vasilito/RedBear-OS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
52954456f20861840a71dcc2fbcec6f411e108e7
RedBear-OS/local/recipes/kde/kf6-syntaxhighlighting/source/autotests/html/test.yara.dark.html
T

373 lines
25 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<title>test.yara</title>
<meta name="generator" content="KF5::SyntaxHighlighting - Definition (YARA) - Theme (Breeze Dark)"/>
</head><body style="background-color:#232629;color:#cfcfc2"><pre>
<span style="color:#7a7c7d">// Sample YARA file for Syntax Highlighting</span>
<span style="color:#7a7c7d">// Obtained from: https://yara.readthedocs.io/en/stable/writingrules.html</span>
<span style="color:#7a7c7d">/*</span>
<span style="color:#7a7c7d"> This is a multi-line comment ...</span>
<span style="color:#7a7c7d">*/</span>
<span style="font-weight:bold">rule</span> <span style="color:#8e44ad">silent_banker</span> : banker
{
<span style="font-weight:bold">meta</span>:
description = <span style="color:#f44f4f">"This is just an example"</span>
threat_level = <span style="color:#f67400">3</span>
in_the_wild = <span style="color:#27aeae;font-weight:bold">true</span>
<span style="font-weight:bold">strings</span>:
<span style="color:#27aeae">$a</span> = {<span style="color:#da4453">6A 40 68 00 30 00 00 6A 14 8D 91</span>}
<span style="color:#27aeae">$b</span> = {<span style="color:#da4453">8D 4D B0 2B C1 83 C0 27 99 6A 4E 59 F7 F9</span>}
<span style="color:#27aeae">$c</span> = <span style="color:#f44f4f">"UVODFRYSIHLNWPEJXQZAKCBGMT"</span>
<span style="font-weight:bold">condition</span>:
<span style="color:#27aeae">$a</span> <span style="font-weight:bold">or</span> <span style="color:#27aeae">$b</span> <span style="font-weight:bold">or</span> <span style="color:#27aeae">$c</span>
}
<span style="font-weight:bold">rule</span> <span style="color:#8e44ad">dummy</span>
{
<span style="font-weight:bold">condition</span>:
<span style="color:#27aeae;font-weight:bold">false</span>
}
<span style="font-weight:bold">rule</span> <span style="color:#8e44ad">ExampleRule</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#27aeae">$my_text_string</span> = <span style="color:#f44f4f">"text here"</span>
<span style="color:#27aeae">$my_hex_string</span> = {<span style="color:#da4453"> E2 34 A1 C8 23 FB </span>}
<span style="font-weight:bold">condition</span>:
<span style="color:#27aeae">$my_text_string</span> <span style="font-weight:bold">or</span> <span style="color:#27aeae">$my_hex_string</span>
}
<span style="color:#7a7c7d">// Hexadecimal strings</span>
<span style="font-weight:bold">rule</span> <span style="color:#8e44ad">WildcardExample</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#27aeae">$hex_string</span> = {<span style="color:#da4453"> E2 34 ?? C8 A? FB </span>}
<span style="font-weight:bold">condition</span>:
<span style="color:#27aeae">$hex_string</span>
}
<span style="font-weight:bold">rule</span> <span style="color:#8e44ad">JumpExample</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#27aeae">$hex_string</span> = {<span style="color:#da4453"> F4 23 </span>[<span style="color:#f67400">4</span>-<span style="color:#f67400">6</span>]<span style="color:#da4453"> 62 B4 </span>}
<span style="font-weight:bold">condition</span>:
<span style="color:#27aeae">$hex_string</span>
}
<span style="font-weight:bold">rule</span> <span style="color:#8e44ad">AlternativesExample</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#27aeae">$hex_string</span> = {<span style="color:#da4453"> F4 23 </span>(<span style="color:#da4453"> 62 B4 </span>|<span style="color:#da4453"> 56 </span>|<span style="color:#da4453"> 45 ?? 67 </span>)<span style="color:#da4453"> 45 </span>}
<span style="font-weight:bold">condition</span>:
<span style="color:#27aeae">$hex_string</span>
}
<span style="color:#7a7c7d">// Text strings</span>
