Merge pull request #269 from frack113/enforce_v2

Taking into account Specification V2
SigmaHQ · Sep 4, 2024 · 91a5b83 · 91a5b83
2 parents 6a1bd60 + d167d8b
commit 91a5b83
Show file tree

Hide file tree

Showing 5 changed files with 222 additions and 107 deletions.
diff --git a/sigma/exceptions.py b/sigma/exceptions.py
@@ -55,20 +55,20 @@ def __eq__(self, other: object) -> bool:
             return False
 
 
-class SigmaTitleError(SigmaError):
-    """Error in Sigma rule title"""
+class SigmaValueError(SigmaError):
+    """Error in Sigma rule value"""
 
     pass
 
 
-class SigmaLogsourceError(SigmaError):
-    """Error in Sigma rule logsource"""
+class SigmaBackendError(SigmaError):
+    """Error in Sigma backend."""
 
     pass
 
 
-class SigmaDetectionError(SigmaError):
-    """Error in Sigma rule detection"""
+class SigmaCollectionError(SigmaError):
+    """Error in Sigma collection, e.g. unknown action"""
 
     pass
 
@@ -79,80 +79,93 @@ class SigmaConditionError(SigmaError):
     pass
 
 
-class SigmaIdentifierError(SigmaError):
-    """Error in Sigma rule identifier"""
+class SigmaConfigurationError(SigmaError):
+    """Error in configuration of a Sigma processing pipeline"""
 
     pass
 
 
-class SigmaNameError(SigmaError):
-    """Error in Sigma rule name"""
+class SigmaConversionError(SigmaError):
+    """Rule conversion failed."""
 
-    pass
+    def __init__(self, rule: "sigma.rule.SigmaRuleBase", *args, **kwargs):
+        self.rule = rule
+        super().__init__(*args, **kwargs)
 
+    def __str__(self):
+        return super().__str__() + " in rule " + str(self.rule)
 
-class SigmaAuthorError(SigmaError):
-    """Error in Sigma rule author"""
+
+class SigmaDetectionError(SigmaError):
+    """Error in Sigma rule detection"""
 
     pass
 
 
-class SigmaRelatedError(SigmaError):
-    """Error in Sigma rule related field"""
+class SigmaFeatureNotSupportedByBackendError(SigmaError):
+    """Sigma feature is not supported by the backend."""
 
     pass
 
 
-class SigmaDateError(SigmaError):
-    """Error in Sigma rule date"""
+class SigmaModifierError(SigmaError):
+    """Error in Sigma rule value modifier"""
 
     pass
 
 
-class SigmaModifiedError(SigmaError):
-    """Error in Sigma rule modified field"""
-
-    pass
+class SigmaPipelineNotAllowedForBackendError(SigmaConfigurationError):
+    """One or multiple processing pipelines doesn't matches the given backend."""
 
+    def __init__(self, spec: str, backend: str, *args, **kwargs):
+        self.wrong_pipeline = spec
+        self.backend = backend
+        super().__init__(*args, **kwargs)
 
-class SigmaDescriptionError(SigmaError):
-    """Error in Sigma rule description"""
+    def __str__(self):
+        return (
+            f"Processing pipelines not allowed for backend '{self.backend}': {self.wrong_pipeline}"
+        )
 
-    pass
 
+class SigmaPipelineNotFoundError(SigmaError, ValueError):
+    """An attempt to resolve a processing pipeline from a specifier failed because it was not
+    found."""
 
-class SigmaReferencesError(SigmaError):
-    """Error in Sigma rule references"""
+    def __init__(self, spec: str, *args, **kwargs):
+        self.spec = spec
+        super().__init__(*args, **kwargs)
 
-    pass
+    def __str__(self):
+        return f"Processing pipeline '{self.spec}' not found"
 
 
-class SigmaFieldsError(SigmaError):
-    """Error in Sigma rule fields field"""
+class SigmaPipelineParsingError(SigmaError):
+    """Error in parsing of a Sigma processing pipeline"""
 
     pass
 
 
-class SigmaFalsePositivesError(SigmaError):
-    """Error in Sigma rule falsepositives field"""
+class SigmaPlaceholderError(SigmaValueError):
+    """Attempted to convert an unhandled Placeholder into a query"""
 
     pass
 
 
-class SigmaStatusError(SigmaError):
-    """Error in Sigma rule status"""
+class SigmaPluginNotFoundError(SigmaError):
+    """Plugin was not found."""
 
     pass
 
 
-class SigmaLevelError(SigmaError):
-    """Error in Sigma rule level"""
+class SigmaRegularExpressionError(SigmaValueError):
+    """Error in regular expression contained in Sigma rule"""
 
     pass
 
 
-class SigmaModifierError(SigmaError):
-    """Error in Sigma rule value modifier"""
+class SigmaTransformationError(SigmaError):
+    """Error while transformation. Can be raised intentionally by FailureTransformation."""
 
     pass
 
@@ -163,26 +176,23 @@ class SigmaTypeError(SigmaModifierError):
     pass
 
 
-class SigmaValueError(SigmaError):
-    """Error in Sigma rule value"""
+class SigmaValidatorConfigurationParsingError(SigmaError):
+    """Error in parsing of a Sigma validation configuration file."""
 
     pass
 
 
-class SigmaRegularExpressionError(SigmaValueError):
-    """Error in regular expression contained in Sigma rule"""
-
-    pass
+# Meta Rule Correlation Error
 
