No warning triggered with bad rules in yara-python

[tlansec]

Hey,

Given a bad rule, fail.yar:

rule foo
{
    strings:
        $a = /[a-z]{4}/

    condition:
        $a
}

I would expect the following script to print an error message, but it does not:

import yara

with open('fail.yar' ,'r') as infile:
    data = infile.read()

m = yara.compile(source=data)

I saw there is an option for "error_on_warning" - but there seems to be no option to simply print the warning or inspect it if i dont want the operation to fail. I had expected that one of the following might be possible:

1. An attribute on 'm' might be set containing details of any warnings
2. yara.compile() might spit out a warning message to stdout

But it seems neither of these happens, so my only option is to do something like this which involves compiling the rules twice:

    try:
        c = yara.compile(source=rule_data, error_on_warning=True)
    except yara.WarningError as e:
        logger.error(str(e))
        c = yara.compile(source=rule_data)
    return c

I would like to propose that either:

1. When there is a warning an attribute is set on the compiled rules object OR
2. That yara.compile() prints an error somehow when a warning is raised during compilation.

Cheers, Tom

[wxsBSD]

I don't think dumping something to stdout or stderr (option 2) is a good idea, because we don't give users an option to handle it first, like we do with earnings during run time.

The idea of an attribute is a better option and should be easy to implement. If @plusvic thinks this is a good idea I can implement it pretty quickly.

[plusvic]

I agree that printing the warning to stderr is not a good solution because the user don't have control over it. I like the idea of adding a new attribute.