Merge remote-tracking branch 'origin/main' into magic

Author: plusvic

.github/workflows/golang.yaml

@@ -14,7 +14,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        go-version: [ '1.19', '1.20', '1.21.x', '1.22.x' ]
+        go-version: [ '1.19', '1.20', '1.21.x', '1.22.x', '1.23.x', '1.24.x', '1.25.x' ]
         os: [ ubuntu-latest, macos-latest ]
     runs-on: ${{ matrix.os }}
     steps:

.github/workflows/pr_title.yaml

@@ -13,6 +13,6 @@ jobs:
     permissions:
       statuses: write
     steps:
-    - uses: aslafy-z/conventional-pr-title-action@a0b851005a0f82ac983a56ead5a8111c0d8e044a  # v3.2.0
+    - uses: amannn/action-semantic-pull-request@fdd4d3ddf614fbcd8c29e4b106d3bbe0cb2c605d # v6.0.1
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yaml

@@ -187,7 +187,7 @@ jobs:
         CIBW_TEST_SKIP: '*-macosx_arm64 *-macosx_universal2:arm64'
         CIBW_BUILD_VERBOSITY: 1
 
-        MACOSX_DEPLOYMENT_TARGET: '10.12'
+        MACOSX_DEPLOYMENT_TARGET: '14.0'
 
     - name: Upload artifacts
       uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1  # v4.6.1

Cargo.lock

@@ -1,5 +1,5 @@
 [workspace.package]
-version = "1.4.0"
+version = "1.5.0"
 authors = ["Victor M. Alvarez <[email protected]>"]
 edition = "2021"
 homepage = "https://virustotal.github.io/yara-x"
@@ -105,13 +105,13 @@ walrus = "0.23.3"
 wasmtime = { version = "34.0.2", default-features = false }
 x509-parser = "0.17.0"
 yansi = "1.0.1"
-yara-x = { path = "lib", version = "1.4.0" }
-yara-x-fmt = { path = "fmt", version = "1.4.0" }
-yara-x-macros = { path = "macros", version = "1.4.0" }
-yara-x-parser = { path = "parser", version = "1.4.0" }
-yara-x-proto = { path = "proto", version = "1.4.0" }
-yara-x-proto-yaml = { path = "proto-yaml", version = "1.4.0" }
-yara-x-proto-json = { path = "proto-json", version = "1.4.0" }
+yara-x = { path = "lib", version = "1.5.0" }
+yara-x-fmt = { path = "fmt", version = "1.5.0" }
+yara-x-macros = { path = "macros", version = "1.5.0" }
+yara-x-parser = { path = "parser", version = "1.5.0" }
+yara-x-proto = { path = "proto", version = "1.5.0" }
+yara-x-proto-yaml = { path = "proto-yaml", version = "1.5.0" }
+yara-x-proto-json = { path = "proto-json", version = "1.5.0" }
 zip = "4.3.0"
 
 # Special profile that builds a release binary with link-time optimization.

Cargo.toml

@@ -54,6 +54,7 @@ enable-ansi-support = { workspace = true }
 env_logger = { workspace = true, optional = true, features = ["auto-color"] }
 log = { workspace = true, optional = true }
 protobuf = { workspace = true }
+regex = { workspace = true }
 serde_json = { workspace = true, features = ["preserve_order"] }
 serde = { workspace = true, features = ["derive"] }
 strum = { workspace = true }

cli/Cargo.toml

@@ -5,6 +5,7 @@ use std::{fs, io};
 use anyhow::Context;
 use clap::{arg, value_parser, ArgAction, ArgMatches, Command};
 use crossterm::tty::IsTty;
+use regex;
 use superconsole::{Component, Line, Lines, Span};
 use yansi::Color::{Green, Red, Yellow};
 use yansi::Paint;
@@ -112,14 +113,28 @@ pub fn exec_check(args: &ArgMatches, config: &Config) -> anyhow::Result<()> {
 
