Cccs-yara

Latest version: v2.4

Safety actively analyzes 638755 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 2 of 2

1.6.1

**NEW FEATURES**

- Automatic generation of mitre_att software ids for malware or tool names found in the MITRE ATT&CK database

**CHANGES**

- Updating the MITRE ATT&CK submodule to the latest released version

**BUG FIXES**

- None

1.6

**NEW FEATURES**

- None

**CHANGES**

- changed the error message for missing metadata that could have been generated
- "⚙️ Missing metadata that could have been generated with the -i or -c flag for the cli"

- changed the default behaviour of the cli
- a rule now returns invalid if it is missing the 'id', 'fingerprint', 'version', 'first_imported' or 'last_modified' metadata
- see PR https://github.com/CybercentreCanada/CCCS-Yara/pull/34 for details on the reason behind this

**BUG FIXES**

- None

1.5

**NEW FEATURES**

- Leading white space standardization
- ensures the leading white space in validated rules are the same, by default converts and '\t' characters to four ' ' characters
- this is a configurable behavior in validator_cfg.yml

**CHANGES**

- changed minimum_yara to yara_version:
- fixes a compatibility issue

**BUG FIXES**

- None

1.4

**NEW FEATURES**

- None

**CHANGES**

- changed the canonical order of the metadata:
- moved reference from between source and author to between report and hash

**BUG FIXES**

- None

1.3

**NEW FEATURES**

- handling multi-rule YARA files via a new yara_file_processor.py library
- string_encoding: allow of ASCII, UTF-8 or any encoding configured in: validator_cfg.yml: Default utf-8.
- added -g to yara_validator_cli.py: suppresses the generation of id, fingerprint, version, first_imported or last_modified and will return invalid of those fields are missing.

**CHANGES**

- malvidin's pull request 18 and 24 have been merged in. Including many of the stylistic changes:
- strips down the requirements.txt so that it no longer includes the items that will be installed when stix2 is installed
- renames the cfg folder to stix2_patch
- BitsOfBinary made the suggestion of a yara_version optional metadata entry in pull request 29.
- incorporated as "minimum_yara" using the existing valid_version()
- more permissive values allowed for the value of info|exploit|technique|tool|malware (any non-lowercase UTF-8 characters 28 )
- more permissive author values (include special characters, eg. , %)

**BUG FIXES**

- fixed the entry for source in CCCS-YARA.yml, when source = "OPENSOURCE" a reference must be provided

Page 2 of 2

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.