Skip to content

Commit

Permalink
Add generic TagFormatValidator
Browse files Browse the repository at this point in the history
  • Loading branch information
@frack113
frack113 committed Sep 1, 2024
1 parent e09a258 commit d167d8b
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 0 deletions.
18 changes: 18 additions & 0 deletions sigma/validators/core/tags.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,24 @@
import re


@dataclass
class InvalidTagFormatIssue(SigmaValidationIssue):
description: ClassVar[str] = "Invalid char in namaspace or name tag"
severity: ClassVar[SigmaValidationIssueSeverity] = SigmaValidationIssueSeverity.MEDIUM
tag: SigmaRuleTag


class TagFormatValidator(SigmaTagValidator):
"""Validate rule tag namespace and name allowed char"""

def validate_tag(self, tag: SigmaRuleTag) -> List[SigmaValidationIssue]:
tags_pattern = re.compile(r"^[a-z0-9\-\_]+\.[a-z0-9\-\_\.]+$")

if tags_pattern.match(str(tag)) is None:
return [InvalidTagFormatIssue([self.rule], tag)]
return []


@dataclass
class InvalidATTACKTagIssue(SigmaValidationIssue):
description: ClassVar[str] = "Invalid MITRE ATT&CK tagging"
Expand Down
14 changes: 14 additions & 0 deletions tests/test_validators_tags.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@
InvalidPatternTagIssue,
NamespaceTagValidator,
InvalidNamespaceTagIssue,
TagFormatValidator,
InvalidTagFormatIssue,
)


Expand Down Expand Up @@ -234,6 +236,18 @@ def test_validator_duplicate_tags():
[],
InvalidNamespaceTagIssue,
),
(
TagFormatValidator,
["custom.my tag", "custom.my2tag"],
["custom.my tag"],
InvalidTagFormatIssue,
),
(
TagFormatValidator,
["custom.my_tag", "custom.my-tag"],
[],
InvalidTagFormatIssue,
),
],
)
def test_validator_optional_tag(opt_validator_class, opt_tags, opt_issue_tags, opt_issue_class):
Expand Down

0 comments on commit d167d8b

Please sign in to comment.