Releases: VirusTotal/yara-x
Releases · VirusTotal/yara-x
v1.2.1
v1.2.0
v1.1.0
- Add the
yrx_scanner_set_module_data
function to the C API. - Show warnings when comparing the result of
intXX
anduintXX
functions with values outside their valid ranges. Example:warning[unsatisfiable_expr]: unsatisfiable expression --> demo.yar:6:3 | 6 | uint8(0) == 0x1FF | -------- ----- this integer is outside the range [0,255] | | | this expression is an integer in the range [0,255] |
- BUGFIX: Less strict schema for Cuckoo reports (#369).
- BUGFIX: CLI reports UTF-8 encoding errors instead of ignoring them silently (2372d68) (thanks to @craiu for the report)
- BUGFIX: Fix issue in the Python API while parsing JSON data (#365, c3ad3ac).
v1.0.1
v1.0.0
-
First stable release!
-
Raise warning when loops can have too many iterations (#352).
-
Raise warning when comparing a string that is known to be lowercase (like the result of
hash.md5
) with a string that contains uppercase characters (150500b). Example:warning[unsatisfiable_expr]: unsatisfiable expression --> line:5:9 | 5 | test_proto2.string_foo == "FOO" | ---------------------- ----- this contains uppercase characters | | | this is a lowercase string | = note: a lowercase string can't be equal to a string containing uppercase characters
-
Better handling of raw bytes and timestamps when decoding module outputs from Python (#357, d65a92a).
v0.15.0
v0.14.0
- Parse LC_DYLD_EXPORTS_TRIE in Mach-O files (#303).
- Parse chained fixup imports via LC_DYLD_CHAINED_FIXUPS in Mach-O files (#305).
- Implement tag linter (#304).
- Implement regex anchors
^
and$
in multi-line mode (8b01882). - Add support for 32-bits targets.
- Improve performance by memoizing some function calls (#311).
- Open source the
vt
module. - BUGFIX: Do not abort parsing when .NET file has a table with more than MAX_ROWS_PER_TABLE (908009b).
- BUGFIX: Prevent infinite loop due to cycles in certificate chain (a751199).
Contributors: @latonis, @wxsBSD, @JonathanAnbary
v0.13.0
- Implemented basic linting via the
check
command. - Refactor the format of JSON output (#281).
- Parse Mach-O certificates (#276).
- Allow using previously defined variables in
with
statements (#287). - BUGFIX: prevent the
fmt
command from modifying binary files accidentally. - BUGFIX: fix panic when path starts with
./
(#280). - BUGFIX: reduce consumption of process address space (#292).
v0.12.0
- The
macho
module now parses and exposesLC_LINKER_OPTION
commands (#256). - Raise warning with some patterns that have too many 2-byte atoms and are potentially slow (#264).
- Extract more information from the
SpcSpOpusInfo
structure contained in PE signatures (50180d8). - BUGFIX: add missing
MEAN_BYTES
constant tomath
module (888c77e). - BUGFIX: panic when calling
dylib_hash
in some corrupted Mach-O files (c014a26).
Contributors: @latonis