From 7f34b125ae3bea48dfe9483fbc26c4b37beab18f Mon Sep 17 00:00:00 2001 From: Oleksandr Volha Date: Wed, 24 Jul 2024 15:50:57 +0300 Subject: [PATCH 1/3] fix regex processing --- uncoder-core/app/translator/core/str_value_manager.py | 5 +++++ .../app/translator/platforms/base/aql/str_value_manager.py | 2 ++ .../translator/platforms/palo_alto/renders/cortex_xsiam.py | 5 +---- .../app/translator/platforms/sigma/str_value_manager.py | 4 ++-- 4 files changed, 10 insertions(+), 6 deletions(-) diff --git a/uncoder-core/app/translator/core/str_value_manager.py b/uncoder-core/app/translator/core/str_value_manager.py index 74a9f532..b5718e3a 100644 --- a/uncoder-core/app/translator/core/str_value_manager.py +++ b/uncoder-core/app/translator/core/str_value_manager.py @@ -42,6 +42,10 @@ class ReEndOfStrSymbol(BaseSpecSymbol): ... +class ReWordBoundarySymbol(BaseSpecSymbol): + ... + + class ReWordSymbol(BaseSpecSymbol): ... @@ -130,6 +134,7 @@ def has_spec_symbols(self) -> bool: SingleSymbolWildCard: "?", UnboundLenWildCard: "*", ReAnySymbol: ".", + ReWordBoundarySymbol: r"\b", ReWordSymbol: r"\w", ReDigitalSymbol: r"\d", ReWhiteSpaceSymbol: r"\s", diff --git a/uncoder-core/app/translator/platforms/base/aql/str_value_manager.py b/uncoder-core/app/translator/platforms/base/aql/str_value_manager.py index 111ffd7d..2e189db0 100644 --- a/uncoder-core/app/translator/platforms/base/aql/str_value_manager.py +++ b/uncoder-core/app/translator/platforms/base/aql/str_value_manager.py @@ -39,6 +39,7 @@ ReRightParenthesis, ReRightSquareBracket, ReWhiteSpaceSymbol, + ReWordBoundarySymbol, ReWordSymbol, ReZeroOrMoreQuantifier, ReZeroOrOneQuantifier, @@ -74,6 +75,7 @@ class AQLStrValueManager(StrValueManager): escape_manager = aql_escape_manager container_spec_symbols_map: ClassVar[dict[type[BaseSpecSymbol], str]] = AQL_CONTAINER_SPEC_SYMBOLS_MAP re_str_alpha_num_symbols_map: ClassVar[dict[str, type[BaseSpecSymbol]]] = { + "b": ReWordBoundarySymbol, "w": ReWordSymbol, "d": ReDigitalSymbol, "s": ReWhiteSpaceSymbol, diff --git a/uncoder-core/app/translator/platforms/palo_alto/renders/cortex_xsiam.py b/uncoder-core/app/translator/platforms/palo_alto/renders/cortex_xsiam.py index 6984b412..c5728eac 100644 --- a/uncoder-core/app/translator/platforms/palo_alto/renders/cortex_xsiam.py +++ b/uncoder-core/app/translator/platforms/palo_alto/renders/cortex_xsiam.py @@ -69,10 +69,7 @@ def _wrap_str_value(value: str) -> str: def equal_modifier(self, field: str, value: DEFAULT_VALUE_TYPE) -> str: if isinstance(value, list): - values = ", ".join( - f"{self._pre_process_value(field, str(v) if isinstance(v, int) else v, ValueType.value, True)}" - for v in value - ) + values = ", ".join(f"{self._pre_process_value(field, v, ValueType.value, True)}" for v in value) return f"{field} in ({values})" return f"{field} = {self._pre_process_value(field, value, value_type=ValueType.value, wrap_str=True)}" diff --git a/uncoder-core/app/translator/platforms/sigma/str_value_manager.py