From 2c4205d4bac43d10605668896a0bcbd645076a9f Mon Sep 17 00:00:00 2001 From: Hendrik Baecker Date: Fri, 7 Mar 2025 18:47:09 +0100 Subject: [PATCH 1/9] Test for membership should be not in --- sigma/validation.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sigma/validation.py b/sigma/validation.py index 03625910..111647b9 100644 --- a/sigma/validation.py +++ b/sigma/validation.py @@ -132,7 +132,7 @@ def validate_rule(self, rule: SigmaRule) -> List[SigmaValidationIssue]: issues: List[SigmaValidationIssue] = [] exclusions = self.exclusions[rule.id] for validator in self.validators: - if not validator.__class__ in exclusions: # Skip if validator is excluded for this rule + if validator.__class__ not in exclusions: # Skip if validator is excluded for this rule issues.extend(validator.validate(rule)) return issues From e7be9649810796871eb8bc4ad4c940412b572291 Mon Sep 17 00:00:00 2001 From: Hendrik Baecker Date: Sat, 8 Mar 2025 19:06:51 +0100 Subject: [PATCH 2/9] fix: linting issues --- sigma/rule/attributes.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sigma/rule/attributes.py b/sigma/rule/attributes.py index f27f9282..4a0cdda6 100644 --- a/sigma/rule/attributes.py +++ b/sigma/rule/attributes.py @@ -1,5 +1,5 @@ from dataclasses import dataclass, field -from typing import Any, Dict, Optional, List, Type +from typing import Any, Dict, Optional, List from uuid import UUID from enum import Enum, auto import sigma.exceptions as sigma_exceptions @@ -128,7 +128,7 @@ def from_dict(cls, value: Dict[str, str]) -> "SigmaRelatedItem": try: id = UUID(value["id"]) except ValueError: - raise sigma_exceptions.SigmaRelatedError(f"Sigma related identifier must be an UUID") + raise sigma_exceptions.SigmaRelatedError("Sigma related identifier must be an UUID") try: type = SigmaRelatedType[value["type"].upper()] @@ -153,9 +153,9 @@ def from_dict(cls, val: List[Dict[str, str]]) -> "SigmaRelated": list_ret: List[SigmaRelatedItem] = [] for v in val: - if not "id" in v.keys(): + if "id" not in v.keys(): raise sigma_exceptions.SigmaRelatedError("Sigma related must have an id field") - elif not "type" in v.keys(): + elif "type" not in v.keys(): raise sigma_exceptions.SigmaRelatedError("Sigma related must have a type field") else: list_ret.append(SigmaRelatedItem.from_dict(v)) # should rise the SigmaRelatedError From 3c68f1905fb84ba7186683d44f97f372f85885f9 Mon Sep 17 00:00:00 2001 From: Hendrik Baecker Date: Sat, 8 Mar 2025 19:12:44 +0100 Subject: [PATCH 3/9] fix: removed duplication of post_init() --- sigma/processing/pipeline.py | 30 ------------------------------ 1 file changed, 30 deletions(-) diff --git a/sigma/processing/pipeline.py b/sigma/processing/pipeline.py index 9365cc16..dbc69dd2 100644 --- a/sigma/processing/pipeline.py +++ b/sigma/processing/pipeline.py @@ -238,21 +238,6 @@ def _check_conditions( f"{name} '{str(condition)}' is not a {expected_condition_class.__name__}" ) - def __post_init__(self): - self._check_conditions( - "rule_condition_expression", - "rule_condition_linking", - "rule_conditions", - RuleProcessingCondition, - "Rule condition", - ) - self.transformation.set_processing_item( - self - ) # set processing item in transformation object after it is instantiated - self._resolve_condition_expression( - self.rule_condition_expression, self.rule_conditions, "Rule condition" - ) - def _resolve_condition_expression( self, expr: Optional[ConditionExpression], @@ -352,21 +337,6 @@ def _check_conditions( f"{name} '{str(condition)}' is not a {expected_condition_class.__name__}" ) - def __post_init__(self): - self._check_conditions( - "rule_condition_expression", - "rule_condition_linking", - "rule_conditions", - RuleProcessingCondition, - "Rule condition", - ) - self.transformation.set_processing_item( - self - ) # set processing item in transformation object after it is instantiated - self._resolve_condition_expression( - self.rule_condition_expression, self.rule_conditions, "Rule condition" - ) - def _resolve_condition_expression( self, expr: Optional[ConditionExpression], From 076b09e8d7effe89551df8139da7da281461001c Mon Sep 17 00:00:00 2001 From: Hendrik Baecker Date: Sat, 8 Mar 2025 19:12:54 +0100 Subject: [PATCH 4/9] fix: linting issues --- sigma/processing/pipeline.