Formatting YARA Files in Bulk

avast / yls

YARA Language Server

https://avast.github.io/yls/

MIT License

68 stars 13 forks source link

Formatting YARA Files in Bulk #74

Closed xorhex closed 1 year ago

xorhex commented 1 year ago

Using either the command line or a custom python script, is it possible to pass in a yara rule to yls and have the formatted version returned? Hoping to use this to format some yara rules in bulk. If yes, pointers on where to look? Thanks!

MatejKastak commented 1 year ago

Hi xorhex!

Something like that is possible, for sure :) YLS uses Yaramod to do the formatting. And you can use it also from your scripts.

Here is a quick example script that formats the YARA file specified as the first argument:

#!/usr/bin/env python3

import sys
import yaramod

ymod = yaramod.Yaramod()

yfile = ymod.parse_file(sys.argv[1])
print(yfile.text_formatted)

Here is some more related documentation.

xorhex commented 1 year ago

This is awesome, thank you!

MatejKastak commented 1 year ago

I am glad I could help :slightly_smiling_face: , if you have any other questions feel free to open new issues. Closing this issue now.