YARA Rule Compiler with Include Management

A command-line tool that compiles YARA rules with support for include directives and configurable include processing.

Capabilities

Compile rules with includes enabled

• Compiling a rule that contains an include directive with includes enabled successfully loads the included rule file. @test
• When includes are enabled, the compiled rules can reference definitions from the included file. @test

Compile rules with includes disabled

• Compiling a rule that contains an include directive with includes disabled treats the include as if it doesn't exist. @test
• When includes are disabled, attempting to reference definitions from an included file results in a compilation error. @test

Handle include errors gracefully

• When an included file does not exist and includes are enabled, the compilation fails with an appropriate error message. @test

Implementation

@generates

The tool should accept command-line arguments:

• --rule-file: Path to the main YARA rule file
• --enable-includes: Flag to enable include processing (default: enabled)
• --disable-includes: Flag to disable include processing
• --output: Optional path to save compiled rules

The tool should compile the specified YARA rule file and print a success message or error details.

API

def compile_rules(rule_file_path: str, includes_enabled: bool = True) -> object:
    """
    Compiles YARA rules from a file with configurable include processing.

    Args:
        rule_file_path: Path to the YARA rule file to compile
        includes_enabled: Whether to process include directives (default: True)

    Returns:
        Compiled YARA rules object

    Raises:
        Exception: If compilation fails or file not found
    """
    pass

def main():
    """
    Main entry point for the command-line tool.
    Parses arguments and compiles the specified YARA rule file.
    """
    pass

Dependencies { .dependencies }

yara-python { .dependency }

Provides YARA pattern matching and rule compilation support.