v3.0.0 release candidate #6
Conversation
… and YARA processing
…g YARA configuration options; update unit tests for SHA256 and file copy validation
…ify verbosity levels in README
…n dependencies; simplify YARA configuration
…GS for unit tests and build
…d Docker helper scripts for clarity
…back logic in drive enumeration
There was a problem hiding this comment.
Pull request overview
This pull request represents a major version update (2.0.0 → 3.0.0) of FastFinder with substantial modernization efforts across build automation, documentation, and platform support. The changes upgrade core dependencies (Go 1.24, YARA 4.5.5), introduce Docker-based CI/CD, add event forwarding capabilities, and completely overhaul documentation.
Key Changes:
- Modernized build system with Docker support and updated CI workflows
- Introduced concurrent scanning pipeline architecture for improved performance
- Added event forwarding system (HTTP/file) for SIEM integration
- Updated deprecated API usage (io/ioutil → io/os packages)
- Enhanced documentation with detailed compilation guides
Reviewed changes
Copilot reviewed 43 out of 47 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
go.mod / go.sum |
Updated Go to 1.24 and dependencies (YARA 4.3.4, updated libraries) |
main.go |
Added event forwarding, root path override, silent mode, removed UI parameters |
yaraprocessing.go |
Added validation for empty rule sets, updated deprecated imports |
logger.go |
Reversed verbosity scale (1=alerts only, 5=full verbosity) |
scanner_pipeline.go |
New concurrent file scanning architecture with channels |
event_forwarding.go |
New event forwarding system for HTTP/file outputs |
configuration.go |
Added YARA path resolution relative to config file |
utils_linux.go |
Added container environment detection fallback |
| Docker files | Complete Docker build system for cross-platform compilation |
| Documentation | Comprehensive rewrites of README and compilation guides |
| CI Workflows | Updated to Go 1.24, YARA 4.5.5, added unit tests |
| License | Changed from MIT to AGPL-3.0 |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| } | ||
|
|
||
| if logType == LOG_EXIT || logType >= loggingVerbosity { | ||
| if logType == LOG_EXIT || logType <= loggingVerbosity { |
There was a problem hiding this comment.
The verbosity comparison logic is inverted. The function now checks if logType is less than or equal to loggingVerbosity, but the new verbosity scale in logger.go (lines 12-17) has level 1 as most important (alerts only) and level 5 as least important (full verbosity). With this logic, if loggingVerbosity is 3 (errors, warnings, alerts), LOG_VERBOSE (5) would not be logged since 5 > 3, which is correct. However, LOG_ALERT (1) would be logged since 1 <= 3, which is also correct. Please verify this matches the intended behavior with the new reversed verbosity scale.
| func (ef *EventForwarder) rotateFile() error { | ||
| // Close current file if open | ||
| if ef.currentFile != nil { | ||
| ef.currentFile.Close() |
There was a problem hiding this comment.
File handle may be writable as a result of data flow from a call to OpenFile and closing it may result in data loss upon failure, which is not handled explicitly.
| if eventForwarder != nil { | ||
| // Close current file if open | ||
| if eventForwarder.currentFile != nil { | ||
| eventForwarder.currentFile.Close() |
There was a problem hiding this comment.
File handle may be writable as a result of data flow from a call to OpenFile and closing it may result in data loss upon failure, which is not handled explicitly.
| http: # forward app activity with HTTP POST json data | ||
| enabled: false | ||
| url: "https://your-forwarder-url.com/api/events" | ||
| ssl_verify: false |
There was a problem hiding this comment.
The sample configuration under eventforwarding.http sets ssl_verify: false while using an https:// URL, which effectively disables TLS certificate validation for HTTP event forwarding. If users copy this example as-is and enable HTTP forwarding, a man-in-the-middle on the network could intercept or tamper with security events despite HTTPS being used. To avoid encouraging insecure defaults, the example should use ssl_verify: true (and clearly document that setting it to false is only for exceptional debugging or trusted self-signed setups).
| ssl_verify: false | |
| ssl_verify: true # set to false only for debugging or trusted self-signed certificates |
This pull request introduces significant improvements to the project's build automation, documentation, and platform support. The changes modernize build workflows for both Linux and Windows, add robust Docker-based CI for cross-platform builds, and overhaul the documentation to make installation and usage clearer for end users. The most important changes are grouped below by theme.
Build Automation & CI Improvements
.github/workflows/docker_build.ymlto automate Docker-based multi-platform builds and tests, including builder, runtime, and docker-compose validation for both Linux and Windows targets.go_build_linux.ymlandgo_build_windows.ymlworkflows to use Go 1.24, install YARA v4.5.5, and run unit tests during CI, ensuring modern build environments and improved reliability. [1] [2]Documentation Overhaul
README.linux-compilation.mdwith a detailed, step-by-step guide for compiling FastFinder on Linux, including prerequisites, YARA build instructions, CGO configuration, troubleshooting, and Fedora-specific workarounds.README.mdwith clearer project overview, platform badges, installation instructions (including Docker and source builds), improved usage documentation, and screenshots for better onboarding.Platform Support & Dependency Updates
Testing Enhancements
Docker & Cross-Platform Build Improvements