[pull] main from VirusTotal:main

lib/src/modules/protos/crx.proto

@@ -11,62 +11,66 @@ option (yara.module_options) = {
 };
 
 message Crx {
+  // True if the file is a valid Chrome Extension (CRX) package.
   optional bool is_crx = 1;
+  // Format version of the CRX package.
   optional uint32 crx_version = 2;
+  // Size in bytes of the binary CRX header.
   optional uint32 header_size = 3;
+  // Standard 32-character extension ID string.
   optional string id = 4;
+  // Extension version string extracted from the manifest.
   optional string version = 16;
+  // Processed extension name extracted from the manifest.
   optional string name = 5;
+  // Processed extension description extracted from the manifest.
   optional string description = 6;
+  // Raw unparsed extension name extracted from the manifest.
   optional string raw_name = 7;
+  // Raw unparsed extension description extracted from the manifest.
   optional string raw_description = 8;
+  // Minimum Chrome version requirement string from the manifest.
   optional string minimum_chrome_version = 9;
+  // Homepage URL string defined inside the manifest.
   optional string homepage_url = 10;
+  // Required runtime permissions defined inside the manifest.
   repeated string permissions = 11;
+  // Required host access permissions defined inside the manifest.
   repeated string host_permissions = 12;
+  // Optional runtime permissions defined inside the manifest.
   repeated string optional_permissions = 13;
+  // Optional host access permissions defined inside the manifest.
   repeated string optional_host_permissions = 14;
+  // Cryptographic signatures validating the package.
   repeated CrxSignature signatures = 15;
 }
 
 message CrxSignature {
+  // Public key or identifier string used in the signature.
   required string key = 1;
+  // True if the cryptographic signature successfully verified.
   required bool verified = 2;
 }
 
 message CrxFileHeader {
-  // PSS signature with RSA public key. The public key is formatted as a
-  // X.509 SubjectPublicKeyInfo block, as in CRX₂. In the common case of a
-  // developer key proof, the first 128 bits of the SHA-256 hash of the
-  // public key must equal the crx_id.
+  // PSS signature with RSA public key.
   repeated AsymmetricKeyProof sha256_with_rsa = 2;
 
-  // ECDSA signature, using the NIST P-256 curve. Public key appears in
-  // named-curve format.
-  // The pinned algorithm will be this, at least on 2017-01-01.
+  // ECDSA signature using the NIST P-256 curve.
   repeated AsymmetricKeyProof sha256_with_ecdsa = 3;
 
-  // The binary form of a SignedData message. We do not use a nested
-  // SignedData message, as handlers of this message must verify the proofs
-  // on exactly these bytes, so it is convenient to parse in two steps.
-  //
-  // All proofs in this CrxFile message are on the value
-  // "CRX3 SignedData\x00" + signed_header_size + signed_header_data +
-  // archive, where "\x00" indicates an octet with value 0, "CRX3 SignedData"
-  // is encoded using UTF-8, signed_header_size is the size in octets of the
-  // contents of this field and is encoded using 4 octets in little-endian
-  // order, signed_header_data is exactly the content of this field, and
-  // archive is the remaining contents of the file following the header.
+  // Binary form of the SignedData message payload.
   optional bytes signed_header_data = 10000;
 }
 
 message AsymmetricKeyProof {
+  // Raw bytes representation of the public key.
   optional bytes public_key = 1;
+  // Cryptographic signature bytes validating the payload.
   optional bytes signature = 2;
 }
 
 message SignedData {
-  // This is simple binary, not UTF-8 encoded mpdecimal; i.e. it is exactly
-  // 16 bytes long.
+  // Raw binary 16-byte extension identifier.
   optional bytes crx_id = 1;
 }

lib/src/modules/protos/dex.proto

@@ -11,70 +11,111 @@ option (yara.module_options) = {
 };
 
