Describe the bug
If scanning with multiple threads, rules with console.log() in the conditions don't print their output next to the matching rule name but mix it up. Example condition:
math.deviation(500, filesize-500, 89.0) > 70 and
console.log("high deviation") and
console.log(math.deviation(500, filesize-500, 89.0))
Scanning with one process works properly:
$ yara -p 1 -rN gen_webshells.yar .
high deviation
77.029977
webshell_php_dynamic_big ./4057005718bb18b51b02d8b807265f8df821157ac47f78ace77f21b21fc77232.php
high deviation
70.883113
webshell_php_dynamic_big ./87c89be13135df949fe97886e644ccf45087c70f41d3a9f38b4a76b8ce07e1bc.php
Scanning with multiple processes mixes the output, not always but sometimes:
$ yara -p 4 -rN gen_webshells.yar .
high deviation
77.029977
high deviation
70.883113
webshell_php_dynamic_big ./4057005718bb18b51b02d8b807265f8df821157ac47f78ace77f21b21fc77232.php
webshell_php_dynamic_big ./87c89be13135df949fe97886e644ccf45087c70f41d3a9f38b4a76b8ce07e1bc.php
I assume there is some way to lock the output because matching variables printed with yara -s don't get mixed up, so the fix might just be to keep that lock until the conditions are finished.
To Reproduce
see above
Expected behavior
Always have the same output as with -p 1
Please complete the following information:
OS: Linux
YARA version: 4.3.0
Additional context
Add any other context about the problem here.
Describe the bug If scanning with multiple threads, rules with console.log() in the conditions don't print their output next to the matching rule name but mix it up. Example condition:
Scanning with one process works properly:
Scanning with multiple processes mixes the output, not always but sometimes:
I assume there is some way to lock the output because matching variables printed with yara -s don't get mixed up, so the fix might just be to keep that lock until the conditions are finished.
To Reproduce see above
Expected behavior Always have the same output as with -p 1
Please complete the following information:
Additional context Add any other context about the problem here.