{
  "context": "This criteria evaluates how well an engineer uses the yara-python package to implement process scanning functionality. The focus is on proper use of YARA's process scanning API, rule compilation, and match result processing.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Rule Compilation",
      "description": "Uses yara.compile() to compile rules from the file path (e.g., yara.compile(filepath=rules_file) or yara.compile(file=...))",
      "max_score": 20
    },
    {
      "name": "Process Scanning",
      "description": "Uses the Rules.match() method with the pid parameter to scan process memory (e.g., rules.match(pid=pid))",
      "max_score": 30
    },
    {
      "name": "Match Result Extraction",
      "description": "Extracts rule names from match objects correctly (e.g., iterating through matches and accessing match.rule attribute)",
      "max_score": 20
    },
    {
      "name": "File Existence Check",
      "description": "Validates that the rules file exists before attempting to compile, raising ValueError when missing",
      "max_score": 10
    },
    {
      "name": "Process Error Handling",
      "description": "Catches and handles yara.Error exceptions during process scanning and raises RuntimeError for non-existent or inaccessible processes",
      "max_score": 15
    },
    {
      "name": "Empty Match Handling",
      "description": "Returns an empty list when no rules match the scanned process",
      "max_score": 5
    }
  ]
}