<span style="font-weight:bold">rule</span> <span style="color:#8e44ad">CaseInsensitiveTextExample</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#27aeae">$text_string</span> = <span style="color:#f44f4f">"foobar"</span> <span style="font-weight:bold">nocase</span>
<span style="font-weight:bold">condition</span>:
<span style="color:#27aeae">$text_string</span>
}
<span style="font-weight:bold">rule</span> <span style="color:#8e44ad">WideCharTextExample</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#27aeae">$wide_and_ascii_string</span> = <span style="color:#f44f4f">"Borland"</span> <span style="font-weight:bold">wide</span> <span style="font-weight:bold">ascii</span>
<span style="font-weight:bold">condition</span>:
<span style="color:#27aeae">$wide_and_ascii_string</span>
}
<span style="color:#7a7c7d">// XOR strings</span>
<span style="font-weight:bold">rule</span> <span style="color:#8e44ad">XorExample1</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#27aeae">$xor_string</span> = <span style="color:#f44f4f">"This program cannot"</span> <span style="font-weight:bold">xor</span>
<span style="font-weight:bold">condition</span>:
<span style="color:#27aeae">$xor_string</span>
}
<span style="font-weight:bold">rule</span> <span style="color:#8e44ad">XorExample2</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#27aeae">$xor_string_00</span> = <span style="color:#f44f4f">"This program cannot"</span>
<span style="color:#27aeae">$xor_string_01</span> = <span style="color:#f44f4f">"Uihr!qsnfs`l!b`oonu"</span>
<span style="color:#27aeae">$xor_string_02</span> = <span style="color:#f44f4f">"Vjkq</span><span style="color:#3daee9">\"</span><span style="color:#f44f4f">rpmepco</span><span style="color:#3daee9">\"</span><span style="color:#f44f4f">acllmv"</span>
<span style="color:#7a7c7d">// Repeat for every single byte XOR</span>
<span style="font-weight:bold">condition</span>:
<span style="font-weight:bold">any</span> <span style="font-weight:bold">of</span> <span style="font-weight:bold">them</span>
}
<span style="font-weight:bold">rule</span> <span style="color:#8e44ad">XorExample3</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#27aeae">$xor_string</span> = <span style="color:#f44f4f">"This program cannot"</span> <span style="font-weight:bold">xor</span> <span style="font-weight:bold">wide</span> <span style="font-weight:bold">ascii</span>
<span style="font-weight:bold">condition</span>:
<span style="color:#27aeae">$xor_string</span>
}
<span style="font-weight:bold">rule</span> <span style="color:#8e44ad">XorExample4</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#27aeae">$xor_string_00</span> = <span style="color:#f44f4f">"T</span><span style="color:#3daee9">\x00</span><span style="color:#f44f4f">h</span><span style="color:#3daee9">\x00</span><span style="color:#f44f4f">i</span><span style="color:#3daee9">\x00</span><span style="color:#f44f4f">s</span><span style="color:#3daee9">\x00</span><span style="color:#f44f4f"> </span><span style="color:#3daee9">\x00</span><span style="color:#f44f4f">p</span><span style="color:#3daee9">\x00</span><span style="color:#f44f4f">r</span><span style="color:#3daee9">\x00</span><span style="color:#f44f4f">o</span><span style="color:#3daee9">\x00</span><span style="color:#f44f4f">g</span><span style="color:#3daee9">\x00</span><span style="color:#f44f4f">r</span><span style="color:#3daee9">\x00</span><span style="color:#f44f4f">a</span><span style="color:#3daee9">\x00</span><span style="color:#f44f4f">m</span><span style="color:#3daee9">\x00</span><span style="color:#f44f4f"> </span><span style="color:#3daee9">\x00</span><span style="color:#f44f4f">c</span><span style="color:#3daee9">\x00</span><span style="color:#f44f4f">a</span><span style="color:#3daee9">\x00</span><span style="color:#f44f4f">n</span><span style="color:#3daee9">\x00</span><span style="color:#f44f4f">n</span><span style="color:#3daee9">\x00</span><span style="color:#f44f4f">o</span><span style="color:#3daee9">\x00</span><span style="color:#f44f4f">t</span><span style="color:#3daee9">\x00</span><span style="color:#f44f4f">"</span>
