Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Distinct condition state #127

Merged
merged 3 commits into from
Jun 28, 2023
Merged

Distinct condition state #127

merged 3 commits into from
Jun 28, 2023

Conversation

kelnage
Copy link
Contributor

@kelnage kelnage commented Jun 28, 2023

As highlighted in #126, a single ConversionState object was being shared between conversions when multiple conditions were present, which meant any DeferredQueryExpressions generated when converting those conditions were duplicated across all generated queries.

This commit creates a separate ConversionState object for each condition, and includes a unit test to demonstrate that it fixes #126. This change also means the conversion of each condition will also have its own distinct processing_state; I made that decision as I was unable to envisage a situation where a shared processing_state between conditions would be appropriate.

@kelnage
Add unit test to demonstrate issue SigmaHQ#126
28c7189
@kelnage
Use distinct state objects for each condition
a159dad 
When state objects are shared between conversions of conditions,
DeferredQueryExpressions were being reused across all generated queries.
To prevent this, initialise a distinct state object per condition that
is used during the subsequent finalisation step.
@kelnage
Ensure a copy of the state is made
3cf5e8a 
Otherwise the ConversionState will share the same underlying
processing_state.
@thomaspatzke thomaspatzke merged commit 50a948d into SigmaHQ:main Jun 28, 2023
@thomaspatzke
Copy link
Member

Great! Thanks a lot for the PR!

@kelnage kelnage deleted the distinct-condition-state branch June 29, 2023 08:47
kelnage added a commit to grafana/pySigma-backend-loki that referenced this pull request Oct 19, 2023
@kelnage
fix: Multiple conditions shared state
093296f 
Applies fixes from SigmaHQ/pySigma#127 to fix the issue that a list of
conditions would all share the same state.
@kelnage kelnage mentioned this pull request Oct 19, 2023
Merged
kelnage added a commit to grafana/pySigma-backend-loki that referenced this pull request Oct 20, 2023
@kelnage
fix: Multiple conditions shared state (#98)
616ef64 
Applies fixes from SigmaHQ/pySigma#127 to resolve the issue that a list of conditions in a single rule would all share the same state.

Closes: #72
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Multiple condition with Search-Identifiers that generate DeferredQueryExpressions cause repetition
2 participants
@kelnage @thomaspatzke