YARA-1553: Add operator in #204
Conversation
include/yaramod/types/expressions.h
Outdated
| * all of ($str1, $str2) in (filesize-1000, filesize) | ||
| * @endcode | ||
| */ | ||
| class OfInRangeExpression : public ForExpression |
There was a problem hiding this comment.
What I wonder about is whether we really need a completely new type of an expression or whether it wouldn't be better to have it as an optional part of OfExpression. Have you though about this option? What are the pros/cons compared to this?
There was a problem hiding this comment.
That is a good idea, the pros would be, that it requires less code to be written (which was already written) but also less code to be maintained. I do not really see any cons, I can try to implement it in next commit so we can decide when we see the code.
| * | ||
| * @return Builder. | ||
| */ | ||
| YaraExpressionBuilder ofInRange(const YaraExpressionBuilder& quantifier, const YaraExpressionBuilder& set, const YaraExpressionBuilder& range) |
There was a problem hiding this comment.
Does it necessarily need to remain as ofInRange instead of making overload for ofExpr?
There was a problem hiding this comment.
I assume that you mean of and not ofExpr and I will try to make it its overload.
There was a problem hiding this comment.
I renamed it, it is much better I think. Thank you for the idea! 👍
|
Could you please resolve the conflict? You can merge it afterwards. |
This PR allows Yaramod to parse and accept conditions similar to these:
all of ($a*) in (filesize-500..filesize)introduced to YARA here:VirusTotal/yara@24a5ad1
#a in (filesize-500..filesize) == 2introduced to YARA here:VirusTotal/yara@e718016