ruppde
commented
9 months ago Good idea to use the folder of the .yar because of the vscode structure, you might have different . directories.
The perfect solution would be, to use something like https://github.com/mruffalo/hash-db and regularly create a database of hashes and filepaths, which could then be used. Would allow to keep the rules separated from the samples.
Thanks to suggestions from @ruppde , I realized that it would be a nice default to fallback and search for the samples in the folder with the currently opened file.
I am currently not sure how to implement this, since I believe that we can't just use
., because it might not work in every scenario.But we might be able to extract this information from currently opened
Document.