webui: searching for "match" doesn't provide any results

[mr-tz]

I'd expect this to show this rule for example

Or is this by design?

[s-ff]

Or is this by design?

@mr-tz, yes this works as designed.

For example, a simple rule match looks like this:

[
  {
    "key": "53-0",
    "data": {
      "type": "match location",
      "name": "function @ 0x1400198F7"
    },
    "children": [
      {
        "key": "53-0",
        "data": {
          "type": "statement",
          "typeValue": "or",
          "name": "or:",
        },
        "children": [
          {
            "data": {
              "type": "feature",
              "typeValue": "api",
              "name": "GlobalMemoryStatusEx",   <---
              "address": "0x1400344AE"
            },
            "children": []
          }
        ]
      }
    ]
  }
]

The search only operates on the name field and using templating, we add in - and the typeValue (e.g. api, count, .. etc) which results in the table cell showing - api: GlobalMemoryStatusEx but actually it's just the name in the backend.

If we want to include the typeValue (e.g. api, match, ... etc), then the constructed name should be <typeValue>: <name>, e.g.

{
            "data": {
              "type": "feature",
              "typeValue": "api",
              "name": "api: GlobalMemoryStatusEx",   <---
              "address": "0x1400344AE"
            },
            "children": []
}

Similarly, if we want to include the - in the search, and not via templating, then:

{
            "data": {
              "type": "feature",
              "typeValue": "api",
              "name": "- api: GlobalMemoryStatusEx",   <---
              "address": "0x1400344AE"
            },
            "children": []
}

In conclusion, the search works on the JSON, and the templating is used to add in colors, text, styling, ... etc.

The reason behind separating the feature values into <typeValue> and <name> is that it is easy to mark text as bold and to highlight in green the typeValue, then concatenate it with feature <name> without having to .split(":") them first

I hope this clears out things for you. Let me know if it is preferred to include these value and I can send a fix PR :)

[mr-tz]

It feels a little inconsistent. I can search for optional or or but not for match or regex.
These are different items though and your explanation makes sense.

[s-ff]

Yeah, I see your point. It is because optional, or, and are statements, and their name field is set to optional:, or:, and: so they are indeed searchable.

We can omit statements (like: optional, range (e.g. 3 or more), or, ... etc) from matching in the search by leaving out the name field empty. For example:

[
  {
    "data": {
      "type": "match location",
      "name": "function @ 0x1400198F7"
    },
    "children": [
      {
        "data": {
          "type": "statement",
          "typeValue": "or", // use this instead in the templating to render cell value as `- or: `
          "name": "",        // remove or leave empty
        },
        "children": [
          {
            "data": {
              "type": "feature",
              "typeValue": "api",
              "name": "GlobalMemoryStatusEx",
              "address": "0x1400344AE"
            },
            "children": []
          }
        ]
      }
    ]
  }
]

In my opinion, it makes sense not to include statement in the search and only include features.