feat: implement APIs in C and Golang for accessing the individual rules contained in a Rules object.

Also simplifies the logic for passing arguments to C callback functions from Golang.

Author: plusvic

capi/include/yara_x.h

@@ -92,6 +92,19 @@ typedef struct YRX_BUFFER {
   size_t length;
 } YRX_BUFFER;
 
+// Callback function passed to [`yrx_scanner_on_matching_rule`] or
+// [`yrx_rules_iterate`].
+//
+// The callback receives a pointer to a rule, represented by a [`YRX_RULE`]
+// structure. This pointer is guaranteed to be valid while the callback
+// function is being executed, but it may be freed after the callback function
+// returns, so you cannot use the pointer outside the callback.
+//
+// It also receives the `user_data` pointer that can point to arbitrary data
+// owned by the user.
+typedef void (*YRX_RULE_CALLBACK)(const struct YRX_RULE *rule,
+                                  void *user_data);
+
 // Represents a metadata value that contains raw bytes.
 typedef struct YRX_METADATA_BYTES {
   // Number of bytes.
@@ -160,20 +173,6 @@ typedef struct YRX_PATTERNS {
   struct YRX_PATTERN *patterns;
 } YRX_PATTERNS;
 
-// Callback function passed to the scanner via [`yrx_scanner_on_matching_rule`]
-// which receives notifications about matching rules.
-//
-// The callback receives a pointer to the matching rule, represented by a
-// [`YRX_RULE`] structure. This pointer is guaranteed to be valid while the
-// callback function is being executed, but it may be freed after the callback
-// function returns, so you cannot use the pointer outside the callback.
-//
-// It also receives the `user_data` pointer that was passed to the
-// [`yrx_scanner_on_matching_rule`] function, which can point to arbitrary
-// data owned by the user.
-typedef void (*YRX_ON_MATCHING_RULE)(const struct YRX_RULE *rule,
-                                     void *user_data);
-
 // Compiles YARA source code and creates a [`YRX_RULES`] object that contains
 // the compiled rules.
 //
@@ -199,6 +198,17 @@ enum YRX_RESULT yrx_rules_deserialize(const uint8_t *data,
                                       size_t len,
                                       struct YRX_RULES **rules);
 
+// Iterates over the compiled rules, calling the callback  function for each
+// rule.
+//
+// The `user_data` pointer can be used to provide additional context to your
+// callback function.
+//
+// See [`YRX_RULE_CALLBACK`] for more details.
+enum YRX_RESULT yrx_rules_iterate(struct YRX_RULES *rules,
+                                  YRX_RULE_CALLBACK callback,
+                                  void *user_data);
+
 // Destroys a [`YRX_RULES`] object.
 void yrx_rules_destroy(struct YRX_RULES *rules);
 
@@ -504,9 +514,9 @@ enum YRX_RESULT yrx_scanner_scan(struct YRX_SCANNER *scanner,
 // callback function. If the callback is not set, the scanner doesn't notify
 // about matching rules.
 //
-// See [`YRX_ON_MATCHING_RULE`] for more details.
+// See [`YRX_RULE_CALLBACK`] for more details.
 enum YRX_RESULT yrx_scanner_on_matching_rule(struct YRX_SCANNER *scanner,
-                                             YRX_ON_MATCHING_RULE callback,
+                                             YRX_RULE_CALLBACK callback,
                                              void *user_data);
 
 // Specifies the output data structure for a module.

capi/src/lib.rs

@@ -94,7 +94,7 @@ includes:
 #![allow(clippy::not_unsafe_ptr_arg_deref)]
 
 use std::cell::RefCell;
-use std::ffi::{c_char, CStr, CString};
+use std::ffi::{c_char, c_void, CStr, CString};
 use std::mem::ManuallyDrop;
 use std::ptr::slice_from_raw_parts_mut;
 use std::slice;
@@ -395,6 +395,43 @@ pub unsafe extern "C" fn yrx_rules_deserialize(
     }
 }
 
