diff --git a/uncoder-core/app/translator/core/str_value_manager.py b/uncoder-core/app/translator/core/str_value_manager.py index 74a9f532..b5718e3a 100644 --- a/uncoder-core/app/translator/core/str_value_manager.py +++ b/uncoder-core/app/translator/core/str_value_manager.py @@ -42,6 +42,10 @@ class ReEndOfStrSymbol(BaseSpecSymbol): ... +class ReWordBoundarySymbol(BaseSpecSymbol): + ... + + class ReWordSymbol(BaseSpecSymbol): ... @@ -130,6 +134,7 @@ def has_spec_symbols(self) -> bool: SingleSymbolWildCard: "?", UnboundLenWildCard: "*", ReAnySymbol: ".", + ReWordBoundarySymbol: r"\b", ReWordSymbol: r"\w", ReDigitalSymbol: r"\d", ReWhiteSpaceSymbol: r"\s", diff --git a/uncoder-core/app/translator/platforms/base/aql/str_value_manager.py b/uncoder-core/app/translator/platforms/base/aql/str_value_manager.py index 111ffd7d..2e189db0 100644 --- a/uncoder-core/app/translator/platforms/base/aql/str_value_manager.py +++ b/uncoder-core/app/translator/platforms/base/aql/str_value_manager.py @@ -39,6 +39,7 @@ ReRightParenthesis, ReRightSquareBracket, ReWhiteSpaceSymbol, + ReWordBoundarySymbol, ReWordSymbol, ReZeroOrMoreQuantifier, ReZeroOrOneQuantifier, @@ -74,6 +75,7 @@ class AQLStrValueManager(StrValueManager): escape_manager = aql_escape_manager container_spec_symbols_map: ClassVar[dict[type[BaseSpecSymbol], str]] = AQL_CONTAINER_SPEC_SYMBOLS_MAP re_str_alpha_num_symbols_map: ClassVar[dict[str, type[BaseSpecSymbol]]] = { + "b": ReWordBoundarySymbol, "w": ReWordSymbol, "d": ReDigitalSymbol, "s": ReWhiteSpaceSymbol, diff --git a/uncoder-core/app/translator/platforms/palo_alto/renders/cortex_xsiam.py b/uncoder-core/app/translator/platforms/palo_alto/renders/cortex_xsiam.py index 6984b412..c5728eac 100644 --- a/uncoder-core/app/translator/platforms/palo_alto/renders/cortex_xsiam.py +++ b/uncoder-core/app/translator/platforms/palo_alto/renders/cortex_xsiam.py @@ -69,10 +69,7 @@ def _wrap_str_value(value: str) -> str: def equal_modifier(self, field: str, value: DEFAULT_VALUE_TYPE) -> str: if isinstance(value, list): - values = ", ".join( - f"{self._pre_process_value(field, str(v) if isinstance(v, int) else v, ValueType.value, True)}" - for v in value - ) + values = ", ".join(f"{self._pre_process_value(field, v, ValueType.value, True)}" for v in value) return f"{field} in ({values})" return f"{field} = {self._pre_process_value(field, value, value_type=ValueType.value, wrap_str=True)}" diff --git a/uncoder-core/app/translator/platforms/sigma/str_value_manager.py b/uncoder-core/app/translator/platforms/sigma/str_value_manager.py index 7b1ccee1..ae5120df 100644 --- a/uncoder-core/app/translator/platforms/sigma/str_value_manager.py +++ b/uncoder-core/app/translator/platforms/sigma/str_value_manager.py @@ -33,6 +33,7 @@ ReRightParenthesis, ReRightSquareBracket, ReWhiteSpaceSymbol, + ReWordBoundarySymbol, ReWordSymbol, ReZeroOrMoreQuantifier, ReZeroOrOneQuantifier, @@ -65,7 +66,12 @@ class SigmaStrValueManager(StrValueManager): escape_manager = sigma_escape_manager str_spec_symbols_map = {"?": SingleSymbolWildCard, "*": UnboundLenWildCard} - re_str_alpha_num_symbols_map = {"w": ReWordSymbol, "d": ReDigitalSymbol, "s": ReWhiteSpaceSymbol} + re_str_alpha_num_symbols_map = { + "b": ReWordBoundarySymbol, + "w": ReWordSymbol, + "d": ReDigitalSymbol, + "s": ReWhiteSpaceSymbol + } re_str_spec_symbols_map = RE_STR_SPEC_SYMBOLS_MAP def from_str_to_container(self, value: str) -> StrValue: