Merge branch 'main' of https://github.com/SigmaHQ/pySigma

.github/workflows/release.yml

@@ -17,9 +17,9 @@ jobs:
       - name: Install Poetry
         run: pipx install poetry
       - name: Set up Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
-          python-version: 3.8
+          python-version: 3.9
           cache: poetry
       - name: Verify versioning
         run: |

.github/workflows/test.yml

@@ -11,7 +11,7 @@ jobs:
     strategy:
       matrix:
         os: ["ubuntu-20.04", "windows-2019", "macos-12"]
-        python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"]
+        python-version: ["3.9", "3.10", "3.11", "3.12"]
     runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v4

pyproject.toml

@@ -10,27 +10,28 @@ classifiers = [
     "Development Status :: 4 - Beta",
     "Intended Audience :: Developers",
     "License :: OSI Approved :: GNU Lesser General Public License v2 (LGPLv2)",
-    "Programming Language :: Python :: 3.8",
     "Programming Language :: Python :: 3.9",
     "Programming Language :: Python :: 3.10",
     "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",    
     "Topic :: Security"
 ]
 packages = [
     { include = "sigma" }
 ]
 
 [tool.poetry.dependencies]
-python = "^3.8"
+python = "^3.9"
 packaging = "^24.1"
 pyparsing = "^3.1"
 pyyaml = "^6.0"
 requests = "^2.31"
 jinja2 = "^3.1"
 
-[tool.poetry.dev-dependencies]
+[tool.poetry.group.dev.dependencies]
 black = "^24.4.2"
 mypy = "^1.8"
+pip = "^24.2"
 pre-commit = "^3.5"
 pylint = "^3.0"
 pytest = "^8.0"

sigma/conversion/base.py

@@ -2,7 +2,6 @@
 from collections import ChainMap, defaultdict
 import re
 
-from pyparsing import Set
 from sigma.correlations import (
     SigmaCorrelationCondition,
     SigmaCorrelationConditionOperator,

sigma/exceptions.py

@@ -2,7 +2,6 @@
 from pathlib import Path
 from typing import Optional
 
-from pyparsing import List
 import sigma
 
 

sigma/validators/core/metadata.py

@@ -113,54 +113,6 @@ def validate(self, rule: SigmaRule) -> List[SigmaValidationIssue]:
         ]
 
 
-@dataclass
-class StatusExistenceIssue(SigmaValidationIssue):
-    description: ClassVar[str] = "Rule has no status"
-    severity: ClassVar[SigmaValidationIssueSeverity] = SigmaValidationIssueSeverity.MEDIUM
-
-
-class StatusExistenceValidator(SigmaRuleValidator):
-    """Checks if rule has a status."""
-
-    def validate(self, rule: SigmaRule) -> List[SigmaValidationIssue]:
-        if rule.status is None:
-            return [StatusExistenceIssue([rule])]
-        else:
-            return []
-
-
-@dataclass
-class StatusUnsupportedIssue(SigmaValidationIssue):
-    description: ClassVar[str] = "Rule has UNSUPPORTED status"
-    severity: ClassVar[SigmaValidationIssueSeverity] = SigmaValidationIssueSeverity.MEDIUM
-
-
-class StatusUnsupportedValidator(SigmaRuleValidator):
-    """Checks if rule has a status UNSUPPORTED."""
-
-    def validate(self, rule: SigmaRule) -> List[SigmaValidationIssue]:
-        if rule.status and rule.status.name == "UNSUPPORTED":
-            return [StatusUnsupportedIssue([rule])]
-        else:
-            return []
-
-
-@dataclass
-class DateExistenceIssue(SigmaValidationIssue):
-    description: ClassVar[str] = "Rule has no date"
-    severity: ClassVar[SigmaValidationIssueSeverity] = SigmaValidationIssueSeverity.MEDIUM
-
-
-class DateExistenceValidator(SigmaRuleValidator):
-    """Checks if rule has a data."""
-
-    def validate(self, rule: SigmaRule) -> List[SigmaValidationIssue]:
-        if rule.date is None:
-            return [DateExistenceIssue([rule])]
-        else:
-            return []
-
-
 @dataclass
 class DuplicateFilenameIssue(SigmaValidationIssue):
     description: ClassVar[str] = "Rule filename used by multiple rules"
@@ -238,54 +190,3 @@ def validate(self, rule: SigmaRule) -> List[SigmaValidationIssue]:
                 if k in self.known_custom_attributes:
                     return [CustomAttributesIssue(rule, k)]
         return []
-
-
-@dataclass
-class DescriptionExistenceIssue(SigmaValidationIssue):
-    description: ClassVar[str] = "Rule has no description"
-    severity: ClassVar[SigmaValidationIssueSeverity] = SigmaValidationIssueSeverity.MEDIUM
-
-
-class DescriptionExistenceValidator(SigmaRuleValidator):
-    """Checks if rule has a description."""
-
-    def validate(self, rule: SigmaRule) -> List[SigmaValidationIssue]:
-        if rule.description is None:
-            return [DescriptionExistenceIssue([rule])]
-        else:
-            return []
-
-
-@dataclass
-class DescriptionLengthIssue(SigmaValidationIssue):
-    description: ClassVar[str] = "Rule has a too short description"
-    severity: ClassVar[SigmaValidationIssueSeverity] = SigmaValidationIssueSeverity.MEDIUM
-
-
-@dataclass(frozen=True)
-class DescriptionLengthValidator(SigmaRuleValidator):
-    """Checks if rule has a description."""
-
-    min_length: int = 16
-
-    def validate(self, rule: SigmaRule) -> List[SigmaValidationIssue]:
-        if rule.description is not None and len(rule.description) < self.min_length:
-            return [DescriptionLengthIssue([rule])]
-        else:
-            return []
-
-
-@dataclass
-class LevelExistenceIssue(SigmaValidationIssue):
-    description: ClassVar[str] = "Rule has no level"
-    severity: ClassVar[SigmaValidationIssueSeverity] = SigmaValidationIssueSeverity.MEDIUM
-
-
-class LevelExistenceValidator(SigmaRuleValidator):
-    """Checks if rule has a level."""
-
-    def validate(self, rule: SigmaRule) -> List[SigmaValidationIssue]:
-        if rule.level is None:
-            return [LevelExistenceIssue([rule])]
-        else:
-            return []