+/// Callback function passed to [`yrx_scanner_on_matching_rule`] or
+/// [`yrx_rules_iterate`].
+///
+/// The callback receives a pointer to a rule, represented by a [`YRX_RULE`]
+/// structure. This pointer is guaranteed to be valid while the callback
+/// function is being executed, but it may be freed after the callback function
+/// returns, so you cannot use the pointer outside the callback.
+///
+/// It also receives the `user_data` pointer that can point to arbitrary data
+/// owned by the user.
+pub type YRX_RULE_CALLBACK =
+    extern "C" fn(rule: *const YRX_RULE, user_data: *mut c_void) -> ();
+
+/// Iterates over the compiled rules, calling the callback function for each
+/// rule.
+///
+/// The `user_data` pointer can be used to provide additional context to your
+/// callback function.
+///
+/// See [`YRX_RULE_CALLBACK`] for more details.
+#[no_mangle]
+pub unsafe extern "C" fn yrx_rules_iterate(
+    rules: *mut YRX_RULES,
+    callback: YRX_RULE_CALLBACK,
+    user_data: *mut c_void,
+) -> YRX_RESULT {
+    if let Some(rules) = rules.as_ref() {
+        for r in rules.0.iter() {
+            let rule = YRX_RULE(r);
+            callback(&rule as *const YRX_RULE, user_data);
+        }
+        YRX_RESULT::SUCCESS
+    } else {
+        YRX_RESULT::INVALID_ARGUMENT
+    }
+}
+
 /// Destroys a [`YRX_RULES`] object.
 #[no_mangle]
 pub unsafe extern "C" fn yrx_rules_destroy(rules: *mut YRX_RULES) {

capi/src/scanner.rs

@@ -4,12 +4,14 @@ use std::time::Duration;
 
 use yara_x::errors::ScanError;
 
-use crate::{_yrx_set_last_error, YRX_RESULT, YRX_RULE, YRX_RULES};
+use crate::{
+    _yrx_set_last_error, YRX_RESULT, YRX_RULE, YRX_RULES, YRX_RULE_CALLBACK,
+};
 
 /// A scanner that scans data with a set of compiled YARA rules.
 pub struct YRX_SCANNER<'s> {
     inner: yara_x::Scanner<'s>,
-    on_matching_rule: Option<(YRX_ON_MATCHING_RULE, *mut std::ffi::c_void)>,
+    on_matching_rule: Option<(YRX_RULE_CALLBACK, *mut std::ffi::c_void)>,
 }
 
 /// Creates a [`YRX_SCANNER`] object that can be used for scanning data with
@@ -113,34 +115,18 @@ pub unsafe extern "C" fn yrx_scanner_scan(
     YRX_RESULT::SUCCESS
 }
 
-/// Callback function passed to the scanner via [`yrx_scanner_on_matching_rule`]
-/// which receives notifications about matching rules.
-///
-/// The callback receives a pointer to the matching rule, represented by a
-/// [`YRX_RULE`] structure. This pointer is guaranteed to be valid while the
-/// callback function is being executed, but it may be freed after the callback
-/// function returns, so you cannot use the pointer outside the callback.
-///
-/// It also receives the `user_data` pointer that was passed to the
-/// [`yrx_scanner_on_matching_rule`] function, which can point to arbitrary
-/// data owned by the user.
-pub type YRX_ON_MATCHING_RULE = extern "C" fn(
-    rule: *const YRX_RULE,
-    user_data: *mut std::ffi::c_void,
-) -> ();
-
 /// Sets a callback function that is called by the scanner for each rule that
 /// matched during a scan.
 ///
 /// The `user_data` pointer can be used to provide additional context to your
 /// callback function. If the callback is not set, the scanner doesn't notify
 /// about matching rules.
 ///
-/// See [`YRX_ON_MATCHING_RULE`] for more details.
+/// See [`YRX_RULE_CALLBACK`] for more details.
 #[no_mangle]
 pub unsafe extern "C" fn yrx_scanner_on_matching_rule(
     scanner: *mut YRX_SCANNER,
-    callback: YRX_ON_MATCHING_RULE,
+    callback: YRX_RULE_CALLBACK,
     user_data: *mut std::ffi::c_void,
 ) -> YRX_RESULT {
     if let Some(scanner) = scanner.as_mut() {

capi/src/tests.rs

@@ -9,16 +9,23 @@ use crate::{
     yrx_buffer_destroy, yrx_last_error, yrx_metadata_destroy,
     yrx_patterns_destroy, yrx_rule_identifier, yrx_rule_metadata,
     yrx_rule_namespace, yrx_rule_patterns, yrx_rules_deserialize,
-    yrx_rules_destroy, yrx_rules_serialize, yrx_scanner_create,
-    yrx_scanner_destroy, yrx_scanner_on_matching_rule, yrx_scanner_scan,
-    yrx_scanner_set_global_bool, yrx_scanner_set_global_float,
-    yrx_scanner_set_global_int, yrx_scanner_set_global_str,
-    yrx_scanner_set_timeout, YRX_BUFFER, YRX_RESULT, YRX_RULE,
+    yrx_rules_destroy, yrx_rules_iter, yrx_rules_serialize,
+    yrx_scanner_create, yrx_scanner_destroy, yrx_scanner_on_matching_rule,
+    yrx_scanner_scan, yrx_scanner_set_global_bool,
+    yrx_scanner_set_global_float, yrx_scanner_set_global_int,
+    yrx_scanner_set_global_str, yrx_scanner_set_timeout, YRX_BUFFER,
+    YRX_RESULT, YRX_RULE,
 };
 
 use std::ffi::{c_void, CStr, CString};
 
