Which callbacks (#66)

Add a 'which_callbacks' keyword to match(), which limits when the Python callback will be called.

Which callbacks (#66)
Add a 'which_callbacks' keyword to match(), which limits when the Python callback will be called.
6b7269cf · Wesley Shields · Victor M. Alvarez · a4bbe7c2 · 6b7269cf · 6b7269cf
Commit 6b7269cf authored Oct 25, 2017 by Wesley Shields Committed by Victor M. Alvarez Oct 25, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 26 additions and 5 deletions

tests.py tests.py +7 -0

yara-python.c yara-python.c +19 -5

No files found.
--- a/tests.py
+++ b/tests.py
@@ -829,6 +829,13 @@ class TestYara(unittest.TestCase):
        self.assertTrue(rule_data['matches'])
        self.assertTrue(rule_data['rule'] == 'test')
+        rule_data = None
+        r = yara.compile(source='rule test { condition: false }')
+        r.match(data='dummy', callback=callback, which_callbacks=yara.CALLBACK_NON_MATCHES)
+        self.assertTrue(rule_data['rule'] == 'test')
    def testCompare(self):
        r = yara.compile(sources={

--- a/yara-python.c
+++ b/yara-python.c
@@ -389,6 +389,7 @@ typedef struct _CALLBACK_DATA
  PyObject* callback;
  PyObject* modules_data;
  PyObject* modules_callback;
+  int which;
 } CALLBACK_DATA;
@@ -551,6 +552,10 @@ PyObject* convert_dictionary_to_python(
 }
+#define CALLBACK_MATCHES 0x01
+#define CALLBACK_NON_MATCHES 0x02
+#define CALLBACK_ALL CALLBACK_MATCHES | CALLBACK_NON_MATCHES
 int yara_callback(
    int message,
    void* message_data,
@@ -578,6 +583,7 @@ int yara_callback(
  PyObject* module_data;
  PyObject* callback_result;
  PyObject* module_info_dict;
+  int which = ((CALLBACK_DATA*) user_data)->which;
  Py_ssize_t data_size;
  PyGILState_STATE gil_state;
@@ -587,7 +593,8 @@ int yara_callback(
  if (message == CALLBACK_MSG_SCAN_FINISHED)
    return CALLBACK_CONTINUE;
-  if (message == CALLBACK_MSG_RULE_NOT_MATCHING && callback == NULL)
+  if (message == CALLBACK_MSG_RULE_NOT_MATCHING &&
+      (callback == NULL || (which & CALLBACK_MATCHES)))
    return CALLBACK_CONTINUE;
  if (message == CALLBACK_MSG_IMPORT_MODULE && modules_data == NULL)
@@ -758,7 +765,9 @@ int yara_callback(
    }
  }
-  if (callback != NULL)
+  if (callback != NULL &&
+      ((message == CALLBACK_MSG_RULE_MATCHING && (which & CALLBACK_MATCHES)) ||
+       (message == CALLBACK_MSG_RULE_NOT_MATCHING && (which & CALLBACK_NON_MATCHES))))
  {
    Py_INCREF(callback);
@@ -1331,7 +1340,7 @@ static PyObject* Rules_match(
  static char* kwlist[] = {
      "filepath", "pid", "data", "externals",
      "callback", "fast", "timeout", "modules_data",
-      "modules_callback", NULL
+      "modules_callback", "which_callbacks", NULL
      };
  char* filepath = NULL;
@@ -1354,11 +1363,12 @@ static PyObject* Rules_match(
  callback_data.callback = NULL;
  callback_data.modules_data = NULL;
  callback_data.modules_callback = NULL;
+  callback_data.which = CALLBACK_ALL;
  if (PyArg_ParseTupleAndKeywords(
        args,
        keywords,
-        "|sis#OOOiOO",
+        "|sis#OOOiOOi",
        kwlist,
        &filepath,
        &pid,
@@ -1369,7 +1379,8 @@ static PyObject* Rules_match(
        &fast,
        &timeout,
        &callback_data.modules_data,
-        &callback_data.modules_callback))
+        &callback_data.modules_callback,
+        &callback_data.which))
  {
    if (filepath == NULL && data == NULL && pid == 0)
    {
@@ -2136,6 +2147,9 @@ MOD_INIT(yara)
  PyModule_AddIntConstant(m, "CALLBACK_CONTINUE", 0);
  PyModule_AddIntConstant(m, "CALLBACK_ABORT", 1);
+  PyModule_AddIntConstant(m, "CALLBACK_MATCHES", CALLBACK_MATCHES);
+  PyModule_AddIntConstant(m, "CALLBACK_NON_MATCHES", CALLBACK_NON_MATCHES);
+  PyModule_AddIntConstant(m, "CALLBACK_ALL", CALLBACK_ALL);
  PyModule_AddStringConstant(m, "__version__", YR_VERSION);
  PyModule_AddStringConstant(m, "YARA_VERSION", YR_VERSION);
  PyModule_AddIntConstant(m, "YARA_VERSION_HEX", YR_VERSION_HEX);