Added support for xor modifier with arguments and private modifier (#39…

…) (#52)

* Added support for xor modifier with arguments (#39)

* Fixed Python code for new handling of modifiers

* Cleaning up code and adding more tests for errorous cases

* Added support for private string modifier (#39)

* Bump YARA_SYNTAX_VERSION to 3.11

include/yaramod/builder/yara_rule_builder.h

@@ -58,18 +58,30 @@ class YaraRuleBuilder
 	YaraRuleBuilder& withHexIntMeta(const std::string& key, std::uint64_t value);
 	YaraRuleBuilder& withBoolMeta(const std::string& key, bool value);
 
-	YaraRuleBuilder& withPlainString(const std::string& id, const std::string& value, std::uint32_t mods = String::Modifiers::Ascii);
+	YaraRuleBuilder& withPlainString(const std::string& id, const std::string& value);
 	YaraRuleBuilder& withHexString(const std::string& id, const std::shared_ptr<HexString>& hexString);
-	YaraRuleBuilder& withRegexp(const std::string& id, const std::string& value,
-			const std::string& suffixMods = std::string{}, std::uint32_t mods = String::Modifiers::Ascii);
+	YaraRuleBuilder& withRegexp(const std::string& id, const std::string& value, const std::string& suffixMods = std::string{});
 
 	YaraRuleBuilder& withCondition(Expression::Ptr&& condition);
 	YaraRuleBuilder& withCondition(const Expression::Ptr& condition);
 	/// @}
 
+	/// @name Method modifying last string
+	/// @{
+	YaraRuleBuilder& ascii();
+	YaraRuleBuilder& wide();
+	YaraRuleBuilder& nocase();
+	YaraRuleBuilder& fullword();
+	YaraRuleBuilder& private_();
+	YaraRuleBuilder& xor_();
+	YaraRuleBuilder& xor_(std::uint64_t key);
+	YaraRuleBuilder& xor_(std::uint64_t low, std::uint64_t high);
+	/// @}
+
 private:
 	void resetTokens();
 	void initializeStrings();
+	void createLastString();
 
 	std::shared_ptr<TokenStream> _tokenStream; ///< Storage of all Tokens
 	std::optional<TokenIt> _mod; ///< Modifier
@@ -85,6 +97,10 @@ class YaraRuleBuilder
 	TokenIt _condition_it; ///< iterator pointing at 'condition' token
 	TokenIt _colon_it; ///< iterator pointing at ':' token
 	TokenIt _rcb; ///< iterator pointing at '}' token
+
+	std::shared_ptr<String> _lastString; ///< Points to the last defined string.
+	std::vector<std::shared_ptr<StringModifier>> _stringMods; ///< String modifiers for last defined string.
+	std::shared_ptr<TokenStream> _stringModsTokens; ///< Token stream for building string modifiers.
 };
 
 }

include/yaramod/parser/parser_driver.h

@@ -24,18 +24,19 @@
 #include "yaramod/types/expressions.h"
 #include "yaramod/types/hex_string.h"
 #include "yaramod/types/hex_string.h"
-#include "yaramod/types/token_stream.h"
 #include "yaramod/types/meta.h"
 #include "yaramod/types/plain_string.h"
 #include "yaramod/types/regexp.h"
 #include "yaramod/types/rule.h"
 #include "yaramod/types/symbol.h"
+#include "yaramod/types/token_stream.h"
 #include "yaramod/types/yara_file.h"
 #include "yaramod/yaramod_error.h"
 
 namespace yaramod {
 
 using RegexpRangePair = std::pair<std::optional<std::uint64_t>, std::optional<std::uint64_t>>;
+using StringModifiers = std::vector<std::shared_ptr<StringModifier>>;
 
 // Value is the type of all tokens produced by POG parser. Both token and rule actions return Value. The rule action parameters are also Values.
 class Value
@@ -49,19 +50,20 @@ class Value
 		Rule, //4
 		std::vector<Meta>,
 		std::shared_ptr<Rule::StringsTrie>, //6
-		std::pair<std::uint32_t, std::vector<TokenIt>>,
-		Literal, //8
-		Expression::Ptr,
-		std::vector<Expression::Ptr>, //10
-		std::vector<TokenIt>,
-		std::vector<std::shared_ptr<HexStringUnit>>, //12
-		std::shared_ptr<HexStringUnit>,
-		std::vector<std::shared_ptr<HexString>>, //14
-		std::shared_ptr<String>,
-		std::shared_ptr<RegexpUnit>, //16
-		std::vector<std::shared_ptr<RegexpUnit>>,
-		TokenIt, //18
-		RegexpRangePair
+		std::shared_ptr<StringModifier>,
+		StringModifiers, //8
+		Literal,
+		Expression::Ptr, //10
+		std::vector<Expression::Ptr>,
+		std::vector<TokenIt>, //12
+		std::vector<std::shared_ptr<HexStringUnit>>,
+		std::shared_ptr<HexStringUnit>, //14
+		std::vector<std::shared_ptr<HexString>>,
+		std::shared_ptr<String>, //16
+		std::shared_ptr<RegexpUnit>,
+		std::vector<std::shared_ptr<RegexpUnit>>, //18
+		TokenIt,
+		RegexpRangePair //20
 	>;
 
 	/// @name Constructors
@@ -116,9 +118,14 @@ class Value
 		return std::move(moveValue<std::shared_ptr<Rule::StringsTrie>>());
 	}
 
-	std::pair<std::uint32_t, std::vector<TokenIt>>&& getStringMods()
+	std::shared_ptr<StringModifier>&& getStringMod()
+	{
+		return std::move(moveValue<std::shared_ptr<StringModifier>>());
+	}
+
+	StringModifiers&& getStringMods()
 	{
-		return std::move(moveValue<std::pair<std::uint32_t, std::vector<TokenIt>>>());
+		return std::move(moveValue<StringModifiers>());
 	}
 
 	const Literal& getLiteral() const

include/yaramod/types/plain_string.h

@@ -28,7 +28,7 @@ class PlainString : public String
 	explicit PlainString(const std::shared_ptr<TokenStream>& ts, const std::string& text);
 	explicit PlainString(const std::shared_ptr<TokenStream>& ts, std::string&& text);
 	explicit PlainString(const std::shared_ptr<TokenStream>& ts, TokenIt text);
-	explicit PlainString(const std::shared_ptr<TokenStream>& ts, TokenIt id, TokenIt equal_sign, std::uint32_t mods, std::vector<TokenIt> mods_strings, TokenIt text);
+	explicit PlainString(const std::shared_ptr<TokenStream>& ts, TokenIt id, TokenIt assignToken, TokenIt text);
 	~PlainString() = default;
 	/// @}
 

include/yaramod/types/regexp.h

@@ -630,8 +630,8 @@ class Regexp : public String
 	{
 		if (_id)
 			return _id.value();
-		else if (_assign_token)
-			return _assign_token.value();
+		else if (_assignToken)
+			return _assignToken.value();
 		else
 			return _leftSlash;
 	}