-extern "C" fn callback(rule: *const YRX_RULE, user_data: *mut c_void) {
+extern "C" fn on_rule_iter(rule: *const YRX_RULE, user_data: *mut c_void) {
+    let ptr = user_data as *mut i32;
+    let count = unsafe { ptr.as_mut().unwrap() };
+    *count += 1;
+}
+
+extern "C" fn on_rule_match(rule: *const YRX_RULE, user_data: *mut c_void) {
     let mut ptr = std::ptr::null();
     let mut len = 0;
 
@@ -95,6 +102,14 @@ fn capi() {
 
         yrx_compiler_destroy(compiler);
 
+        let mut num_rules = 0;
+        yrx_rules_iter(
+            rules,
+            on_rule_iter,
+            &mut num_rules as *mut i32 as *mut c_void,
+        );
+        assert_eq!(num_rules, 1);
+
         let mut buf: *mut YRX_BUFFER = std::ptr::null_mut();
 
         yrx_rules_serialize(rules, &mut buf);
@@ -109,7 +124,7 @@ fn capi() {
         yrx_scanner_set_timeout(scanner, 60);
         yrx_scanner_on_matching_rule(
             scanner,
-            callback,
+            on_rule_match,
             &mut matches as *mut i32 as *mut c_void,
         );
 

go/compiler_test.go

@@ -168,6 +168,23 @@ func TestErrors(t *testing.T) {
 	}, c.Errors())
 }
 
+func TestRulesIter(t *testing.T) {
+	c, err := NewCompiler()
+	assert.NoError(t, err)
+
+	c.AddSource("rule test_1 { condition: true }")
+	assert.NoError(t, err)
+
+	c.AddSource("rule test_2 { condition: true }")
+	assert.NoError(t, err)
+
+	rules := c.Build().Slice()
+
+	assert.Len(t, rules, 2)
+	assert.Equal(t, rules[0].Identifier(), "test_1")
+	assert.Equal(t, rules[1].Identifier(), "test_2")
+}
+
 func TestWarnings(t *testing.T) {
 	c, err := NewCompiler()
 	assert.NoError(t, err)

go/main.go

@@ -5,29 +5,33 @@ package yara_x
 // #cgo static_link pkg-config: --static yara_x_capi
 // #include <yara_x.h>
 //
-// uint64_t meta_i64(void* value) {
+// static uint64_t meta_i64(void* value) {
 //   return ((YRX_METADATA_VALUE*) value)->i64;
 // }
 //
-// double meta_f64(void* value) {
+// static double meta_f64(void* value) {
 //   return ((YRX_METADATA_VALUE*) value)->f64;
 // }
 //
-// bool meta_bool(void* value) {
+// static bool meta_bool(void* value) {
 //   return ((YRX_METADATA_VALUE*) value)->boolean;
 // }
 //
-// char* meta_str(void* value) {
+// static char* meta_str(void* value) {
 //   return ((YRX_METADATA_VALUE*) value)->string;
 // }
 //
-// YRX_METADATA_BYTES* meta_bytes(void* value) {
+// static YRX_METADATA_BYTES* meta_bytes(void* value) {
 //   return &(((YRX_METADATA_VALUE*) value)->bytes);
 // }
+//
+// void onRule(YRX_RULE*, void*);
 import "C"
+
 import (
 	"errors"
 	"runtime"
+	"runtime/cgo"
 	"unsafe"
 )
 
@@ -99,6 +103,34 @@ func (r *Rules) Destroy() {
 	runtime.SetFinalizer(r, nil)
 }
 
+// This is the callback called by yrx_rules_iter, when Rules.GetRules is
+// called.
+//export onRule
+func onRule(rule *C.YRX_RULE, handle unsafe.Pointer) {
+	h := (cgo.Handle)(handle)
+	rules, ok := h.Value().(*[]*Rule)
+	if !ok {
+		panic("onRule didn't receive a *[]Rule")
+	}
+	*rules = append(*rules, newRule(rule))
+}
+
+// Slice returns a slice with all the individual rules contained in this
+// set of compiled rules.
+func (r *Rules) Slice() []*Rule {
+	rules := make([]*Rule, 0)
+	handle := cgo.NewHandle(&rules)
+	defer handle.Delete()
+
+	C.yrx_rules_iterate(
+		r.cRules,
+		C.YRX_RULE_CALLBACK(C.onRule),
+		unsafe.Pointer(handle))
+
+	runtime.KeepAlive(r)
+	return rules
+}
+
 // Rule represents a YARA rule.
 type Rule struct {
 	namespace  string