'%3e%3cpath%20d='M3.389%209.069c0-.009.043-.033.029-.044L.029%207.77l3.287-1.197L6.574%207.77l.106.083.005%204-3.297%201.185V9.068ZM13.582%209.32V2.74l3.405%201.238v4.104L13.583%209.32ZM10.253%2014.66l-3.476%201.268v-4.027l3.476-1.313v4.072ZM10.253%2010.558l-3.476%201.239V7.784l3.476-1.268v4.042ZM10.253%2014.719v3.968L6.777%2020v-3.998l3.476-1.283ZM17%208.139v4.042l-3.418%201.239V9.378L17%208.138ZM3.3%2017.168%200%2015.943v-4.027l3.3%201.224v4.028ZM6.69%2011.916v4.027l-3.302%201.225v-4.072l3.301-1.18ZM6.69%203.743v4.012l-3.33-1.21V2.564l3.33%201.18Z'/%3e%3cpath%20d='M3.3%2013.066%200%2011.842V7.844l3.3%201.224v3.998ZM13.524%209.334l-.175.088.175-.014v4.027l-3.152%201.183-.06-.032v-3.983l1.986-.767-.111.006-1.876.657V6.531l3.213-1.224v4.027Zm-.263.133c-.065.008-.198.023-.233.088.065-.008.198-.023.233-.088Zm-.321.118c-.065.008-.198.023-.233.088.065-.009.198-.023.233-.088Zm-.321.118c-.066.008-.199.023-.234.088.065-.008.199-.023.234-.088ZM13.524%201.266v3.968l-3.213%201.195V2.46l3.213-1.194ZM10.253%202.475v3.968L6.777%207.726V3.743l3.476-1.268ZM8.2%204.458c-.304.064-.627.5-.708.79-.27.963.636%201.081%201.091.364.277-.437.354-1.308-.383-1.154ZM13.524%2013.51v3.983l-3.17%201.177c-.011%200-.043-.067-.043-.07v-3.895l3.213-1.195Zm-.884%201.63c-.495.085-1.068%201.015-.676%201.435.483.517%201.502-.636%201.147-1.246-.098-.169-.286-.221-.47-.19ZM10.165%202.387l-.037.065-3.395%201.249-3.345-1.212L6.88%201.21l3.285%201.178ZM13.437%201.177l-.088.073-3.057%201.127-3.034-1.082-.277-.133L10.151%200l3.286%201.177Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h17v20H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
tessl/pypi-yara-python
tessl install tessl/pypi-yara-python@3.11.0Python interface for YARA, a powerful malware identification and classification tool
Agent Success
Agent success rate when using this tile
85%
Improvement
Agent success rate improvement when using this tile compared to baseline
0.94x
Baseline
Agent success rate without this tile
90%
task.mdevals/scenario-1/
Warning Monitor for YARA Rule Scanning
Problem Statement
Build a YARA rule scanner that monitors and logs runtime warnings during file scanning operations. Your system should track situations where YARA generates warnings (such as when too many string matches occur) and provide detailed reporting about which rules and strings trigger these warnings.
Requirements
Implement a Python module that:
- Compiles YARA rules from a source string provided as input
- Scans data or files using the compiled rules
- Captures runtime warnings that occur during scanning (e.g., when a rule encounters too many matches)
- Reports warning details including:
- The type of warning that occurred
- The rule that triggered the warning
- The specific string pattern (if applicable) that caused the warning
- Returns both scan results and warning information to the caller
Input Specifications
Your module should accept:
- A string containing YARA rule definitions
- Data to scan (either raw bytes/string or a file path)
Output Specifications
Your module should return:
- A list of matches found during scanning
- A list of warnings captured during scanning, where each warning includes:
- Warning type description
- Rule name
- String identifier (if applicable)
Constraints
- You must handle cases where no warnings occur
- You must not modify the scanning behavior (i.e., continue scanning even when warnings occur)
- Warning information must be accessible after the scan completes
Dependencies { .dependencies }
yara-python { .dependency }
Python interface for YARA pattern matching engine, used for malware detection and analysis.
Test Cases
Test Case 1: Basic Warning Detection @test
File: test_warning_monitor.py
Description: Verify that warnings are captured when a rule generates too many matches.
Setup:
# Create a rule that will match many times in repetitive data
rule_source = '''
rule test_rule {
strings:
$a = "A"
condition:
$a
}
'''
# Create data with many occurrences to trigger warning
test_data = b"A" * 100000Expected Behavior:
- Scanning should complete successfully
- Warning information should be captured indicating too many matches
- The warning should reference the rule name "test_rule" and string "$a"
Test Case 2: No Warnings Scenario @test
File: test_warning_monitor.py
Description: Verify that the system handles scans with no warnings correctly.
Setup:
rule_source = '''
rule simple_rule {
strings:
$b = "rare_pattern_xyz"
condition:
$b
}
'''
test_data = b"some normal data without the pattern"Expected Behavior:
- Scanning should complete successfully
- No warnings should be captured
- The warning list should be empty
Test Case 3: Multiple Rules with Warnings @test
File: test_warning_monitor.py
Description: Verify that warnings from multiple rules are all captured.
Setup:
rule_source = '''
rule rule_one {
strings:
$x = "X"
condition:
$x
}
rule rule_two {
strings:
$y = "Y"
condition:
$y
}
'''
# Data that causes warnings for both rules
test_data = (b"X" * 50000) + (b"Y" * 50000)Expected Behavior:
- Scanning should complete successfully
- Warnings should be captured for both rule_one and rule_two
- Each warning should correctly identify its associated rule and string