Home Explore Help
Sign In
SMusatov
/
ydb
mirror of https://github.com/ydb-platform/ydb.git
1
0
Fork 0
Files
Tree: 94b1c249a1
Branches Tags
ydb
/
contrib
/
python
/
Pygments
/
py3
/
pygments
/
lexers
/
yara.py

yara.py 2.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869 
  1. """
    2. 

  2.     pygments.lexers.yara
    3. 

  3.     ~~~~~~~~~~~~~~~~~~~~
    4. 

  4. 

  5.     Lexers for YARA.
    6. 

  6. 

  7.     :copyright: Copyright 2006-2024 by the Pygments team, see AUTHORS.
    8. 

  8.     :license: BSD, see LICENSE for details.
    9. 

  9. """
    10. 

  10. 

  11. from pygments.lexer import RegexLexer, words
    12. 

  12. from pygments.token import Comment, String, Name, Text, Punctuation, \
    13. 

  13.     Operator, Keyword, Whitespace, Number
    14. 

  14. 

  15. __all__ = ['YaraLexer']
    16. 

  16. 

  17. 

  18. class YaraLexer(RegexLexer):
    19. 

  19.     """
    20. 

  20.     For YARA rules
    21. 

  21.     """
    22. 

  22. 

  23.     name = 'YARA'
    24. 

  24.     url = 'https://virustotal.github.io/yara/'
    25. 

  25.     aliases = ['yara', 'yar']
    26. 

  26.     filenames = ['*.yar']
    27. 

  27.     mimetypes = ['text/x-yara']
    28. 

  28.     version_added = '2.16'
    29. 

  29. 

  30.     tokens = {
    31. 

  31.         'root': [
    32. 

  32.             (r'\s+', Whitespace),
    33. 

  33.             (r'//.*?$', Comment.Single),
    34. 

  34.             (r'\#.*?$', Comment.Single),
    35. 

  35.             (r'/\*', Comment.Multiline, 'comment'),
    36. 

  36.             (words(('rule', 'private', 'global', 'import', 'include'),
    37. 

  37.                    prefix=r'\b', suffix=r'\b'),
    38. 

  38.              Keyword.Declaration),
    39. 

  39.             (words(('strings', 'condition', 'meta'), prefix=r'\b', suffix=r'\b'),
    40. 

  40.              Keyword),
    41. 

  41.             (words(('ascii', 'at', 'base64', 'base64wide', 'condition',
    42. 

  42.                     'contains', 'endswith', 'entrypoint', 'filesize', 'for',
    43. 

  43.                     'fullword', 'icontains', 'iendswith', 'iequals', 'in',
    44. 

  44.                     'include', 'int16', 'int16be', 'int32', 'int32be', 'int8',
    45. 

  45.                     'int8be', 'istartswith', 'matches', 'meta', 'nocase',
    46. 

  46.                     'none', 'of', 'startswith', 'strings', 'them', 'uint16',
    47. 

  47.                     'uint16be', 'uint32', 'uint32be', 'uint8', 'uint8be',
    48. 

  48.                     'wide', 'xor', 'defined'),
    49. 

  49.                    prefix=r'\b', suffix=r'\b'),
    50. 

  50.              Name.Builtin),
    51. 

  51.             (r'(true|false)\b', Keyword.Constant),
    52. 

  52.             (r'(and|or|not|any|all)\b', Operator.Word),
    53. 

  53.             (r'(\$\w+)', Name.Variable),
    54. 

  54.             (r'"[^"]*"', String.Double),
    55. 

  55.             (r'\'[^\']*\'', String.Single),
    56. 

  56.             (r'\{.*?\}$', Number.Hex),
    57. 

  57.             (r'(/.*?/)', String.Regex),
    58. 

  58.             (r'[a-z_]\w*', Name),
    59. 

  59.             (r'[$(){}[\].?+*|]', Punctuation),
    60. 

  60.             (r'[:=,;]', Punctuation),
    61. 

  61.             (r'.', Text)
    62. 

  62.         ],
    63. 

  63.         'comment': [
    64. 

  64.             (r'[^*/]+', Comment.Multiline),
    65. 

  65.             (r'/\*', Comment.Multiline, '#push'),
    66. 

  66.             (r'\*/', Comment.Multiline, '#pop'),
    67. 

  67.             (r'[*/]', Comment.Multiline)
    68. 

  68.         ]
    69. 

  69.     }
    70.