tessl/pypi-yara-python

Python interface for YARA, a powerful malware identification and classification tool

Overall
score

85%

Evaluation — 85%

↓ 0.94x

Agent success when using this tile

Overview

Eval results

Files

{
  "context": "This criteria evaluates how well the engineer uses yara-python's duplicate metadata handling feature to extract and aggregate metadata from YARA rules. The focus is on proper use of the allow_duplicate_metadata parameter and correct metadata extraction from match objects.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Rule compilation",
      "description": "Uses yara.compile() to compile the YARA rule source string",
      "max_score": 15
    },
    {
      "name": "Scanning with data",
      "description": "Calls the match() method on the compiled rules object with the scan_data parameter to scan the provided data",
      "max_score": 15
    },
    {
      "name": "Duplicate metadata parameter",
      "description": "Uses allow_duplicate_metadata=True parameter in the match() call to enable collection of duplicate metadata values as lists",
      "max_score": 40
    },
    {
      "name": "Metadata extraction",
      "description": "Accesses the .meta attribute on match objects to extract metadata dictionaries from matched rules",
      "max_score": 20
    },
    {
      "name": "Result structure",
      "description": "Returns a list of dictionaries containing 'rule' (the rule name) and 'metadata' (the metadata dict) for each match, correctly preserving the structure where duplicate keys have list values",
      "max_score": 10
    }
  ]
}

Install with Tessl CLI

npx tessl i tessl/pypi-yara-python

tessl/pypi-yara-python

rubric.json.css-3qkkll{font-size:var(--chakra-font-sizes-sm);font-weight:var(--chakra-font-weights-normal);color:var(--chakra-colors-gray-300);}evals/scenario-4/

rubric.jsonevals/scenario-4/