Skip to content

Releases: VirusTotal/yara-x

v1.2.1

18 Jun 17:02
02d649b
Compare
Choose a tag to compare
  • BUGFIX: regression introduced in #368.
  • BUGFIX: more robust LNK file parsing than handles maliciously crafted files (7e1c8b3, #379)

v1.2.0

18 Jun 09:59
ed968f0
Compare
Choose a tag to compare
  • Allow disabling specific warnings via the configuration file (b44ca8f) (documentation).
  • BUGFIX: Another JSON encoding issue (1a41075, #376).
  • BUGFIX: Return a proper error message when passing invalid metadata to a module (#368).

Contributors: @vojone

v1.1.0

13 Jun 09:40
512ab7c
Compare
Choose a tag to compare
  • Add the yrx_scanner_set_module_data function to the C API.
  • Show warnings when comparing the result of intXX and uintXX functions with values outside their valid ranges. Example:
    warning[unsatisfiable_expr]: unsatisfiable expression
     --> demo.yar:6:3
      |
    6 |   uint8(0) == 0x1FF
      |   --------    ----- this integer is outside the range [0,255]
      |   |
      |   this expression is an integer in the range [0,255]
      |
    
  • BUGFIX: Less strict schema for Cuckoo reports (#369).
  • BUGFIX: CLI reports UTF-8 encoding errors instead of ignoring them silently (2372d68) (thanks to @craiu for the report)
  • BUGFIX: Fix issue in the Python API while parsing JSON data (#365, c3ad3ac).

Contributors: @vojone @szabgab

v1.0.1

06 Jun 22:35
2b569bb
Compare
Choose a tag to compare
  • BUGFIX: Panic while truncating long file paths containing Unicode characters (#360).
  • BUGFIX: JSONDecodeError in Python API (#361).

v1.0.0

04 Jun 11:02
35bbdab
Compare
Choose a tag to compare
  • First stable release!

  • Raise warning when loops can have too many iterations (#352).

  • Raise warning when comparing a string that is known to be lowercase (like the result of hash.md5) with a string that contains uppercase characters (150500b). Example:

     warning[unsatisfiable_expr]: unsatisfiable expression
     --> line:5:9
      |
    5 |         test_proto2.string_foo == "FOO"
      |         ----------------------    ----- this contains uppercase characters
      |         |
      |         this is a lowercase string
      |
      = note: a lowercase string can't be equal to a string containing uppercase characters
    
  • Better handling of raw bytes and timestamps when decoding module outputs from Python (#357, d65a92a).

v0.15.0

19 May 16:22
3537bcf
Compare
Choose a tag to compare
  • Implement include statements (#350).
  • Add module invoke support to Python API (#348).
  • BUGFIX: Parsing aborted when too many rules had the global or private modifiers (d9a1f97).

Contributors: @wxsBSD

v0.14.0

28 Mar 11:46
b9ade77
Compare
Choose a tag to compare
  • Parse LC_DYLD_EXPORTS_TRIE in Mach-O files (#303).
  • Parse chained fixup imports via LC_DYLD_CHAINED_FIXUPS in Mach-O files (#305).
  • Implement tag linter (#304).
  • Implement regex anchors ^ and $ in multi-line mode (8b01882).
  • Add support for 32-bits targets.
  • Improve performance by memoizing some function calls (#311).
  • Open source the vt module.
  • BUGFIX: Do not abort parsing when .NET file has a table with more than MAX_ROWS_PER_TABLE (908009b).
  • BUGFIX: Prevent infinite loop due to cycles in certificate chain (a751199).

Contributors: @latonis, @wxsBSD, @JonathanAnbary

v0.13.0

03 Feb 16:10
cfa20b8
Compare
Choose a tag to compare
  • Implemented basic linting via the check command.
  • Refactor the format of JSON output (#281).
  • Parse Mach-O certificates (#276).
  • Allow using previously defined variables in with statements (#287).
  • BUGFIX: prevent the fmt command from modifying binary files accidentally.
  • BUGFIX: fix panic when path starts with ./(#280).
  • BUGFIX: reduce consumption of process address space (#292).

Contributors: @chudicek @latonis @wxsBSD

v0.12.0

17 Dec 20:10
d2b8358
Compare
Choose a tag to compare
  • The macho module now parses and exposesLC_LINKER_OPTION commands (#256).
  • Raise warning with some patterns that have too many 2-byte atoms and are potentially slow (#264).
  • Extract more information from the SpcSpOpusInfo structure contained in PE signatures (50180d8).
  • BUGFIX: add missing MEAN_BYTES constant to math module (888c77e).
  • BUGFIX: panic when calling dylib_hash in some corrupted Mach-O files (c014a26).

Contributors: @latonis

v0.11.1

03 Dec 15:36
ee65c74
Compare
Choose a tag to compare
  • BUGFIX: large memory consumption while parsing corrupted PE files (f3ea4f3)