search

VirusTotal / yara

The pattern matching swiss knife
https://virustotal.github.io/yara/
BSD 3-Clause "New" or "Revised" License
8.31k stars 1.45k forks source link

static secure coding #2118

Open jhjo-jhjo opened 3 days ago

jhjo-jhjo commented 3 days ago

yara is wonderful library. I am using version 4.2.3, but yara library is not complied with secure coding. what version is satisfied with secure coding?

plusvic commented 3 days ago

What do you mean exactly with secure coding?

jhjo-jhjo commented 3 days ago

as I know, secure coding can be tested in static and runtime analysis. for example, codesonar or Coverity Static Analysis !

plusvic commented 3 days ago

I still don't know what do mean exactly. I use Coverity for finding issues (https://github.com/VirusTotal/yara/blob/master/.github/workflows/coverity.yml) and also use oss-fuzz.