 
-class SigmaPlaceholderError(SigmaValueError):
-    """Attempted to convert an unhandled Placeholder into a query"""
+class SigmaCorrelationRuleError(SigmaValueError):
+    """Error in Sigma correlation rule."""
 
     pass
 
 
-class SigmaCorrelationRuleError(SigmaValueError):
-    """Error in Sigma correlation rule."""
+class SigmaCorrelationConditionError(SigmaCorrelationRuleError):
+    """Error in Sigma correlation condition."""
 
     pass
 
@@ -193,22 +203,19 @@ class SigmaCorrelationTypeError(SigmaCorrelationRuleError):
     pass
 
 
-class SigmaRuleNotFoundError(SigmaCorrelationRuleError):
-    """Sigma rule not found."""
+class SigmaTimespanError(SigmaCorrelationRuleError):
+    """Raised when the timespan for calculating sigma is invalid."""
 
     pass
 
 
-class SigmaCorrelationConditionError(SigmaCorrelationRuleError):
-    """Error in Sigma correlation condition."""
+class SigmaRuleNotFoundError(SigmaCorrelationRuleError):
+    """Sigma rule not found."""
 
     pass
 
 
-class SigmaTimespanError(SigmaCorrelationRuleError):
-    """Raised when the timespan for calculating sigma is invalid."""
-
-    pass
+# Meta Filter Error
 
 
 class SigmaFilterError(SigmaValueError):
@@ -229,83 +236,103 @@ class SigmaFilterRuleReferenceError(SigmaFilterError):
     pass
 
 
-class SigmaCollectionError(SigmaError):
-    """Error in Sigma collection, e.g. unknown action"""
+# Rule Fields error
+
+
+class SigmaAuthorError(SigmaError):
+    """Error in Sigma rule author"""
 
     pass
 
 
-class SigmaConfigurationError(SigmaError):
-    """Error in configuration of a Sigma processing pipeline"""
+class SigmaDateError(SigmaError):
+    """Error in Sigma rule date"""
 
     pass
 
 
-class SigmaValidatorConfigurationParsingError(SigmaError):
-    """Error in parsing of a Sigma validation configuration file."""
+class SigmaDescriptionError(SigmaError):
+    """Error in Sigma rule description"""
 
     pass
 
 
-class SigmaFeatureNotSupportedByBackendError(SigmaError):
-    """Sigma feature is not supported by the backend."""
+class SigmaFalsePositivesError(SigmaError):
+    """Error in Sigma rule falsepositives field"""
 
     pass
 
 
-class SigmaPipelineParsingError(SigmaError):
-    """Error in parsing of a Sigma processing pipeline"""
+class SigmaFieldsError(SigmaError):
+    """Error in Sigma rule fields field"""
 
     pass
 
 
-class SigmaPipelineNotFoundError(SigmaError, ValueError):
-    """An attempt to resolve a processing pipeline from a specifier failed because it was not
-    found."""
+class SigmaIdentifierError(SigmaError):
+    """Error in Sigma rule identifier"""
 
-    def __init__(self, spec: str, *args, **kwargs):
-        self.spec = spec
-        super().__init__(*args, **kwargs)
+    pass
 
-    def __str__(self):
-        return f"Processing pipeline '{self.spec}' not found"
 
+class SigmaLevelError(SigmaError):
+    """Error in Sigma rule level"""
 
-class SigmaPipelineNotAllowedForBackendError(SigmaConfigurationError):
-    """One or multiple processing pipelines doesn't matches the given backend."""
+    pass
 
-    def __init__(self, spec: str, backend: str, *args, **kwargs):
-        self.wrong_pipeline = spec
-        self.backend = backend
-        super().__init__(*args, **kwargs)
 
-    def __str__(self):
-        return (
-            f"Processing pipelines not allowed for backend '{self.backend}': {self.wrong_pipeline}"
-        )
+class SigmaLicenseError(SigmaError):
+    """Error in Sigma rule license"""
 
+    pass
 
-class SigmaTransformationError(SigmaError):
-    """Error while transformation. Can be raised intentionally by FailureTransformation."""
 
+class SigmaLogsourceError(SigmaError):
+    """Error in Sigma rule logsource"""
 
-class SigmaPluginNotFoundError(SigmaError):
-    """Plugin was not found."""
+    pass
 
 
-class SigmaConversionError(SigmaError):
-    """Rule conversion failed."""
+class SigmaModifiedError(SigmaError):
+    """Error in Sigma rule modified field"""
 
-    def __init__(self, rule: "sigma.rule.SigmaRuleBase", *args, **kwargs):
-        self.rule = rule
-        super().__init__(*args, **kwargs)
+    pass
 
-    def __str__(self):
-        return super().__str__() + " in rule " + str(self.rule)
 
+class SigmaNameError(SigmaError):
+    """Error in Sigma rule name"""
 
-class SigmaBackendError(SigmaError):
-    """Error in Sigma backend."""
+    pass
+
+
+class SigmaReferencesError(SigmaError):
+    """Error in Sigma rule references"""
+
+    pass
+
+
+class SigmaRelatedError(SigmaError):
+    """Error in Sigma rule related field"""
+
+    pass
+
+
+class SigmaScopeError(SigmaError):
+    """Error in Sigma rule scope"""
+
+    pass
+
+
+class SigmaStatusError(SigmaError):
+    """Error in Sigma rule status"""
+
+    pass
+
+
+class SigmaTitleError(SigmaError):
+    """Error in Sigma rule title"""
+
+    pass
 
 
 @dataclass