vasilito/RedBear-OS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
923091b4ab810215cdf43e7bbde4e10608962e7e
RedBear-OS/local/recipes/kde/kf6-syntaxhighlighting/source/autotests/html/test.yara.html
T

373 lines
24 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<title>test.yara</title>
<meta name="generator" content="KF5::SyntaxHighlighting - Definition (YARA) - Theme (Breeze Light)"/>
</head><body style="background-color:#ffffff;color:#1f1c1b"><pre>
<span style="color:#898887">// Sample YARA file for Syntax Highlighting</span>
<span style="color:#898887">// Obtained from: https://yara.readthedocs.io/en/stable/writingrules.html</span>
<span style="color:#898887">/*</span>
<span style="color:#898887"> This is a multi-line comment ...</span>
<span style="color:#898887">*/</span>
<span style="font-weight:bold">rule</span> <span style="color:#644a9b">silent_banker</span> : banker
{
<span style="font-weight:bold">meta</span>:
description = <span style="color:#bf0303">"This is just an example"</span>
threat_level = <span style="color:#b08000">3</span>
in_the_wild = <span style="color:#aa5500">true</span>
<span style="font-weight:bold">strings</span>:
<span style="color:#0057ae">$a</span> = {<span style="color:#ff5500">6A 40 68 00 30 00 00 6A 14 8D 91</span>}
<span style="color:#0057ae">$b</span> = {<span style="color:#ff5500">8D 4D B0 2B C1 83 C0 27 99 6A 4E 59 F7 F9</span>}
<span style="color:#0057ae">$c</span> = <span style="color:#bf0303">"UVODFRYSIHLNWPEJXQZAKCBGMT"</span>
<span style="font-weight:bold">condition</span>:
<span style="color:#0057ae">$a</span> <span style="font-weight:bold">or</span> <span style="color:#0057ae">$b</span> <span style="font-weight:bold">or</span> <span style="color:#0057ae">$c</span>
}
<span style="font-weight:bold">rule</span> <span style="color:#644a9b">dummy</span>
{
<span style="font-weight:bold">condition</span>:
<span style="color:#aa5500">false</span>
}
<span style="font-weight:bold">rule</span> <span style="color:#644a9b">ExampleRule</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#0057ae">$my_text_string</span> = <span style="color:#bf0303">"text here"</span>
<span style="color:#0057ae">$my_hex_string</span> = {<span style="color:#ff5500"> E2 34 A1 C8 23 FB </span>}
<span style="font-weight:bold">condition</span>:
<span style="color:#0057ae">$my_text_string</span> <span style="font-weight:bold">or</span> <span style="color:#0057ae">$my_hex_string</span>
}
<span style="color:#898887">// Hexadecimal strings</span>
<span style="font-weight:bold">rule</span> <span style="color:#644a9b">WildcardExample</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#0057ae">$hex_string</span> = {<span style="color:#ff5500"> E2 34 ?? C8 A? FB </span>}
<span style="font-weight:bold">condition</span>:
<span style="color:#0057ae">$hex_string</span>
}
<span style="font-weight:bold">rule</span> <span style="color:#644a9b">JumpExample</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#0057ae">$hex_string</span> = {<span style="color:#ff5500"> F4 23 </span>[<span style="color:#b08000">4</span>-<span style="color:#b08000">6</span>]<span style="color:#ff5500"> 62 B4 </span>}
<span style="font-weight:bold">condition</span>:
<span style="color:#0057ae">$hex_string</span>
}
<span style="font-weight:bold">rule</span> <span style="color:#644a9b">AlternativesExample</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#0057ae">$hex_string</span> = {<span style="color:#ff5500"> F4 23 </span>(<span style="color:#ff5500"> 62 B4 </span>|<span style="color:#ff5500"> 56 </span>|<span style="color:#ff5500"> 45 ?? 67 </span>)<span style="color:#ff5500"> 45 </span>}
<span style="font-weight:bold">condition</span>:
<span style="color:#0057ae">$hex_string</span>
}
<span style="color:#898887">// Text strings</span>
<span style="font-weight:bold">rule</span> <span style="color:#644a9b">CaseInsensitiveTextExample</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#0057ae">$text_string</span> = <span style="color:#bf0303">"foobar"</span> <span style="font-weight:bold">nocase</span>
