add PyPI based distribution and plugin for hcli (#1)

Author: xorpse

.github/workflows/build.yml

@@ -0,0 +1,182 @@
+name: build
+
+permissions:
+  contents: read
+
+on:
+  push:
+    branches: [ master ]
+  workflow_dispatch:
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  build-linux:
+    runs-on: ubuntu-latest
+    container:
+      image: quay.io/pypa/manylinux_2_28_x86_64
+
+    env:
+      CARGO_TERM_COLOR: always
+      PYTHON_BIN: /opt/python/cp311-cp311/bin/python
+
+    steps:
+      - name: checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+
+      - name: Install Rust (via rustup)
+        shell: bash
+        run: |
+          curl https://sh.rustup.rs -sSf | sh -s -- -y --profile minimal --default-toolchain stable
+          echo "$HOME/.cargo/bin" >> $GITHUB_PATH
+
+      - name: Install build dependencies
+        shell: bash
+        run: |
+          yum install -y jq llvm clang
+
+      - name: Install Python build dependencies
+        shell: bash
+        run: |
+          $PYTHON_BIN -m pip install --upgrade pip
+          $PYTHON_BIN -m pip install wheel auditwheel
+
+      - name: Generate lock file
+        shell: bash
+        run: cargo generate-lockfile
+
+      - name: Compute package version
+        shell: bash
+        run: |
+          VERSION=$(cargo metadata --format-version=1 --no-deps | jq -r '.packages[0].version')
+          echo "PACKAGE_VERSION=$VERSION" >> "$GITHUB_ENV"
+
+      - name: Build Rust binary (release, stub linkage)
+        shell: bash
+        env:
+          IDALIB_FORCE_STUB_LINKAGE: "1"
+        run: cargo build --release
+
+      - name: Build Python wheel skeleton
+        shell: bash
+        run: |
+          mkdir -p target/wheels
+          $PYTHON_BIN -m pip wheel --no-deps ./dist/pypi -w ./target/wheels
+
+      - name: Merge Rust binary into wheel
+        shell: bash
+        run: |
+          cd target/wheels
+
+          # unpack the wheel built by the ./dist/pypi package
+          $PYTHON_BIN -m wheel unpack parascope-${PACKAGE_VERSION}*.whl
+
+          # copy the compiled Rust binary into .data/scripts as rparascope
+          mkdir -p parascope-${PACKAGE_VERSION}/parascope-${PACKAGE_VERSION}.data/scripts
+          cp ../release/parascope parascope-${PACKAGE_VERSION}/parascope-${PACKAGE_VERSION}.data/scripts/rparascope
+
+          # repack
+          $PYTHON_BIN -m wheel pack parascope-${PACKAGE_VERSION} -d .
+
+      - name: Repair wheel with auditwheel (manylinux tagging & bundling)
+        shell: bash
+        run: |
+          cd target/wheels
+          WHEEL=$(ls parascope-${PACKAGE_VERSION}-*.whl)
+          echo "Repairing $WHEEL with auditwheel"
+          $PYTHON_BIN -m auditwheel repair parascope-${PACKAGE_VERSION}-*.whl -w .
+          echo "Removing original wheel"
+          rm "$WHEEL"
+
+      - name: Upload Linux wheel
+        uses: actions/upload-artifact@v4
+        with:
+          name: wheels-linux
+          path: target/wheels/*.whl
+
+  build-macos:
+    runs-on: macOS-latest
+    steps:
+      - name: checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+
+      - name: Install Rust (via rustup)
+        shell: bash
+        run: |
+          curl https://sh.rustup.rs -sSf | sh -s -- -y --profile minimal --default-toolchain stable
+          echo "$HOME/.cargo/bin" >> $GITHUB_PATH
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Install Python build dependencies
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install wheel
+
+      - name: Generate lock file
+        shell: bash
+        run: cargo generate-lockfile
+
+      - name: Compute package version
+        shell: bash
+        run: |
+          VERSION=$(cargo metadata --format-version=1 --no-deps | jq -r '.packages[0].version')
+          echo "PACKAGE_VERSION=$VERSION" >> "$GITHUB_ENV"
+
+      - name: Build Rust binary (release, stub linkage)
+        env:
+          IDALIB_FORCE_STUB_LINKAGE: "1"
+        run: cargo build --release
+
+      - name: Detect macOS arch from binary
+        shell: bash
+        run: |
+          ARCH=$(lipo -info target/release/parascope | grep -oE 'x86_64|arm64')
+          if [ "$ARCH" = "x86_64" ]; then
+            PLATFORM_TAG="macosx_10_9_x86_64"
+          elif [ "$ARCH" = "arm64" ]; then
+            PLATFORM_TAG="macosx_11_0_arm64"
+          else
+            echo "Unknown arch from lipo: $ARCH"
+            exit 1
+          fi
+          echo "PLATFORM_TAG=$PLATFORM_TAG" >> "$GITHUB_ENV"
+
+      - name: Build Python wheel skeleton
+        run: |
+          mkdir -p target/wheels
+          python -m pip wheel --no-deps ./dist/pypi -w ./target/wheels
+
+      - name: Merge Rust binary into wheel
+        run: |
+          cd target/wheels
+          python -m wheel unpack parascope-${PACKAGE_VERSION}*.whl
+
+          mkdir -p parascope-${PACKAGE_VERSION}/parascope-${PACKAGE_VERSION}.data/scripts
+          cp ../release/parascope parascope-${PACKAGE_VERSION}/parascope-${PACKAGE_VERSION}.data/scripts/rparascope
+
+          python -m wheel pack parascope-${PACKAGE_VERSION} -d .
+
+      - name: Retag macOS wheel with platform tag
+        shell: bash
+        run: |
+          cd target/wheels
+          WHEEL=$(ls parascope-${PACKAGE_VERSION}-*.whl)
+          echo "Retagging $WHEEL to platform $PLATFORM_TAG"
+          python -m wheel tags --platform-tag "$PLATFORM_TAG" "$WHEEL"
+          echo "Removing original wheel"
+          rm "$WHEEL"
+
+      - name: Upload macOS wheel
+        uses: actions/upload-artifact@v4
+        with:
+          name: wheels-macos
+          path: target/wheels/*.whl

