mirror of
https://github.com/Cisco-Talos/clamav.git
synced 2025-10-19 10:23:17 +00:00
233 lines
6.2 KiB
C
233 lines
6.2 KiB
C
|
/*
|
||
|
|
* Copyright (C) 2025 Cisco Systems, Inc. and/or its affiliates. All rights reserved.
|
||
|
|
*
|
||
|
|
* Authors: Valerie Snyder
|
||
|
|
*
|
||
|
|
* This program is free software; you can redistribute it and/or modify
|
||
|
|
* it under the terms of the GNU General Public License version 2 as
|
||
|
|
* published by the Free Software Foundation.
|
||
|
|
*
|
||
|
|
* This program is distributed in the hope that it will be useful,
|
||
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
|
|
* GNU General Public License for more details.
|
||
|
|
*
|
||
|
|
* You should have received a copy of the GNU General Public License
|
||
|
|
* along with this program; if not, write to the Free Software
|
||
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
|
||
|
|
* MA 02110-1301, USA.
|
||
|
|
*/
|
||
|
|
|
||
|
|
#include "scan_layer.h"
|
||
|
|
|
||
|
|
#include "clamav_rust.h"
|
||
|
|
|
||
|
|
/**
|
||
|
|
* @brief Get the file map associated with a scan layer.
|
||
|
|
*
|
||
|
|
* @param layer The scan layer to query.
|
||
|
|
* @param fmap_out Pointer to a variable to receive the file map.
|
||
|
|
* @return cl_error_t CL_SUCCESS if successful.
|
||
|
|
*/
|
||
|
|
extern cl_error_t cl_scan_layer_get_fmap(
|
||
|
|
cl_scan_layer_t *layer,
|
||
|
|
cl_fmap_t **fmap_out)
|
||
|
|
{
|
||
|
|
cl_error_t status = CL_ERROR;
|
||
|
|
|
||
|
|
cli_scan_layer_t *l = (cli_scan_layer_t *)layer;
|
||
|
|
|
||
|
|
if (!layer || !fmap_out) {
|
||
|
|
status = CL_ENULLARG;
|
||
|
|
goto done;
|
||
|
|
}
|
||
|
|
|
||
|
|
*fmap_out = l->fmap;
|
||
|
|
status = CL_SUCCESS;
|
||
|
|
|
||
|
|
done:
|
||
|
|
return status;
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* @brief Get the parent layer of a scan layer.
|
||
|
|
*
|
||
|
|
* @param layer The scan layer to query.
|
||
|
|
* @param parent_layer_out Pointer to a variable to receive the parent layer.
|
||
|
|
* @return cl_error_t CL_SUCCESS if successful.
|
||
|
|
*/
|
||
|
|
extern cl_error_t cl_scan_layer_get_parent_layer(
|
||
|
|
cl_scan_layer_t *layer,
|
||
|
|
cl_scan_layer_t **parent_layer_out)
|
||
|
|
{
|
||
|
|
cl_error_t status = CL_ERROR;
|
||
|
|
|
||
|
|
cli_scan_layer_t *l = (cli_scan_layer_t *)layer;
|
||
|
|
|
||
|
|
if (!layer || !parent_layer_out) {
|
||
|
|
status = CL_ENULLARG;
|
||
|
|
goto done;
|
||
|
|
}
|
||
|
|
|
||
|
|
*parent_layer_out = (cl_scan_layer_t *)l->parent;
|
||
|
|
status = CL_SUCCESS;
|
||
|
|
|
||
|
|
done:
|
||
|
|
return status;
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* @brief Get the file type of a scan layer.
|
||
|
|
*
|
||
|
|
* The file type as clamav currently believes it to be.
|
||
|
|
* It may change later in the scan, so consider using `clcb_file_type_correction`
|
||
|
|
* callback to access the file again if it is re-typed.
|
||
|
|
*
|
||
|
|
* @param layer The scan layer to query.
|
||
|
|
* @param type_out Pointer to a variable to receive the file type.
|
||
|
|
* @return cl_error_t CL_SUCCESS if successful.
|
||
|
|
*/
|
||
|
|
extern cl_error_t cl_scan_layer_get_type(
|
||
|
|
cl_scan_layer_t *layer,
|
||
|
|
const char **type_out)
|
||
|
|
{
|
||
|
|
cl_error_t status = CL_ERROR;
|
||
|
|
|
||
|
|
cli_scan_layer_t *l = (cli_scan_layer_t *)layer;
|
||
|
|
|
||
|
|
if (!layer || !type_out) {
|
||
|
|
status = CL_ENULLARG;
|
||
|
|
goto done;
|
||
|
|
}
|
||
|
|
|
||
|
|
*type_out = cli_ftname(l->type);
|
||
|
|
status = CL_SUCCESS;
|
||
|
|
|
||
|
|
done:
|
||
|
|
return status;
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* @brief Get the recursion level of a scan layer.
|
||
|
|
*
|
||
|
|
* @param layer The scan layer to query.
|
||
|
|
* @param recursion_level_out Pointer to a variable to receive the recursion level.
|
||
|
|
* @return cl_error_t CL_SUCCESS if successful.
