From dd51f1d4b6c3e896437ec15d53761487d81b3df5 Mon Sep 17 00:00:00 2001
From: Martin Spielmann <mail@martinspielmann.de>
Date: Thu, 27 Jun 2024 23:54:41 +0200
Subject: [PATCH] add em dash, en dash and horizontal bar to windash modifier

---
 sigma/modifiers.py            |  6 +++++-
 tests/test_conversion_base.py |  2 +-
 tests/test_modifiers.py       | 21 +++++++++++++++++++++
 3 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/sigma/modifiers.py b/sigma/modifiers.py
index f95598d1..96c0b3ec 100644
--- a/sigma/modifiers.py
+++ b/sigma/modifiers.py
@@ -235,10 +235,14 @@ class SigmaWindowsDashModifier(SigmaValueModifier):
     into /param-name while the second dash is left untouched.
     """
 
+    en_dash = chr(int("2013", 16))
+    em_dash = chr(int("2014", 16))
+    horizontal_bar = chr(int("2015", 16))
+
     def modify(self, val: SigmaString) -> SigmaExpansion:
         def callback(p: Placeholder):
             if p.name == "_windash":
-                yield from ("-", "/")
+                yield from ("-", "/", self.en_dash, self.em_dash, self.horizontal_bar)
             else:
                 yield p
 
diff --git a/tests/test_conversion_base.py b/tests/test_conversion_base.py
index 7177dadc..91f0f85e 100644
--- a/tests/test_conversion_base.py
+++ b/tests/test_conversion_base.py
@@ -585,7 +585,7 @@ def test_convert_value_expansion_with_all(test_backend):
             )
         )
         == [
-            '(CommandLine contains "-foo" or CommandLine contains "/foo") and (CommandLine contains "-bar" or CommandLine contains "/bar")'
+            '(CommandLine contains "-foo" or CommandLine contains "/foo" or CommandLine contains "–foo" or CommandLine contains "—foo" or CommandLine contains "―foo") and (CommandLine contains "-bar" or CommandLine contains "/bar" or CommandLine contains "–bar" or CommandLine contains "—bar" or CommandLine contains "―bar")'
         ]
     )
 
diff --git a/tests/test_modifiers.py b/tests/test_modifiers.py
index 0ef973a5..9b85f1b5 100644
--- a/tests/test_modifiers.py
+++ b/tests/test_modifiers.py
@@ -215,8 +215,29 @@ def test_windash(dummy_detection_item):
         [
             SigmaString("-param-1 -param2"),
             SigmaString("-param-1 /param2"),
+            SigmaString("-param-1 –param2"),
+            SigmaString("-param-1 —param2"),
+            SigmaString("-param-1 ―param2"),
             SigmaString("/param-1 -param2"),
             SigmaString("/param-1 /param2"),
+            SigmaString("/param-1 –param2"),
+            SigmaString("/param-1 —param2"),
+            SigmaString("/param-1 ―param2"),
+            SigmaString("–param-1 -param2"),
+            SigmaString("–param-1 /param2"),
+            SigmaString("–param-1 –param2"),
+            SigmaString("–param-1 —param2"),
+            SigmaString("–param-1 ―param2"),
+            SigmaString("—param-1 -param2"),
+            SigmaString("—param-1 /param2"),
+            SigmaString("—param-1 –param2"),
+            SigmaString("—param-1 —param2"),
+            SigmaString("—param-1 ―param2"),
+            SigmaString("―param-1 -param2"),
+            SigmaString("―param-1 /param2"),
+            SigmaString("―param-1 –param2"),
+            SigmaString("―param-1 —param2"),
+            SigmaString("―param-1 ―param2"),
         ]
     )