add math.tonumber function to convert bool to number (VirusTotal#1450)

virusdefender · web-flow · commit 2edd10c735d9 · 2021-03-15T12:36:14.000+01:00
more data types can be supported if needed, for example
string to number, etc.
diff --git a/docs/modules/math.rst b/docs/modules/math.rst
@@ -110,3 +110,11 @@ file and create signatures based on those results.
     .. versionadded:: 3.8.0
 
     Returns the minimum of two unsigned integer values.
+
+.. c:function:: tonumber(bool)
+
+    .. versionadded:: 4.0.5
+
+    Returns 0 or 1, it's useful when writing a score based rule.
+
+    *Example: math.tonumber(SubRule1) \* 60 + math.tonumber(SubRule2) \* 20 + math.tonumber(SubRule3) \* 70 > 80*
diff --git a/libyara/modules/math/math.c b/libyara/modules/math/math.c
@@ -605,6 +605,10 @@ define_function(max)
   return_integer(i > j ? i : j);
 }
 
+define_function(tonumber)
+{
+  return_integer(integer_argument(1) ? 1 : 0);
+}
 
 begin_declarations
   declare_float("MEAN_BYTES");
@@ -621,6 +625,7 @@ begin_declarations
   declare_function("entropy", "s", "f", string_entropy);
   declare_function("min", "ii", "i", min);
   declare_function("max", "ii", "i", max);
+  declare_function("tonumber", "b", "i", tonumber);
 end_declarations
 
 
diff --git a/tests/test-math.c b/tests/test-math.c
@@ -28,6 +28,22 @@ int main(int argc, char** argv)
       }",
       "A");
 
+  assert_true_rule_blob(
+      "import \"math\" \
+      rule test { \
+        condition: \
+          math.tonumber(1 == 1) \
+      }",
+      "A");
+
+  assert_false_rule_blob(
+      "import \"math\" \
+      rule test { \
+        condition: \
+          math.tonumber(1 > 2) \
+      }",
+      "A");
+
   yr_finalize();
 
   YR_DEBUG_FPRINTF(
