From 8c516655bc00c59d896ca031966d9010cd4c36aa Mon Sep 17 00:00:00 2001
From: wesdawg <5124946+wesdawg@users.noreply.github.com>
Date: Wed, 15 Nov 2017 20:16:33 -0500
Subject: [PATCH] Add YARA language (#3877)

* Add YARA language grammars

* Add YARA to languages.yml

* Add YARA samples

* Add YARA to README
---
 .gitmodules                               |  3 +++
 grammars.yml                              |  2 ++
 lib/linguist/languages.yml                |  8 +++++++
 samples/YARA/OfExample.yar                | 23 ++++++++++++++++++++
 samples/YARA/example.yara                 | 13 ++++++++++++
 samples/YARA/true.yar                     |  1 +
 vendor/README.md                          |  1 +
 vendor/grammars/language-yara             |  1 +
 vendor/licenses/grammar/language-yara.txt | 26 +++++++++++++++++++++++
 9 files changed, 78 insertions(+)
 create mode 100644 samples/YARA/OfExample.yar
 create mode 100644 samples/YARA/example.yara
 create mode 100644 samples/YARA/true.yar
 create mode 160000 vendor/grammars/language-yara
 create mode 100644 vendor/licenses/grammar/language-yara.txt

diff --git a/.gitmodules b/.gitmodules
index 1bd960b4..ef64374a 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -868,6 +868,9 @@
 [submodule "vendor/grammars/language-ballerina"]
 	path = vendor/grammars/language-ballerina
 	url = https://github.com/ballerinalang/plugin-vscode
+[submodule "vendor/grammars/language-yara"]
+	path = vendor/grammars/language-yara
+	url = https://github.com/blacktop/language-yara
 [submodule "vendor/grammars/language-ruby"]
 	path = vendor/grammars/language-ruby
 	url = https://github.com/atom/language-ruby
diff --git a/grammars.yml b/grammars.yml
index 8f008d85..c45baf6f 100755
--- a/grammars.yml
+++ b/grammars.yml
@@ -503,6 +503,8 @@ vendor/grammars/language-yaml:
 - source.yaml
 vendor/grammars/language-yang:
 - source.yang
+vendor/grammars/language-yara:
+- source.yara
 vendor/grammars/latex.tmbundle:
 - text.bibtex
 - text.log.latex
diff --git a/lib/linguist/languages.yml b/lib/linguist/languages.yml
index 3c5203a2..6baf4deb 100755
--- a/lib/linguist/languages.yml
+++ b/lib/linguist/languages.yml
@@ -5133,6 +5133,14 @@ YANG:
   tm_scope: source.yang
   ace_mode: text
   language_id: 408
+YARA:
+  type: data
+  ace_mode: text
+  extensions:
+  - ".yar"
+  - ".yara"
+  tm_scope: source.yara
+  language_id: 805122868
 Yacc:
   type: programming
   extensions:
diff --git a/samples/YARA/OfExample.yar b/samples/YARA/OfExample.yar
new file mode 100644
index 00000000..f241cca8
--- /dev/null
+++ b/samples/YARA/OfExample.yar
@@ -0,0 +1,23 @@
+rule OfExample2
+{
+    strings:
+        $foo1 = "foo1"
+        $foo2 = "foo2"
+        $foo3 = "foo3"
+
+    condition:
+        2 of ($foo*)  // equivalent to 2 of ($foo1,$foo2,$foo3)
+}
+
+rule OfExample3
+{
+    strings:
+        $foo1 = "foo1"
+        $foo2 = "foo2"
+
+        $bar1 = "bar1"
+        $bar2 = "bar2"
+
+    condition:
+        3 of ($foo*,$bar1,$bar2)
+}
diff --git a/samples/YARA/example.yara b/samples/YARA/example.yara
new file mode 100644
index 00000000..f12c8e09
--- /dev/null
+++ b/samples/YARA/example.yara
@@ -0,0 +1,13 @@
+rule silent_banker : banker
+{
+    meta:
+        description = "This is just an example"
+        thread_level = 3
+        in_the_wild = true
+    strings:
+        $a = {6A 40 68 00 30 00 00 6A 14 8D 91}
+        $b = {8D 4D B0 2B C1 83 C0 27 99 6A 4E 59 F7 F9}
+        $c = "UVODFRYSIHLNWPEJXQZAKCBGMT"
+    condition:
+        $a or $b or $c
+}
diff --git a/samples/YARA/true.yar b/samples/YARA/true.yar
new file mode 100644
index 00000000..55d91be6
--- /dev/null
+++ b/samples/YARA/true.yar
@@ -0,0 +1 @@
+rule test { condition: true }
diff --git a/vendor/README.md b/vendor/README.md
index ec7d5580..e0cd3981 100644
--- a/vendor/README.md
+++ b/vendor/README.md
@@ -406,4 +406,5 @@ This is a list of grammars that Linguist selects to provide syntax highlighting
 - **Yacc:** [textmate/bison.tmbundle](https://github.com/textmate/bison.tmbundle)
 - **YAML:** [atom/language-yaml](https://github.com/atom/language-yaml)
 - **YANG:** [DzonyKalafut/language-yang](https://github.com/DzonyKalafut/language-yang)
+- **YARA:** [blacktop/language-yara](https://github.com/blacktop/language-yara)
 - **Zephir:** [phalcon/zephir-sublime](https://github.com/phalcon/zephir-sublime)
diff --git a/vendor/grammars/language-yara b/vendor/grammars/language-yara
new file mode 160000
index 00000000..f08eec46
--- /dev/null
+++ b/vendor/grammars/language-yara
@@ -0,0 +1 @@
+Subproject commit f08eec461ae5e97042983a8e9db328d58304afe9
diff --git a/vendor/licenses/grammar/language-yara.txt b/vendor/licenses/grammar/language-yara.txt
new file mode 100644
index 00000000..59e599a1
--- /dev/null
+++ b/vendor/licenses/grammar/language-yara.txt
@@ -0,0 +1,26 @@
+---
+type: grammar
+name: language-yara
+license: mit
+---
+The MIT License (MIT)
+
+Copyright (c) 2014-2016 Blacktop
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.