search

VirusTotal / yara-python

The Python interface for YARA
http://virustotal.github.io/yara/
Apache License 2.0
650 stars 179 forks source link

Adding YARA Statistics #228

Closed Derekt2 closed 10 months ago

Derekt2 commented 1 year ago

This adds YARA statistics to this python library. Addresses: https://github.com/VirusTotal/yara-python/issues/224

After a ruleset is compiled, a new method may be called .stats() as follows:

import yara

rule = yara.compile(
    source=(
        'rule foo: bar {strings: $a = "dsfsd" condition: $a} rule foo1: bar {strings:'
        ' $a = "dsfsd" condition: $a}'
    )
)
matches = rule.match(data="abcdefgjiklmnoprstuvwxyz")
print(rule.stats())

which produces output: {'num_rules': 2, 'num_strings': 2, 'ac_matches': 2, 'ac_tables_size': 512} exactly as if you used the YARA command line flag --print-stats

I verified the code works locally, but apologies if I missed styling or best practices as this is my first stab at C.

Derekt2 commented 1 year ago

bumping this one last time before I close it. Is this helpful?

plusvic commented 1 year ago

This doesn't seem to have too much demand. ac_matches and ac_tables_size are very low-level, and most people won't understand what it means. num_rules and num_strings are a bit more useful, but is probably insufficient for any useful purpose. The --print-stats is there mostly for YARA developers that need to have some basic information about the compiled rules.