From e338d468882da951aef3bd95e74d55d03756ef3c Mon Sep 17 00:00:00 2001
From: Alex Kahan <alex@sublimesecurity.com>
Date: Wed, 7 Sep 2022 13:42:37 -0400
Subject: [PATCH] Adds  keyword to js scanner to scan ECMA6 compliant js (#33)

---
 configs/python/backend/taste/taste.yara | 2 ++
 src/python/strelka/config/taste.yara    | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/configs/python/backend/taste/taste.yara b/configs/python/backend/taste/taste.yara
index 3c732053..d43b5807 100644
--- a/configs/python/backend/taste/taste.yara
+++ b/configs/python/backend/taste/taste.yara
@@ -701,6 +701,7 @@ rule javascript_file {
         type = "script"
     strings:
         $var = { 76 61 72 20 } // var
+        $let = { 6C 65 74 20 } // let
         $function1 = { 66 75 6E 63 74 69 6F 6E } // function
         $function2 = { 28 66 75 6E 63 74 69 6F 6E } // (function
         $function3 = { 66 75 6E 63 74 69 6F 6E [0-1] 28 } // function[0-1](
@@ -720,6 +721,7 @@ rule javascript_file {
         $unescape = { 75 6E 65 73 63 61 70 65 28 } // unescape(
     condition:
         $var at 0 or
+        $let at 0 or
         $function1 at 0 or
         $function2 at 0 or
         $if at 0 or
diff --git a/src/python/strelka/config/taste.yara b/src/python/strelka/config/taste.yara
index e112cd9c..fbf3adb7 100644
--- a/src/python/strelka/config/taste.yara
+++ b/src/python/strelka/config/taste.yara
@@ -688,6 +688,7 @@ rule javascript_file {
         type = "script"
     strings:
         $var = { 76 61 72 20 } // var
+        $let = { 6C 65 74 20 } // let
         $function1 = { 66 75 6E 63 74 69 6F 6E } // function
         $function2 = { 28 66 75 6E 63 74 69 6F 6E } // (function
         $function3 = { 66 75 6E 63 74 69 6F 6E [0-1] 28 } // function[0-1](
@@ -707,6 +708,7 @@ rule javascript_file {
         $unescape = { 75 6E 65 73 63 61 70 65 28 } // unescape(
     condition:
         $var at 0 or
+        $let at 0 or
         $function1 at 0 or
         $function2 at 0 or
         $if at 0 or