<span style="font-weight:bold">condition</span>:
<span style="color:#0057ae">$text_string</span>
}
<span style="font-weight:bold">rule</span> <span style="color:#644a9b">WideCharTextExample</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#0057ae">$wide_and_ascii_string</span> = <span style="color:#bf0303">"Borland"</span> <span style="font-weight:bold">wide</span> <span style="font-weight:bold">ascii</span>
<span style="font-weight:bold">condition</span>:
<span style="color:#0057ae">$wide_and_ascii_string</span>
}
<span style="color:#898887">// XOR strings</span>
<span style="font-weight:bold">rule</span> <span style="color:#644a9b">XorExample1</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#0057ae">$xor_string</span> = <span style="color:#bf0303">"This program cannot"</span> <span style="font-weight:bold">xor</span>
<span style="font-weight:bold">condition</span>:
<span style="color:#0057ae">$xor_string</span>
}
<span style="font-weight:bold">rule</span> <span style="color:#644a9b">XorExample2</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#0057ae">$xor_string_00</span> = <span style="color:#bf0303">"This program cannot"</span>
<span style="color:#0057ae">$xor_string_01</span> = <span style="color:#bf0303">"Uihr!qsnfs`l!b`oonu"</span>
<span style="color:#0057ae">$xor_string_02</span> = <span style="color:#bf0303">"Vjkq</span><span style="color:#3daee9">\"</span><span style="color:#bf0303">rpmepco</span><span style="color:#3daee9">\"</span><span style="color:#bf0303">acllmv"</span>
<span style="color:#898887">// Repeat for every single byte XOR</span>
<span style="font-weight:bold">condition</span>:
<span style="font-weight:bold">any</span> <span style="font-weight:bold">of</span> <span style="font-weight:bold">them</span>
}
<span style="font-weight:bold">rule</span> <span style="color:#644a9b">XorExample3</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#0057ae">$xor_string</span> = <span style="color:#bf0303">"This program cannot"</span> <span style="font-weight:bold">xor</span> <span style="font-weight:bold">wide</span> <span style="font-weight:bold">ascii</span>
<span style="font-weight:bold">condition</span>:
<span style="color:#0057ae">$xor_string</span>
}
<span style="font-weight:bold">rule</span> <span style="color:#644a9b">XorExample4</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#0057ae">$xor_string_00</span> = <span style="color:#bf0303">"T</span><span style="color:#3daee9">\x00</span><span style="color:#bf0303">h</span><span style="color:#3daee9">\x00</span><span style="color:#bf0303">i</span><span style="color:#3daee9">\x00</span><span style="color:#bf0303">s</span><span style="color:#3daee9">\x00</span><span style="color:#bf0303"> </span><span style="color:#3daee9">\x00</span><span style="color:#bf0303">p</span><span style="color:#3daee9">\x00</span><span style="color:#bf0303">r</span><span style="color:#3daee9">\x00</span><span style="color:#bf0303">o</span><span style="color:#3daee9">\x00</span><span style="color:#bf0303">g</span><span style="color:#3daee9">\x00</span><span style="color:#bf0303">r</span><span style="color:#3daee9">\x00</span><span style="color:#bf0303">a</span><span style="color:#3daee9">\x00</span><span style="color:#bf0303">m</span><span style="color:#3daee9">\x00</span><span style="color:#bf0303"> </span><span style="color:#3daee9">\x00</span><span style="color:#bf0303">c</span><span style="color:#3daee9">\x00</span><span style="color:#bf0303">a</span><span style="color:#3daee9">\x00</span><span style="color:#bf0303">n</span><span style="color:#3daee9">\x00</span><span style="color:#bf0303">n</span><span style="color:#3daee9">\x00</span><span style="color:#bf0303">o</span><span style="color:#3daee9">\x00</span><span style="color:#bf0303">t</span><span style="color:#3daee9">\x00</span><span style="color:#bf0303">"</span>
