An implementation of the Language Server Protocol for the YARA pattern-matching language.
Provides completion suggestions for standard YARA modules, including pe, elf, math, and all the others available in the official documentation: http://yara.readthedocs.io/en/latest/modules.html
The extension will compile workspace rules in the background and return errors and warnings as you type.
Allows peeking and Ctrl+clicking to jump to a rule definition. This applies to both rule names and variables.
Reformats YARA rules using the plyara library.
Allows viewing a variable's value by hovering over it in the condition rule. Does not work for wildcards.
Shows the locations of a given symbol (rule name, variable, constant, etc.).
Allows user to rename a symbol within a rule without manually changing every instance of that symbol.
Python 3.7 or higher is required due to the heavy use of the asyncio library and specific APIs available only since v3.7.
If plyara is installed, documents can be automatically re-formatted according to the package's rebuild_yara_rule utility.
In addition, yara-python should be installed. If it is not installed, Diagnostics and Compile commands will not be available.
Note: If you are on Windows, you might have to set the $INCLUDE environment variable before building this environment, so that when yara-python is compiled for your local system, Python knows where to find the appropriate DLLs.
On Windows 10, this would probably look like:
set INCLUDE="C:\Program Files (x86)\Windows Kits\10\Include" && python3 -m pip install -r requirements.txtIf you encounter an issue, please feel free to create an issue or pull request!