<span style="color:#27aeae">$xor_string_01</span> = <span style="color:#f44f4f">"U</span><span style="color:#3daee9">\x01</span><span style="color:#f44f4f">i</span><span style="color:#3daee9">\x01</span><span style="color:#f44f4f">h</span><span style="color:#3daee9">\x01</span><span style="color:#f44f4f">r</span><span style="color:#3daee9">\x01</span><span style="color:#f44f4f">!</span><span style="color:#3daee9">\x01</span><span style="color:#f44f4f">q</span><span style="color:#3daee9">\x01</span><span style="color:#f44f4f">s</span><span style="color:#3daee9">\x01</span><span style="color:#f44f4f">n</span><span style="color:#3daee9">\x01</span><span style="color:#f44f4f">f</span><span style="color:#3daee9">\x01</span><span style="color:#f44f4f">s</span><span style="color:#3daee9">\x01</span><span style="color:#f44f4f">`</span><span style="color:#3daee9">\x01</span><span style="color:#f44f4f">l</span><span style="color:#3daee9">\x01</span><span style="color:#f44f4f">!</span><span style="color:#3daee9">\x01</span><span style="color:#f44f4f">b</span><span style="color:#3daee9">\x01</span><span style="color:#f44f4f">`</span><span style="color:#3daee9">\x01</span><span style="color:#f44f4f">o</span><span style="color:#3daee9">\x01</span><span style="color:#f44f4f">o</span><span style="color:#3daee9">\x01</span><span style="color:#f44f4f">n</span><span style="color:#3daee9">\x01</span><span style="color:#f44f4f">u</span><span style="color:#3daee9">\x01</span><span style="color:#f44f4f">"</span>
<span style="color:#27aeae">$xor_string_02</span> = <span style="color:#f44f4f">"V</span><span style="color:#3daee9">\x02</span><span style="color:#f44f4f">j</span><span style="color:#3daee9">\x02</span><span style="color:#f44f4f">k</span><span style="color:#3daee9">\x02</span><span style="color:#f44f4f">q</span><span style="color:#3daee9">\x02\"\x02</span><span style="color:#f44f4f">r</span><span style="color:#3daee9">\x02</span><span style="color:#f44f4f">p</span><span style="color:#3daee9">\x02</span><span style="color:#f44f4f">m</span><span style="color:#3daee9">\x02</span><span style="color:#f44f4f">e</span><span style="color:#3daee9">\x02</span><span style="color:#f44f4f">p</span><span style="color:#3daee9">\x02</span><span style="color:#f44f4f">c</span><span style="color:#3daee9">\x02</span><span style="color:#f44f4f">o</span><span style="color:#3daee9">\x02\"\x02</span><span style="color:#f44f4f">a</span><span style="color:#3daee9">\x02</span><span style="color:#f44f4f">c</span><span style="color:#3daee9">\x02</span><span style="color:#f44f4f">l</span><span style="color:#3daee9">\x02</span><span style="color:#f44f4f">l</span><span style="color:#3daee9">\x02</span><span style="color:#f44f4f">m</span><span style="color:#3daee9">\x02</span><span style="color:#f44f4f">v</span><span style="color:#3daee9">\x02</span><span style="color:#f44f4f">"</span>
<span style="color:#7a7c7d">// Repeat for every single byte XOR operation.</span>
<span style="font-weight:bold">condition</span>:
<span style="font-weight:bold">any</span> <span style="font-weight:bold">of</span> <span style="font-weight:bold">them</span>
}
<span style="font-weight:bold">rule</span> <span style="color:#8e44ad">XorExample5</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#27aeae">$xor_string</span> = <span style="color:#f44f4f">"This program cannot"</span> <span style="font-weight:bold">xor</span>(<span style="color:#f67400">0x01</span>-<span style="color:#f67400">0xff</span>)
<span style="font-weight:bold">condition</span>:
<span style="color:#27aeae">$xor_string</span>
}
<span style="color:#7a7c7d">// Base64 strings</span>
<span style="font-weight:bold">rule</span> <span style="color:#8e44ad">Base64Example1</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#27aeae">$a</span> = <span style="color:#f44f4f">"This program cannot"</span> <span style="font-weight:bold">base64</span>
