Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merged code in the issue #157 does not work #174

Open
rakovskij-stanislav opened this issue Mar 1, 2021 · 2 comments
Open

Merged code in the issue #157 does not work #174

rakovskij-stanislav opened this issue Mar 1, 2021 · 2 comments

Comments

@rakovskij-stanislav
Copy link

Summary: the Issue #157 was about printing all the warnings with "error_on_warning" enabled. But at the example below we can see that it does not work at the newest version of yara-python.

Yara ruleset:

rule bad_rule1
{
    meta:
        author = "Rakovskij Stanislav / disasm.me"
        date = "01.03.2021"
        description = "Rule that uses bad wilecards to raise yara warning"
    strings:
        $ = {00 [32] 00}
    condition:
        any of them
}

rule bad_rule2
{
    meta:
        author = "Rakovskij Stanislav / disasm.me"
        date = "01.03.2021"
        description = "Rule that uses bad wilecards to raise yara warning"
    strings:
        $ = {00 [32] 00}
    condition:
        any of them
}

Output:

/m/d/test_yara_speed> ./yara64.exe bad_rule.yar random_100Mb.bin
bad_rule.yar(8): warning in rule "bad_rule1": $ is slowing down scanning
bad_rule.yar(20): warning in rule "bad_rule2": $ is slowing down scanning
bad_rule1 random_100Mb.bin
bad_rule2 random_100Mb.bin
/m/d/test_yara_speed> python3 -c "import yara; yara.compile('bad_rule.yar', error_on_warning=True)"
Traceback (most recent call last):
  File "<string>", line 1, in <module>
yara.WarningError: bad_rule.yar(20): $ is slowing down scanning  // <- expected two warnings - on lines 8 and 20, got only the last one. 
/m/d/test_yara_speed [1]> ./yara64.exe -v
4.0.5
/m/d/test_yara_speed> python3 -m pip install yara-python
Requirement already satisfied: yara-python in /home/user/.local/lib/python3.8/site-packages (4.0.5)
@regeciovad
Copy link
Contributor

Thank you for testing. For some reason, my changes are not present in the current release. If you install v4.0.5 locally from the repository, your example works fine. @plusvic, @wxsBSD could you please check this out? It seems that the file yara-python.c is the same in all releases from 4.0.3 up.

@wxsBSD
Copy link
Contributor

wxsBSD commented Mar 3, 2021

There is a v4.0.x branch in both repositories, where the latest 4.0.x releases have been coming from. What is in master now will eventually become 4.1.0 (most likely). When that will happen is unknown to me right now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@wxsBSD @regeciovad @rakovskij-stanislav