Skip to content

CHANGELOG.md

Latest commit

 

History

History
76 lines (58 loc) · 3.87 KB

CHANGELOG.md

File metadata and controls

76 lines (58 loc) · 3.87 KB

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

1.0.0 - 2025-05-17

The boreal CLI tool has been improved and reworked greatly. It now uses subcommands to distinguish the different invocation modes:

  • The yr subcommand guarantees the same interface as the yara CLI tool. All the yara options are supported (except for --atom-quality-table).

  • The scan subcommand is the main subcommand, with globally the same interface but with less ambiguous invocation with multiple rule files, which are specified using the -f flag:

    boreal -f rule1.yar -f rule2.yar file_to_scan

  • The save subcommand can be used to serialize the compiled rules into a file, an equivalent to yarac.

  • The load subcommand can be used to load serialized compiled rules and use it to scan inputs.

  • The list-modules is the equivalent to the -M flag which lists the available modules.

Breaking changes:

  • Reworked boreal-cli to use subcommands #222.

Added

  • Allow passing multiple rules file and specifying namespace #223.
  • Added save subcommand and load subcommand (-C/--compiled-rules in yr subcommand to respectively save compiled rules into a file and load compiled rules from a file. This mirrors the yarac binary and the -C option in yara 54b01f2.
  • Added -n/--negate option to print non matching rules, mirroring the equivalent in the yara CLI tool 9fc0d73.
  • Added -c/--count option to print the number of matching rules (or non matching if negated), mirroring the equivalent in the yara CLI tool 28722ec.
  • Added -l/--max-rules option to abort the scan once a certain number of rules has matched (or not matched if negated), mirroring the equivalent in the yara CLI tool 5fc7ac5.
  • Added --max-strings-per-rule to fail compilation if a rule contains too many strings, mirroring the equivalent in the yara CLI tool b48f8cf
  • Added -X/--print-xor-key to display xor key used on string match, mirroring the equivalent in the yara CLI tool 35bf7c4.
  • Added --string-max-nb-matches to display a warning when a string has too many matches bda80aa.
  • Added -x/--module-data option to specify options for modules. This only works on the cuckoo module 5997546.
  • Accept but ignore some arguments for yara compatibility #224.

Updated

  • Use callback API to print matching rules as it happens instead of once the scan is done d6eae09.

Fixed

  • The module data dump flag (-D) now dumps the "static" values of a module, i.e. the values that do not depend on the scan #225.

Before 1.0.0

See the global CHANGELOG file for older versions.