meta in results do not mirror those in the command line tool or C API

[Northern-Lights]

Here I have a rule with a repeated meta field "key". In the results, only the latest one is shown because the meta field is returned as a dictionary.

import yara

if __name__ == '__main__':
    rs = yara.compile(source='rule test {meta: key = "val1" key="val2" condition: true}')
    m = rs.match(data="abc")
    print(m[0].meta) # {'key': 'val2'}

Here, I have the same yara rule.

rule test {
meta:
    key = "val1"
    key = "val2"
condition:
    true
}

When I run it on the CLI with the -m flag, I get the following results:

> yara -m multiple_meta.yar multiple_meta.yar
test [key="val1",key="val2"] multiple_meta.yar

I haven't seen it discussed in the issues section as of yet, but it looks like yara-python should be returning the metadata results as a list of lists like [ ["key", "val1"], ["key", "val2"] ] so that keys can be repeated as in libyara

[wxsBSD]

There's some discussion on this topic here: https://github.com/VirusTotal/yara-python/pull/74

[Northern-Lights]

:-1: on GH's search feature/capabilities... Thanks.