Add integration with YAML files and sublime-rules (#2)

Author: rw-access

.vscode/launch.json

@@ -1,16 +1,16 @@
-{
-    "version": "0.2.0",
-    "configurations": [
-        {
-            "type": "extensionHost",
-            "request": "launch",
-            "name": "Launch Client",
-            "runtimeExecutable": "${execPath}",
-            "args": [
-                "--extensionDevelopmentPath=${workspaceFolder}"
-            ],
-            "outFiles": ["${workspaceFolder}/out/**/*.js"],
-            "preLaunchTask": "watch"
-        }
-    ]
+{
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "type": "extensionHost",
+            "request": "launch",
+            "name": "Launch Client",
+            "runtimeExecutable": "${execPath}",
+            "args": [
+                "--extensionDevelopmentPath=${workspaceFolder}"
+            ],
+            "outFiles": ["${workspaceFolder}/out/**/*.js"],
+            "preLaunchTask": "watch"
+        }
+    ]
 }

.vscode/settings.json

@@ -1,8 +1,8 @@
-{
-	"editor.insertSpaces": false,
-	"typescript.tsc.autoDetect": "off",
-	"typescript.preferences.quoteStyle": "single",
-	"editor.codeActionsOnSave": {
-		"source.fixAll.eslint": true
-	}
+{
+	"editor.insertSpaces": false,
+	"typescript.tsc.autoDetect": "off",
+	"typescript.preferences.quoteStyle": "single",
+	"editor.codeActionsOnSave": {
+		"source.fixAll.eslint": true
+	}
 }

.vscode/tasks.json

@@ -1,39 +1,39 @@
-{
-    "version": "2.0.0",
-    "tasks": [
-        {
-            "type": "npm",
-            "script": "compile",
-            "group": "build",
-            "presentation": {
-                "panel": "dedicated",
-                "reveal": "never"
-            },
-            "problemMatcher": [
-                "$tsc"
-            ]
-        },
-        {
-            "type": "npm",
-            "script": "watch",
-            "label": "watch",
-            "isBackground": true,
-            "group": {
-                "kind": "build",
-                "isDefault": true
-            },
-            "presentation": {
-                "panel": "dedicated",
-                "reveal": "never"
-            },
-            "problemMatcher": {
-                "base": "$tsc-watch",
-                "background": {
-                    "activeOnStart": true,
-                    "beginsPattern": ".*",
-                    "endsPattern": ".*watching for changes.*"
-                }
-            }
-        }
-    ]
+{
+    "version": "2.0.0",
+    "tasks": [
+        {
+            "type": "npm",
+            "script": "compile",
+            "group": "build",
+            "presentation": {
+                "panel": "dedicated",
+                "reveal": "never"
+            },
+            "problemMatcher": [
+                "$tsc"
+            ]
+        },
+        {
+            "type": "npm",
+            "script": "watch",
+            "label": "watch",
+            "isBackground": true,
+            "group": {
+                "kind": "build",
+                "isDefault": true
+            },
+            "presentation": {
+                "panel": "dedicated",
+                "reveal": "never"
+            },
+            "problemMatcher": {
+                "base": "$tsc-watch",
+                "background": {
+                    "activeOnStart": true,
+                    "beginsPattern": ".*",
+                    "endsPattern": ".*watching for changes.*"
+                }
+            }
+        }
+    ]
 }

.vscodeignore

@@ -9,7 +9,8 @@
 !package-lock.json
 !tsconfig.json
 
-!syntaxes/mesageQueryLanguage.tmLanguage.json
+!schemas/*.json
+!syntaxes/*.json
 !icon.png
 !language-configuration.json
 