b/uncoder-core/app/translator/platforms/sigma/str_value_manager.py index 7b1ccee1..0910ca4c 100644 --- a/uncoder-core/app/translator/platforms/sigma/str_value_manager.py +++ b/uncoder-core/app/translator/platforms/sigma/str_value_manager.py @@ -39,7 +39,7 @@ SingleSymbolWildCard, StrValue, StrValueManager, - UnboundLenWildCard, + UnboundLenWildCard, ReWordBoundarySymbol, ) from app.translator.platforms.sigma.escape_manager import sigma_escape_manager @@ -65,7 +65,7 @@ class SigmaStrValueManager(StrValueManager): escape_manager = sigma_escape_manager str_spec_symbols_map = {"?": SingleSymbolWildCard, "*": UnboundLenWildCard} - re_str_alpha_num_symbols_map = {"w": ReWordSymbol, "d": ReDigitalSymbol, "s": ReWhiteSpaceSymbol} + re_str_alpha_num_symbols_map = {"b": ReWordBoundarySymbol, "w": ReWordSymbol, "d": ReDigitalSymbol, "s": ReWhiteSpaceSymbol} re_str_spec_symbols_map = RE_STR_SPEC_SYMBOLS_MAP def from_str_to_container(self, value: str) -> StrValue: From 4a95628f6912481a7a9309ef0c335aa1a85d52ce Mon Sep 17 00:00:00 2001 From: Oleksandr Volha Date: Wed, 24 Jul 2024 15:51:02 +0300 Subject: [PATCH 2/3] fix import --- .../app/translator/platforms/sigma/str_value_manager.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/uncoder-core/app/translator/platforms/sigma/str_value_manager.py b/uncoder-core/app/translator/platforms/sigma/str_value_manager.py index 0910ca4c..0b227428 100644 --- a/uncoder-core/app/translator/platforms/sigma/str_value_manager.py +++ b/uncoder-core/app/translator/platforms/sigma/str_value_manager.py @@ -33,13 +33,14 @@ ReRightParenthesis, ReRightSquareBracket, ReWhiteSpaceSymbol, + ReWordBoundarySymbol, ReWordSymbol, ReZeroOrMoreQuantifier, ReZeroOrOneQuantifier, SingleSymbolWildCard, StrValue, StrValueManager, - UnboundLenWildCard, ReWordBoundarySymbol, + UnboundLenWildCard, ) from app.translator.platforms.sigma.escape_manager import sigma_escape_manager From a287e7d3c6400ec7a93c004ab6b05b64827be4c9 Mon Sep 17 00:00:00 2001 From: Oleksandr Volha Date: Wed, 24 Jul 2024 15:51:37 +0300 Subject: [PATCH 3/3] fix format --- .../app/translator/platforms/sigma/str_value_manager.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/uncoder-core/app/translator/platforms/sigma/str_value_manager.py b/uncoder-core/app/translator/platforms/sigma/str_value_manager.py index 0b227428..ae5120df 100644 --- a/uncoder-core/app/translator/platforms/sigma/str_value_manager.py +++ b/uncoder-core/app/translator/platforms/sigma/str_value_manager.py @@ -66,7 +66,12 @@ class SigmaStrValueManager(StrValueManager): escape_manager = sigma_escape_manager str_spec_symbols_map = {"?": SingleSymbolWildCard, "*": UnboundLenWildCard} - re_str_alpha_num_symbols_map = {"b": ReWordBoundarySymbol, "w": ReWordSymbol, "d": ReDigitalSymbol, "s": ReWhiteSpaceSymbol} + re_str_alpha_num_symbols_map = { + "b": ReWordBoundarySymbol, + "w": ReWordSymbol, + "d": ReDigitalSymbol, + "s": ReWhiteSpaceSymbol + } re_str_spec_symbols_map = RE_STR_SPEC_SYMBOLS_MAP def from_str_to_container(self, value: str) -> StrValue: