From 1a2e0df4edba97093576500b862af2e22ae7371d Mon Sep 17 00:00:00 2001
From: JSCU-CNI <121175071+JSCU-CNI@users.noreply.github.com>
Date: Fri, 27 Jun 2025 08:08:43 -0400
Subject: [PATCH 1/2] Add convenience method for YaraScanner

---
 volatility3/framework/plugins/yarascan.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/volatility3/framework/plugins/yarascan.py b/volatility3/framework/plugins/yarascan.py
index 040a50c1af..7913e0fbb9 100644
--- a/volatility3/framework/plugins/yarascan.py
+++ b/volatility3/framework/plugins/yarascan.py
@@ -101,6 +101,13 @@ def from_file(cls, filepath):
                 return yara_x.compile(fp.read().decode())
             return yara.compile(file=fp)
 
+    @classmethod
+    def from_text(cls, rule):
+        formatted_rule = rule.replace("\n", "")
+        if USE_YARA_X:
+            return yara_x.compile(source=formatted_rule)
+        return yara.compile(source=formatted_rule)
+
 
 class YaraScan(plugins.PluginInterface):
     """Scans kernel memory using yara rules (string or file)."""

From 3a1f0aba501dadad5162f1fd79e679d9efd1f60b Mon Sep 17 00:00:00 2001
From: JSCU-CNI <121175071+JSCU-CNI@users.noreply.github.com>
Date: Fri, 11 Jul 2025 07:42:23 -0400
Subject: [PATCH 2/2] Add docstring to from_text method

---
 volatility3/framework/plugins/yarascan.py | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/volatility3/framework/plugins/yarascan.py b/volatility3/framework/plugins/yarascan.py
index 7913e0fbb9..eecabd20d6 100644
--- a/volatility3/framework/plugins/yarascan.py
+++ b/volatility3/framework/plugins/yarascan.py
@@ -102,8 +102,20 @@ def from_file(cls, filepath):
             return yara.compile(file=fp)
 
     @classmethod
-    def from_text(cls, rule):
-        formatted_rule = rule.replace("\n", "")
+    def from_text(cls, rule) -> yara.Rules:
+        """Initialize a Yara Rules object from one or more rules in string format.
+
+        You can provide rules in single-line or multi-line:
+        rule = "rule dummy { condition: true }"
+        rules = '''
+            rule dummy {
+                condition: true
+            }
+            rule dummy2 {
+                condition: true
+            }
+        '''
+        """
         if USE_YARA_X:
             return yara_x.compile(source=formatted_rule)
         return yara.compile(source=formatted_rule)