Add ability to call --strict-escape via yara.compile()

[tlansec]

I'd like to be able to do something like this:

yara.compile(
  source='...'
  error_on_warning=True,
  strict_escape_warning=True
)  

And then raise errors as appropriate if they fail the --strict-escape test.

Thanks,
Tom

[wxsBSD]

Just discussed this with @tlansec elsewhere and this does what he wants (and posting here for those that may be interested in seeing how it works):

wxs@mbp yara-python % PYTHONPATH=./build/lib.macosx-10.9-universal2-3.9 python3 -c 'import yara; rules = yara.compile(source="rule a { strings: $a = /C:\\Users\\[^\\]+\\test.txt/ condition: $a }"); print(rules.warnings)'
[]
wxs@mbp yara-python % PYTHONPATH=./build/lib.macosx-10.9-universal2-3.9 python3 -c 'import yara; rules = yara.compile(source="rule a { strings: $a = /C:\\Users\\[^\\]+\\test.txt/ condition: $a }", strict_escape=True); print(rules.warnings)'
['line 1: unknown escape sequence']
wxs@mbp yara-python % PYTHONPATH=./build/lib.macosx-10.9-universal2-3.9 python3 -c 'import yara; rules = yara.compile(source="rule a { strings: $a = /C:\\Users\\[^\\]+\\test.txt/ condition: $a }", strict_escape=True, error_on_warning=True); print(rules.warnings)'
Traceback (most recent call last):
  File "<string>", line 1, in <module>
yara.WarningError: ['line 1: unknown escape sequence']
wxs@mbp yara-python %

By default you get no warnings. If you set strict_escape to True you get warnings. If you have error_on_warning set it will generate a compiler error.

It just isn't in the docs, he is going to send a PR for it. I suspect this can be closed.

[tlansec]

PR is here:

VirusTotal/yara#2079

Sorry for the run around on this one. Closing this out.