Wrong handling of patterns

[Cyberspacecow]

Indicators with pattern values that end with a single quote result in wrong parsing. For example to create the pattern with file name "weirdname'"

create_pattern_object(pattern="[ file:name = 'weirdname\\'' ]")

results in

[file:name = 'weird_name\']

Instead of expected:

[file:name = 'weird_name\'']

It also seems strange that the input has to have a double backslash.

Additionally creating registry values seems strange. Registry values seem to require four backslashes, otherwise throwing an InvalidValueError. For example to create an indicator of value "HKCU\test", the following code fails:

Indicator(labels=["test"], pattern="[windows-registry-key:key = 'HKCU\\test']")

and only:

Indicator(labels=["test"], pattern="[windows-registry-key:key = 'HKCU\\\\test']")

works, but the resulting pattern no longer represents the true indicator value (now it is json encoded "HKCU\test").

[clenk]

Thank you for the issue; we will look into it.

[clenk]

@Cyberspacecow this fix will be included in the next release.