yara-x icon indicating copy to clipboard operation
yara-x copied to clipboard
verified publisher icon VirusTotal

feat: implement `dex` module

Open delvinru opened this issue 5 months ago • 4 comments

Hi, I have implemented the dex module.

The current version is incompatible with the old version, because in that implementation there were not very convenient methods and names of exported variables.

What has been changed:

  • Added new method checksum for computing adler-32 checksum;
  • Added new method signature for computing sha-1 signature;
  • Added new methods: contains_strings, contains_methods, contains_classes - honestly, I doubt their usefulness, but I decided to leave them, because binary search is used under the hood, since the strings are guaranteed to be sorted by the format itself;
  • Methods removed: has_method_string, has_method_and_class_string, has_method_regexp, has_method_and_class_regexp, has_class_string, has_class_regexp (as far as I can see on github, no one used them anyway); And in practice, quite useless calls;
  • Changed access to strings, methods, types, protos and classes. I've made them more informative and user-friendly, unlike the previous implementation;
  • Added documentation, because on https://yara.readthedocs.io / there is no information about dex module;

Fuzzing testing was started locally, all errors were fixed, but I do not exclude that something else will be revealed during a long run.

Since the most difficult thing in programming is to come up with a name for variables, if there are suggestions about names in proto, then I'm ready for discussion.

delvinru avatar Sep 24 '25 14:09 delvinru

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

google-cla[bot] avatar Sep 24 '25 14:09 google-cla[bot]

@plusvic Hi, there are a lot of clippy errors in the pipeline that are not related to my code (or any my changes)

It's better to fix them in the master, and then merge them into this branch, rather than the other way around.

delvinru avatar Oct 15 '25 07:10 delvinru

@plusvic Hi, does this MR look okay, or do I need to add something else to merge it?

delvinru avatar Oct 21 '25 13:10 delvinru

@plusvic Hi, does this MR look okay, or do I need to add something else to merge it?

I'm running the fuzzer a little bit before merging it.

plusvic avatar Oct 21 '25 15:10 plusvic

@plusvic hi, any updates?

delvinru avatar Nov 18 '25 09:11 delvinru