Cargo.toml

@@ -11,7 +11,11 @@ repository = "https://github.com/xorpse/parascope.git"
 readme = "./README.md"
 edition = "2024"
 build = "build.rs"
-exclude = ["assets", "rules", "tests"]
+exclude = ["assets", "rules", "tests", "python", "plugin"]
+
+[[bin]]
+name = "parascope"
+path = "src/main.rs"
 
 [dependencies]
 anyhow = "1"

build.rs

@@ -1,4 +1,25 @@
+use std::env;
+
 fn main() -> Result<(), Box<dyn std::error::Error>> {
-    idalib_build::configure_linkage()?;
+    if env::var("IDALIB_FORCE_STUB_LINKAGE").is_ok() {
+        idalib_build::configure_idasdk_linkage();
+
+        #[cfg(target_os = "linux")]
+        {
+            let (_, stub_path, _, _) = idalib_build::idalib_sdk_paths();
+            println!(
+                "cargo::rustc-link-arg=-Wl,-rpath,{},-L{},-l:libida.so",
+                stub_path.display(),
+                stub_path.display(),
+            );
+            println!(
+                "cargo::rustc-link-arg=-Wl,-rpath,{},-L{},-l:libidalib.so",
+                stub_path.display(),
+                stub_path.display(),
+            );
+        }
+    } else {
+        idalib_build::configure_linkage()?;
+    }
     Ok(())
 }

