[Forensics-changes] [yara] 72/415: Implemented the -l command line option

Hilko Bengen bengen at moszumanska.debian.org
Thu Apr 3 05:42:46 UTC 2014 

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to branch debian
in repository yara.

commit ed531affd972ef49a81b90785d4b179812783984
Author: Victor M. Alvarez <plusvic at gmail.com>
Date:   Sat Feb 19 20:41:44 2011 +0000

    Implemented the -l command line option
---
 yara.c   | 17 +++++++++++++++--
 yara.man |  7 ++++++-
 2 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/yara.c b/yara.c
index 32a1e15..3227337 100644
--- a/yara.c
+++ b/yara.c
@@ -43,6 +43,8 @@ int show_specified_rules = FALSE;
 int show_strings = FALSE;
 int show_meta = FALSE;
 int negate = FALSE;
+int count = 0;
+int limit = 0;
 
 
 TAG* specified_tags_list = NULL;
@@ -69,6 +71,7 @@ void show_help()
 	printf("  -g                        print tags.\n");
 	printf("  -m                        print metadata.\n");
 	printf("  -s                        print matching strings.\n");
+	printf("  -l <number>               abort scanning after a <number> of rules matched.\n");
 	printf("  -d <identifier>=<value>   define external variable.\n");
     printf("  -r                        recursively search directories.\n");
 	printf("  -f                        fast matching mode.\n");
@@ -380,7 +383,13 @@ int callback(RULE* rule, void* data)
 		}
 	}
 	
-    return 0;
+	if (rule_match)
+        count++;
+	
+	if (limit != 0 && count >= limit)
+        return CALLBACK_ABORT;
+	
+    return CALLBACK_CONTINUE;
 }
 
 int process_cmd_line(YARA_CONTEXT* context, int argc, char const* argv[])
@@ -392,7 +401,7 @@ int process_cmd_line(YARA_CONTEXT* context, int argc, char const* argv[])
     IDENTIFIER* identifier;
 	opterr = 0;
  
-	while ((c = getopt (argc, (char**) argv, "rnsvgmt:i:d:f")) != -1)
+	while ((c = getopt (argc, (char**) argv, "rnsvgml:t:i:d:f")) != -1)
 	{
 		switch (c)
 	    {
@@ -489,6 +498,10 @@ int process_cmd_line(YARA_CONTEXT* context, int argc, char const* argv[])
 		        }
 
 		        break;
+		        
+		    case 'l':	    
+                limit = atoi(optarg);
+                break;
 	
 		    case '?':
 	
diff --git a/yara.man b/yara.man
index 8d1bbd7..1fa17f4 100644
--- a/yara.man
+++ b/yara.man
@@ -37,9 +37,14 @@ Print the tags associated to the rule.
 .B \-m 
 Print metadata associated to the rule.
 .TP
-.B \-s 
+.B \-s
 Print strings found in the file.
 .TP
+.BI \-l " number" 
+Abort scanning after a
+.I number
+of rules matched.
+.TP
 .BI \-d " identifier"=value
 Define an external variable. This option can be used multiple times.
 .TP

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git

More information about the forensics-changes mailing list