tessl/pypi-yara-python

Python interface for YARA, a powerful malware identification and classification tool

Overall
score

85%

Evaluation — 85%

↓ 0.94x

Agent success when using this tile

Overview

Eval results

Files

{
  "context": "This criteria evaluates how well the engineer uses the yara-python package to load pre-compiled YARA rules and scan files. The focus is on correct usage of yara.load() for rule deserialization and the Rules.match() method for file scanning.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Uses yara.load()",
      "description": "Uses the yara.load() function to load pre-compiled rules from a file. The function should be called with either the 'filepath' parameter or 'file' parameter to load the compiled rules.",
      "max_score": 40
    },
    {
      "name": "Correct filepath parameter",
      "description": "Passes the compiled_rules_path to yara.load() using the correct parameter name ('filepath' for file path or 'file' for file object). This should be called during scanner initialization.",
      "max_score": 10
    },
    {
      "name": "Stores Rules object",
      "description": "Stores the Rules object returned by yara.load() as an instance variable for later use in scanning operations. The Rules object must be retained to enable subsequent file scanning.",
      "max_score": 10
    },
    {
      "name": "Uses Rules.match()",
      "description": "Calls the match() method on the Rules object returned by yara.load() to scan files. The match() method should be called with the 'filepath' parameter to scan a file.",
      "max_score": 20
    },
    {
      "name": "Correct match filepath",
      "description": "Passes the file path to Rules.match() using the 'filepath' parameter (not 'data' or 'pid'). This enables efficient file scanning without loading the entire file into memory.",
      "max_score": 5
    },
    {
      "name": "Extracts match.rule",
      "description": "Accesses the 'rule' attribute from each Match object to get the rule name. This is a required field in the output specification.",
      "max_score": 5
    },
    {
      "name": "Extracts match.namespace",
      "description": "Accesses the 'namespace' attribute from each Match object to get the rule namespace. Handles cases where namespace might be None or empty string correctly.",
      "max_score": 5
    },
    {
      "name": "Extracts match.tags",
      "description": "Accesses the 'tags' attribute from each Match object to get the rule tags. Returns tags as a list, handling cases where there are no tags (empty list).",
      "max_score": 5
    }
  ]
}

Install with Tessl CLI

npx tessl i tessl/pypi-yara-python

tessl/pypi-yara-python

rubric.json.css-3qkkll{font-size:var(--chakra-font-sizes-sm);font-weight:var(--chakra-font-weights-normal);color:var(--chakra-colors-gray-300);}evals/scenario-7/

rubric.jsonevals/scenario-7/