From 24390de3553a47e2091405871a93022b6e79a6eb Mon Sep 17 00:00:00 2001
From: nusantara-self <15647296+nusantara-self@users.noreply.github.com>
Date: Tue, 4 Mar 2025 07:40:43 +0800
Subject: [PATCH] Configurable hard limit for rules

---
 analyzers/Yara/Yara.json        |  7 +++++++
 analyzers/Yara/yara_analyzer.py | 12 ++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/analyzers/Yara/Yara.json b/analyzers/Yara/Yara.json
index 323998152..7f68ba1a5 100644
--- a/analyzers/Yara/Yara.json
+++ b/analyzers/Yara/Yara.json
@@ -29,6 +29,13 @@
       "type": "string",
       "multi": false,
       "required": false
+    },
+    {
+      "name": "rules_limit",
+      "description": "Enforce a limit on the number of YARA rules tested against the file",
+      "type": "number",
+      "multi": false,
+      "required": false
     }
   ]
 }
diff --git a/analyzers/Yara/yara_analyzer.py b/analyzers/Yara/yara_analyzer.py
index e0a059dc8..87e1259e2 100755
--- a/analyzers/Yara/yara_analyzer.py
+++ b/analyzers/Yara/yara_analyzer.py
@@ -160,6 +160,8 @@ def __init__(self):
 
         self.github_urls = self.get_param('config.github_urls', None, 'No GitHub URLs provided.')
         self.github_token = self.get_param('config.github_token', None, 'No GitHub PAT provided.')
+        
+        self.rules_limit = self.get_param('config.rules_limit', None, 'No rules limit provided.')
 
         self.ruleset = []
         self.ignored_rules = []
@@ -218,6 +220,16 @@ def __init__(self):
 
         if not self.ruleset:
             print("Warning: No valid YARA rules were loaded.")
+        
+        # Enforce the rules limit if set
+        if self.rules_limit:
+            try:
+                limit = int(self.rules_limit)
+                if len(self.ruleset) > limit:
+                    self.ruleset = self.ruleset[:limit]
+            except ValueError:
+                self.error("Invalid rules_limit value; it should be an integer.")
+
             
             
     def check(self, file_path):