Releases: plyara/plyara
Releases · plyara/plyara
plyara v2.1.1
plyara v2.1.0
New Features:
- #62 The parser can be reused without reinstantiation via the new
clear()method. This saves time between parsing sessions when using plyara on a large amount of data. Thanks @malwarefrank! - #69 Python 3.8 support.
- #84 A new parameter
meta_as_kvcan be used to emit the old 1.x JSON schema for entries in the meta section of a rule. Thanks sbruno and @Neo23x0! - #90 New instructions and configuration for contributors. Thanks @malwarefrank!
- #92 YARA 4.0 support. Thanks @malvidin!!!!
- #93 New rule hashing utility. Thanks @malvidin!
Changes:
- #81 Removed deprecated methods:
is_valid_rule_name(),is_valid_rule_tag(),detect_imports(),detect_dependencies(),generate_logic_hash(), and `rebuild_yara_rule(). Functionality of each of these is found in the utilities.
plyara v2.0.3
Patch release to address a bug.
- Fix handling of empty metadata strings. (#58 from @Tasssadar)
Note: this release will be unsigned on PyPI.
plyara v2.0.2
Patch release to address a bug.
- Fix handling of empty metadata strings. (#54)
plyara v2.0.1
plyara v2.0.0
Major release: v2.0.0.
Changes
- Parsed "meta" sections now return individual native Python types, rather than always strings. (See migration notes below).
- Parsed "meta" section is now represented as an ordered list of dictionaries with a single key, rather than an unsorted dictionary. (See migration notes below).
- Refactored static methods of the
Parserclass into a newplyara.utilsmodule. - Now strips extra quotes from strings in the "strings" section, and adds a new key called "type" to string dictionaries that will be one of "text", "byte", or "regex".
Migration Notes
When migrating from v1.x to v2.x, there are some changes you may need to account for in your plyara usage.
Native Types and Metadata List
YARA:
meta:
MyString = "Test"
MyInt = 10
MyBool = true
Before:
"metadata": {
"MyBool": "true",
"MyInt": "10",
"MyString": "Test"
}, Now:
"metadata": [
{
"MyString": "Test"
},
{
"MyInt": 10
},
{
"MyBool": true
}
],String Quoting and Type
YARA:
strings:
$a = { 00 00 00 00 00 00 }
$b = "test"
$c = /test/
Before:
"strings": [
{
"name": "$a",
"value": "{ 00 00 00 00 00 00 }"
},
{
"name": "$b",
"value": "\"test\""
},
{
"name": "$c",
"value": "/test/"
}
]Now:
"strings": [
{
"name": "$a",
"type": "byte",
"value": "{ 00 00 00 00 00 00 }"
},
{
"name": "$b",
"type": "text",
"value": "test"
},
{
"name": "$c",
"type": "regex",
"value": "/test/"
}
]Utils Functions
Before:
import plyara
with open('test.yara', 'r') as f:
parser = plyara.Plyara()
rules = parser.parse_string(f.read())
for rule in rules:
# Don't do this!
print(parser.rebuild_yara_rule(rule))Now:
import plyara
import plyara.utils
with open('test.yara', 'r') as f:
parser = plyara.Plyara()
rules = parser.parse_string(f.read())
for rule in rules:
# Do this instead!
print(plyara.utils.rebuild_yara_rule(rule))plyara v2.0.0-rc.1
Release candidate 1 for plyara v2.0.0. Full context: #45.
Barring any issues, this will become v2.0.0 on Feb 1.