Skip to content

Commit

Permalink
Merge pull request Cisco-Talos#1314 from b1tg/regex-exclude
Browse files Browse the repository at this point in the history
Add regex support for OnAccessExcludePath
  • Loading branch information
micahsnyder authored Oct 9, 2024
2 parents 801a0ef + cfae6da commit 6f7ceb5
Show file tree
Hide file tree
Showing 3 changed files with 41 additions and 9 deletions.
15 changes: 15 additions & 0 deletions clamonacc/inotif/hash.c
Original file line number Diff line number Diff line change
Expand Up @@ -142,6 +142,8 @@ int onas_ht_init(struct onas_ht **ht, uint32_t size)
**ht = (struct onas_ht){
.htable = NULL,
.size = size,
.head = NULL,
.tail = NULL,
.nbckts = 0,
};

Expand Down Expand Up @@ -260,6 +262,19 @@ int onas_ht_insert(struct onas_ht *ht, struct onas_element *elem)
bckt = ht->htable[idx];
}

/* Init activated buckets */
if (ht->nbckts == 0) {
ht->head = bckt;
ht->tail = bckt;
bckt->prev = NULL;
bckt->next = NULL;
} else {
struct onas_bucket *ht_tail = ht->tail;
ht_tail->next = bckt;
bckt->prev = ht_tail;
bckt->next = NULL;
ht->tail = bckt;
}
bsize = bckt->size;
ret = onas_bucket_insert(bckt, elem);

Expand Down
4 changes: 4 additions & 0 deletions clamonacc/inotif/hash.h
Original file line number Diff line number Diff line change
Expand Up @@ -45,11 +45,15 @@ struct onas_bucket {

struct onas_element *head;
struct onas_element *tail;
struct onas_bucket *next; /* Next activated bucket */
struct onas_bucket *prev; /* Prev activated bucket */
};

struct onas_ht {

struct onas_bucket **htable;
struct onas_bucket *head; /* Activated buckets head */
struct onas_bucket *tail; /* Activated buckets tail */

/* Must be a sufficiently high power of two--will not grow. */
uint32_t size;
Expand Down
31 changes: 22 additions & 9 deletions clamonacc/inotif/inotif.c
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@
// common
#include "optparser.h"
#include "output.h"

#include "misc.h"
// clamd
#include "server.h"
#include "clamd_others.h"
Expand Down Expand Up @@ -531,15 +531,28 @@ void *onas_ddd_th(void *arg)
/* Remove provided paths recursively. */
if ((pt = optget(ctx->clamdopts, "OnAccessExcludePath"))->enabled) {
while (pt) {
size_t ptlen = strlen(pt->strarg);
if (onas_ht_get(ddd_ht, pt->strarg, ptlen, NULL) == CL_SUCCESS) {
if (onas_ht_rm_hierarchy(ddd_ht, pt->strarg, ptlen, 0)) {
logg(LOGG_ERROR, "ClamInotif: can't exclude '%s'\n", pt->strarg);
return NULL;
} else
logg(LOGG_INFO, "ClamInotif: excluding '%s' (and all sub-directories)\n", pt->strarg);
struct onas_bucket *ob = ddd_ht->head;
/* Iterate through the activated buckets to find matched paths */
while (ob != NULL) {
struct onas_element *oe = ob->head;
while (oe != NULL) {
if (match_regex(oe->key, pt->strarg)) {
if (onas_ht_get(ddd_ht, oe->key, oe->klen, NULL) == CL_SUCCESS) {
char *oe_key = cli_safer_strdup(oe->key);
if (onas_ht_rm_hierarchy(ddd_ht, oe->key, oe->klen, 0)) {
logg(LOGG_ERROR, "ClamInotif: can't exclude '%s'\n", oe_key);
free(oe_key);
return NULL;
} else {
logg(LOGG_INFO, "ClamInotif: excluding '%s' (and all sub-directories)\n", oe_key);
free(oe_key);
}
}
}
oe = oe->next;
}
ob = ob->next;
}

pt = (struct optstruct *)pt->nextarg;
}
}
Expand Down

0 comments on commit 6f7ceb5

Please sign in to comment.