                 match config.ty {
                     MetaValueType::String => {
+                        let message = if let Some(regexp) = &config.regexp {
+                            // Make sure that the regexp is valid.
+                            let _ = regex::bytes::Regex::new(&regexp)?;
+                            format!("`{identifier}` must be a string that matches `/{regexp}/`")
+                        } else {
+                            format!("`{identifier}` must be a string")
+                        };
                         linter = linter.validator(
                             |meta| {
-                                matches!(
-                                    meta.value,
-                                    MetaValue::String(_) | MetaValue::Bytes(_)
-                                )
+                                match (&meta.value, &config.regexp) {
+                                    (MetaValue::String((s, _)), Some(regexp)) => {
+                                        regex::Regex::new(&regexp).unwrap().is_match(s)
+                                    }
+                                    (MetaValue::Bytes((s, _)), Some(regexp)) => {
+                                        regex::bytes::Regex::new(&regexp).unwrap().is_match(s)
+                                    }
+                                    (MetaValue::String(_), None) => true,
+                                    (MetaValue::Bytes(_), None) => true,
+                                    _ => false,
+                                }
                             },
-                            format!("`{identifier}` must be a string"),
+                            message,
                         );
                     }
                     MetaValueType::Integer => {
@@ -184,7 +199,7 @@ pub fn exec_check(args: &ArgMatches, config: &Config) -> anyhow::Result<()> {
             if !config.check.tags.allowed.is_empty() {
                 compiler.add_linter(
                     linters::tags_allowed(config.check.tags.allowed.clone())
-                    .error(config.check.tags.error));
+                        .error(config.check.tags.error));
             } else if let Some(re) = config
                 .check
                 .tags
@@ -252,7 +267,7 @@ pub fn exec_check(args: &ArgMatches, config: &Config) -> anyhow::Result<()> {
             Ok(())
         },
     )
-    .unwrap();
+        .unwrap();
 
     Ok(())
 }

cli/src/commands/check.rs

@@ -118,6 +118,9 @@ pub struct RuleNameConfig {
 pub struct MetadataConfig {
     #[serde(rename = "type")]
     pub ty: MetaValueType,
+    /// A regular expression that the metadata value must match. Only
+    /// applies if type is MetaValueType::String.
+    pub regexp: Option<String>,
     /// Specifies whether the metadata is required or optional.
     #[serde(default)]
     pub required: bool,

cli/src/config.rs

@@ -21,6 +21,7 @@ fn metadata() {
             sha256 = { type = "sha256" }
             required = { type = "string", required = true }
             optional = { type = "string" }
+            regexp = { type = "string", regexp = "(foo|bar)" }
             "#,
         )
         .unwrap();
@@ -42,14 +43,14 @@ fn metadata() {
   |      --- required metadata `required` not found
   |
 warning[text_as_hex]: hex pattern could be written as text literal
- --> src/tests/testdata/foo.yar:9:5
-  |
-9 |     $foo_hex = { 66 6f 6f }
-  |     ---------------------
-  |     |
-  |     this pattern can be written as a text literal
-  |     help: replace with "foo"
-  |
+  --> src/tests/testdata/foo.yar:10:5
+   |
+10 |     $foo_hex = { 66 6f 6f }
+   |     ---------------------
+   |     |
+   |     this pattern can be written as a text literal
+   |     help: replace with "foo"
+   |
 "#,
         );
 
@@ -66,6 +67,7 @@ warning[text_as_hex]: hex pattern could be written as text literal
                 int = 3.14
                 float = "not a float"
                 string = true
+                regexp = "baz"
               condition:
                 true
             }"#,
@@ -83,23 +85,36 @@ warning[text_as_hex]: hex pattern could be written as text literal
         .stderr(predicate::str::contains(
             "warning[invalid_metadata]: metadata `md5` is not valid",
         ))
+        .stderr(predicate::str::contains("`md5` must be a MD5"))
         .stderr(predicate::str::contains(
             "warning[invalid_metadata]: metadata `sha1` is not valid",
         ))
+        .stderr(predicate::str::contains("`sha1` must be a SHA-1"))
         .stderr(predicate::str::contains(
             "warning[invalid_metadata]: metadata `sha256` is not valid",
         ))
+        .stderr(predicate::str::contains("`sha256` must be a SHA-256"))
         .stderr(predicate::str::contains(
             "warning[invalid_metadata]: metadata `bool` is not valid",
         ))
+        .stderr(predicate::str::contains("`bool` must be a bool"))
         .stderr(predicate::str::contains(
             "warning[invalid_metadata]: metadata `int` is not valid",
         ))
+        .stderr(predicate::str::contains("`int` must be an int"))
         .stderr(predicate::str::contains(
             "warning[invalid_metadata]: metadata `float` is not valid",
         ))
+        .stderr(predicate::str::contains("`float` must be a float"))
         .stderr(predicate::str::contains(
             "warning[invalid_metadata]: metadata `string` is not valid",
+        ))
+        .stderr(predicate::str::contains("`string` must be a string"))
+        .stderr(predicate::str::contains(
+            "warning[invalid_metadata]: metadata `regexp` is not valid",
+        ))
+        .stderr(predicate::str::contains(
+            "`regexp` must be a string that matches `/(foo|bar)/`",
         ));
 }
 

cli/src/tests/check.rs

@@ -147,7 +147,7 @@ fn print_meta() {
         .arg("src/tests/testdata/dummy.file")
         .assert()
         .success()
-        .stdout("foo [string=\"foo\",bool=true,int=1,float=3.14] src/tests/testdata/dummy.file\n");
+        .stdout("foo [string=\"foo\",bool=true,int=1,float=3.14,regexp=\"foo\"] src/tests/testdata/dummy.file\n");
 }
 
 #[test]