<span style="color:#0057ae">$xor_string_01</span> = <span style="color:#bf0303">"U</span><span style="color:#3daee9">\x01</span><span style="color:#bf0303">i</span><span style="color:#3daee9">\x01</span><span style="color:#bf0303">h</span><span style="color:#3daee9">\x01</span><span style="color:#bf0303">r</span><span style="color:#3daee9">\x01</span><span style="color:#bf0303">!</span><span style="color:#3daee9">\x01</span><span style="color:#bf0303">q</span><span style="color:#3daee9">\x01</span><span style="color:#bf0303">s</span><span style="color:#3daee9">\x01</span><span style="color:#bf0303">n</span><span style="color:#3daee9">\x01</span><span style="color:#bf0303">f</span><span style="color:#3daee9">\x01</span><span style="color:#bf0303">s</span><span style="color:#3daee9">\x01</span><span style="color:#bf0303">`</span><span style="color:#3daee9">\x01</span><span style="color:#bf0303">l</span><span style="color:#3daee9">\x01</span><span style="color:#bf0303">!</span><span style="color:#3daee9">\x01</span><span style="color:#bf0303">b</span><span style="color:#3daee9">\x01</span><span style="color:#bf0303">`</span><span style="color:#3daee9">\x01</span><span style="color:#bf0303">o</span><span style="color:#3daee9">\x01</span><span style="color:#bf0303">o</span><span style="color:#3daee9">\x01</span><span style="color:#bf0303">n</span><span style="color:#3daee9">\x01</span><span style="color:#bf0303">u</span><span style="color:#3daee9">\x01</span><span style="color:#bf0303">"</span>
<span style="color:#0057ae">$xor_string_02</span> = <span style="color:#bf0303">"V</span><span style="color:#3daee9">\x02</span><span style="color:#bf0303">j</span><span style="color:#3daee9">\x02</span><span style="color:#bf0303">k</span><span style="color:#3daee9">\x02</span><span style="color:#bf0303">q</span><span style="color:#3daee9">\x02\"\x02</span><span style="color:#bf0303">r</span><span style="color:#3daee9">\x02</span><span style="color:#bf0303">p</span><span style="color:#3daee9">\x02</span><span style="color:#bf0303">m</span><span style="color:#3daee9">\x02</span><span style="color:#bf0303">e</span><span style="color:#3daee9">\x02</span><span style="color:#bf0303">p</span><span style="color:#3daee9">\x02</span><span style="color:#bf0303">c</span><span style="color:#3daee9">\x02</span><span style="color:#bf0303">o</span><span style="color:#3daee9">\x02\"\x02</span><span style="color:#bf0303">a</span><span style="color:#3daee9">\x02</span><span style="color:#bf0303">c</span><span style="color:#3daee9">\x02</span><span style="color:#bf0303">l</span><span style="color:#3daee9">\x02</span><span style="color:#bf0303">l</span><span style="color:#3daee9">\x02</span><span style="color:#bf0303">m</span><span style="color:#3daee9">\x02</span><span style="color:#bf0303">v</span><span style="color:#3daee9">\x02</span><span style="color:#bf0303">"</span>
<span style="color:#898887">// Repeat for every single byte XOR operation.</span>
<span style="font-weight:bold">condition</span>:
<span style="font-weight:bold">any</span> <span style="font-weight:bold">of</span> <span style="font-weight:bold">them</span>
}
<span style="font-weight:bold">rule</span> <span style="color:#644a9b">XorExample5</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#0057ae">$xor_string</span> = <span style="color:#bf0303">"This program cannot"</span> <span style="font-weight:bold">xor</span>(<span style="color:#b08000">0x01</span>-<span style="color:#b08000">0xff</span>)
<span style="font-weight:bold">condition</span>:
<span style="color:#0057ae">$xor_string</span>
}
<span style="color:#898887">// Base64 strings</span>
<span style="font-weight:bold">rule</span> <span style="color:#644a9b">Base64Example1</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#0057ae">$a</span> = <span style="color:#bf0303">"This program cannot"</span> <span style="font-weight:bold">base64</span>
