Snippets
Some snippets have been included for basic YARA rule patterns, such as any/all of them, for..of, and common binary file headers.
These simple snippets can be found in the yara/snippets/yara.json file.
There are a few snippets that can take data from your clipboard and create new, properly escaped strings from them. Simply copy the data you'd like to turn into a string, type out which snippet you'd like to use, and let it handle the escaping for you
-
$s- regular strings. Also appends two optional modifiers to the string,asciiandfullword, but those can be removed if desired
-
$c- hex strings
-
$re- regular expressions
Additionally, each section in a rule (meta, strings, condition) has a toggle-able snippet that can be controlled by the YARA configuration built in to VSCode. If my section snippets interfere with existing ones you've set up, just turn them off!
Lastly, the built-in meta snippet has its own configuration entry, so you can pre-generate your metadata for every rule. It supports snippet variables, such as ${CURRENT_DATE} or ${TM_FILENAME} as well. For example, setting the yara.metaEntries configuration to the following will auto-fill the date, and a tabstop will be placed in the hash field for you to fill in immediately:
{
"date": "${CURRENT_YEAR}-${CURRENT_MONTH}-${CURRENT_DATE}",
"hash": ""
}
Interested in reading how this works? Check out the snippetProvider class.
Wanting to add your own snippet or curious what snippet variables exist? Take a look at https://code.visualstudio.com/docs/editor/userdefinedsnippets#_create-your-own-snippets