Closed tlansec closed 2 months ago
Just discussed this with @tlansec elsewhere and this does what he wants (and posting here for those that may be interested in seeing how it works):
wxs@mbp yara-python % PYTHONPATH=./build/lib.macosx-10.9-universal2-3.9 python3 -c 'import yara; rules = yara.compile(source="rule a { strings: $a = /C:\\Users\\[^\\]+\\test.txt/ condition: $a }"); print(rules.warnings)'
[]
wxs@mbp yara-python % PYTHONPATH=./build/lib.macosx-10.9-universal2-3.9 python3 -c 'import yara; rules = yara.compile(source="rule a { strings: $a = /C:\\Users\\[^\\]+\\test.txt/ condition: $a }", strict_escape=True); print(rules.warnings)'
['line 1: unknown escape sequence']
wxs@mbp yara-python % PYTHONPATH=./build/lib.macosx-10.9-universal2-3.9 python3 -c 'import yara; rules = yara.compile(source="rule a { strings: $a = /C:\\Users\\[^\\]+\\test.txt/ condition: $a }", strict_escape=True, error_on_warning=True); print(rules.warnings)'
Traceback (most recent call last):
File "<string>", line 1, in <module>
yara.WarningError: ['line 1: unknown escape sequence']
wxs@mbp yara-python %
By default you get no warnings. If you set strict_escape
to True you get warnings. If you have error_on_warning
set it will generate a compiler error.
It just isn't in the docs, he is going to send a PR for it. I suspect this can be closed.
PR is here:
https://github.com/VirusTotal/yara/pull/2079
Sorry for the run around on this one. Closing this out.
I'd like to be able to do something like this:
And then raise errors as appropriate if they fail the --strict-escape test.
Thanks, Tom