<span style="font-weight:bold">condition</span>:
<span style="color:#0057ae">$a</span>
}
<span style="font-weight:bold">rule</span> <span style="color:#644a9b">Base64Example2</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#0057ae">$a</span> = <span style="color:#bf0303">"This program cannot"</span> <span style="font-weight:bold">base64</span>(<span style="color:#bf0303">"!@#$%^&amp;*(){}[].,|ABCDEFGHIJ</span><span style="color:#3daee9">\x09</span><span style="color:#bf0303">LMNOPQRSTUVWXYZabcdefghijklmnopqrstu"</span>)
<span style="font-weight:bold">condition</span>:
<span style="color:#0057ae">$a</span>
}
<span style="color:#898887">// Regular expressions</span>
<span style="font-weight:bold">rule</span> <span style="color:#644a9b">RegExpExample1</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#0057ae">$re1</span> = <span style="color:#ff5500">/</span><span style="color:#ff5500">md5: </span><span style="color:#3daee9">[0-9a-fA-F]</span><span style="color:#3daee9">{32}</span><span style="color:#ff5500">/</span>
<span style="color:#0057ae">$re2</span> = <span style="color:#ff5500">/</span><span style="color:#ff5500">state: </span><span style="color:#3daee9">(</span><span style="color:#ff5500">on</span><span style="color:#3daee9">|</span><span style="color:#ff5500">off</span><span style="color:#3daee9">)</span><span style="color:#ff5500">/</span>
<span style="font-weight:bold">condition</span>:
<span style="color:#0057ae">$re1</span> <span style="font-weight:bold">and</span> <span style="color:#0057ae">$re2</span>
}
<span style="color:#898887">// Conditions</span>
<span style="font-weight:bold">rule</span> <span style="color:#644a9b">Example</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#0057ae">$a</span> = <span style="color:#bf0303">"text1"</span>
<span style="color:#0057ae">$b</span> = <span style="color:#bf0303">"text2"</span>
<span style="color:#0057ae">$c</span> = <span style="color:#bf0303">"text3"</span>
<span style="color:#0057ae">$d</span> = <span style="color:#bf0303">"text4"</span>
<span style="font-weight:bold">condition</span>:
(<span style="color:#0057ae">$a</span> <span style="font-weight:bold">or</span> <span style="color:#0057ae">$b</span>) <span style="font-weight:bold">and</span> (<span style="color:#0057ae">$c</span> <span style="font-weight:bold">or</span> <span style="color:#0057ae">$d</span>)
}
<span style="font-weight:bold">rule</span> <span style="color:#644a9b">CountExample</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#0057ae">$a</span> = <span style="color:#bf0303">"dummy1"</span>
<span style="color:#0057ae">$b</span> = <span style="color:#bf0303">"dummy2"</span>
<span style="font-weight:bold">condition</span>:
#a == <span style="color:#b08000">6</span> <span style="font-weight:bold">and</span> #b > <span style="color:#b08000">10</span>
}
<span style="font-weight:bold">rule</span> <span style="color:#644a9b">AtExample</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#0057ae">$a</span> = <span style="color:#bf0303">"dummy1"</span>
<span style="color:#0057ae">$b</span> = <span style="color:#bf0303">"dummy2"</span>
<span style="font-weight:bold">condition</span>:
<span style="color:#0057ae">$a</span> <span style="font-weight:bold">at</span> <span style="color:#b08000">100</span> <span style="font-weight:bold">and</span> <span style="color:#0057ae">$b</span> <span style="font-weight:bold">at</span> <span style="color:#b08000">200</span>
}
<span style="font-weight:bold">rule</span> <span style="color:#644a9b">InExample</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#0057ae">$a</span> = <span style="color:#bf0303">"dummy1"</span>
<span style="color:#0057ae">$b</span> = <span style="color:#bf0303">"dummy2"</span>
<span style="font-weight:bold">condition</span>:
<span style="color:#0057ae">$a</span> <span style="font-weight:bold">in</span> (<span style="color:#b08000">0..100</span>) <span style="font-weight:bold">and</span> <span style="color:#0057ae">$b</span> <span style="font-weight:bold">in</span> (<span style="color:#b08000">100.</span>.<span style="font-weight:bold">filesize</span>)
