forked from VirusTotal/yara
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathBUILD.bazel
126 lines (119 loc) · 4.37 KB
/
BUILD.bazel
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
# Copyright (c) 2019. The YARA Authors. All Rights Reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# 1. Redistributions of source code must retain the above copyright notice, this
# list of conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation and/or
# other materials provided with the distribution.
#
# 3. Neither the name of the copyright holder nor the names of its contributors
# may be used to endorse or promote products derived from this software without
# specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
# ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
load("@rules_cc//cc:defs.bzl", "cc_proto_library")
load("@rules_proto//proto:defs.bzl", "proto_library")
load(
"@com_google_sandboxed_api//sandboxed_api/bazel:proto.bzl",
"sapi_proto_library",
)
load(
"@com_google_sandboxed_api//sandboxed_api/bazel:sapi.bzl",
"sapi_library",
)
# Proto message that stores YARA matches. Used to communicate matches from
# the sandboxee to the host code.
sapi_proto_library(
name = "yara_matches",
srcs = ["yara_matches.proto"],
)
# Library with a callback function to collect YARA matches into a YaraMatches
# proto
cc_library(
name = "collect_matches",
srcs = ["collect_matches.cc"],
hdrs = ["collect_matches.h"],
visibility = ["//visibility:public"],
deps = [
":yara_matches_cc_proto",
"//:yara",
],
)
# The sandboxee side of the YARA sandbox. This implements a dispatch queue
# shared by multiple worker threads. YARA rules are shared across all threads
# to keep memory usage down.
cc_library(
name = "yara_entry_points",
srcs = ["yara_entry_points.cc"],
deps = [
":collect_matches",
":yara_matches_cc_proto",
"//:libyara",
"@com_google_absl//absl/base:core_headers",
"@com_google_absl//absl/container:node_hash_map",
"@com_google_absl//absl/strings",
"@com_google_absl//absl/synchronization",
],
alwayslink = 1,
)
# Sandboxed API for YARA. This is what clients of this library should use. The
# API is intentionally minimal and may be extended in the future.
# See the "sandboxed-yara" target for an example on how to use this from code.
sapi_library(
name = "yara_sapi",
srcs = ["yara_transaction.cc"],
hdrs = ["yara_transaction.h"],
embed = True,
functions = [
"YaraAsyncScanFd",
"YaraGetScanResult",
"YaraInitWorkers",
"YaraLoadRules",
],
input_files = ["yara_entry_points.cc"],
lib = ":yara_entry_points",
lib_name = "Yara",
namespace = "yara::sandbox",
visibility = ["//visibility:public"],
deps = [
":yara_matches_cc_proto",
"//:yara_errors",
"@com_google_absl//absl/memory",
"@com_google_absl//absl/synchronization",
"@com_google_absl//absl/time",
"@com_google_sandboxed_api//sandboxed_api/sandbox2/util:bpf_helper",
"@com_google_sandboxed_api//sandboxed_api/util:status",
],
)
cc_test(
name = "yara_transaction_test",
srcs = ["yara_transaction_test.cc"],
deps = [
":yara_sapi",
"@com_google_googletest//:gtest_main",
"@com_google_sandboxed_api//sandboxed_api/util:status_matchers",
],
)
# Sandboxed command-line executable demonstrating how to use the YARA SAPI.
cc_binary(
name = "sandboxed_yara",
srcs = ["sandboxed_yara.cc"],
deps = [
":yara_sapi",
"@com_google_absl//absl/flags:parse",
"@com_google_absl//absl/strings",
],
)