<span style="font-weight:bold">condition</span>:
<span style="color:#27aeae">$a</span>
}
<span style="font-weight:bold">rule</span> <span style="color:#8e44ad">Base64Example2</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#27aeae">$a</span> = <span style="color:#f44f4f">"This program cannot"</span> <span style="font-weight:bold">base64</span>(<span style="color:#f44f4f">"!@#$%^&amp;*(){}[].,|ABCDEFGHIJ</span><span style="color:#3daee9">\x09</span><span style="color:#f44f4f">LMNOPQRSTUVWXYZabcdefghijklmnopqrstu"</span>)
<span style="font-weight:bold">condition</span>:
<span style="color:#27aeae">$a</span>
}
<span style="color:#7a7c7d">// Regular expressions</span>
<span style="font-weight:bold">rule</span> <span style="color:#8e44ad">RegExpExample1</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#27aeae">$re1</span> = <span style="color:#da4453">/</span><span style="color:#da4453">md5: </span><span style="color:#3daee9">[0-9a-fA-F]</span><span style="color:#3daee9">{32}</span><span style="color:#da4453">/</span>
<span style="color:#27aeae">$re2</span> = <span style="color:#da4453">/</span><span style="color:#da4453">state: </span><span style="color:#3daee9">(</span><span style="color:#da4453">on</span><span style="color:#3daee9">|</span><span style="color:#da4453">off</span><span style="color:#3daee9">)</span><span style="color:#da4453">/</span>
<span style="font-weight:bold">condition</span>:
<span style="color:#27aeae">$re1</span> <span style="font-weight:bold">and</span> <span style="color:#27aeae">$re2</span>
}
<span style="color:#7a7c7d">// Conditions</span>
<span style="font-weight:bold">rule</span> <span style="color:#8e44ad">Example</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#27aeae">$a</span> = <span style="color:#f44f4f">"text1"</span>
<span style="color:#27aeae">$b</span> = <span style="color:#f44f4f">"text2"</span>
<span style="color:#27aeae">$c</span> = <span style="color:#f44f4f">"text3"</span>
<span style="color:#27aeae">$d</span> = <span style="color:#f44f4f">"text4"</span>
<span style="font-weight:bold">condition</span>:
(<span style="color:#27aeae">$a</span> <span style="font-weight:bold">or</span> <span style="color:#27aeae">$b</span>) <span style="font-weight:bold">and</span> (<span style="color:#27aeae">$c</span> <span style="font-weight:bold">or</span> <span style="color:#27aeae">$d</span>)
}
<span style="font-weight:bold">rule</span> <span style="color:#8e44ad">CountExample</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#27aeae">$a</span> = <span style="color:#f44f4f">"dummy1"</span>
<span style="color:#27aeae">$b</span> = <span style="color:#f44f4f">"dummy2"</span>
<span style="font-weight:bold">condition</span>:
#a == <span style="color:#f67400">6</span> <span style="font-weight:bold">and</span> #b > <span style="color:#f67400">10</span>
}
<span style="font-weight:bold">rule</span> <span style="color:#8e44ad">AtExample</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#27aeae">$a</span> = <span style="color:#f44f4f">"dummy1"</span>
<span style="color:#27aeae">$b</span> = <span style="color:#f44f4f">"dummy2"</span>
<span style="font-weight:bold">condition</span>:
<span style="color:#27aeae">$a</span> <span style="font-weight:bold">at</span> <span style="color:#f67400">100</span> <span style="font-weight:bold">and</span> <span style="color:#27aeae">$b</span> <span style="font-weight:bold">at</span> <span style="color:#f67400">200</span>
}
<span style="font-weight:bold">rule</span> <span style="color:#8e44ad">InExample</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#27aeae">$a</span> = <span style="color:#f44f4f">"dummy1"</span>
<span style="color:#27aeae">$b</span> = <span style="color:#f44f4f">"dummy2"</span>
<span style="font-weight:bold">condition</span>:
