[package] name = "boreal" version = "0.9.0" description = "A library to evaluate YARA rules, used to scan bytes for textual and binary pattern" repository = "https://github.com/vthib/boreal" readme = "README.md" license = "MIT OR Apache-2.0" keywords = ["boreal", "yara", "string-matching", "scan"] categories = ["text-processing"] edition = "2021" # MSRV rust-version = "1.66" exclude = ["/tests"] [features] default = ["hash", "object", "memmap", "process", "authenticode"] # Enables the "hash" module. hash = ["dep:md-5", "dep:sha1", "dep:sha2", "dep:crc32fast", "dep:tlsh2"] # Enables the "pe", "elf" and "macho" modules. # # The "pe" module is missing signatures details unless the `authenticode` feature # is enabled. object = ["dep:object"] # Enables the "magic" module. magic = ["dep:magic", "yara/module-magic"] # Enables the "cuckoo" module. cuckoo = ["dep:serde_json", "yara/module-cuckoo"] # Enables the "pe.signatures" module field. # The `object` feature must also be enabled to get access to the "pe" module. authenticode = ["dep:const-oid", "dep:der", "dep:md-5", "dep:sha1", "dep:sha2"] # Enables the "pe.is_signed", "pe.signatures[*].verified" and # "pe.signatures[*].countersignatures[*].verified" module fields. authenticode-verify = ["dep:rsa", "dep:dsa", "dep:p256", "dep:p384", "dep:spki", "md-5?/oid", "sha1?/oid", "sha2?/oid"] # Adds an API to scan files using memory maps. memmap = ["dep:memmap2"] # Adds APIs to scan process memories. process = ["dep:libc", "dep:windows-sys", "dep:mach2"] # Enables computation of statistics during scanning. profiling = [] [dependencies] boreal-parser = { path = "../boreal-parser", version = "0.6.0" } # Proper error reporting on compilation codespan-reporting = "0.11" # Scanning for bytes aho-corasick = "1.1" memchr = "2.7" # Remove unicode feature regex-automata = { version = "0.4", default-features = false, features = ["std", "syntax", "perf", "meta", "nfa", "dfa", "hybrid"] } # No default features to disable unicode, we do not need it regex-syntax = { version = "0.8", default-features = false } # "hash" feature crc32fast = { version = "1.4", optional = true } md-5 = { version = "0.10", optional = true } sha1 = { version = "0.10", optional = true } sha2 = { version = "0.10", optional = true } tlsh2 = { version = "0.4", optional = true } # "object" feature object = { version = "0.36", optional = true, default-features = false, features = ["read"] } # "authenticode" feature const-oid = { version = "0.9", optional = true, features = ["db"] } der = { version = "0.7", optional = true, features = ["derive", "oid", "std"] } # "authenticode-verify" feature dsa = { version = "0.6", optional = true, default-features = false } rsa = { version = "0.9", optional = true, default-features = false } p256 = { version = "0.13", optional = true, default-features = false, features = ["ecdsa", "pem"] } p384 = { version = "0.13", optional = true, default-features = false, features = ["ecdsa", "pem"] } spki = { version = "0.7", optional = true, default-features = false } # "memmap" feature memmap2 = { version = "0.9", optional = true } # "magic" feature magic = { version = "0.16", optional = true } # "cuckoo" feature serde_json = { version = "1.0", optional = true } [target.'cfg(target_os = "linux")'.dependencies] libc = { version = "0.2", optional = true } [target.'cfg(target_os = "macos")'.dependencies] libc = { version = "0.2", optional = true } mach2 = { version = "0.4", optional = true } [target.'cfg(windows)'.dependencies] windows-sys = { version = "0.59", optional = true, features = [ "Win32_Foundation", # LookupPrivilegeValue, AdjustTokenPrivileges "Win32_Security", # ReadProcessMemory "Win32_System_Diagnostics_Debug", # VirtualQueryEx "Win32_System_Memory", # GetCurrentProcess, OpenProcess, OpenProcessToken, "Win32_System_Threading", ] } [dev-dependencies] base64 = "0.22" glob = "0.3.1" tempfile = "3.12" yara = { version = "0.29", features = ["vendored"] } [package.metadata.docs.rs] features = ["authenticode", "memmap", "magic", "cuckoo"] [lints.rust] unexpected_cfgs = { level = "warn", check-cfg = ['cfg(coverage_nightly)'] }