package.json

@@ -32,7 +32,8 @@
 	],
 	"main": "./out/main.js",
 	"activationEvents": [
-		"onLanguage:messageQueryLanguage"
+		"onLanguage:messageQueryLanguage",
+		"onLanguage:yaml"
 	],
 	"contributes": {
 		"languages": [
@@ -51,8 +52,37 @@
 		"grammars": [
 			{
 				"language": "messageQueryLanguage",
-				"scopeName": "source.messageQueryLanguage",
+				"scopeName": "source.mql",
 				"path": "./syntaxes/messageQueryLanguage.tmLanguage.json"
+			},
+			{
+				"path": "./syntaxes/messageQueryLanguage-injection.json",
+				"scopeName": "source.mql.injection",
+				"injectTo": [
+					"source.yaml"
+				],
+				"embeddedLanguages": {
+					"source.mql": "messageQueryLanguage"
+				},
+				"tokenTypes": {
+					"source.mql": "other"
+				}
+			}
+		],
+		"yamlValidation": [
+			{
+				"fileMatch": [
+					"detection-rules/**/*.yml",
+					"discovery-rules/**/*.yml"
+				],
+				"url": "./schemas/sublimeRule.json"
+			},
+			{
+				"fileMatch": [
+					"signals/**/*.yml",
+					"insights/**/*.yml"
+				],
+				"url": "./schemas/sublimeQuery.json"
 			}
 		],
 		"configuration": {
@@ -134,4 +164,4 @@
 		"vscode-languageclient": "^8.1.0",
 		"ws": "^8.13.0"
 	}
-}
+}

schemas/sublimeQuery.json

@@ -0,0 +1,77 @@
+{
+	"title": "Sublime Security MQL Query",
+	"properties": {
+		"authors": {
+			"items": {
+				"properties": {
+					"name": {
+						"type": "string"
+					},
+					"twitter": {
+						"type": "string"
+					}
+				},
+				"type": "object"
+			},
+			"type": "array"
+		},
+		"description": {
+			"type": "string"
+		},
+		"false_positives": {
+			"items": {
+				"type": "string"
+			},
+			"type": "array"
+		},
+		"label": {
+			"nullable": true,
+			"type": "string"
+		},
+		"maturity": {
+			"nullable": true,
+			"type": "string"
+		},
+		"name": {
+			"type": "string"
+		},
+		"references": {
+			"items": {
+				"type": "string"
+			},
+			"type": "array"
+		},
+		"severity": {
+			"nullable": true,
+			"type": "string"
+		},
+		"source": {
+			"type": "string"
+		},
+		"tags": {
+			"items": {
+				"type": "string"
+			},
+			"type": "array"
+		},
+		"type": {
+			"default": "query",
+			"enum": [
+				"query"
+			],
+			"type": "string"
+		},
+		"user_provided_tags": {
+			"items": {
+				"type": "string"
+			},
+			"type": "array"
+		}
+	},
+	"required": [
+		"name",
+		"source",
+		"type"
+	],
+	"type": "object"
+}

schemas/sublimeRule.json

@@ -0,0 +1,86 @@
+{
+	"title": "Sublime Security MQL Rule",
+	"properties": {
+		"action_ids": {
+			"items": {
+				"type": "string"
+			},
+			"type": "array"
+		},
+		"active": {
+			"type": "boolean"
+		},
+		"authors": {
+			"items": {
+				"properties": {
+					"name": {
+						"type": "string"
+					},
+					"twitter": {
+						"type": "string"
+					}
+				},
+				"type": "object"
+			},
+			"type": "array"
+		},
+		"description": {
+			"type": "string"
+		},
+		"false_positives": {
+			"items": {
+				"type": "string"
+			},
+			"type": "array"
+		},
+		"label": {
+			"nullable": true,
+			"type": "string"
+		},
+		"maturity": {
+			"nullable": true,
+			"type": "string"
+		},
+		"name": {
+			"type": "string"
+		},
+		"references": {
+			"items": {
+				"type": "string"
+			},
+			"type": "array"
+		},
+		"severity": {
+			"nullable": true,
+			"type": "string"
+		},
+		"source": {
+			"type": "string"
+		},
+		"tags": {
+			"items": {
+				"type": "string"
+			},
+			"type": "array"
+		},
+		"type": {
+			"default": "rule",
+			"enum": [
+				"rule"
+			],
+			"type": "string"
+		},
+		"user_provided_tags": {
+			"items": {
+				"type": "string"
+			},
+			"type": "array"
+		}
+	},
+	"required": [
+		"name",
+		"source",
+		"type"
+	],
+	"type": "object"
+}