Enhance with statement to allow variable reuse within the same statement
#290
Conversation
There was a problem hiding this comment.
Hi team,
I'm currently reviewing pull request #[PR number] by r0ny123 and will provide my feedback shortly. In the meantime, here's a summary to get everyone up to speed:
This pull request enhances the with statement in YARA to allow variable reuse within the same statement. This improves the readability and conciseness of YARA rules.
Intent:
The goal is to make YARA rules easier to write and understand by allowing variables defined in a with statement to be used in subsequent variable declarations within that same with statement. This reduces the need for nested with statements.
Changes:
- The documentation (
docs/Module Developer's Guide.md) has been updated to reflect the new functionality with examples demonstrating basic usage, nestedwithstatements, and the ability to use variables in other declarations within the samewithstatement (lines 1109-1174). - Unit tests have been added to
lib/src/compiler/ir/tests/mod.rs(lines 138-159) to verify the correct implementation of the new feature. - The compiler (
lib/src/compiler/mod.rs) has been modified to support variable reuse within a singlewithstatement (lines 1244-1247). Specifically, aFxHashMapcalledwith_varshas been added to track variables within the scope of awithstatement.
Summary Table:
| File | Change | Lines Changed |
|---|---|---|
docs/Module Developer's Guide.md |
Added section explaining the enhanced with statement functionality with multiple examples. |
66 |
lib/src/compiler/ir/tests/mod.rs |
Added a new test case (with_statement_variable_usage) to verify the correct implementation of the new feature. |
22 |
lib/src/compiler/mod.rs |
Added with_vars to the Compiler struct to manage variables within the with statement. |
1 |
I'll be back with a more detailed review soon.
And now, a little haiku to brighten your day:
Code flows, clean and bright,
With statements, now more clear,
YARA shines anew.
There was a problem hiding this comment.
This pull request enhances the with statement in YARA, allowing variables declared within the statement to be reused in subsequent variable declarations within the same statement. This is a valuable improvement that promotes cleaner and more readable YARA rules by reducing the need for nested with statements or redundant calculations. The provided documentation and test cases clearly illustrate the new functionality. Overall, the changes are well-implemented and contribute positively to YARA's usability.
| rule example { | ||
| condition: | ||
| with | ||
| a = 1 + 1, | ||
| b = a + 2: | ||
| ( | ||
| b == 4 | ||
| ) | ||
| } | ||
| ``` |
There was a problem hiding this comment.
The YARA code example can be improved by assigning more meaningful values to the variables. This will make the example easier to understand and demonstrate the purpose of variable reuse more effectively.
| ```yara | |
| rule example { | |
| condition: | |
| with | |
| a = 1 + 1, | |
| b = a + 2: | |
| ( | |
| b == 4 | |
| ) | |
| } | |
| ``` | |
| rule example { | |
| condition: | |
| with | |
| initial_value = 10, | |
| offset = initial_value + 5, | |
| size = offset * 2 : ( | |
| size == 30 | |
| ) | |
| } |
| ```yara | ||
| rule example { | ||
| condition: | ||
| with | ||
| a = 1 + 1, | ||
| b = a + 2, | ||
| c = b + 3: | ||
| ( | ||
| c == 7 | ||
| ) | ||
| } | ||
| ``` |
There was a problem hiding this comment.
Similar to the previous comment, using more realistic values in this example will enhance its clarity and demonstrate the practical application of the feature more effectively.
| ```yara | |
| rule example { | |
| condition: | |
| with | |
| a = 1 + 1, | |
| b = a + 2, | |
| c = b + 3: | |
| ( | |
| c == 7 | |
| ) | |
| } | |
| ``` | |
| rule example { | |
| condition: | |
| with | |
| base_address = 0x400000, | |
| entry_point_rva = 0x1000, | |
| entry_point = base_address + entry_point_rva: | |
| ( | |
| entry_point == 0x401000 | |
| ) | |
| } |
| let source = r#" | ||
| rule test { | ||
| condition: | ||
| with | ||
| call = @code[0], | ||
| rtn_ptr = call + !code[0] + 4: | ||
| ( | ||
| rtn_ptr == 0 | ||
| ) | ||
| } | ||
| "#; |
There was a problem hiding this comment.
This test case can be strengthened by adding more complex expressions within the with statement, including nested expressions and multiple variable dependencies. This will ensure that the functionality is thoroughly tested under various scenarios.
| let source = r#" | |
| rule test { | |
| condition: | |
| with | |
| call = @code[0], | |
| rtn_ptr = call + !code[0] + 4: | |
| ( | |
| rtn_ptr == 0 | |
| ) | |
| } | |
| "#; | |
| let source = r#" | |
| rule test { | |
| condition: | |
| with | |
| base = 0x400000, | |
| rva = pe.entry_point_raw, | |
| entry_point = base + rva, | |
| another_offset = entry_point + 0x1000: ( | |
| entry_point > 0 and another_offset < filesize | |
| ) | |
| } | |
| "#; |
| @@ -1244,6 +1244,7 @@ impl Compiler<'_> { | |||
| vars: VarStack::new(), | |||
| for_of_depth: 0, | |||
| features: &self.features, | |||
| with_vars: FxHashMap::default(), | |||
There was a problem hiding this comment.
Add a with_vars field to the CompileContext to store variables declared within a with statement. This field should be an FxHashMap where keys are variable names and values are their corresponding ExprIds.
with_vars: FxHashMap::default(),
No description provided.