From 70e52a8d26a58ad146f7f1890931ccd0fbe9097b Mon Sep 17 00:00:00 2001 From: "Victor M. Alvarez" Date: Mon, 9 Feb 2026 13:14:59 +0100 Subject: [PATCH 1/3] feat: add version number to serialized rules. Now the serialized rules contain a version number that allows YARA-X to produce a meaningful error message when it tries to load serialized rules produced by an incompatible version. --- lib/src/compiler/errors.rs | 10 ++++++++++ lib/src/compiler/rules.rs | 34 +++++++++++++++++++++++++++++----- lib/src/compiler/tests/mod.rs | 25 +++++++++++++++++++++++++ 3 files changed, 64 insertions(+), 5 deletions(-) diff --git a/lib/src/compiler/errors.rs b/lib/src/compiler/errors.rs index 27fd70191..5b8447d39 100644 --- a/lib/src/compiler/errors.rs +++ b/lib/src/compiler/errors.rs @@ -34,6 +34,16 @@ impl InvalidWarningCode { /// Error returned while serializing/deserializing compiled rules. #[derive(Error, Debug)] pub enum SerializationError { + /// The data being deserialized was created with an incompatible version + /// of YARA-X. + #[error("incompatible version, expected {expected} got {actual}")] + InvalidVersion { + /// The expected version. + expected: u32, + /// The actual version found in the file. + actual: u32, + }, + /// The data being deserialized doesn't contain YARA-X serialized rules. #[error("not a YARA-X compiled rules file")] InvalidFormat, diff --git a/lib/src/compiler/rules.rs b/lib/src/compiler/rules.rs index d5ac11102..0f144939e 100644 --- a/lib/src/compiler/rules.rs +++ b/lib/src/compiler/rules.rs @@ -25,6 +25,15 @@ use crate::re::{BckCodeLoc, FwdCodeLoc, RegexpAtom}; use crate::string_pool::{BStringPool, StringPool}; use crate::{re, types, wasm, Rule}; +/// Magic bytes prepended to any binary file generated by YARA-X. +const MAGIC: &[u8] = b"YARA-X\0\0"; + +/// Version of the serialization format. +/// +/// This version is incremented every time a change is made to the binary +/// format in a way that breaks backwards compatibility. +const SERIALIZATION_VERSION: u32 = 1; + /// A set of YARA rules in compiled form. /// /// This is the result from [`crate::Compiler::build`]. @@ -169,19 +178,31 @@ impl Rules { B: AsRef<[u8]>, { let bytes = bytes.as_ref(); - let magic = b"YARA-X"; + let version_offset = MAGIC.len(); + let data_offset = version_offset + size_of::(); - if bytes.len() < magic.len() || &bytes[0..magic.len()] != magic { + if bytes.len() < data_offset || &bytes[0..version_offset] != MAGIC { return Err(SerializationError::InvalidFormat); } + let version = u32::from_le_bytes( + bytes[version_offset..data_offset].try_into().unwrap(), + ); + + if version != SERIALIZATION_VERSION { + return Err(SerializationError::InvalidVersion { + expected: SERIALIZATION_VERSION, + actual: version, + }); + } + #[cfg(feature = "logging")] let start = Instant::now(); - // Skip the magic and deserialize the remaining data. + // Skip the header and deserialize the remaining data. let (mut rules, _len): (Self, usize) = bincode::serde::decode_from_slice( - &bytes[magic.len()..], + &bytes[data_offset..], bincode::config::standard(), )?; @@ -229,7 +250,10 @@ impl Rules { let mut writer = BufWriter::new(writer); // Write file header. - writer.write_all(b"YARA-X")?; + writer.write_all(MAGIC)?; + + // Write version. + writer.write_all(&SERIALIZATION_VERSION.to_le_bytes())?; bincode::serde::encode_into_std_write( self, diff --git a/lib/src/compiler/tests/mod.rs b/lib/src/compiler/tests/mod.rs index 5a43eeea1..191111790 100644 --- a/lib/src/compiler/tests/mod.rs +++ b/lib/src/compiler/tests/mod.rs @@ -20,9 +20,34 @@ fn serialization() { assert!(matches!( Rules::deserialize(b"YARA-X").err().unwrap(), + SerializationError::InvalidFormat + )); + + // A valid file starts with `MAGIC` and a version number, but the rest of + // the content is invalid because it is too short. This must produce a + // `DecodeError`. + let mut data = Vec::new(); + data.extend(b"YARA-X\0\0"); + data.extend(1u32.to_le_bytes()); + data.extend(b"foo"); + + assert!(matches!( + Rules::deserialize(&data).err().unwrap(), SerializationError::DecodeError(_) )); + // This is a valid file, but with a version number that is not the current + // one. This must produce an `InvalidVersion` error. + let mut data = Vec::new(); + data.extend(b"YARA-X\0\0"); + data.extend(0u32.to_le_bytes()); + data.extend(b"foo"); + + assert!(matches!