gis-8502 fix MetaInfoContainer

Author: nazargesyk

uncoder-core/app/translator/core/models/query_container.py

@@ -39,24 +39,26 @@ def __init__(
         trigger_threshold: Optional[str] = None,
         query_frequency: Optional[str] = None,
         query_period: Optional[str] = None,
+        from_: Optional[str] = None,
+        interval: Optional[str] = None,
     ) -> None:
         self.trigger_operator = trigger_operator
         self.trigger_threshold = trigger_threshold
         self.query_frequency = query_frequency
         self.query_period = query_period
+        self.from_ = from_
+        self.interval = interval
 
 
 class MetaInfoContainer:
     def __init__(
         self,
         *,
         id_: Optional[str] = None,
-        from_: Optional[str] = None,
-        index: Optional[str] = None,
+        index: Optional[list[str]] = None,
         language: Optional[str] = None,
-        risk_score: Optional[str] = None,
+        risk_score: Optional[int] = None,
         type_: Optional[str] = None,
-        interval: Optional[str] = None,
         title: Optional[str] = None,
         description: Optional[str] = None,
         author: Optional[list[str]] = None,
@@ -79,12 +81,10 @@ def __init__(
     ) -> None:
         self.id = id_ or str(uuid.uuid4())
         self.title = title or ""
-        self.from_ = from_ or ""
-        self.index = index or ""
+        self.index = index or []
         self.language = language or ""
-        self.risk_score = risk_score or ""
+        self.risk_score = risk_score or None
         self.type_ = type_ or ""
-        self.interval = interval or ""
         self.description = description or ""
         self.author = [v.strip() for v in author] if author else []
         self.date = date or datetime.now().date().strftime("%Y-%m-%d")

uncoder-core/app/translator/platforms/elasticsearch/__init__.py

@@ -1,5 +1,5 @@
 from app.translator.platforms.elasticsearch.parsers.detection_rule import (
-    ElasticSearchRuleParser,
+    ElasticSearchRuleParser,  # noqa: F401
     ElasticSearchRuleTOMLParser,  # noqa: F401
 )
 from app.translator.platforms.elasticsearch.parsers.elasticsearch import ElasticSearchQueryParser  # noqa: F401

uncoder-core/app/translator/platforms/elasticsearch/parsers/detection_rule.py

@@ -19,7 +19,7 @@
 
 from app.translator.core.mixins.rule import JsonRuleMixin, TOMLRuleMixin
 from app.translator.core.models.platform_details import PlatformDetails
-from app.translator.core.models.query_container import MetaInfoContainer, RawQueryContainer
+from app.translator.core.models.query_container import MetaInfoContainer, RawMetaInfoContainer, RawQueryContainer
 from app.translator.managers import parser_manager
 from app.translator.platforms.elasticsearch.const import elasticsearch_rule_details, elasticsearch_rule_toml_details
 from app.translator.platforms.elasticsearch.parsers.elasticsearch import ElasticSearchQueryParser
@@ -89,11 +89,10 @@ def parse_raw_query(self, text: str, language: str) -> RawQueryContainer:
                 references=rule.get("references"),
                 tags=rule.get("tags"),
                 mitre_attack=mitre_attack,
-                from_=rule.get("from"),
                 index=rule.get("index"),
                 language=rule.get("language"),
                 risk_score=rule.get("risk_score"),
                 type_=rule.get("type"),
-                interval=rule.get("interval"),
+                raw_metainfo_container=RawMetaInfoContainer(from_=rule.get("from"), interval=rule.get("interval")),
             ),
         )