Closed tlansec closed 4 years ago
wxsBSD
commented
4 years ago I've talked about a desire for something that would let me rebuild the rules (and imports) in a programatic fashion so I can write a decent formatter. It's a lot of work to do what I envisioned and it probably wouldn't be merged in anyways. Something like plyara is likely going to be the best way to do this, even if it will run the risk of being out of date with the official grammar.
plusvic
commented
4 years ago I completely agree with @wxsBSD, rebuilding the rule as a string after being parsed is a difficult undertake. That would add a lot of additional complexity to the parser. I think this is something that should be done in a separate project like plyara. In VirusTotal we are following the same approach with https://github.com/VirusTotal/gyp.
tlansec
commented
4 years ago Fair enough. Thanks for the consideration!
Tom
Hey,
I have historically been a plyara user for parsing // ensuring certain things about rules:
https://github.com/plyara/plyara
However there would be almost no need for this extra project if there were a few extra fields in the yara.Rule object:
1) Imports - a imports field indicating which imports a rule relies on. 2) A function to rebuild the rule as a string.
Interested to know whether these would be difficult to implement, or whether there is interest from others in these changes.
Thanks, Tom