mozilla · willdurand · Jun 9, 2026 · Jun 3, 2026
diff --git a/src/olympia/scanners/models.py b/src/olympia/scanners/models.py
@@ -128,9 +128,14 @@ def get_files_and_data_by_matched_rules(self):
             return res
         if self.scanner == YARA:
             for item in self.results:
-                res[item['rule']].append(
-                    {'filename': item.get('meta', {}).get('filename', '???')}
-                )
+                ruleId = item.get('rule')
+                data = item.get('meta', {}).copy()
+                filename = data.pop('filename', '???')
+                # Put the other metadata at the top of the list of files for
+                # that rule, without a filename since it's "global".
+                if ruleId not in res:
+                    res[ruleId].append({'filename': '', 'data': data})
+                res[ruleId].append({'filename': filename})
         elif self.scanner == NARC:
             for item in self.results:
                 res[item['rule']].append(item.get('meta', {}))

diff --git a/src/olympia/scanners/tests/test_admin.py b/src/olympia/scanners/tests/test_admin.py
@@ -2193,14 +2193,17 @@ def test_limit_to(self):
         result.save()
         content = formatted_matched_rules_with_files_and_data(result)
         doc = pq(content)
-        assert len(doc('li')) == 5
-        assert doc('li')[1].text.strip() == 'somefilename1'
+        # 5 files + 1 leading entry for the rule's global metadata.
+        assert len(doc('li')) == 6
+        assert doc('li')[2].text.strip() == 'somefilename1'
 
         content = formatted_matched_rules_with_files_and_data(result, limit_to=2)
         doc = pq(content)
-        assert len(doc('li')) == 3  # 2 + 1 for the "…and and more 3 files"
-        assert doc('li')[1].text.strip() == 'somefilename1'
-        assert doc('li')[2].text == '…and 3 more files'
+        # 1 for the global metadata + 1 file + 1 for the "…and 4 more files"
+        # because it's a yara result.
+        assert len(doc('li')) == 3
+        assert doc('li')[1].text.strip() == 'somefilename0'
+        assert doc('li')[2].text == '…and 4 more files'
 
 
 class TestScannerWebhookAdmin(TestCase):

diff --git a/src/olympia/scanners/tests/test_models.py b/src/olympia/scanners/tests/test_models.py
@@ -165,8 +165,15 @@ def test_get_files_and_data_by_matched_rules_for_yara(self):
         match3 = self.create_fake_yara_match(rule=rule1, filename=file2)
         result.add_yara_result(rule=match3.rule, tags=match3.tags, meta=match3.meta)
         assert result.get_files_and_data_by_matched_rules() == {
-            rule1: [{'filename': file1}, {'filename': file2}],
-            rule2: [{'filename': file2}],
+            rule1: [
+                {'filename': '', 'data': {'description': 'some description'}},
+                {'filename': file1},
+                {'filename': file2},
+            ],
+            rule2: [
+                {'filename': '', 'data': {'description': 'some description'}},
+                {'filename': file2},
+            ],
         }
 
     def test_get_files_and_data_by_matched_rules_no_file_somehow(self):
@@ -175,7 +182,10 @@ def test_get_files_and_data_by_matched_rules_no_file_somehow(self):
         result.add_yara_result(rule=rule.name)
         result.save()
         assert result.get_files_and_data_by_matched_rules() == {
-            'foobar': [{'filename': '???'}],
+            'foobar': [
+                {'filename': '', 'data': {}},
+                {'filename': '???'},
+            ],
         }
 
     def test_get_files_and_data_by_matched_rules_with_no_results(self):