Fixes for Elasticsearch query correctness CI tests

* Quoting in rule * Reading queries without special processing of backslashes Unfortunately, backslashes still cause breaks caused by Bash handling of them.
SigmaHQ · Apr 9, 2018 · 788111f · 788111f
1 parent 24d94d3
commit 788111f
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/rules/application/app_sqlinjection_errors.yml b/rules/application/app_sqlinjection_errors.yml
@@ -16,7 +16,7 @@ detection:
         # SQL Server
         - Unclosed quotation mark
         # SQLite
-        - near "*": syntax error
+        - 'near "*": syntax error'
         - SELECTs to the left and right of UNION do not have the same number of result columns
     condition: keywords
 falsepositives:

diff --git a/tests/test-backend-es-qs.sh b/tests/test-backend-es-qs.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-
+#set -vx
 
 curl -XPUT 'localhost:9200/test?pretty' -H 'Content-Type: application/json' -d'
 {
@@ -12,7 +12,7 @@ curl -XPUT 'localhost:9200/test?pretty' -H 'Content-Type: application/json' -d'
 }
 '
 tools/sigmac -t es-qs -Orulecomment -I -r rules/ > es-queries.txt
-while read line
+while read -r line
 do
     if [[ $line == \#* ]]
     then