Merge pull request #1 from the2dl/main

Updated to add a VS Code theme that matches the Chronicle editor

README.md

@@ -16,4 +16,20 @@ Created to the YARA-L 2.0 [language specification](https://cloud.google.com/chro
 
 3. Open or create a `.yaral` or `.yl2` file and start coding!
 
-![Installation Process](https://raw.githubusercontent.com/chronicle/yara-l-extension/main/images/installation.png)
+![Installation Process](https://raw.githubusercontent.com/chronicle/yara-l-extension/main/images/installation.png)
+
+## Initialize YARA-L Theme
+
+If the YARA-L theme does not automatically apply, you can manually set it by following these steps:
+
+1. Open Command Palette: Use the keyboard shortcut Ctrl+Shift+P (Windows/Linux) or Cmd+Shift+P (macOS) to open the Command Palette.
+
+2. Access Theme Settings: Type "Color Theme" in the Command Palette and select "Preferences: Color Theme" from the list of options that appear.
+
+3. Select YARA-L: Scroll through the list of available themes until you find "YARA-L Theme", then select it. If you have many themes installed, you can start typing "YARA-L Theme" to filter the list.
+
+The YARA-L theme should now be applied to your Visual Studio Code editor.
+
+## Acknowledgements
+
+Thanks to @the2dl for contributing the custom theme!

package.json

@@ -1,12 +1,18 @@
 {
   "name": "yara-l",
   "displayName": "YARA-L",
-  "version": "1.0.1",
+  "version": "1.0.2",
   "publisher": "GoogleCloudSecurity",
-  "description":
-      "Provides syntax highlighting, bracket matching, and folding in YARA-L files.",
+  "description": "Provides syntax highlighting, bracket matching, and folding in YARA-L files.",
   "categories": ["Programming Languages"],
   "contributes": {
+    "themes": [
+      {
+        "label": "YARA-L Theme",
+        "uiTheme": "vs-dark",
+        "path": "./themes/yara-l-theme-color-theme.json"
+      }
+    ],
     "grammars": [{
       "language": "yara-l",
       "path": "./syntaxes/yara-l.tmLanguage.json",
@@ -15,10 +21,24 @@
     "languages": [{
       "id": "yara-l",
       "aliases": ["YARA-L", "yara-l", "YARAL", "yaral", "yl2"],
-      "configuration": "language-configuration.json",
+      "configuration": "./language-configuration.json",
       "extensions": [".yaral", ".yl2"]
-    }]
+    }],
+    "configuration": {
+      "title": "YARA-L Theme Customizations",
+      "properties": {
+        "workbench.colorTheme": {
+          "type": "string",
+          "default": "YARA-L Theme",
+          "description": "Select the color theme for YARA-L files."
+        }
+      }
+    }
   },
+  "activationEvents": [
+    "onLanguage:yara-l"
+  ],
+  "main": "./src/extension.js",
   "icon": "./images/chronicle.png",
   "engines": {
     "vscode": "^1.8.0"

src/extension.js

@@ -0,0 +1,14 @@
+const vscode = require('vscode');
+
+function activate(context) {
+    // Apply your theme settings
+    const themeId = 'YARA-L Theme';
+    vscode.workspace.getConfiguration().update('workbench.colorTheme', themeId, vscode.ConfigurationTarget.Workspace);
+}
+// Deactivate theme when unloading
+function deactivate() {}
+
+module.exports = {
+    activate,
+    deactivate
+}

