Feature request: Visually mark found strings without hovering

[ruppde]

The logical next step after https://github.com/avast/yari/issues/63 would to visually mark found strings without hovering.

Could look like this: You open a .yar and immediately see by the blue numbers, in how many hashes these strings match:

{
    meta:
                ...
        hash = "0e9d92807d990144c637d8b081a6a90a74f15c7337522874cf6317092ea2d7c1"
        hash = "ebbc485e778f8e559ef9c66f55bb01dc4f5dcce9c31ccdd150e2c702c4b5d9e1"
        hash = "44b4068bfbbb8961e16bae238ad23d181ac9c8e4fcb4b09a66bbcd934d2d39ee"
        hash = "c5a4e188780b5513f34824904d56bf6e364979af6782417ccc5e5a8a70b4a95a"
    strings:
        2️⃣ $susasp1 = "/*-/*-*/"
        0️⃣ $susasp2 = "(\"%1"
        1️⃣ $susasp3 = /[Cc]hr\([Ss]tr\(/
        2️⃣ $susasp4 = "cmd.exe"
                ...

After clicking on the magnifying lens next to the hashes, you see which strings match for this hash by ✅ or ❌ next to the strings without need to hover.

I just don't have a clue how this could be done with LSP :)

[MatejKastak]

Good suggestion! I think we might be able to do something similar using inlay hints.

[ruppde]

Looks promising. If we get this working, there would be gazillion more things to mark with that:

• hash not found, not found but on VT, found locally and rule matched, rule didn't match
• rule changed but modified-header is not today
• do quality check with e.g. https://github.com/Neo23x0/yaraQA