Python-yara

Latest version: v1.0.2

Safety actively analyzes 689579 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 7

4.4.0

* New `lnk` module (https://github.com/VirusTotal/yara/pull/1732).
* Unreferenced strings are allowed if their identifier start with` _` (https://github.com/VirusTotal/yara/pull/1941)
* New command-line option `--disable-console-logs` for disabling the output of the console module (https://github.com/VirusTotal/yara/pull/1915)
* New command-line option `--strict-escape` that raises warnings on unknown escape sequences (https://github.com/VirusTotal/yara/pull/1880).
* Improve performance by avoiding the execution of rule conditions that can't match (https://github.com/VirusTotal/yara/pull/1927)
* Add callback message `CALLBACK_MSG_TOO_SLOW_SCANNING` for notifying about slow rules (https://github.com/VirusTotal/yara/pull/1921).
* Expose function RVA in `pe.export_details`(https://github.com/VirusTotal/yara/pull/1882).
* BUGFIX: Fix issues in the computation of `imphash` in `pe` module (https://github.com/VirusTotal/yara/pull/1944). Credits to the NSHC ThreatRecon team!
BUGFIX: Fix multiple out-of-bound memory reads in `dex` module (https://github.com/VirusTotal/yara/pull/1949, https://github.com/VirusTotal/yara/pull/1951).
* BUGFIX: Fix memory alignment issues (https://github.com/VirusTotal/yara/pull/1930).
* BUGFIX: Some strings with the wide and ascii modifiers not matching as they should (https://github.com/VirusTotal/yara/issues/1933).
* BUGFIX: Some rules not matching when `--fast-scan` is used (https://github.com/VirusTotal/yara/commit/4de3d574bae5973c711095c1c755166c07dec322)

Thanks to: mgoffin, wxsBSD, cblichmann, secDre4mer, vthib, regeciovad, kylereedmsft, TommYDeeee, humpalum

4.3.2

* BUGFIX: assertion triggered with certain hex patterns when scanning arbitrary files (https://github.com/VirusTotal/yara/commit/bcc631299c9eba3af1fbf6e8a466650185e94988). Reported by Huawei Central Software Institute Security Team.

4.3.1

Upgrade to YARA 4.3.1 ([release notes](https://github.com/VirusTotal/yara/releases/tag/v4.3.1))

4.3.0

Important note: This release introduces backward incompatible changes to the `yara-python` API.

Specifically, the `strings` field in the [yara.Match](https://yara.readthedocs.io/en/v4.3.0/yarapython.html#yara.Match) object has changed from an array of tuples `(<offset>, <string identifier>, <string data>)` to an array of [yara.StringMatch](https://yara.readthedocs.io/en/v4.3.0/yarapython.html#yara.StringMatch) objects. If your program iterates over the matched strings you will need to update your program accordingly.

4.3.0rc1

* Added a not operator for bytes in hex strings. Example: `{01 ~02 03}` (1676).
* `for` statement can iterate over sets of literal strings (e.g. `for any s in ("a", "b"): (pe.imphash() == s)`) (1787).
* `of` statement can be used with `at` (e.g. `any of them at 0`) (1790).
* Added the `--print-xor-key` (`-X` in short form) command-line option that prints the XOR key for xored strings (1745).
* Implement the `--skip-larger` command-line option in Windows (1678).
* Add parsing of .NET user types from .NET metadata stream in "dotnet" module (1605).
* Improve certificate parsing and validation in "pe" module (1623).
* Add `telfhash()` function to "elf" module (1624).
* Add `to_int()` and `to_string()` functions to "math" module (1767).
* Improve error reporting on certain edge cases (1709, 1722).
* BUGFIX: Fix multiple memory alignment issues causing crashes in non-x86 platforms (1724).
* BUGFIX: Fix implementation of `math.serial_correlation`(1771).
* BUGFIX: Fix infinite recursion in `dotnet` module (1794).
* BUGFIX: Fix SIGFPE when dividing INT64_MIN by -1.

Thanks to shanehuntley, 1ndahous3, HoundThe, wxsBSD, vthib

4.2.3

Page 1 of 7

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.