Merge pull request #296 from SigmaHQ/pass-backend-options-to-pipeline

Pass backend options to pipeline
SigmaHQ · Oct 23, 2024 · 4dbedb2 · 4dbedb2
2 parents fc60de2 + 272ab95
commit 4dbedb2
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 2 deletions.
diff --git a/sigma/backends/test/backend.py b/sigma/backends/test/backend.py
@@ -164,8 +164,9 @@ def __init__(
         processing_pipeline: Optional[ProcessingPipeline] = None,
         collect_errors: bool = False,
         testparam: Optional[str] = None,
+        **kwargs,
     ):
-        super().__init__(processing_pipeline, collect_errors)
+        super().__init__(processing_pipeline, collect_errors, **kwargs)
         self.testparam = testparam
 
     def finalize_query_test(self, rule, query, index, state):

diff --git a/sigma/conversion/base.py b/sigma/conversion/base.py
@@ -143,10 +143,12 @@ def __init__(
         self,
         processing_pipeline: Optional[ProcessingPipeline] = None,
         collect_errors: bool = False,
+        **backend_options: Dict,
     ):
         self.processing_pipeline = processing_pipeline
         self.errors = list()
         self.collect_errors = collect_errors
+        self.backend_options = backend_options
 
     def convert(
         self,
@@ -183,6 +185,9 @@ def convert_rule(self, rule: SigmaRule, output_format: Optional[str] = None) ->
                 + self.processing_pipeline
                 + self.output_format_processing_pipeline[output_format or self.default_format]
             )
+            self.last_processing_pipeline.vars.update(
+                {"backend_" + key: value for key, value in self.backend_options.items()}
+            )
 
             error_state = "applying processing pipeline on"
             self.last_processing_pipeline.apply(rule)  # 1. Apply transformations

diff --git a/tests/test_conversion_base.py b/tests/test_conversion_base.py
@@ -6,7 +6,7 @@
 from sigma.processing.conditions import IncludeFieldCondition
 from sigma.processing.finalization import ConcatenateQueriesFinalizer
 from sigma.processing.pipeline import ProcessingPipeline, ProcessingItem, QueryPostprocessingItem
-from sigma.processing.postprocessing import EmbedQueryTransformation
+from sigma.processing.postprocessing import EmbedQueryTransformation, QueryTemplateTransformation
 from sigma.processing.transformations import (
     AddFieldnamePrefixTransformation,
     AddFieldnameSuffixTransformation,
@@ -80,6 +80,38 @@ def test_backend_pipeline_with_postprocessing():
     )
 
 
+def test_backend_options_passing_to_pipeline():
+    test_backend = TextQueryTestBackend(
+        ProcessingPipeline(
+            postprocessing_items=[
+                QueryPostprocessingItem(
+                    QueryTemplateTransformation(
+                        "query='{{query}}', state={{pipeline.vars.backend_test}}"
+                    )
+                )
+            ]
+        ),
+        test="testvalue",
+    )
+    result = test_backend.convert(
+        SigmaCollection.from_yaml(
+            """
+            title: Test
+            status: test
+            logsource:
+                category: test_category
+                product: test_product
+            detection:
+                sel:
+                    field: value
+                condition: sel
+            """
+        )
+    )
+    assert test_backend.last_processing_pipeline.vars["backend_test"] == "testvalue"
+    assert result == ["query='field=\"value\"', state=testvalue"]
+
+
 def test_backend_and_custom_pipeline(test_backend):
     assert (
         test_backend.convert(