<span style="color:#27aeae">$a</span> <span style="font-weight:bold">in</span> (<span style="color:#f67400">0..100</span>) <span style="font-weight:bold">and</span> <span style="color:#27aeae">$b</span> <span style="font-weight:bold">in</span> (<span style="color:#f67400">100.</span>.<span style="font-weight:bold">filesize</span>)
}
<span style="color:#7a7c7d">// File size</span>
<span style="font-weight:bold">rule</span> <span style="color:#8e44ad">FileSizeExample</span>
{
<span style="font-weight:bold">condition</span>:
<span style="font-weight:bold">filesize</span> > <span style="color:#f67400">200</span>KB
}
<span style="color:#7a7c7d">// Executable entry point</span>
<span style="font-weight:bold">rule</span> <span style="color:#8e44ad">EntryPointExample</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#27aeae">$a</span> = {<span style="color:#da4453"> 9C 50 66 A1 ?? ?? ?? 00 66 A9 ?? ?? 58 0F 85 </span>}
<span style="font-weight:bold">condition</span>:
<span style="color:#27aeae">$a</span> <span style="font-weight:bold">in</span> (<span style="font-weight:bold">entrypoint</span>..<span style="font-weight:bold">entrypoint</span> + <span style="color:#f67400">10</span>)
}
<span style="color:#7a7c7d">// Accessing data at a given position</span>
<span style="font-weight:bold">rule</span> <span style="color:#8e44ad">IsPE</span>
{
<span style="font-weight:bold">condition</span>:
<span style="color:#7a7c7d">// MZ signature at offset 0 and ...</span>
<span style="font-weight:bold">uint16</span>(<span style="color:#f67400">0</span>) == <span style="color:#f67400">0x5A4D</span> <span style="font-weight:bold">and</span>
<span style="color:#7a7c7d">// ... PE signature at offset stored in MZ header at 0x3C</span>
<span style="font-weight:bold">uint32</span>(<span style="font-weight:bold">uint32</span>(<span style="color:#f67400">0x3C</span>)) == <span style="color:#f67400">0x00004550</span>
}
<span style="color:#7a7c7d">// Sets of strings</span>
<span style="font-weight:bold">rule</span> <span style="color:#8e44ad">OfExample1</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#27aeae">$a</span> = <span style="color:#f44f4f">"dummy1"</span>
<span style="color:#27aeae">$b</span> = <span style="color:#f44f4f">"dummy2"</span>
<span style="color:#27aeae">$c</span> = <span style="color:#f44f4f">"dummy3"</span>
<span style="font-weight:bold">condition</span>:
<span style="color:#f67400">2</span> <span style="font-weight:bold">of</span> (<span style="color:#27aeae">$a</span>,<span style="color:#27aeae">$b</span>,<span style="color:#27aeae">$c</span>)
}
<span style="font-weight:bold">rule</span> <span style="color:#8e44ad">OfExample2</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#27aeae">$foo1</span> = <span style="color:#f44f4f">"foo1"</span>
<span style="color:#27aeae">$foo2</span> = <span style="color:#f44f4f">"foo2"</span>
<span style="color:#27aeae">$foo3</span> = <span style="color:#f44f4f">"foo3"</span>
<span style="font-weight:bold">condition</span>:
<span style="color:#f67400">2</span> <span style="font-weight:bold">of</span> (<span style="color:#27aeae">$foo</span>*) <span style="color:#7a7c7d">// equivalent to 2 of ($foo1,$foo2,$foo3)</span>
}
<span style="font-weight:bold">rule</span> <span style="color:#8e44ad">OfExample3</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#27aeae">$a</span> = <span style="color:#f44f4f">"dummy1"</span>
<span style="color:#27aeae">$b</span> = <span style="color:#f44f4f">"dummy2"</span>
<span style="color:#27aeae">$c</span> = <span style="color:#f44f4f">"dummy3"</span>
<span style="font-weight:bold">condition</span>:
<span style="color:#f67400">1</span> <span style="font-weight:bold">of</span> <span style="font-weight:bold">them</span> <span style="color:#7a7c7d">// equivalent to 1 of ($*)</span>
}
<span style="color:#7a7c7d">// Iterating over string occurrences</span>
<span style="font-weight:bold">rule</span> <span style="color:#8e44ad">Occurrences</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#27aeae">$a</span> = <span style="color:#f44f4f">"dummy1"</span>