}
<span style="color:#898887">// File size</span>
<span style="font-weight:bold">rule</span> <span style="color:#644a9b">FileSizeExample</span>
{
<span style="font-weight:bold">condition</span>:
<span style="font-weight:bold">filesize</span> > <span style="color:#b08000">200</span>KB
}
<span style="color:#898887">// Executable entry point</span>
<span style="font-weight:bold">rule</span> <span style="color:#644a9b">EntryPointExample</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#0057ae">$a</span> = {<span style="color:#ff5500"> 9C 50 66 A1 ?? ?? ?? 00 66 A9 ?? ?? 58 0F 85 </span>}
<span style="font-weight:bold">condition</span>:
<span style="color:#0057ae">$a</span> <span style="font-weight:bold">in</span> (<span style="font-weight:bold">entrypoint</span>..<span style="font-weight:bold">entrypoint</span> + <span style="color:#b08000">10</span>)
}
<span style="color:#898887">// Accessing data at a given position</span>
<span style="font-weight:bold">rule</span> <span style="color:#644a9b">IsPE</span>
{
<span style="font-weight:bold">condition</span>:
<span style="color:#898887">// MZ signature at offset 0 and ...</span>
<span style="font-weight:bold">uint16</span>(<span style="color:#b08000">0</span>) == <span style="color:#b08000">0x5A4D</span> <span style="font-weight:bold">and</span>
<span style="color:#898887">// ... PE signature at offset stored in MZ header at 0x3C</span>
<span style="font-weight:bold">uint32</span>(<span style="font-weight:bold">uint32</span>(<span style="color:#b08000">0x3C</span>)) == <span style="color:#b08000">0x00004550</span>
}
<span style="color:#898887">// Sets of strings</span>
<span style="font-weight:bold">rule</span> <span style="color:#644a9b">OfExample1</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#0057ae">$a</span> = <span style="color:#bf0303">"dummy1"</span>
<span style="color:#0057ae">$b</span> = <span style="color:#bf0303">"dummy2"</span>
<span style="color:#0057ae">$c</span> = <span style="color:#bf0303">"dummy3"</span>
<span style="font-weight:bold">condition</span>:
<span style="color:#b08000">2</span> <span style="font-weight:bold">of</span> (<span style="color:#0057ae">$a</span>,<span style="color:#0057ae">$b</span>,<span style="color:#0057ae">$c</span>)
}
<span style="font-weight:bold">rule</span> <span style="color:#644a9b">OfExample2</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#0057ae">$foo1</span> = <span style="color:#bf0303">"foo1"</span>
<span style="color:#0057ae">$foo2</span> = <span style="color:#bf0303">"foo2"</span>
<span style="color:#0057ae">$foo3</span> = <span style="color:#bf0303">"foo3"</span>
<span style="font-weight:bold">condition</span>:
<span style="color:#b08000">2</span> <span style="font-weight:bold">of</span> (<span style="color:#0057ae">$foo</span>*) <span style="color:#898887">// equivalent to 2 of ($foo1,$foo2,$foo3)</span>
}
<span style="font-weight:bold">rule</span> <span style="color:#644a9b">OfExample3</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#0057ae">$a</span> = <span style="color:#bf0303">"dummy1"</span>
<span style="color:#0057ae">$b</span> = <span style="color:#bf0303">"dummy2"</span>
<span style="color:#0057ae">$c</span> = <span style="color:#bf0303">"dummy3"</span>
<span style="font-weight:bold">condition</span>:
<span style="color:#b08000">1</span> <span style="font-weight:bold">of</span> <span style="font-weight:bold">them</span> <span style="color:#898887">// equivalent to 1 of ($*)</span>
}
<span style="color:#898887">// Iterating over string occurrences</span>
<span style="font-weight:bold">rule</span> <span style="color:#644a9b">Occurrences</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#0057ae">$a</span> = <span style="color:#bf0303">"dummy1"</span>