syntaxes/yara-l.tmLanguage.json

@@ -17,9 +17,10 @@
     { "include": "#variables" },
     { "include": "#key_value_pairs" },
     { "include": "#function_expression" },
+    { "include": "#keywords" },
+    { "include": "#statistical_functions" },
     { "include": "#function_parameter" },
     { "include": "#reference_list_expression" },
-    { "include": "#keywords" },
     { "include": "#mathematical_operators"}
   ],
   "repository": {
@@ -81,15 +82,23 @@
       "match": "[\\{\\}\\(\\)\\[\\]]"
     },
     "numbers": {
-      "match": "(\\d+\\.?\\d*)(d|h|m)?",
-      "captures": {
-        "1": {
-          "name": "constant.numeric.yara-l"
+      "patterns": [
+        {
+          "match": "(\\b\\d+)([dhm]?)\\b",
+          "captures": {
+            "1": {
+              "name": "constant.numeric.yara-l"
+            },
+            "2": {
+              "name": "keyword.other.unit.yara-l"
+            }
+          }
         },
-        "2": {
-          "name": "constant.language.yara-l"
+        {
+          "match": "\\btoday\\b",
+          "name": "constant.language.today.yara-l"
         }
-      }
+      ]
     },
     "string_constants": {
       "name": "string.quoted.double.yara-l",
@@ -136,15 +145,23 @@
       "match": "^\\s*([^($#\"\\/\\s]+)\\s*="
     },
     "function_expression": {
-      "match": "([^\\s+@=\"$(\\+\\-\\/\\*%!]+)(?<!and)\\s*\\(",
+      "match": "([^\\s+@=\"$(\\+\\-\\/\\*%!]+)\\b(?<!and)\\s*\\(",
       "captures": {
         "1": {
           "name": "support.function.yara-l"
         }
       }
     },
+    "keywords": {
+      "name": "constant.language.yara-l",
+      "match": "(?i)\\b(cidr|if|count_distinct|array_distinct|math.log|math.round|count|array|rule|meta|outcome|condition|match|re.regex|num_metric_periods|arrays.length|math.abs|net.ip_in_range_cidr|re.capture|re.replace|strings.base64_decode|strings.coalesce|strings.concat|strings.to_upper|strings.to_lower|timestamp.current_timestamp|timestamp.get_hour|timestamp.get_day_of_week|timestamp.get_week|timestamp.get_date|true|false|any|all|over|before|after|if|is|null|nocase|or|and|not|in|regex)\\b"
+    },
+    "statistical_functions": {
+    "name": "support.function.statistical.yara-l",
+    "match": "(?i)(max|min|avg|stdev|sum)"
+    },
     "function_parameter": {
-      "match": "([a-zA-Z\\.\\_]+)\\:([a-zA-Z\\.\\_]+)",
+      "match": "([a-zA-Z][\\w\\.]*)\\b\\:([a-zA-Z\\.\\_]+)",
       "captures": {
         "2": {
           "name": "variable.parameter.yara-l"
@@ -155,10 +172,6 @@
       "name": "variable.other.reference_list_expression.yara-l",
       "match": "\\B(\\%\\S*)(?<!,)"
     },
-    "keywords": {
-      "name": "constant.language.yara-l",
-      "match": "(?i)\\b(and|or|not|in|true|false|nocase|any|all|over|before|after|if|is|null)\\b"
-    },
     "mathematical_operators": {
       "name": "keyword.operator.numeric.yara-l",
       "match": "\\-|\\+|\\*|/|%|!"

themes/yara-l-theme-color-theme.json

@@ -0,0 +1,89 @@
+{
+  "name": "YARA-L Theme",
+  "type": "dark", // Specifies that your theme is a dark theme, which aligns with VS Code's default dark theme settings
+  "colors": {
+    "editor.background": "#161624"
+  },
+  "tokenColors": [
+    // Your custom token color modifications:
+    {
+      "scope": "variable.name.yara-l",
+      "settings": {
+        "foreground": "#C586C0"
+      }
+    },
+    {
+      "scope": "string.regexp.yara-l",
+      "settings": {
+        "foreground": "#d3772e"
+      }
+    },
+    {
+      "scope": "variable.parameter.yara-l",
+      "settings": {
+        "foreground": "#679ad1"
+      }
+    },
+    {
+      "scope": "constant.numeric.yara-l",
+      "settings": {
+       "foreground": "#b8cba9"
+      }
+    },
+    {
+      "scope": ["keyword.other.unit.yara-l", "constant.language.today.yara-l"],
+      "settings": {
+       "foreground": "#b8cba9"
+      }
+    },
+
+    {
+      "scope": "constant.language.yara-l",
+      "settings": {
+        "foreground": "#679ad1"
+      }
+    },
+    {
+      "scope": "entity.name.tag.yara-l",
+      "settings": {
+        "foreground": "#679ad1"
+      }
+    },
+    {
+      "scope": "keyword.control.yara-l",
+      "settings": {
+        "foreground": "#679ad1"
+      }
+    },
+    {
+      "scope": "string.quoted.double.yara-l",
+      "settings": {
+        "foreground": "#c5947c"
+      }
+    },
+    {
+      "scope": "comment.line.double-slash.yara-l",
+      "settings": {
+        "foreground": "#698a55"
+      }
+    },
+    {
+      "scope": "comment.block.yara-l",
+      "settings": {
+        "foreground": "#698a55"
+      }
+    },
+    {
+      "scope": "support.function.yara-l",
+      "settings": {
+        "foreground": "#569cd6"
+      }
+    },
+    {
+      "scope": "support.function.statistical.yara-l",
+      "settings": {
+        "foreground": "#679ad1"
+      }
+    }
+  ]
+}