I've written my own module to parse a certain file format. Certain fields of this format are saved into variables with set_string https://yara.readthedocs.io/en/stable/writingmodules.html#setting-variable-s-values
Now I want to write a rule, that checks if a regex matches against this field. This approach works:
import "my-module"
rule dummy
{
condition:
my-module.my-variable matches /[a-z]/
}
But this one does not. I'd like to define the regular expressions before hand and after that use them by their name.
import "my-module"
rule dummy
{
strings:
$re = /[a-z]/
condition:
my-module.my-variable matches $re
}
This is the error: error: rule "dummy" in rule.yar(6): syntax error
Can someone tell me how to define a regex in a variable, and then match it against variables from my own module?
