From d167d8b72b5f8e558b6c679b6ca08fb176c3c8b7 Mon Sep 17 00:00:00 2001 From: frack113 <62423083+frack113@users.noreply.github.com> Date: Sun, 1 Sep 2024 10:15:20 +0200 Subject: [PATCH] Add generic TagFormatValidator --- sigma/validators/core/tags.py | 18 ++++++++++++++++++ tests/test_validators_tags.py | 14 ++++++++++++++ 2 files changed, 32 insertions(+) diff --git a/sigma/validators/core/tags.py b/sigma/validators/core/tags.py index 2ba82196..f22fda91 100644 --- a/sigma/validators/core/tags.py +++ b/sigma/validators/core/tags.py @@ -22,6 +22,24 @@ import re +@dataclass +class InvalidTagFormatIssue(SigmaValidationIssue): + description: ClassVar[str] = "Invalid char in namaspace or name tag" + severity: ClassVar[SigmaValidationIssueSeverity] = SigmaValidationIssueSeverity.MEDIUM + tag: SigmaRuleTag + + +class TagFormatValidator(SigmaTagValidator): + """Validate rule tag namespace and name allowed char""" + + def validate_tag(self, tag: SigmaRuleTag) -> List[SigmaValidationIssue]: + tags_pattern = re.compile(r"^[a-z0-9\-\_]+\.[a-z0-9\-\_\.]+$") + + if tags_pattern.match(str(tag)) is None: + return [InvalidTagFormatIssue([self.rule], tag)] + return [] + + @dataclass class InvalidATTACKTagIssue(SigmaValidationIssue): description: ClassVar[str] = "Invalid MITRE ATT&CK tagging" diff --git a/tests/test_validators_tags.py b/tests/test_validators_tags.py index 03bd8e0b..92e44149 100644 --- a/tests/test_validators_tags.py +++ b/tests/test_validators_tags.py @@ -24,6 +24,8 @@ InvalidPatternTagIssue, NamespaceTagValidator, InvalidNamespaceTagIssue, + TagFormatValidator, + InvalidTagFormatIssue, ) @@ -234,6 +236,18 @@ def test_validator_duplicate_tags(): [], InvalidNamespaceTagIssue, ), + ( + TagFormatValidator, + ["custom.my tag", "custom.my2tag"], + ["custom.my tag"], + InvalidTagFormatIssue, + ), + ( + TagFormatValidator, + ["custom.my_tag", "custom.my-tag"], + [], + InvalidTagFormatIssue, + ), ], ) def test_validator_optional_tag(opt_validator_class, opt_tags, opt_issue_tags, opt_issue_class):