fix(dsl): quoted strings

crates/modules/rules-engine/src/dsl.lalrpop

@@ -70,7 +70,7 @@ Comma<T>: Vec<T> = {
 }
 
 Value: String = {
-    r#""\S+""# => <>.trim_matches('"').to_string(),
+    r#""([^"\\]|\\.)*""# => <>.trim_matches('"').to_string(),
     r"[0-9]+" => <>.to_string()
 }
 

rules/basic-rules.yaml

@@ -74,14 +74,14 @@
     this technique to search for, analyze, or manipulate private keys or passwords on the system.
   condition: (
     payload.filename ENDS_WITH "/find" AND (payload.argv CONTAINS "id_rsa" OR payload.argv CONTAINS "id_dsa")
-  ) OR (
-    payload.filename ENDS_WITH "grep" AND (
-      payload.argv CONTAINS "BEGIN PRIVATE"
-        OR payload.argv CONTAINS "BEGIN RSA PRIVATE" 
-        OR payload.argv CONTAINS "BEGIN DSA PRIVATE"
-        OR payload.argv CONTAINS "BEGIN EC PRIVATE"
+    ) OR (
+      payload.filename ENDS_WITH "grep" AND (
+        payload.argv CONTAINS "BEGIN PRIVATE"
+          OR payload.argv CONTAINS "BEGIN RSA PRIVATE"
+          OR payload.argv CONTAINS "BEGIN DSA PRIVATE"
+          OR payload.argv CONTAINS "BEGIN EC PRIVATE"
+      )
     )
-  )
 
 
 # Add allowed files