Thank you for your interest in contributing to CryptoTrace! We welcome contributions of all kinds, including new detection signatures, bug fixes, documentation improvements, and feature proposals.
- Code of Conduct
- Getting Started
- Development Workflow
- Adding Signatures
- Adding Detection Algorithms
- Testing Requirements
- Commit Guidelines
- Pull Request Process
- Community Providers
This project adheres to the Contributor Covenant Code of Conduct. By participating, you are expected to uphold this code.
- Fork the repository and clone your fork.
- Ensure you have Rust 1.85+ (edition 2024) installed.
- Build:
cargo build - Test:
cargo test - Create a branch for your work:
git checkout -b my-feature
- Make your changes in a feature branch.
- Add or update tests as needed.
- Run
cargo testandcargo clippyto verify correctness and style. - Run the accuracy test suites for any affected detection modules:
cargo test --test hash_accuracycargo test --test encoding_accuracycargo test --test compression_accuracy
- Submit a pull request.
Signature entries are defined in signatures/default.yaml. Each entry requires:
- id: unique-identifier
name: Human-Readable Name
magic_bytes: "HEXBYTES" # Hex-encoded magic bytes
offset: 0 # Byte offset (0-based)
category: file-type # e.g., document, image, archive
risk_level: LOW # LOW, MEDIUM, HIGH, CRITICAL
description: "Optional description of what this signature detects"Guidelines:
- Magic bytes must be at least 2 bytes (4 hex chars).
- Use unique, descriptive IDs.
- Keep categories consistent with existing entries.
- Risk levels should reflect the security implication of the format.
New detection algorithms (hash, encoding, encryption) should be added to the appropriate module under src/core/:
- Implement the detection function in the relevant module (e.g.,
hashing.rs,encoding.rs). - Add a test for both positive and negative cases.
- Follow the existing signal-based pattern: return confidence scores and supporting evidence.
- Register the new algorithm in the detection pipeline in
file.rs.
For format-level detection (file types, compression), add magic byte entries to signatures/default.yaml and detection logic to src/format/mod.rs.
- Every new function must have unit tests.
- Changes to detection heuristics require updates to the accuracy test suites in
tests/. - False positive rates should not increase beyond existing benchmarks.
- Run
cargo testbefore submitting. All tests must pass.
- Use conventional commit messages:
type(scope): description - Types:
feat,fix,docs,test,refactor,chore - Example:
feat(hashing): add SHA-512/256 detection - Keep commits focused on a single logical change.
- Ensure all tests pass and your branch is up to date with main.
- Update documentation if your change affects the public API or CLI.
- Add a changelog entry if applicable.
- Request review from a maintainer.
- Address all review feedback before merge.
If you maintain a collection of signatures relevant to the community, consider creating a community provider. See docs/community-providers.json for the registry format. Submit a pull request to add your provider to the registry.
Providers are categorized by trust level:
- verified: Reviewed and maintained by the CryptoTrace team.
- community: Maintained by third parties; reviewed for format compliance.
- experimental: New or unverified; use at your own risk.