tests/test_processing_transformations.py

@@ -1,10 +1,7 @@
 from dataclasses import dataclass
 from copy import deepcopy
 import inspect
-from re import template
-import re
 from sigma.conditions import ConditionOR, SigmaCondition
-from _pytest.fixtures import fixture
 import pytest
 from sigma.correlations import (
     SigmaCorrelationFieldAlias,
@@ -1543,15 +1540,15 @@ def test_regex_transformation_plain_method(dummy_pipeline):
     detection_item = SigmaDetectionItem("field", [], [SigmaString("\\te.st*va?ue")])
     transformation = RegexTransformation(method="plain")
     transformation.apply_detection_item(detection_item)
-    assert detection_item.value[0] == SigmaRegularExpression("\\\\te\.st.*va.ue")
+    assert detection_item.value[0] == SigmaRegularExpression("\\\\te\\.st.*va.ue")
 
 
 def test_regex_transformation_case_insensitive_bracket_method(dummy_pipeline):
     detection_item = SigmaDetectionItem("field", [], [SigmaString("\\tE.sT*val?ue")])
     transformation = RegexTransformation(method="ignore_case_brackets")
     transformation.apply_detection_item(detection_item)
     assert detection_item.value[0] == SigmaRegularExpression(
-        "\\\\[tT][eE]\.[sS][tT].*[vV][aA][lL].[uU][eE]"
+        "\\\\[tT][eE]\\.[sS][tT].*[vV][aA][lL].[uU][eE]"
     )
 
 

tests/test_types.py

@@ -118,7 +118,7 @@ def test_strings_escaping_end():
 
 
 def test_strings_from_str():
-    assert SigmaString.from_str("test*string\\\\") == SigmaString("test\*string\\\\\\\\")
+    assert SigmaString.from_str("test*string\\\\") == SigmaString("test\\*string\\\\\\\\")
 
 
 def test_string_placeholders_single():
@@ -321,7 +321,7 @@ def test_strings_to_string():
 
 
 def test_strings_with_plain_wildcards_to_string():
-    plain_s = "value\*with\?plain*wild?cards"
+    plain_s = r"value\*with\?plain*wild?cards"
     s = SigmaString(plain_s)
     assert s.s == (
         "value*with?plain",

tests/test_validation.py

@@ -10,7 +10,6 @@
 from tests.test_validators import rule_with_id, rule_without_id, rules_with_id_collision
 from sigma.collection import SigmaCollection
 from sigma.validators.core.metadata import (
-    DescriptionLengthValidator,
     IdentifierExistenceValidator,
     IdentifierUniquenessValidator,
     IdentifierExistenceIssue,
@@ -81,17 +80,11 @@ def test_sigmavalidator_from_dict(validators):
                     "number_as_string",
                 ],
             },
-            "config": {
-                "description_length": {
-                    "min_length": 100,
-                },
-            },
         },
         validators,
     )
     assert DanglingDetectionValidator in (v.__class__ for v in validator.validators)
     assert TLPv1TagValidator not in (v.__class__ for v in validator.validators)
-    assert DescriptionLengthValidator(min_length=100) in validator.validators
     assert len(validator.validators) >= 10
     assert validator.exclusions == {
         UUID("c702c6c7-1393-40e5-93f8-91469f3445ad"): {DanglingDetectionValidator},
@@ -114,15 +107,11 @@ def test_sigmavalidator_from_yaml(validators):
         bf39335e-e666-4eaf-9416-47f1955b5fb3:
             - attacktag
             - number_as_string
-    config:
-        description_length:
-            min_length: 100
     """,
         validators,
     )
     assert DanglingDetectionValidator in (v.__class__ for v in validator.validators)
     assert TLPv1TagValidator not in (v.__class__ for v in validator.validators)
-    assert DescriptionLengthValidator(min_length=100) in validator.validators
     assert len(validator.validators) >= 10
     assert validator.exclusions == {
         UUID("c702c6c7-1393-40e5-93f8-91469f3445ad"): {DanglingDetectionValidator},