Skip to content

[pull] main from VirusTotal:main#155

Merged
pull[bot] merged 3 commits into
threatcode:mainfrom
VirusTotal:main
Mar 3, 2026
Merged

[pull] main from VirusTotal:main#155
pull[bot] merged 3 commits into
threatcode:mainfrom
VirusTotal:main

Conversation

@pull
Copy link
Copy Markdown

@pull pull Bot commented Mar 3, 2026
edited
Loading

See Commits and Changes for more details.

Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

PeterMatula and others added 3 commits March 3, 2026 09:56
@PeterMatula
fix: use dunce to canonicalize path in sli scan cmd (#579)
246cf0b 
After migration, our users reported strange path prefixes with YARA-X that were not used with YARA. Looks like a known "problem" that dunce solves. There are not many canonicalizations going on in YARA-X, but I still applied this only to the one-and-only use in CLI, which is the most user-facing and I didn't want to touch compiler etc.

```
"matches": [
    {
      "rule": "hunting_interpreter_wscript",
      "file": "\\\\?\\C:\\temp\\samples\\CBDE39ACCBB9420E0F65BEDB225C89EF7909D1FEEFFDF467AA0EC8F435906E7B",
      ...
    },
    ...
```
@dependabot
chore(deps): bump wasmtime from 40.0.3 to 40.0.4 in /lib/fuzz (#580)
b8083fa 
Bumps [wasmtime](https://github.com/bytecodealliance/wasmtime) from 40.0.3 to 40.0.4.
- [Release notes](https://github.com/bytecodealliance/wasmtime/releases)
- [Changelog](https://github.com/bytecodealliance/wasmtime/blob/v40.0.4/RELEASES.md)
- [Commits](bytecodealliance/wasmtime@v40.0.3...v40.0.4)

---
updated-dependencies:
- dependency-name: wasmtime
  dependency-version: 40.0.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@wxsBSD @plusvic
feat: add "deps" command to generate a graph of rule dependencies. (#498
b0486ff 
)

Given a set of rules parse it and walk the AST to find identifiers and generate an ASCII tree that show the modules and other rules that each rule depends on.

By default it generates a graph of all the rules, but you can select any number of rules with the -r argument.

For example, given these rules:

```
rule a { condition: pe.is_dll() }
rule b { condition: a }
rule c { condition: b }
rule d { condition: false }
```

And selecting using `-r b` you get output that looks like this:

```
 a
└─ mod: pe

 b
└─ a
       └─ mod: pe

 c
└─ b
        └─ a
                └─ mod: pe

 d
```

---------

Co-authored-by: Victor M. Alvarez <vmalvarez@virustotal.com>
@pull pull Bot locked and limited conversation to collaborators Mar 3, 2026
@pull pull Bot added the ⤵️ pull label Mar 3, 2026
@pull pull Bot merged commit b0486ff into threatcode:main Mar 3, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

⤵️ pull

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@PeterMatula @wxsBSD