-
Notifications
You must be signed in to change notification settings - Fork 1
/
YaraCC.cpp
74 lines (63 loc) · 2.86 KB
/
YaraCC.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
#include <iostream>
#include "util.hpp"
#include "YaraCC.h"
#ifdef EMSCRIPTEN
#include <emscripten/bind.h>
#endif // EMSCRIPTEN
YaraCC run(const std::string &buf_str, const std::string &rules_str) {
// Init variables
YaraCC resp;
YR_RULES* rules;
YR_SCAN_CONTEXT* context;
// Convert C++ strings to terrible C pointer arrays
auto buf = (unsigned char*) buf_str.c_str();
char* rules_chr = const_cast<char*>(rules_str.c_str());
yr_initialize(); // Init YARA
int result = compile_rule(rules_chr, &rules, &resp); // Compile inputted rules
if (result != ERROR_SUCCESS) // If failure, return to JS
{
return resp;
}
// Scan data in buf with rules
yr_rules_scan_mem(rules, buf, buf_str.size(), 0, get_matched_rules, &resp, 0);
// Stop YARA
yr_finalize();
return resp;
}
#ifdef EMSCRIPTEN
double get_resolved_match_location(const YaraCC::resolved_match &match) {
return (double)match.location;
}
void set_resolved_match_location(YaraCC::resolved_match &match, double value) {
match.location = (long long)value;
}
EMSCRIPTEN_BINDINGS(my_module) {
emscripten::class_<YaraCC>("YaraCC")
.property("compileErrors", &YaraCC::compile_errors)
.property("matchedRules", &YaraCC::matched_rules)
.property("consoleLogs", &YaraCC::console_logs);
emscripten::register_vector<std::string>("vectorString");
emscripten::register_vector<YaraCC::meta>("vectorMeta");
emscripten::register_vector<YaraCC::compile_error>("vectorCompileError");
emscripten::register_vector<YaraCC::resolved_match>("vectorResolvedMatch");
emscripten::register_vector<YaraCC::matched_rule>("vectorMatchedRule");
emscripten::value_object<YaraCC::meta>("meta")
.field("identifier", &YaraCC::meta::identifier)
.field("data", &YaraCC::meta::data);
emscripten::value_object<YaraCC::matched_rule>("matchedRule")
.field("ruleName", &YaraCC::matched_rule::rule_name)
.field("resolvedMatches", &YaraCC::matched_rule::resolved_matches)
.field("metadata", &YaraCC::matched_rule::metadata);
emscripten::value_object<YaraCC::resolved_match>("resolvedMatch")
.field("location", &get_resolved_match_location, &set_resolved_match_location)
.field("matchLength", &YaraCC::resolved_match::match_length)
.field("data", &YaraCC::resolved_match::data)
.field("stringIdentifier", &YaraCC::resolved_match::string_identifier)
.field("dataLength", &YaraCC::resolved_match::data_length);
emscripten::value_object<YaraCC::compile_error>("compileError")
.field("message", &YaraCC::compile_error::message)
.field("lineNumber", &YaraCC::compile_error::line_number)
.field("warning", &YaraCC::compile_error::warning);
emscripten::function("run", &run);
}
#endif // EMSCRIPTEN