keyword parsing errors

[Ziefin]

Currently getting a parsing error when trying to read in a .rules file with this rule in it.

from parsuricata import parse_rules

r = 'alert udp $HOME_NET !9987 -> $EXTERNAL_NET 53 (msg:"ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Opcode 6 or 7 set"; content:!"7PYqwfzt"; depth:8; byte_test:1,!&,64,2; byte_test:1,&,32,2; byte_test:1,&,16,2; threshold: type limit, count 1, seconds 120, track by_dst; reference:md5,a56ec0f9bd46f921f65e4f6e598e5ed0; reference:url,vrt-blog.snort.org/2008/08/checking-multiple-bits-in-flag-field_29.html; classtype:policy-violation; sid:2014701; rev:12; metadata:created_at 2012_05_03, updated_at 2016_07_12;)'

rule = parse_rules(r)

# -- Error Generated

File "/usr/local/lib/python3.9/site-packages/lark/parsers/xearley.py", line 114, in scan
    raise UnexpectedCharacters(stream, i, text_line, text_column, {item.expect.name for item in to_scan}, set(to_scan))
lark.exceptions.UnexpectedCharacters: No terminal defined for '"' at line 1 col 138

n DNS port Opcode 6 or 7 set"; content:!"7PYqwfzt"; depth:8; byte_test:1,!&,64,2
                                        ^
Expecting: {'SEMICOLON'}

[theY4Kman]

mmm, yeah, this seems due to the negated setting, and because I never merged #2 to support them. Gimme a few minutes, and I'll push out a new version

[theY4Kman]

Okay, donezo. I kinda screwed up the version number, so it's version 0.2.1 on PyPI (not the 0.2 that I wanted).

I was able to successfully parse your rule with this version. I'm gonna close this, but please reopen/comment if you find it still doesn't work.