-
Notifications
You must be signed in to change notification settings - Fork 47
/
Cargo.toml
237 lines (209 loc) · 7.21 KB
/
Cargo.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
[package]
name = "yara-x"
description = """
A pure Rust implementation of YARA.
"""
version.workspace = true
authors.workspace = true
edition.workspace = true
readme.workspace = true
license.workspace = true
homepage.workspace = true
keywords.workspace = true
rust-version.workspace = true
# Exclude test files from the package published to crates.io, as there's a
# limit of 10MB for the total package size.
exclude = [
"src/modules/**/*.zip",
"src/modules/**/*.out"
]
[features]
# Enables constant folding. When constant folding is enabled, expressions
# like `2+2+2` and `true or false`, whose value can be determined at compile
# time, will be reduced to its final value, instead of producing code that
# actually computes the expression.
constant-folding = []
# Enables the use of exact atoms for speeding up matches. Exact atoms are those
# that don't require further verification, the sole presence of the atom
# indicates that the pattern containing the atom matches. For instance, in
# pattern /abc(d|e)/, the atom "abcd" is an exact atom, by finding the atom
# "abcd" we can be sure that the whole regexp matches. However, the atom "abc"
# is not exact, finding "abc" is not enough, the regexp must be evaluated in
# order to verify if it matches. If this feature is not enabled exact atoms are
# treated as standard (non-exact) atoms.
exact-atoms = []
# Enables the use of FastVM for matching regular expression, as an alternative
# to PikeVM. This feature is enabled by default, and its purpose is disabling
# the fast regexp matching mechanism for testing purposes.
fast-regexp = []
# Enables debug logs.
logging = ["dep:log"]
# Enables rules profiling. When this is enabled together with `logging` the
# logs will contain information about the most expensive rules after each
# scan. Notice that profiling itself has a noticeable impact on performance.
rules-profiling = ["logging"]
# When enabled use the logic included in the `x509-parser` crate for verifying
# certificates. If not enabled we use our ouwn logic. This is disabled by
# default.
x509-parser-verify = ['x509-parser/verify']
# Features for enabling/disabling modules.
#
# For each module we have a `<module name>-module` feature that controls whether
# a given module is built or not. For instance, if the feature `foo-module` is
# enabled, the module `foo` will be built into YARA.
# The `console` module exports functions for printing text from YARA rules.
console-module = []
# The `dotnet` module parsers .NET files.
dotnet-module = [
"pe-module",
"dep:nom",
]
# The `elf` module parses ELF files.
elf-module = [
"dep:tlsh-fixed",
"dep:nom",
"dep:md-5",
]
# The `hash` module provides functions for computing md5, sha1, sha-256,
# crc32 and checksum.
hash-module = [
"dep:md-5",
"dep:sha1",
"dep:sha2",
"dep:crc32fast",
]
# The `lnk` module parses LNK files.
lnk-module = [
"dep:uuid",
"dep:nom",
]
# The `macho` module parses Mach-O files.
macho-module = [
"dep:nom",
"dep:roxmltree",
]
# The `magic` allows recognizing file types based on the output of the
# Unix `file` command. This feature is disabled by default.
magic-module = [
"dep:magic"
]
# The `math` module.
math-module = []
# The `pe` module parses PE files.
pe-module = [
"dep:const-oid",
"dep:der-parser",
"dep:digest",
"dep:dsa",
"dep:ecdsa",
"dep:nom",
"dep:rsa",
"dep:md2",
"dep:md-5",
"dep:p256",
"dep:p384",
"dep:sha1",
"dep:sha2",
"dep:x509-parser"
]
# The `string` modules offer some functions for parsing strings as integers,
# determining a string length, etc.
string-module = []
# Test modules to be used only in test cases.
test_proto2-module = []
test_proto3-module = []
# The `text` module is an example module described in the Module's Developer
# Guide. Not very useful in real life.
text-module = [
"dep:lingua"
]
# The `time` module allows you to retrieve epoch in seconds that can be used in
# conditions of a rule to check against other epoch time.
time-module = []
# Features that are enabled by default.
default = [
"constant-folding",
"exact-atoms",
"fast-regexp",
"console-module",
"dotnet-module",
"elf-module",
"macho-module",
"math-module",
"hash-module",
"pe-module",
"string-module",
"time-module",
"lnk-module",
"test_proto2-module",
"test_proto3-module",
]
[dependencies]
aho-corasick = { workspace = true, features = ["logging"] }
anyhow = { workspace = true }
array-bytes = { workspace = true }
ascii_tree = { workspace = true }
base64 = { workspace = true }
bincode = { workspace = true }
bitmask = { workspace = true }
bitvec = { workspace = true }
bstr = { workspace = true, features = ["serde"] }
const-oid = { workspace = true, optional = true, features = ["db"] }
crc32fast = { workspace = true, optional = true }
der-parser = { workspace = true, optional = true, features = ["bigint"] }
digest = { workspace = true, optional = true }
dsa = { workspace = true, optional = true }
ecdsa = { workspace = true, optional = true }
fmmap = { workspace = true }
indexmap = { workspace = true, features = ["serde"] }
intaglio = { workspace = true }
itertools = { workspace = true }
lazy_static = { workspace = true }
linkme = { workspace = true }
log = { workspace = true, optional = true }
md2 = { workspace = true, optional = true, features = ["oid"] }
md-5 = { workspace = true, optional = true, features = ["oid"] }
sha1 = { workspace = true, optional = true, features = ["oid"] }
sha2 = { workspace = true, optional = true, features = ["oid"] }
magic = { workspace = true, optional = true }
memchr = { workspace = true }
memx = { workspace = true }
nom = { workspace = true, optional = true }
num-derive = { workspace = true }
num-traits = { workspace = true }
p384 = { workspace = true, optional = true, features = ["ecdsa"] }
p256 = { workspace = true, optional = true, features = ["ecdsa"] }
protobuf = { workspace = true }
rustc-hash = { workspace = true }
regex-syntax = { workspace = true }
regex-automata = { workspace = true }
roxmltree = { workspace = true, optional = true }
rsa = { workspace = true, optional = true }
smallvec = { workspace = true, features = ["serde"] }
serde = { workspace = true, features = ["rc"] }
serde_json = { workspace = true }
thiserror = { workspace = true }
tlsh-fixed = { workspace = true, optional = true }
uuid = { workspace = true, optional = true, features = ["v4"] }
walrus = { workspace = true }
wasmtime = { workspace = true, features = ["cranelift", "parallel-compilation"] }
x509-parser = { workspace = true, optional = true }
yansi = { workspace = true }
yara-x-macros = { workspace = true }
yara-x-parser = { workspace = true }
lingua = { version = "1.6.0", optional = true, default-features = false, features = ["english", "german", "french", "spanish"] }
[build-dependencies]
anyhow = { workspace = true }
globwalk = { workspace = true }
protobuf = { workspace = true }
protobuf-codegen = { workspace = true }
protobuf-parse = { workspace = true }
yara-x-proto = { workspace = true }
[dev-dependencies]
globwalk = { workspace = true }
goldenfile = { workspace = true }
ihex = { workspace = true }
pretty_assertions = { workspace = true }
rayon = { workspace = true }
yara-x-proto-yaml = { workspace = true }
zip = { workspace = true }