From 434c13f0722e2a25e076ceea9356734b46dc802c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89milio=F0=9F=98=8EGonzalez?= Date: Tue, 31 Oct 2023 09:32:37 -0400 Subject: [PATCH 1/2] Fix a bug where SigmaRegularExpression.escape() was buggy when using param escape_escape_char=False. Fixes #153 --- sigma/types.py | 2 +- tests/test_types.py | 12 ++++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/sigma/types.py b/sigma/types.py index f11c6f17..b90fcc6e 100644 --- a/sigma/types.py +++ b/sigma/types.py @@ -646,7 +646,7 @@ def escape( ) pos = [ # determine positions of matches in regular expression m.start() for m in re.finditer(r, self.regexp) - ] + ] if r is not '' else [] ranges = zip([None, *pos], [*pos, None]) # string chunk ranges with escapes in between ranges = list(ranges) diff --git a/tests/test_types.py b/tests/test_types.py index c00c924a..478f306e 100644 --- a/tests/test_types.py +++ b/tests/test_types.py @@ -509,6 +509,18 @@ def test_re_escape_without_escape(): ) +def test_re_escape_with_escape_escape_char_param(): + # See issue #153 https://github.com/SigmaHQ/pySigma/issues/153 + assert( + SigmaRegularExpression("bitsadmin\\.exe").escape(escape_escape_char=True) + == "bitsadmin\\\\.exe" + ) + assert( + SigmaRegularExpression("bitsadmin\\.exe").escape(escape_escape_char=False) + == "bitsadmin\\.exe" + ) + + def test_bool(): assert SigmaBool(True).boolean == True From 1786ad94c3b8f6769fb3067fbcb57e6776d01c5f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89milio=F0=9F=98=8EGonzalez?= Date: Tue, 31 Oct 2023 11:37:42 -0400 Subject: [PATCH 2/2] run black --- sigma/types.py | 22 +++++++++++++--------- tests/test_types.py | 20 +++++++++++--------- 2 files changed, 24 insertions(+), 18 deletions(-) diff --git a/sigma/types.py b/sigma/types.py index b90fcc6e..fa090459 100644 --- a/sigma/types.py +++ b/sigma/types.py @@ -1,5 +1,9 @@ -from math import inf +import re +from abc import ABC +from dataclasses import dataclass, field from enum import Enum, auto +from ipaddress import IPv4Network, IPv6Network, ip_network +from math import inf from typing import ( ClassVar, Dict, @@ -14,10 +18,7 @@ Callable, Iterator, ) -from abc import ABC -from dataclasses import dataclass, field -from enum import Enum, auto -import re + from sigma.exceptions import ( SigmaPlaceholderError, SigmaRuleLocation, @@ -25,7 +26,6 @@ SigmaRegularExpressionError, SigmaTypeError, ) -from ipaddress import IPv4Network, IPv6Network, ip_network class SpecialChars(Enum): @@ -644,9 +644,13 @@ def escape( if e is not None ] ) - pos = [ # determine positions of matches in regular expression - m.start() for m in re.finditer(r, self.regexp) - ] if r is not '' else [] + pos = ( + [ # determine positions of matches in regular expression + m.start() for m in re.finditer(r, self.regexp) + ] + if r is not "" + else [] + ) ranges = zip([None, *pos], [*pos, None]) # string chunk ranges with escapes in between ranges = list(ranges) diff --git a/tests/test_types.py b/tests/test_types.py index 478f306e..3849db65 100644 --- a/tests/test_types.py +++ b/tests/test_types.py @@ -1,6 +1,14 @@ -from ipaddress import IPv4Network, IPv6Network import re +from ipaddress import IPv4Network, IPv6Network + import pytest + +from sigma.exceptions import ( + SigmaPlaceholderError, + SigmaTypeError, + SigmaValueError, + SigmaRegularExpressionError, +) from sigma.types import ( SigmaBool, SigmaCasedString, @@ -17,12 +25,6 @@ sigma_type, SigmaCIDRExpression, ) -from sigma.exceptions import ( - SigmaPlaceholderError, - SigmaTypeError, - SigmaValueError, - SigmaRegularExpressionError, -) @pytest.fixture @@ -511,11 +513,11 @@ def test_re_escape_without_escape(): def test_re_escape_with_escape_escape_char_param(): # See issue #153 https://github.com/SigmaHQ/pySigma/issues/153 - assert( + assert ( SigmaRegularExpression("bitsadmin\\.exe").escape(escape_escape_char=True) == "bitsadmin\\\\.exe" ) - assert( + assert ( SigmaRegularExpression("bitsadmin\\.exe").escape(escape_escape_char=False) == "bitsadmin\\.exe" )