search

VirusTotal / yara-python

The Python interface for YARA
http://virustotal.github.io/yara/
Apache License 2.0
646 stars 179 forks source link

Add console_callback to match call. #194

Closed wxsBSD closed 2 years ago

wxsBSD commented 2 years ago

This provides the user with an interface to handle console.log() messages. If not provided the log message is printed to stdout (limited to 1000 bytes based upon https://docs.python.org/3/c-api/sys.html?highlight=stdout#c.PySys_WriteStdout).

Tested with the following (along with the updated tests):

wxs@wxs-mbp yara-python % cat test.py import yara

r = """ import "console"

rule a { condition: console.log("Hello from Python!") } """

def console(message): print(f"Callback: {message}")

rules = yara.compile(source=r) rules.match("/bin/ls", console_callback=console) rules.match("/bin/ls") wxs@wxs-mbp yara-python % PYTHONPATH=build/lib.macosx-10.14-arm64-3.8 python3 test.py Callback: Hello from Python! Hello from Python! wxs@wxs-mbp yara-python %

wxsBSD commented 2 years ago

This should not be merged until the console branch is merged in yara and the submodule here is updated. Also, I'll update the console branch with docs on how to use this from python.