Hey there,
I'm playing around with for loops on YARA and I found the documentation
about it a little limited.
I found it was possible to nest two for loops like this:
rule lorem_rule {
strings:
$sentence = /Lorem ipsum dolor sit amet[^\.]+sed do eiusmod tempor
incididunt ut labore et dolore magna aliqua/
$phrase = /consectetur adipiscing elit/
condition:
for any i in (1..#sentence): (
for all of ($phrase): (
$ in (@sentence[i]..@sentence[i]+!sentence[i])
)
)
}
And, although it works great, if there are many of $sentence and $phrase
they'll all output along with the match.
Is there a way to only print the matched item?
Also, I found that I wasn't able to nest two "for any var in" the only way
it worked was like this. Any thoughts?
Thanks
--
You received this message because you are subscribed to the Google Groups
"YARA" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/yara-project/b55576b8-3aea-4f87-99a7-a7be5d2d4aacn%40googlegroups.com.
