feat: move process scan behind a feature flag

boreal/Cargo.toml

@@ -12,7 +12,7 @@ edition = "2021"
 rust-version = "1.65"
 
 [features]
-default = ["hash", "object", "memmap"]
+default = ["hash", "object", "memmap", "process"]
 
 # Enables the "hash" module.
 hash = ["md-5", "sha1", "sha2", "hex", "crc32fast", "tlsh2"]
@@ -30,6 +30,9 @@ authenticode = ["dep:authenticode-parser"]
 # Adds an API to scan files using memory maps.
 memmap = ["dep:memmap2"]
 
+# Adds APIs to scan process memories.
+process = ["dep:libc", "dep:windows"]
+
 # Enables computation of statistics during scanning.
 profiling = []
 
@@ -43,7 +46,6 @@ codespan-reporting = "0.11"
 aho-corasick = "1.0"
 memchr = "2.5"
 # Remove unicode feature
-# TODO: regex only enables dfa-onepass, and not all of dfa. Check which option we want.
 regex-automata = { version = "0.4", default-features = false, features = ["std", "syntax", "perf", "meta", "nfa", "dfa", "hybrid"] }
 # No default features to disable unicode, we do not need it
 regex-syntax = { version = "0.8", default-features = false }
@@ -69,10 +71,10 @@ authenticode-parser = { version = "0.3", optional = true }
 memmap2 = { version = "0.9", optional = true }
 
 [target.'cfg(target_os = "linux")'.dependencies]
-libc = "0.2"
+libc = { version = "0.2", optional = true }
 
 [target.'cfg(windows)'.dependencies]
-windows = { version = "0.48", features = [
+windows = { version = "0.48", optional = true, features = [
     "Win32_Foundation",
     # ReadProcessMemory
     "Win32_System_Diagnostics_Debug",

boreal/README.md

@@ -193,9 +193,11 @@ of all signatures, imports, exports, resources, etc on every scan.
 
 ## crate feature flags
 
-- `hash`: adds dependencies to compute hashes, enables the `hash` module and the `pe.imphash()` function
-  if the `object` feature is also enabled.
-- `object`: add dependencies to parse object files, enables the `elf`, `macho` and `pe` module.
-- `openssl`: add dependency on openssl, enables the `signatures` part of the `pe` module.
-
-By default, `hash` and `object` are enabled, `openssl` is not.
+- `object`: enables the `elf`, `macho` and `pe` module.
+- `hash`: enables the `hash` module, as well as the `pe.imphash()` function if the `object`
+  feature is also enabled.
+- `authenticode`: this enables the `signatures` part of the `pe` module. This adds
+  a dependency on OpenSSL.
+- `process`: enables the process scanning API.
+
+By default, `hash`, `object` and `process` are enabled, `authenticode` is not.

boreal/src/scanner/mod.rs

@@ -18,6 +18,8 @@ mod error;
 pub use error::ScanError;
 mod params;
 pub use params::ScanParams;
+
+#[cfg(feature = "process")]
 mod process;
 
 /// Holds a list of rules, and provides methods to run them on files or bytes.
@@ -199,6 +201,7 @@ impl Scanner {
     ///
     /// FIXME improve this doc
     #[doc(hidden)]
+    #[cfg(feature = "process")]
     pub fn scan_process(&self, pid: u32) -> Result<ScanResult, (ScanError, ScanResult)> {
         match process::process_memory(pid) {
             Ok(memory) => self.inner.scan(

boreal/tests/it/main.rs

@@ -31,6 +31,7 @@ mod fragmented;
 mod limits;
 
 // Tests related to process memory scanning
+#[cfg(feature = "process")]
 mod process;
 
 // Tests related to modules

boreal/tests/it/utils.rs

@@ -320,6 +320,7 @@ impl Checker {
     }
 
     #[track_caller]
+    #[cfg(feature = "process")]
     pub fn check_process_full_matches(&mut self, pid: u32, expected: FullMatches) {
         // We need to compute the full matches for this test
         {
@@ -451,6 +452,7 @@ impl Checker {
     }
 
     #[track_caller]
+    #[cfg(feature = "process")]
     pub fn check_process(&mut self, pid: u32, expected_res: bool) {
         let res = match self.scanner.scan_process(pid) {
             Ok(v) => {