 message Dex {
+    // True if the file is a valid Dalvik Executable (DEX).
     optional bool is_dex = 1;
+    // Standard header items parsed from the binary.
     optional DexHeader header = 2;
+    // Array of strings extracted from the string pool.
     repeated string strings = 3;
+    // Data types explicitly defined in the type pool.
     repeated string types = 4;
+    // Function prototypes structured from the prototype pool.
     repeated ProtoItem protos = 5;
+    // Distinct class fields extracted from the field list.
     repeated FieldItem fields = 6;
+    // Specific subroutines and methods defined.
     repeated MethodItem methods = 7;
+    // Structured class definition objects.
     repeated ClassItem class_defs = 8;
+    // Mapping metadata table listing item offsets and sizes.
     optional MapList map_list = 9;
 }
 
 // See: https://source.android.com/docs/core/runtime/dex-format#header-item
 message DexHeader {
+    // Magic identifier characterizing the file type.
     optional uint32 magic = 1 [(yara.field_options).fmt = "x"];
-    // DEX version (35, 36, 37, ...)
+    // Format version designation (e.g., 35, 36, 37).
     optional uint32 version = 2;
+    // Standard Adler32 checksum of the remainder of the file.
     optional uint32 checksum = 3 [(yara.field_options).fmt = "x"];
+    // Cryptographic SHA-1 signature of the remaining file contents.
     optional string signature = 4;
+    // Physical size in bytes of the complete file.
     optional uint32 file_size = 5;
+    // Combined size in bytes of the binary header block.
     optional uint32 header_size = 6 [(yara.field_options).fmt = "x"];
+    // Byte ordering identifier constant.
     optional uint32 endian_tag = 7 [(yara.field_options).fmt = "x"];
+    // Physical size of the link section.
     optional uint32 link_size = 8;
+    // Offset pointing to the link section data.
     optional uint32 link_off = 9 [(yara.field_options).fmt = "x"];
+    // Size in bytes of the main data section.
     optional uint32 data_size = 23;
+    // File offset pointing to the main data block.
     optional uint32 data_off = 24 [(yara.field_options).fmt = "x"];
+    // Combined size constraint allocated for the container.
     optional uint32 container_size = 25;
+    // File offset marking the beginning of the primary header.
     optional uint32 header_offset = 26 [(yara.field_options).fmt = "x"];
 }
 
 message ProtoItem {
+    // Short-form signature representing the return and argument types.
     optional string shorty = 1;
+    // Standard data type descriptor of the return value.
     optional string return_type = 2;
+    // Total count of arguments accepted by the prototype.
     optional uint32 parameters_count = 3;
+    // Data type descriptions corresponding to each argument.
     repeated string parameters = 4;
 }
 
 message FieldItem {
+    // Name of the parent class defining the field.
     optional string class = 1;
+    // Specific data type categorization of the field.
     optional string type = 2;
+    // Descriptive string identifier assigned to the field.
     optional string name = 3;
 }
 
 message MethodItem {
+    // Parent class descriptor string containing the method.
     optional string class = 1;
+    // Signature prototype defining the function arguments and return value.
     optional ProtoItem proto = 2;
+    // Individual function name assigned to the method.
     optional string name = 3;
 }
 
 message ClassItem {
+    // Core descriptor representing the class type.
     optional string class = 1;
+    // Bitwise flags specifying accessibility constraints and attributes.
     optional uint32 access_flags = 2 [(yara.field_options).fmt = "flags:AccessFlag"];
+    // Superclass descriptor inherited by this object.
     optional string superclass = 3;
+    // Source code file name metadata string.
     optional string source_file = 4;
 }
 
 message MapList {
+    // Number of specific map item elements tracked.
     optional uint32 size = 1;
+    // Structured mapping descriptors detailing item positions.
     repeated MapItem items = 2;
 }
 
 message MapItem {
+    // Standard item classification type code.
     optional TypeCode type = 1;
+    // Reserved unused padding field.
     optional uint32 unused = 2;
+    // Total count of individual items in this section.
     optional uint32 size = 3;
+    // File offset marking the start of the designated items.
     optional uint32 offset = 4 [(yara.field_options).fmt = "x"];
 }