feat: remove authenticode-parser dependency and clean API

Remove all the unsafe code that was needed because of the authenticode-parser init conditions. Feels good.
vthib · Jun 1, 2024 · 21c5cd7 · 21c5cd7
1 parent f9521c5
commit 21c5cd7
Show file tree

Hide file tree

Showing 8 changed files with 226 additions and 365 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/boreal-cli/src/main.rs b/boreal-cli/src/main.rs
@@ -252,11 +252,6 @@ fn main() -> ExitCode {
     let mut scanner = {
         let rules_file: PathBuf = args.remove_one("rules_file").unwrap();
 
-        #[cfg(feature = "authenticode")]
-        // Safety: this is done before any multithreading context, so there is no risk of racing
-        // other calls into OpenSSL.
-        let mut compiler = unsafe { Compiler::new_with_pe_signatures() };
-        #[cfg(not(feature = "authenticode"))]
         let mut compiler = Compiler::new();
 
         let no_console_logs = args.get_flag("no_console_logs");

diff --git a/boreal/Cargo.toml b/boreal/Cargo.toml
@@ -32,7 +32,7 @@ cuckoo = ["dep:serde_json", "yara/module-cuckoo"]
 
 # Enables the "pe.signatures" module field.
 # The `object` feature must also be enabled to get access to the "pe" module.
-authenticode = ["dep:authenticode-parser", "dep:const-oid", "dep:der"]
+authenticode = ["dep:const-oid", "dep:der"]
 
 # Adds an API to scan files using memory maps.
 memmap = ["dep:memmap2"]
@@ -68,7 +68,6 @@ tlsh2 = { version = "0.3", optional = true }
 object = { version = "0.35", optional = true, default-features = false, features = ["read"] }
 
 # "authenticode" feature
-authenticode-parser = { version = "0.5", optional = true }
 const-oid = { version = "0.9", optional = true, features = ["db"] }
 der = { version = "0.7", optional = true, features = ["derive", "oid", "std"] }
 

diff --git a/boreal/src/compiler/mod.rs b/boreal/src/compiler/mod.rs
@@ -123,71 +123,10 @@ impl Compiler {
     /// Modules disabled by default:
     /// - `console`
     ///
-    /// However, the pe module does not include signatures handling. To include it, you should have
-    /// the `authenticode` feature enabled, and use [`Compiler::new_with_pe_signatures`]
-    ///
     /// To create a compiler without some or all of those modules, use [`Compiler::default`] to
     /// create a [`Compiler`] without any modules, then add back only the desired modules.
     #[must_use]
     pub fn new() -> Self {
-        #[allow(unused_mut)]
-        let mut this = Self::new_without_pe_module();
-
-        #[cfg(feature = "object")]
-        let _r = this.add_module(crate::module::Pe::default());
-
-        this
-    }
-
-    /// Create a new object to compile YARA rules, including the pe module with signatures.
-    ///
-    /// # Safety
-    ///
-    /// The authenticode parsing requires creating OpenSSL objects, which is not thread-safe and
-    /// should be done while no other calls into OpenSSL can race with this call. Therefore,
-    /// this function should for example be called before setting up any multithreaded environment.
-    ///
-    /// You can also directly create the Pe module early, and add it to a compiler later on.
-    ///
-    /// ```
-    /// // Safety: called before setting up multithreading context.
-    /// let mut compiler = unsafe { boreal::Compiler::new_with_pe_signatures() };
-    ///
-    /// // Setup multithreading runtime
-    ///
-    /// // Later on, in any thread:
-    /// compiler.add_rules_str("...");
-    ///
-    /// // Or
-    ///
-    /// // Safety: called before setting up multithreading context.
-    /// let pe_module = unsafe { boreal::module::Pe::new_with_signatures() };
-    ///
-    /// // Setup multithreading runtime
-    ///
-    /// // Later on, in any thread:
-    /// let mut compiler = boreal::Compiler::new_without_pe_module();
-    /// compiler.add_module(pe_module);
-    /// ```
-    #[cfg(all(feature = "object", feature = "authenticode"))]
-    #[must_use]
-    pub unsafe fn new_with_pe_signatures() -> Self {
-        let mut this = Self::new_without_pe_module();
-
-        let _r = this.add_module(
-            // Safety: guaranteed by the safety contract of this function
-            unsafe { crate::module::Pe::new_with_signatures() },
-        );
-
-        this
-    }
-
-    /// Create a new object to compile YARA rules, without the pe module.
-    ///
-    /// This is useful when needing to add the Pe module with signatures parsing enabled, see
-    /// [`crate::module::Pe::new_with_signatures`]
-    #[must_use]
-    pub fn new_without_pe_module() -> Self {
         let mut this = Self::default();
 
         let _r = this.add_module(crate::module::Time);
@@ -197,6 +136,8 @@ impl Compiler {
         #[cfg(feature = "hash")]
         let _r = this.add_module(crate::module::Hash);
 
+        #[cfg(feature = "object")]
+        let _r = this.add_module(crate::module::Pe);
         #[cfg(feature = "object")]
         let _r = this.add_module(crate::module::Elf);
         #[cfg(feature = "object")]

diff --git a/boreal/src/module/mod.rs b/boreal/src/module/mod.rs
@@ -896,7 +896,7 @@ mod tests {
         {
             test_type_traits_non_clonable(Elf);
             test_type_traits_non_clonable(MachO);
-            test_type_traits(Pe::default());
+            test_type_traits_non_clonable(Pe);
         }
 
         assert_eq!(format!("{:?}", Value::Integer(0)), "Integer(0)");