Summary of Changes

Hello @doomedraven, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request refactors the yara_detected method in lib/cuckoo/common/abstracts.py to significantly improve its structure, readability, and maintainability. By introducing modular helper functions, the changes centralize common logic for YARA rule matching and self-extraction processing across various data sources, including target files, CAPE payloads, process memory dumps, and office macros. This leads to a more efficient and robust implementation for identifying YARA rule detections within analysis results.

Highlights

• Improved YARA Matching Logic: The yara_detected method now utilizes a pre-compiled regular expression pattern for YARA rule name matching, enhancing efficiency and consistency across all checks.
• Encapsulated Self-Extraction Processing: A new private helper function, _process_selfextract, has been introduced to centralize and encapsulate the logic for iterating through self-extracted files, significantly reducing code duplication.
• Centralized YARA Block Checking: A new private helper function, _check_matches, was created to consolidate the logic for checking YARA blocks within various data structures, making the main yara_detected method more modular and readable.
• Streamlined Iteration with yield from: The refactored method now leverages yield from for more concise and Pythonic iteration over results returned by the newly introduced helper functions.
• Enhanced Macro Handling: The logic for processing YARA matches within office macros (both standard Macro and XLMMacroDeobfuscator sections) has been updated to use the new helper functions and correctly construct macro paths based on the analysis ID.