Closed tstromberg closed 1 month ago
egibs
commented
1 month ago Looks like this will be a pre-req for working with Yara-X.
I ran into issues running cargo install cargo-c on macOS and had to run:
cargo clean && PATH="/usr/bin:$PATH" cargo install cargo-cto avoid using strip from Brew's binutils:
❯ which strip
/opt/homebrew/opt/binutils/bin/strip
tstromberg
commented
1 month ago Ouch. With this change, it sounds like we'd be taking on two large dependencies that we didn't have before. I think that we should save this change for a little while - at least until YARA-X is available in homebrew and the mainstream Linux distros.
Closing this for now - but I expect we'll likely resurrect it by the end of the year.
YARA now has official Go bindings:
https://virustotal.github.io/yara-x/blog/yara-is-dead-long-live-yara-x/
There are only 2-3 calls into the existing library we use - https://github.com/hillu/go-yara - but I'm sure the data structure it returns has some differences that will need to be resolved.
Here's where I would start making the change:
https://github.com/chainguard-dev/bincapz/blob/996ba4c2c19d42694937f9b50af3bbc74b2ca3af/pkg/compile/compile.go#L59
This function, which converts YARA results into an internal FileReport struct will also need changes:
https://github.com/chainguard-dev/bincapz/blob/996ba4c2c19d42694937f9b50af3bbc74b2ca3af/pkg/report/report.go#L275