dist/pypi/README.md

@@ -0,0 +1,162 @@
+# parascope
+
+[![crates.io](https://img.shields.io/crates/v/parascope)](https://crates.io/crates/parascope)
+[![license](https://img.shields.io/crates/l/parascope)](https://github.com/xorpse/parascope)
+[![crates.io downloads](https://img.shields.io/crates/d/parascope)](https://crates.io/crates/parascope)
+
+<!--
+<p align="center">
+  <img src="https://raw.githubusercontent.com/xorpse/parascope/refs/heads/master/assets/parascope-logo.svg" width="200" height="200" alt="parascope logo">
+</p>
+-->
+
+Weggli ruleset scanner for binaries and source code. Organise your weggli
+rules and scan source code and binaries in parallel!
+
+<p align="center">
+  <img src="https://raw.githubusercontent.com/xorpse/parascope/refs/heads/master/assets/parascope-demo.gif" width="800" alt="parascope demo">
+</p>
+
+## Build/installation
+
+To build and install parascope requires IDA Pro v9.2 and access to the
+latest SDK.
+
+Install via crates.io:
+
+```sh
+export IDADIR=/path/to/ida # optional
+cargo install parascope
+```
+
+Build/install from source:
+
+```sh
+export IDADIR=/path/to/ida # optional
+cargo install --path .
+```
+
+## Examples and usage
+
+Scan a single binary and output the rule matches to stdout:
+```
+parascope --display -r rules /path/of/binary
+```
+
+Scan all binaries in the given directory and stream rule matches to results.jsonl:
+```
+parascope -o results.jsonl -r rules /directory/of/binaries
+```
+
+Scan the C source code in the given directory and stream rule matches to results.jsonl:
+```
+parascope -m c -o results.jsonl -r rules /directory/of/source-code
+```
+
+Complete set of capabilities:
+
+```sh
+Weggli ruleset scanner for source code and binaries
+
+Usage: parascope [OPTIONS] --rules <rules> <INPUT>
+
+Arguments:
+  <INPUT>
+          File or directory to scan
+
+Options:
+  -m, --mode <mode>
+          Analysis mode
+
+          [default: binary]
+
+          Possible values:
+          - binary: Binary analysis mode (using IDA)
+          - c:      Source code analysis mode (C)
+          - cxx:    Source code analysis mode (C++)
+
+      --path-filter [<path-filter>...]
+          Restrict analysis to files matching the given regular expression.
+          For C/C++ analysis if no path filters are given analysis is restricted
+          to a set of default file extensions:
+
+          C: c, h
+          C++: C, cc, cxx, cpp, H, hh, hxx, hpp, h
+
+          For binary analysis, all files will be analysed. If an existing IDB is
+          available, e.g., we have both file and file.i64, only the IDB will be
+          used for analysis irrespective of the path filter.
+
+      --display
+          Render matches to stdout
+
+      --display-context <display-context>
+          Number of lines before/after match to render
+
+          [default: 5]
+
+      --summary
+          Render tabular summary to stdout
+
+  -r, --rules <rules>
+          File or directory containing wegglir rules
+
+  -o, --output <OUTPUT>
+          File to write output results (JSONL)
+
+  -h, --help
+          Print help (see a summary with '-h')
+
+  -V, --version
+          Print version
+```
+
+## Rules
+
+We use [weggli-ruleset](https://github.com/xorpse/weggli-ruleset.git) to help
+manage weggli patterns. It provides a yaml-based rule format that allows
+different (related) patterns to be grouped along with metadata useful for
+categorising and triaging matches. For example, we can encode the patterns from
+[here](https://github.com/0xdea/weggli-patterns?tab=readme-ov-file#call-to-unbounded-copy-functions-cwe-120-cwe-242-cwe-676),
+as follows:
+
+```yaml
+id: call-to-unbounded-copy-functions
+description: call to unbounded copy functions
+severity: medium
+tags:
+- CWE-120
+- CWE-242
+- CWE-676
+check-patterns:
+- name: gets
+  regex: func=^gets$
+  pattern: |
+    { $func(); }
+- name: st(r|p)(cpy|cat)
+  regex: func=st(r|p)(cpy|cat)$
+  pattern: |
+    { $func(); }
+- name: wc(r|p)(cpy|cat)
+  regex: func=wc(r|p)(cpy|cat)$
+  pattern: |
+    { $func(); }
+- name: sprintf
+  regex: func=sprintf$
+  pattern: |
+    { $func(); }
+- name: scanf
+  regex: func=scanf$
+  pattern: |
+    { $func(); }
+```
+
+### Rulesets & Resources
+
+Below is a list of resources containing weggli patterns/rules that can easily
+be ported to parascope rules:
+
+- [weggli-patterns](https://github.com/0xdea/weggli-patterns) and [A collection of weggli patterns for C/C++ vulnerability research](https://security.humanativaspa.it/a-collection-of-weggli-patterns-for-c-cpp-vulnerability-research/) by [raptor/@0xdea](https://github.com/0xdea)
+- [weggli-patterns](https://github.com/plowsec/weggli-patterns) by [volodya/@plowsec](https://github.com/plowsec)
+- [Playing with Weggli](https://dustri.org/b/playing-with-weggli.html) by [Julien Voisin](https://dustri.org/)
+- [Weggli rules (SSTIC 2013)](https://github.com/synacktiv/Weggli_rules_SSTIC2023) by [Synacktiv](https://github.com/synacktiv)