<span style="color:#27aeae">$b</span> = <span style="color:#f44f4f">"dummy2"</span>
<span style="font-weight:bold">condition</span>:
<span style="font-weight:bold">for</span> <span style="font-weight:bold">all</span> i <span style="font-weight:bold">in</span> (<span style="color:#f67400">1</span>,<span style="color:#f67400">2</span>,<span style="color:#f67400">3</span>) : ( @a[i] + <span style="color:#f67400">10</span> == @b[i] )
}
<span style="color:#7a7c7d">// Referencing other rules</span>
<span style="font-weight:bold">rule</span> <span style="color:#8e44ad">Rule1</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#27aeae">$a</span> = <span style="color:#f44f4f">"dummy1"</span>
<span style="font-weight:bold">condition</span>:
<span style="color:#27aeae">$a</span>
}
<span style="font-weight:bold">rule</span> <span style="color:#8e44ad">Rule2</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#27aeae">$a</span> = <span style="color:#f44f4f">"dummy2"</span>
<span style="font-weight:bold">condition</span>:
<span style="color:#27aeae">$a</span> <span style="font-weight:bold">and</span> Rule1
}
<span style="color:#7a7c7d">// Metadata</span>
<span style="font-weight:bold">rule</span> <span style="color:#8e44ad">MetadataExample</span>
{
<span style="font-weight:bold">meta</span>:
my_identifier_1 = <span style="color:#f44f4f">"Some string data"</span>
my_identifier_2 = <span style="color:#f67400">24</span>
my_identifier_3 = <span style="color:#27aeae;font-weight:bold">true</span>
<span style="font-weight:bold">strings</span>:
<span style="color:#27aeae">$my_text_string</span> = <span style="color:#f44f4f">"text here"</span>
<span style="color:#27aeae">$my_hex_string</span> = {<span style="color:#da4453"> E2 34 A1 C8 23 FB </span>}
<span style="font-weight:bold">condition</span>:
<span style="color:#27aeae">$my_text_string</span> <span style="font-weight:bold">or</span> <span style="color:#27aeae">$my_hex_string</span>
}
<span style="color:#7a7c7d">// External variables</span>
<span style="font-weight:bold">rule</span> <span style="color:#8e44ad">ExternalVariableExample1</span>
{
<span style="font-weight:bold">condition</span>:
ext_var == <span style="color:#f67400">10</span>
}
<span style="font-weight:bold">rule</span> <span style="color:#8e44ad">ExternalVariableExample2</span>
{
<span style="font-weight:bold">condition</span>:
bool_ext_var <span style="font-weight:bold">or</span> <span style="font-weight:bold">filesize</span> &lt; int_ext_var
}
<span style="font-weight:bold">rule</span> <span style="color:#8e44ad">ExternalVariableExample3</span>
{
<span style="font-weight:bold">condition</span>:
string_ext_var <span style="font-weight:bold">contains</span> <span style="color:#f44f4f">"text"</span>
}
<span style="font-weight:bold">rule</span> <span style="color:#8e44ad">ExternalVariableExample4</span>
{
<span style="font-weight:bold">condition</span>:
string_ext_var <span style="font-weight:bold">matches</span> <span style="color:#da4453">/</span><span style="color:#3daee9">[a-z]</span><span style="color:#3daee9">+</span><span style="color:#da4453">/</span>
}
<span style="font-weight:bold">rule</span> <span style="color:#8e44ad">ExternalVariableExample5</span>
{
<span style="font-weight:bold">condition</span>:
<span style="color:#7a7c7d">/* case insensitive single-line mode */</span>
string_ext_var <span style="font-weight:bold">matches</span> <span style="color:#da4453">/</span><span style="color:#3daee9">[a-z]</span><span style="color:#3daee9">+</span><span style="color:#da4453">/is</span>
}
<span style="color:#7a7c7d">// Including files</span>
<span style="font-weight:bold">include</span> <span style="color:#f44f4f">"other.yar"</span>
<span style="font-weight:bold">include</span> <span style="color:#f44f4f">"./includes/other.yar"</span>
<span style="font-weight:bold">include</span> <span style="color:#f44f4f">"../includes/other.yar"</span>
</pre></body></html>
Reference in New Issue View Git Blame Copy Permalink