fixes

Author: tarnopolskyi

uncoder-core/app/translator/platforms/microsoft/parsers/microsoft_sentinel_rule.py

@@ -47,7 +47,7 @@ class MicrosoftSentinelRuleParser(MicrosoftSentinelQueryParser, JsonRuleMixin):
     mappings: MicrosoftSentinelMappings = microsoft_sentinel_rule_mappings
 
     @staticmethod
-    def __parse_timeframe(raw_timeframe: Optional[str]) -> Optional[timedelta]:
+    def _parse_timeframe(raw_timeframe: Optional[str]) -> Optional[timedelta]:
         with suppress(ISO8601Error):
             return isodate.parse_duration(raw_timeframe)
 
@@ -73,7 +73,7 @@ def parse_raw_query(self, text: str, language: str) -> RawQueryContainer:
                 id_=parsed_description.get("rule_id"),
                 title=rule.get("displayName"),
                 description=parsed_description.get("description") or rule.get("description"),
-                timeframe=self.__parse_timeframe(rule.get("queryFrequency", "")),
+                timeframe=self._parse_timeframe(rule.get("queryFrequency", "")),
                 severity=rule.get("severity", "medium"),
                 mitre_attack=mitre_attack,
                 author=parsed_description.get("author") or [rule.get("author")],
@@ -85,15 +85,10 @@ def parse_raw_query(self, text: str, language: str) -> RawQueryContainer:
 
 
 @parser_manager.register
-class MicrosoftSentinelYAMLRuleParser(MicrosoftSentinelQueryParser, YamlRuleMixin):
+class MicrosoftSentinelYAMLRuleParser(YamlRuleMixin, MicrosoftSentinelRuleParser):
     details: PlatformDetails = microsoft_sentinel_yaml_rule_details
     mappings: MicrosoftSentinelMappings = microsoft_sentinel_rule_mappings
 
-    @staticmethod
-    def __parse_timeframe(raw_timeframe: Optional[str]) -> Optional[timedelta]:
-        with suppress(ISO8601Error):
-            return isodate.parse_duration(raw_timeframe)
-
     def extract_tags(self, data: Union[dict, list, str]) -> list[str]:
         tags = []
         if isinstance(data, dict):
@@ -138,8 +133,8 @@ def parse_raw_query(self, text: str, language: str) -> RawQueryContainer:
             if isinstance(tag, str):
                 tags.append(tag)
 
-        timeframe = self.__parse_timeframe(rule.get("queryFrequency", ""))
-        query_period = self.__parse_timeframe(rule.get("queryPeriod", ""))
+        timeframe = self._parse_timeframe(rule.get("queryFrequency", ""))
+        query_period = self._parse_timeframe(rule.get("queryPeriod", ""))
 
         return RawQueryContainer(
             query=rule["query"],
@@ -155,10 +150,10 @@ def parse_raw_query(self, text: str, language: str) -> RawQueryContainer:
                 author=rule.get("metadata", {}).get("author", {}).get("name", "").split(","),
                 tags=sorted(set(tags)),
                 raw_metainfo_container=RawMetaInfoContainer(
-                    trigger_operator=rule.get("triggerOperator", ""),
-                    trigger_threshold=rule.get("triggerThreshold", ""),
-                    query_frequency=rule.get("queryFrequency", "") if not timeframe else None,
-                    query_period=rule.get("queryPeriod", "") if not query_period else None,
+                    trigger_operator=rule.get("triggerOperator"),
+                    trigger_threshold=rule.get("triggerThreshold"),
+                    query_frequency=rule.get("queryFrequency"),
+                    query_period=rule.get("queryPeriod"),
                 ),
             ),
         )

uncoder-core/app/translator/platforms/microsoft/renders/microsoft_sentinel_rule.py

@@ -19,9 +19,10 @@
 
 import copy
 import json
-from datetime import timedelta
 from typing import Optional
 
+import isodate
+
 from app.translator.core.custom_types.meta_info import SeverityType
 from app.translator.core.mapping import SourceMapping
 from app.translator.core.models.platform_details import PlatformDetails
@@ -71,41 +72,16 @@ def __create_mitre_threat(self, mitre_attack: MitreInfoContainer) -> tuple[list,
         return sorted(tactics), sorted(techniques)
 
     @staticmethod
-    def timedelta_to_iso8601(timedelta_: timedelta) -> str:
-        days = timedelta_.days
-        seconds = timedelta_.seconds
-        microseconds = timedelta_.microseconds
-
-        hours, remainder = divmod(seconds, 3600)
-        minutes, seconds = divmod(remainder, 60)
-
-        duration = "P"
-        if days:
-            duration += f"{days}D"
-
-        if hours or minutes or seconds or microseconds:
-            duration += "T"
-            if hours:
-                duration += f"{hours}H"
-            if minutes:
-                duration += f"{minutes}M"
-            if seconds or microseconds:
-                # Handle the fractional part for seconds
-                if microseconds:
-                    seconds += microseconds / 1_000_000
-                duration += f"{seconds:.6f}S" if microseconds else f"{seconds}S"
-
-        return duration
-
-    def get_query_frequency(self, meta_info: MetaInfoContainer) -> Optional[str]:
+    def get_query_frequency(meta_info: MetaInfoContainer) -> Optional[str]:
         if meta_info.timeframe:
-            return self.timedelta_to_iso8601(meta_info.timeframe)
+            return isodate.duration_isoformat(meta_info.timeframe)
         if meta_info.raw_metainfo_container:
             return meta_info.raw_metainfo_container.query_frequency
 
-    def get_query_period(self, meta_info: MetaInfoContainer) -> Optional[str]:
+    @staticmethod
+    def get_query_period(meta_info: MetaInfoContainer) -> Optional[str]:
         if meta_info.query_period:
-            return self.timedelta_to_iso8601(meta_info.query_period)
+            return isodate.duration_isoformat(meta_info.query_period)
         if meta_info.raw_metainfo_container:
             return meta_info.raw_metainfo_container.query_period