = "/tmp/yaraXX";
> +
> +  fd = mkstemp (tmpfile);
> +  if (fd == -1) {
> +reply_with_perror ("mkstemp");
> +return -1;
> +  }
> +
> +  ret = upload_to_fd (fd);
> +  if (ret < 0) {

upload_to_fd returns 0 or -1, so only check for r == -1.

> +static void
> +compile_error_callback(int level, const char *name, int line,
> +   const char *message, void *data)

Space before the opening parenthesis.

> +let daemon_functions = [
> +  { defaults with
> +  name = "yara_load"; added = (1, 37, 9);
> +  style = RErr, [FileIn "filename"], [];
> +  progress = true; cancellable = true;
> +  optional = Some "libyara";
> +  shortdesc = "load yara rules within libguestfs";
> +  longdesc = "\
> +Load a set of Yara rules from F within libguestfs appliance.

This is still confusingly worded, but after examining the
code I think I understand what you're trying to say.  Just
replace this first sentence with:

  "Upload a set of Yara rules from local file F.

> +Yara rules allow to categorize files based on textual or binary patterns
> +within their content.
> +See C to see how to scan files with the loaded rules.

This should be: C.  The generator will
replace Chttp://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-p2v converts physical machines to virtual machines.  Boot with a
live CD or over the network (PXE) and turn machines into KVM guests.
http://libguestfs.org/virt-v2v

___
Libguestfs mailing list
Libguestfs@redhat.com
https://www.redhat.com/mailman/listinfo/libguestfs

[Libguestfs] [PATCH v6 3/7] New API: yara_load

[Matteo Cafasso]

The yara_load API allows to load a set of Yara rules contained within a
file on the host.

Rules can be in binary format, as when compiled with yarac command, or
in source code format. In the latter case, the rules will be first
compiled and then loaded.

Subsequent calls of the yara_load API will result in the discard of the
previously loaded rules.

Signed-off-by: Matteo Cafasso 
---
 daemon/Makefile.am |   1 +
 daemon/cleanups.c  |   9 ++
 daemon/cleanups.h  |   2 +
 daemon/yara.c  | 203 +
 generator/Makefile.am  |   3 +
 generator/actions.ml   |   3 +-
 generator/actions_yara.ml  |  48 +++
 generator/actions_yara.mli |  21 +
 generator/proc_nr.ml   |   1 +
 lib/MAX_PROC_NR|   2 +-
 10 files changed, 291 insertions(+), 2 deletions(-)
 create mode 100644 daemon/yara.c
 create mode 100644 generator/actions_yara.ml
 create mode 100644 generator/actions_yara.mli

diff --git a/daemon/Makefile.am b/daemon/Makefile.am
index af4430f20..e4679a8c5 100644
--- a/daemon/Makefile.am
+++ b/daemon/Makefile.am
@@ -168,6 +168,7 @@ guestfsd_SOURCES = \
wc.c \
xattr.c \
xfs.c \
+   yara.c \
zero.c \
zerofree.c

diff --git a/daemon/cleanups.c b/daemon/cleanups.c
index 092e493d7..3102cf94b 100644
--- a/daemon/cleanups.c
+++ b/daemon/cleanups.c
@@ -62,6 +62,15 @@ cleanup_close (void *ptr)
 }

 void
+cleanup_fclose (void *ptr)
+{
+  FILE *f = * (FILE **) ptr;
+
+  if (f)
+fclose (f);
+}
+
+void
 cleanup_aug_close (void *ptr)
 {
   augeas *aug = * (augeas **) ptr;
diff --git a/daemon/cleanups.h b/daemon/cleanups.h
index 6746e2744..a791244cb 100644
--- a/daemon/cleanups.h
+++ b/daemon/cleanups.h
@@ -26,6 +26,7 @@ extern void cleanup_free (void *ptr);
 extern void cleanup_free_string_list (void *ptr);
 extern void cleanup_unlink_free (void *ptr);
 extern void cleanup_close (void *ptr);
+extern void cleanup_fclose (void *ptr);
 extern void cleanup_aug_close (void *ptr);
 extern void cleanup_free_stringsbuf (void *ptr);

@@ -35,6 +36,7 @@ extern void cleanup_free_stringsbuf (void *ptr);
 __attribute__((cleanup(cleanup_free_string_list)))
 #define CLEANUP_UNLINK_FREE __attribute__((cleanup(cleanup_unlink_free)))
 #define CLEANUP_CLOSE __attribute__((cleanup(cleanup_close)))
+#define CLEANUP_FCLOSE __attribute__((cleanup(cleanup_fclose)))
 #define CLEANUP_AUG_CLOSE __attribute__((cleanup(cleanup_aug_close)))
 #define CLEANUP_FREE_STRINGSBUF 
__attribute__((cleanup(cleanup_free_stringsbuf)))
 #else
diff --git a/daemon/yara.c b/daemon/yara.c
new file mode 100644
index 0..0d33d83cd
--- /dev/null
+++ b/daemon/yara.c
@@ -0,0 +1,203 @@
+/* libguestfs - the guestfsd daemon
+ * Copyright (C) 2016 Red Hat Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 
USA.
+ */
+
+#include 
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include "daemon.h"
+#include "actions.h"
+#include "optgroups.h"
+#include "guestfs_protocol.h"
+
+#ifdef HAVE_YARA
+
+#include 
+
+#define CLEANUP_DESTROY_YARA_COMPILER   \
+  __attribute__((cleanup(cleanup_destroy_yara_compiler)))
+
+struct write_callback_data {
+  int fd;
+  uint64_t written;
+};
+
+/* Yara compiled rules. */
+static YR_RULES *rules = NULL;
+static bool initialized = false;
+
+static int compile_rules_file (const char *);
+static void compile_error_callback (int, const char *, int, const char *, void 
*);
+static void cleanup_destroy_yara_compiler (void *ptr);
+
+/* Has one FileIn parameter.
+ * Takes optional arguments, consult optargs_bitmask.
+ */
+int
+do_yara_load (void)
+{
+  int ret = 0;
+  CLEANUP_CLOSE int fd = -1;
+  char tmpfile[] = "/tmp/yaraXX";
+
+  fd = mkstemp (tmpfile);
+  if (fd == -1) {
+reply_with_perror ("mkstemp");
+return -1;
+  }
+
+  ret = upload_to_fd (fd);
+  if (ret < 0) {
+unlink (tmpfile);
+return -1;
+  }
+
+  /* Initialize yara only once. */
+  if (!initialized) {
+ret = yr_initialize ();
+if (ret != ERROR_SUCCESS) {
+  reply_with_error ("failed initializing yara");
+  unlink (tmpfile);
+  return -1;
+}
+
+initialized = true;
+  }
+
+  /* Destroy previously