Closed struppigel closed 1 month ago
The problem here is that the output file was being passed as the last positional argument. When you use wildcards in your input path, the shell expand it to multiple input paths. As the output path is missing, the program uses the last positional argument as the output path, even if it was actually an input.
I've changed the compile
command to use the --output
option for receiving the output path. If the option is missing the output will be written to output.yarc
.
I just executed the following on PowerShell terminal when testing yara-x for the first time.
yr.exe compile ./signatures/*
As a result of running this command one arbitrary file in the signature folder was replaced with the compiled version of all files.
Obviously I should have specified an output file, but this behavior destroys a signature file without asking. This can happen on accident and may result in lost work. The user might not notice until much later and may not be able to trace it back to using yr.exe. The output of the tool does not say which file was overwritten.