VirusTotal / yara

The pattern matching swiss knife
https://virustotal.github.io/yara/
BSD 3-Clause "New" or "Revised" License
8.28k stars 1.44k forks source link

module console not returning True on pe.signatures[0].subject if there is not signature #1890

Open ruppde opened 1 year ago

ruppde commented 1 year ago

Describe the bug module console not returning True on pe.signatures[0].subject if there is not signature

To Reproduce This rule doesn't match on files which don't contain a signature:

import "pe"
import "console"

rule test
{
    condition:
        console.log(pe.signatures[0].subject)
}

It hits on e.g. the signed peexe e41e10673db41b13ba17c828beb94fc39e8d3aa43b01f9fe437a2f6e0b8ae443

Expected behavior Cited from the console module doc: "Every function in the console module returns true for the purposes of condition evaluation."

Please complete the following information:

wxsBSD commented 1 year ago

What is actually happening is a bit obscure. The console.log() call never happens because the argument is undefined.

albertzsigovits commented 1 year ago

(console.log(pe.signatures[0].subject) or true)