<span style="color:#0057ae">$b</span> = <span style="color:#bf0303">"dummy2"</span>
<span style="font-weight:bold">condition</span>:
<span style="font-weight:bold">for</span> <span style="font-weight:bold">all</span> i <span style="font-weight:bold">in</span> (<span style="color:#b08000">1</span>,<span style="color:#b08000">2</span>,<span style="color:#b08000">3</span>) : ( @a[i] + <span style="color:#b08000">10</span> == @b[i] )
}
<span style="color:#898887">// Referencing other rules</span>
<span style="font-weight:bold">rule</span> <span style="color:#644a9b">Rule1</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#0057ae">$a</span> = <span style="color:#bf0303">"dummy1"</span>
<span style="font-weight:bold">condition</span>:
<span style="color:#0057ae">$a</span>
}
<span style="font-weight:bold">rule</span> <span style="color:#644a9b">Rule2</span>
{
<span style="font-weight:bold">strings</span>:
<span style="color:#0057ae">$a</span> = <span style="color:#bf0303">"dummy2"</span>
<span style="font-weight:bold">condition</span>:
<span style="color:#0057ae">$a</span> <span style="font-weight:bold">and</span> Rule1
}
<span style="color:#898887">// Metadata</span>
<span style="font-weight:bold">rule</span> <span style="color:#644a9b">MetadataExample</span>
{
<span style="font-weight:bold">meta</span>:
my_identifier_1 = <span style="color:#bf0303">"Some string data"</span>
my_identifier_2 = <span style="color:#b08000">24</span>
my_identifier_3 = <span style="color:#aa5500">true</span>
<span style="font-weight:bold">strings</span>:
<span style="color:#0057ae">$my_text_string</span> = <span style="color:#bf0303">"text here"</span>
<span style="color:#0057ae">$my_hex_string</span> = {<span style="color:#ff5500"> E2 34 A1 C8 23 FB </span>}
<span style="font-weight:bold">condition</span>:
<span style="color:#0057ae">$my_text_string</span> <span style="font-weight:bold">or</span> <span style="color:#0057ae">$my_hex_string</span>
}
<span style="color:#898887">// External variables</span>
<span style="font-weight:bold">rule</span> <span style="color:#644a9b">ExternalVariableExample1</span>
{
<span style="font-weight:bold">condition</span>:
ext_var == <span style="color:#b08000">10</span>
}
<span style="font-weight:bold">rule</span> <span style="color:#644a9b">ExternalVariableExample2</span>
{
<span style="font-weight:bold">condition</span>:
bool_ext_var <span style="font-weight:bold">or</span> <span style="font-weight:bold">filesize</span> &lt; int_ext_var
}
<span style="font-weight:bold">rule</span> <span style="color:#644a9b">ExternalVariableExample3</span>
{
<span style="font-weight:bold">condition</span>:
string_ext_var <span style="font-weight:bold">contains</span> <span style="color:#bf0303">"text"</span>
}
<span style="font-weight:bold">rule</span> <span style="color:#644a9b">ExternalVariableExample4</span>
{
<span style="font-weight:bold">condition</span>:
string_ext_var <span style="font-weight:bold">matches</span> <span style="color:#ff5500">/</span><span style="color:#3daee9">[a-z]</span><span style="color:#3daee9">+</span><span style="color:#ff5500">/</span>
}
<span style="font-weight:bold">rule</span> <span style="color:#644a9b">ExternalVariableExample5</span>
{
<span style="font-weight:bold">condition</span>:
<span style="color:#898887">/* case insensitive single-line mode */</span>
string_ext_var <span style="font-weight:bold">matches</span> <span style="color:#ff5500">/</span><span style="color:#3daee9">[a-z]</span><span style="color:#3daee9">+</span><span style="color:#ff5500">/is</span>
}
<span style="color:#898887">// Including files</span>
<span style="font-weight:bold">include</span> <span style="color:#bf0303">"other.yar"</span>
<span style="font-weight:bold">include</span> <span style="color:#bf0303">"./includes/other.yar"</span>
<span style="font-weight:bold">include</span> <span style="color:#bf0303">"../includes/other.yar"</span>
</pre></body></html>
Reference in New Issue View Git Blame Copy Permalink