Hide noisy error logs; final rule tweaks (#977)

* Hide noisy error logs; final rule tweaks

Signed-off-by: egibs <20933572+egibs@users.noreply.github.com>

* Run make yara-x-fmt

Signed-off-by: egibs <20933572+egibs@users.noreply.github.com>

* Final tweak

Signed-off-by: egibs <20933572+egibs@users.noreply.github.com>

---------

Signed-off-by: egibs <20933572+egibs@users.noreply.github.com>

Author: egibs

pkg/action/path.go

@@ -40,7 +40,7 @@ func findFilesRecursively(ctx context.Context, rootPath string) ([]string, error
 	err = filepath.WalkDir(root,
 		func(path string, info os.DirEntry, err error) error {
 			if err != nil {
-				logger.Errorf("error: %s: %s", path, err)
+				logger.Debugf("error: %s: %s", path, err)
 				return nil
 			}
 			if info.IsDir() || strings.Contains(path, "/.git/") {
@@ -52,12 +52,12 @@ func findFilesRecursively(ctx context.Context, rootPath string) ([]string, error
 				logger.Debugf("attempting to resolve symlink: %s", path)
 				eval, err := filepath.EvalSymlinks(path)
 				if err != nil {
-					logger.Errorf("eval: %s: %s", path, err)
+					logger.Debugf("eval: %s: %s", path, err)
 					return nil
 				}
 				fi, err := os.Stat(eval)
 				if err != nil {
-					logger.Errorf("stat: %s: %s", path, err)
+					logger.Debugf("stat: %s: %s", path, err)
 					return nil
 				}
 				if fi.IsDir() {

rules/false_positives/nextcloud.yara

@@ -0,0 +1,15 @@
+rule vimeo_psalm_md_php_override: override {
+  meta:
+    description                         = "Psalm MD files with PHP code excerpts"
+    SIGNATURE_BASE_WEBSHELL_PHP_Dynamic = "harmless"
+
+  strings:
+    $ = "Emitted when calling a function on a non-callable variable"
+    $ = "Emitted when calling a function on a value whose type Psalm cannot infer."
+    $ = "Emitted when trying to use `null` as a `callable`"
+    $ = "Emitted when trying to call a function on a value that may not be callable"
+    $ = "Emitted when trying to call a function on a value that may be null"
+
+  condition:
+    any of them
+}

rules/false_positives/sqlmap.yara

@@ -5,11 +5,11 @@ rule sqlmap_override: override {
     SIGNATURE_BASE_Hacktool_Strings_P0Wnedshell = "high"
 
   strings:
-    $sqlmap1 = "Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org/)"
-    $sqlmap2 = "Visit 'https://github.com/sqlmapproject/sqlmap/#installation' for further details"
-    $sqlmap3 = /SqlmapBaseException|SqlmapDataException|SqlmapFilePathException|SqlmapShellQuitException|SqlmapSilentQuitException|SqlmapUserQuitException/
-    $sqlmap4 = "if \"sqlmap.sqlmap\" in sys.modules"
+    $c_sqlmap1 = "Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org/)"
+    $c_sqlmap2 = "Visit 'https://github.com/sqlmapproject/sqlmap/#installation' for further details"
+    $f_sqlmap3 = /SqlmapBaseException|SqlmapDataException|SqlmapFilePathException|SqlmapShellQuitException|SqlmapSilentQuitException|SqlmapUserQuitException/
+    $f_sqlmap4 = "if \"sqlmap.sqlmap\" in sys.modules"
 
   condition:
-    all of them
+    any of ($c*) and any of ($f*)
 }