Validation error for rule_modifier in grammar.y

[tibibyte]

YARA accepts rules which use the rule modifiers 'private' and 'global' more than once per rule.

rule_modifiers
    : /* empty */                      { $$ = 0;  }
    | rule_modifiers rule_modifier     { $$ = $1 | $2; }
    ;

rule_modifier
    : _PRIVATE_      { $$ = RULE_FLAGS_PRIVATE; }
    | _GLOBAL_       { $$ = RULE_FLAGS_GLOBAL; }
    ;

To reproduce this error write a YARA rule like the one depicted below and run it with YARA and a sample.

YARA should notify the user that the syntax is not valid according to the documentation by displaying a syntax error.

• OS: Linux Mint 21.2
• YARA version: 4.3.2

One possible solution would be to change the grammar in grammar.y like this.

rule_modifiers
    : /* empty */                      
    | rule_modifier_global rule_modifier_private
    ;

rule_modifier_global
    : /*empty */      
    | _GLOBAL_      
    ;

rule_modifier_private
    : /*empty */      
    | _PRIVATE_      
    ;

[plusvic]

This is a known issue (see: https://github.com/VirusTotal/yara-x#duplicate-rule-modifiers-are-not-accepted) that I haven't pay too much attention because it's relatively harmless.

Your solution is partially correct, but don't take into account that private and global can appear in arbitrary order. However the solution shouldn't be hard to implement. Would you volunteer for sending a pull request with the solution?

[tibibyte]

This is a known issue (see: https://github.com/VirusTotal/yara-x#duplicate-rule-modifiers-are-not-accepted) that I haven't pay too much attention because it's relatively harmless.

Your solution is partially correct, but don't take into account that private and global can appear in arbitrary order. However the solution shouldn't be hard to implement. Would you volunteer for sending a pull request with the solution?

Sure. I will send a pull request.

[plusvic]

Fixed in #2019