Skip to content

Commit

Permalink
Merge branch 'main' of github.com:SigmaHQ/pySigma into fieldref-wildc…
Browse files Browse the repository at this point in the history
…ard-support
  • Loading branch information
kelnage committed Nov 13, 2024
2 parents 6fab372 + 3f88199 commit dcc780d
Show file tree
Hide file tree
Showing 43 changed files with 3,993 additions and 3,721 deletions.
13 changes: 13 additions & 0 deletions docs/Breaking_Changes.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
Breaking Changes
================

This page documents breaking changes in pySigma. Normally, we try to avoid breaking changes in minor
versions and generally try to keep pySigma backwards compatible, but sometimes they are necessary to
improve the library.

Version 1.0
-----------

* The class `CompareOperators` was moved out of `SigmaCompatreExpression` into the root of the
containing module `sigma.types`. If the class was formerly used, it has now to be imported
explicitly from the module.
1 change: 1 addition & 0 deletions docs/index.rst
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ pySigma Documentation
Backends
Rule_Validation
Plugin_System
Breaking_Changes

Overview
********
Expand Down
12 changes: 6 additions & 6 deletions sigma/backends/test/backend.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
from sigma.pipelines.test import dummy_test_pipeline
from sigma.processing.pipeline import ProcessingItem, ProcessingPipeline
from sigma.processing.transformations import FieldMappingTransformation
from sigma.types import SigmaCompareExpression
from sigma.types import CompareOperators, SigmaCompareExpression


class TextQueryTestBackend(TextQueryBackend):
Expand Down Expand Up @@ -62,11 +62,11 @@ class TextQueryTestBackend(TextQueryBackend):
cidr_expression: ClassVar[str] = "cidrmatch('{field}', \"{value}\")"

compare_op_expression: ClassVar[str] = "{field}{operator}{value}"
compare_operators: ClassVar[Dict[SigmaCompareExpression.CompareOperators, str]] = {
SigmaCompareExpression.CompareOperators.LT: "<",
SigmaCompareExpression.CompareOperators.LTE: "<=",
SigmaCompareExpression.CompareOperators.GT: ">",
SigmaCompareExpression.CompareOperators.GTE: ">=",
compare_operators: ClassVar[Dict[CompareOperators, str]] = {
CompareOperators.LT: "<",
CompareOperators.LTE: "<=",
CompareOperators.GT: ">",
CompareOperators.GTE: ">=",
}

field_equals_field_expression: ClassVar[str] = "{field1}=fieldref({field2})"
Expand Down
3 changes: 2 additions & 1 deletion sigma/conversion/base.py
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@
ConditionType,
)
from sigma.types import (
CompareOperators,
SigmaBool,
SigmaCasedString,
SigmaExists,
Expand Down Expand Up @@ -883,7 +884,7 @@ class variables. If this is not sufficient, the respective methods can be implem
compare_op_expression: ClassVar[Optional[str]] = (
None # Compare operation query as format string with placeholders {field}, {operator} and {value}
)
compare_operators: ClassVar[Optional[Dict[SigmaCompareExpression.CompareOperators, str]]] = (
compare_operators: ClassVar[Optional[Dict[CompareOperators, str]]] = (
None # Mapping between CompareOperators elements and strings used as replacement for {operator} in compare_op_expression
)

Expand Down
6 changes: 6 additions & 0 deletions sigma/exceptions.py
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,12 @@ class SigmaPipelineParsingError(SigmaError):
pass


class SigmaProcessingItemError(SigmaError):
"""Error in definition or state of processing item."""

pass


class SigmaPlaceholderError(SigmaValueError):
"""Attempted to convert an unhandled Placeholder into a query"""

Expand Down
19 changes: 6 additions & 13 deletions sigma/modifiers.py
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
from collections.abc import Sequence as SequenceABC
from base64 import b64encode
from sigma.types import (
CompareOperators,
Placeholder,
SigmaBool,
SigmaCasedString,
Expand Down Expand Up @@ -328,7 +329,7 @@ def modify(self, val: Sequence[SigmaType]) -> List[SigmaType]:
class SigmaCompareModifier(SigmaValueModifier):
"""Base class for numeric comparison operator modifiers."""

op: ClassVar[SigmaCompareExpression.CompareOperators]
op: ClassVar[CompareOperators]

def modify(self, val: SigmaNumber) -> SigmaCompareExpression:
return SigmaCompareExpression(val, self.op, self.source)
Expand All @@ -337,33 +338,25 @@ def modify(self, val: SigmaNumber) -> SigmaCompareExpression:
class SigmaLessThanModifier(SigmaCompareModifier):
"""Numeric less than (<) matching."""

op: ClassVar[SigmaCompareExpression.CompareOperators] = (
SigmaCompareExpression.CompareOperators.LT
)
op: ClassVar[CompareOperators] = CompareOperators.LT


class SigmaLessThanEqualModifier(SigmaCompareModifier):
"""Numeric less than or equal (<=) matching."""

op: ClassVar[SigmaCompareExpression.CompareOperators] = (
SigmaCompareExpression.CompareOperators.LTE
)
op: ClassVar[CompareOperators] = CompareOperators.LTE


class SigmaGreaterThanModifier(SigmaCompareModifier):
"""Numeric greater than (>) matching."""

op: ClassVar[SigmaCompareExpression.CompareOperators] = (
SigmaCompareExpression.CompareOperators.GT
)
op: ClassVar[CompareOperators] = CompareOperators.GT


class SigmaGreaterThanEqualModifier(SigmaCompareModifier):
"""Numeric greater than or equal (>=) matching."""

op: ClassVar[SigmaCompareExpression.CompareOperators] = (
SigmaCompareExpression.CompareOperators.GTE
)
op: ClassVar[CompareOperators] = CompareOperators.GTE


class SigmaFieldReferenceModifier(SigmaValueModifier):
Expand Down
Loading

0 comments on commit dcc780d

Please sign in to comment.