Support for new operators introduced in 4.1.0

[jgrunzweig]

With the release of 4.1.0, a number of new operators were introduced (https://github.com/VirusTotal/yara/releases/tag/v4.1.0). At present, these operators do not appear to be supported in plyara:

> cat test.yar
import "vt"

rule test
{
    condition: 
        file_name contains "something" or 
        file_name icontains "something else"
}

>>> import plyara
>>> from plyara.utils import rebuild_yara_rule
>>> p = plyara.Plyara()
>>> parsed_rule = p.parse_string(open('test.yar', 'r').read())
>>> print(rebuild_yara_rule(parsed_rule[0]))
import "vt"

rule test
{
	condition:
		file_name contains "something" or file_nameicontains"something else"
}

I humbly request support for the icontains, endswith, iendswith, startswith, and istartswith operators that were introduced in 4.1.0.

My understanding is that it would simply required adding them to the keywords in https://github.com/plyara/plyara/blob/master/plyara/core.py#L79, but on the off chance more is required, I figured I'd raise an issue.

Appreciate any help you can provide.

Thanks

[utkonos]

@jgrunzweig Thanks for the heads up! I'll get this done as soon as possible. If you have a PR for this, I can take a look. There are a couple more places than that one location where these operators will need to be implemented, and then a test case added. But it doesn't look too complicated.

[robert-phe]

I've took the liberty of creating a PR for this issue. PR #121

[ruppde]

@utkonos ćould you please have a look at this PR? I just ran into the same problem.