|
||
|
|
*/
|
||
|
|
extern cl_error_t cl_scan_layer_get_recursion_level(
|
||
|
|
cl_scan_layer_t *layer,
|
||
|
|
uint32_t *recursion_level_out)
|
||
|
|
{
|
||
|
|
cl_error_t status = CL_ERROR;
|
||
|
|
|
||
|
|
cli_scan_layer_t *l = (cli_scan_layer_t *)layer;
|
||
|
|
|
||
|
|
if (!layer || !recursion_level_out) {
|
||
|
|
status = CL_ENULLARG;
|
||
|
|
goto done;
|
||
|
|
}
|
||
|
|
|
||
|
|
*recursion_level_out = l->recursion_level;
|
||
|
|
status = CL_SUCCESS;
|
||
|
|
|
||
|
|
done:
|
||
|
|
return status;
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* @brief Get the object ID of a scan layer.
|
||
|
|
*
|
||
|
|
* Object ID is a unique identifier for the scan layer. It counts up from 0, although the callback interface
|
||
|
|
* may skip some IDs if the scan layer is processed immediately rather than being handled as distinct file type.
|
||
|
|
* For example, HTML may be normalized several ways and they're each given an Object ID, but we immediately
|
||
|
|
* pattern match them and do not handle them as distinct file types that were contained within the HTML.
|
||
|
|
*
|
||
|
|
* @param layer The scan layer to query.
|
||
|
|
* @param object_id_out Pointer to a variable to receive the object ID.
|
||
|
|
* @return cl_error_t CL_SUCCESS if successful.
|
||
|
|
*/
|
||
|
|
extern cl_error_t cl_scan_layer_get_object_id(
|
||
|
|
cl_scan_layer_t *layer,
|
||
|
|
uint64_t *object_id_out)
|
||
|
|
{
|
||
|
|
cl_error_t status = CL_ERROR;
|
||
|
|
|
||
|
|
cli_scan_layer_t *l = (cli_scan_layer_t *)layer;
|
||
|
|
|
||
|
|
if (!layer || !object_id_out) {
|
||
|
|
status = CL_ENULLARG;
|
||
|
|
goto done;
|
||
|
|
}
|
||
|
|
|
||
|
|
*object_id_out = l->object_id;
|
||
|
|
status = CL_SUCCESS;
|
||
|
|
|
||
|
|
done:
|
||
|
|
return status;
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* @brief Get the last detected alert (aka Strong indicator) name from a scan layer.
|
||
|
|
*
|
||
|
|
* @param layer The scan layer to query.
|
||
|
|
* @param alert_name_out Pointer to a variable to receive the alert name.
|
||
|
|
* If the layer has no alerts, this will be set to NULL.
|
||
|
|
* @return cl_error_t CL_SUCCESS if successful.
|
||
|
|
*/
|
||
|
|
extern cl_error_t cl_scan_layer_get_last_alert(
|
||
|
|
cl_scan_layer_t *layer,
|
||
|
|
const char **alert_name_out)
|
||
|
|
{
|
||
|
|
cl_error_t status = CL_ERROR;
|
||
|
|
|
||
|
|
cli_scan_layer_t *l = (cli_scan_layer_t *)layer;
|
||
|
|
|
||
|
|
if (!layer || !alert_name_out) {
|
||
|
|
status = CL_ENULLARG;
|
||
|
|
goto done;
|
||
|
|
}
|
||
|
|
|
||
|
|
if (NULL != l->evidence) {
|
||
|
|
const char *alert_name = evidence_get_last_alert(l->evidence);
|
||
|
|
if (alert_name) {
|
||
|
|
*alert_name_out = alert_name;
|
||
|
|
} else {
|
||
|
|
*alert_name_out = NULL;
|
||
|
|
}
|
||
|
|
} else {
|
||
|
|
*alert_name_out = NULL;
|
||
|
|
}
|
||
|
|
|
||
|
|
status = CL_SUCCESS;
|
||
|
|
|
||
|
|
done:
|
||
|
|
return status;
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* @brief Get the attributes of a scan layer.
|
||
|
|
*
|
||
|
|
* @param layer The scan layer to query.
|
||
|
|
* @param attributes_out Pointer to a variable to receive the layer attributes.
|
||
|
|
* @return cl_error_t CL_SUCCESS if successful.
|
||
|
|
*/
|
||
|
|
extern cl_error_t cl_scan_layer_get_attributes(
|
||
|
|
cl_scan_layer_t *layer,
|
||
|
|
uint32_t *attributes_out)
|
||
|
|
{
|
||
|
|
cl_error_t status = CL_ERROR;
|
||
|
|
|
||
|
|
cli_scan_layer_t *l = (cli_scan_layer_t *)layer;
|
||
|
|
|
||
|
|
if (!layer || !attributes_out) {
|
||
|
|
status = CL_ENULLARG;
|
||
|
|
goto done;
|
||
|
|
}
|
||
|
|
|
||
|
|
*attributes_out = l->attributes;
|
||
|
|
status = CL_SUCCESS;
|
||
|
|
|
||
|
|
done:
|
||
|
|
return status;
|
||
|
|
}
|