Merge pull request avast#244 from MatejKastak/add-string-module

feat(modules): Add support for string module
3c7 · Apr 18, 2023 · 252144f · 252144f
2 parents 68d61c1 + 1564a7d
commit 252144f
Show file tree

Hide file tree

Showing 4 changed files with 83 additions and 2 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -38,11 +38,12 @@ set(WRAP_MODULE_SOURCES
 	${YARAMOD_MODULES_GENERATED_DIR}/module_dotnet_generated.h
 	${YARAMOD_MODULES_GENERATED_DIR}/module_elf_generated.h
 	${YARAMOD_MODULES_GENERATED_DIR}/module_hash_generated.h
+	${YARAMOD_MODULES_GENERATED_DIR}/module_list.h
 	${YARAMOD_MODULES_GENERATED_DIR}/module_macho_generated.h
 	${YARAMOD_MODULES_GENERATED_DIR}/module_magic_generated.h
 	${YARAMOD_MODULES_GENERATED_DIR}/module_math_generated.h
 	${YARAMOD_MODULES_GENERATED_DIR}/module_pe_generated.h
-	${YARAMOD_MODULES_GENERATED_DIR}/module_list.h
+	${YARAMOD_MODULES_GENERATED_DIR}/module_string_generated.h
 	${YARAMOD_MODULES_GENERATED_DIR}/module_time_generated.h
 )
 

diff --git a/include/yaramod/yaramod.h b/include/yaramod/yaramod.h
@@ -16,7 +16,7 @@
 
 #define YARAMOD_VERSION STR(YARAMOD_VERSION_MAJOR) "." STR(YARAMOD_VERSION_MINOR) "." STR(YARAMOD_VERSION_PATCH) YARAMOD_VERSION_ADDEND
 
-#define YARA_SYNTAX_VERSION "4.2"
+#define YARA_SYNTAX_VERSION "4.3"
 
 #include <memory>
 

diff --git a/modules/module_string.json b/modules/module_string.json
@@ -0,0 +1,51 @@
+{
+    "kind": "struct",
+    "name": "string",
+    "attributes": [
+        {
+            "kind": "function",
+            "name": "to_int",
+            "return_type": "i",
+            "overloads": [
+                {
+                    "arguments": [
+                        {
+                            "type": "s",
+                            "name": "string"
+                        }
+                    ],
+                    "documentation": "Convert the given string to a signed integer. If the string starts with \"0x\" it is treated as base 16. If the string starts with \"0\" it is treated base 8. Leading '+' or '-' is also supported. Example: ```\nstring.to_int(\"1234\") == 1234\nstring.to_int(\"-10\") == -10\nstring.to_int(\"-010\") == -8\n```"
+                },
+                {
+                    "arguments": [
+                        {
+                            "type": "s",
+                            "name": "string"
+                        },
+                        {
+                            "type": "i",
+                            "name": "base"
+                        }
+                    ],
+                    "documentation": "Convert the given string, interpreted with the given base, to a signed integer. Base must be 0 or between 2 and 36 inclusive. If it is zero then the string will be intrepreted as base 16 if it starts with \"0x\" or as base 8 if it starts with \"0\". Leading '+' or '-' is also supported. Example: ```\nstring.to_int(\"011\", 8) == 9\nstring.to_int(\"-011\", 0) == -9\n```"
+                }
+            ]
+        },
+        {
+            "kind": "function",
+            "name": "length",
+            "return_type": "i",
+            "overloads": [
+                {
+                    "arguments": [
+                        {
+                            "type": "s",
+                            "name": "string"
+                        }
+                    ],
+                    "documentation": "Return the length of the string, which can be any sequence of bytes. NULL bytes included. Example: ```\nstring.length(\"AXSx00ERS\") == 7\n```"
+                }
+            ]
+        }
+    ]
+}
diff --git a/tests/cpp/parser_tests.cpp b/tests/cpp/parser_tests.cpp
@@ -8202,5 +8202,34 @@ rule endswith_expr
 	EXPECT_EQ(input_text, driver.getParsedFile().getTextFormatted());
 }
 
+TEST_F(ParserTests,
+StringModuleWorks) {
+	prepareInput(
+R"(
+import "string"
+
+rule string_module
+{
+	condition:
+		string.to_int("1234") == 1234 and
+		string.to_int("-10") == -10 and
+		string.to_int("-010") == -8 and
+		string.to_int("011", 8) == 9 and
+		string.to_int("-011", 0) == -9 and
+		string.length("AXSx00ERS") == 7
+}
+)");
+
+	EXPECT_TRUE(driver.parse(input));
+	ASSERT_EQ(1u, driver.getParsedFile().getRules().size());
+
+	const auto& rule = driver.getParsedFile().getRules()[0];
+	EXPECT_EQ(R"(string.to_int("1234") == 1234 and string.to_int("-10") == -10 and string.to_int("-010") == -8 and string.to_int("011", 8) == 9 and string.to_int("-011", 0) == -9 and string.length("AXSx00ERS") == 7)", rule->getCondition()->getText());
+	EXPECT_EQ("string", rule->getCondition()->getFirstTokenIt()->getPureText());
+	EXPECT_EQ("7", rule->getCondition()->getLastTokenIt()->getPureText());
+
+	EXPECT_EQ(input_text, driver.getParsedFile().getTextFormatted());
+}
+
 }
 }