( + Rules::deserialize(&data).err().unwrap(), + SerializationError::InvalidVersion { expected: _, actual: 0 } + )); + let rules = compile(r#"rule test { strings: $a = "foo" condition: $a }"#) .unwrap() .serialize() From 1a3b75c624ec1232fea42467b9471a18e4829677 Mon Sep 17 00:00:00 2001 From: William Durand Date: Mon, 9 Feb 2026 16:05:30 +0100 Subject: [PATCH 2/3] chore: fix line endings in site/ (#556) Fixes #555 --- site/.eslintrc.json | 60 ++++++++++++++++++------------------- site/.stylelintrc.json | 68 +++++++++++++++++++++--------------------- 2 files changed, 64 insertions(+), 64 deletions(-) diff --git a/site/.eslintrc.json b/site/.eslintrc.json index d9d2fc7a9..c926994dc 100644 --- a/site/.eslintrc.json +++ b/site/.eslintrc.json @@ -1,31 +1,31 @@ -{ - "env": { - "browser": true, - "commonjs": true, - "es6": true, - "node": true - }, - "extends": "eslint:recommended", - "globals": { - "Atomics": "readonly", - "SharedArrayBuffer": "readonly" - }, - "parserOptions": { - "ecmaVersion": 2018, - "sourceType": "module" - }, - "rules": { - "no-console": 0, - "quotes": ["error", "single"], - "comma-dangle": [ - "error", - { - "arrays": "always-multiline", - "objects": "always-multiline", - "imports": "always-multiline", - "exports": "always-multiline", - "functions": "ignore" - } - ] - } +{ + "env": { + "browser": true, + "commonjs": true, + "es6": true, + "node": true + }, + "extends": "eslint:recommended", + "globals": { + "Atomics": "readonly", + "SharedArrayBuffer": "readonly" + }, + "parserOptions": { + "ecmaVersion": 2018, + "sourceType": "module" + }, + "rules": { + "no-console": 0, + "quotes": ["error", "single"], + "comma-dangle": [ + "error", + { + "arrays": "always-multiline", + "objects": "always-multiline", + "imports": "always-multiline", + "exports": "always-multiline", + "functions": "ignore" + } + ] + } } \ No newline at end of file diff --git a/site/.stylelintrc.json b/site/.stylelintrc.json index acf43c5ae..1034dfd39 100644 --- a/site/.stylelintrc.json +++ b/site/.stylelintrc.json @@ -1,35 +1,35 @@ -{ - "extends": "stylelint-config-standard-scss", - "rules": { - "no-empty-source": null, - "scss/comment-no-empty": null, - "scss/at-extend-no-missing-placeholder": null, - "at-rule-no-unknown": [ - true, - { - "ignoreAtRules": [ - "extend", - "at-root", - "debug", - "warn", - "error", - "if", - "else", - "for", - "each", - "while", - "mixin", - "include", - "content", - "return", - "function", - "tailwind", - "apply", - "responsive", - "variants", - "screen" - ] - } - ] - } +{ + "extends": "stylelint-config-standard-scss", + "rules": { + "no-empty-source": null, + "scss/comment-no-empty": null, + "scss/at-extend-no-missing-placeholder": null, + "at-rule-no-unknown": [ + true, + { + "ignoreAtRules": [ + "extend", + "at-root", + "debug", + "warn", + "error", + "if", + "else", + "for", + "each", + "while", + "mixin", + "include", + "content", + "return", + "function", + "tailwind", + "apply", + "responsive", + "variants", + "screen" + ] + } + ] + } } \ No newline at end of file From 430469c114773e640119db588896543dc5a89f31 Mon Sep 17 00:00:00 2001 From: "Victor M. Alvarez" Date: Mon, 9 Feb 2026 18:33:02 +0100 Subject: [PATCH 3/3] ci: remove CodeQL workflow. --- .github/workflows/codeql.yml | 69 ------------------------------------ 1 file changed, 69 deletions(-) delete mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index 6c536c61d..000000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,69 +0,0 @@ -name: "CodeQL" - -on: - push: - branches: [ "main" ] - pull_request: - branches: [ "main" ] - schedule: - - cron: '36 18 * * 4' - -jobs: - analyze: - name: Analyze - # Runner size impacts CodeQL analysis time. To learn more, please see: - # - https://gh.io/recommended-hardware-resources-for-running-codeql - # - https://gh.io/supported-runners-and-hardware-resources - # - https://gh.io/using-larger-runners - # Consider using larger runners for possible analysis time improvements. - runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} - timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }} - permissions: - # required for all workflows - security-events: write - - # only required for workflows in private repositories - actions: read - contents: read - - strategy: - fail-fast: false - matrix: - language: [ 'go', 'python' ] - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v3 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - - # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs - # queries: security-extended,security-and-quality - - - # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v3 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - - # If the Autobuild fails above, remove it and uncomment the following three lines. - # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. - - # - run: | - # echo "Run, Build Application using script" - # ./location_of_script_within_repo/buildscript.sh - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 - with: - category: "/language:${{matrix.language}}"