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sigma/processing/pipeline.py b/sigma/processing/pipeline.py index dbc69dd2..88047691 100644 --- a/sigma/processing/pipeline.py +++ b/sigma/processing/pipeline.py @@ -486,7 +486,7 @@ def set_pipeline(self, pipeline: "ProcessingPipeline") -> None: if self._pipeline is None: self._pipeline = pipeline else: - raise SigmaProcessingItemError(f"Pipeline for processing item was already set.") + raise SigmaProcessingItemError("Pipeline for processing item was already set.") self.transformation.set_pipeline(pipeline) for rule_condition in self.rule_conditions: @@ -875,7 +875,7 @@ def from_yaml(cls, processing_pipeline: str) -> "ProcessingPipeline": try: parsed_pipeline = yaml.safe_load(processing_pipeline) except yaml.parser.ParserError as e: - raise SigmaPipelineParsingError(f"Error in parsing of a Sigma processing pipeline") + raise SigmaPipelineParsingError("Error in parsing of a Sigma processing pipeline") return cls.from_dict(parsed_pipeline) def apply( From 12bab9024a1a291d9f8aed6bccd6540c42c8356a Mon Sep 17 00:00:00 2001 From: Hendrik Baecker Date: Sat, 8 Mar 2025 19:22:51 +0100 Subject: [PATCH 5/9] fix: linting issues --- sigma/processing/conditions/base.py | 3 +-- sigma/processing/conditions/fields.py | 1 - sigma/processing/conditions/rule.py | 3 +-- sigma/processing/conditions/state.py | 1 - sigma/processing/conditions/values.py | 1 - sigma/processing/finalization.py | 4 ++-- sigma/processing/transformations/base.py | 5 +---- sigma/processing/transformations/condition.py | 3 --- sigma/processing/transformations/failure.py | 1 - sigma/processing/transformations/fields.py | 1 - sigma/processing/transformations/placeholder.py | 3 +-- sigma/processing/transformations/rule.py | 4 ---- sigma/processing/transformations/state.py | 1 - 13 files changed, 6 insertions(+), 25 deletions(-) diff --git a/sigma/processing/conditions/base.py b/sigma/processing/conditions/base.py index eb08bbe6..326eb26d 100644 --- a/sigma/processing/conditions/base.py +++ b/sigma/processing/conditions/base.py @@ -13,7 +13,6 @@ from sigma.exceptions import ( SigmaConfigurationError, SigmaProcessingItemError, - SigmaRegularExpressionError, ) @@ -29,7 +28,7 @@ def set_pipeline(self, pipeline: "sigma.processing.pipeline.ProcessingPipeline") if self._pipeline is None: self._pipeline = pipeline else: - raise SigmaProcessingItemError(f"Pipeline for condition was already set.") + raise SigmaProcessingItemError("Pipeline for condition was already set.") def _clear_pipeline(self) -> None: self._pipeline = None diff --git a/sigma/processing/conditions/fields.py b/sigma/processing/conditions/fields.py index dc86468f..c3ca6436 100644 --- a/sigma/processing/conditions/fields.py +++ b/sigma/processing/conditions/fields.py @@ -1,6 +1,5 @@ from dataclasses import dataclass, field -import sigma from sigma.processing.conditions.base import FieldNameProcessingCondition from typing import List, Pattern, Literal, Optional import re diff --git a/sigma/processing/conditions/rule.py b/sigma/processing/conditions/rule.py index 81c13785..30ad2e91 100644 --- a/sigma/processing/conditions/rule.py +++ b/sigma/processing/conditions/rule.py @@ -2,7 +2,6 @@ from datetime import date from uuid import UUID -import sigma from sigma.correlations import SigmaCorrelationRule from sigma.processing.conditions.base import ( RuleDetectionItemCondition, @@ -91,7 +90,7 @@ def find_detection_item(self, detection: Union[SigmaDetectionItem, SigmaDetectio detection.field is not None and detection.field == self.field and self.sigma_value - in [v for v in detection.value if type(self.sigma_value) == type(v)] + in [v for v in detection.value if isinstance(self.sigma_value, type(v))] ): return True else: diff --git a/sigma/processing/conditions/state.py b/sigma/processing/conditions/state.py index ac1a89fd..41513098 100644 --- a/sigma/processing/conditions/state.py +++ b/sigma/processing/conditions/state.py @@ -1,6 +1,5 @@ from dataclasses import dataclass, field -import sigma from sigma.correlations import SigmaCorrelationRule from sigma.processing.conditions.base import ( DetectionItemProcessingCondition, diff --git a/sigma/processing/conditions/values.py b/sigma/processing/conditions/values.py index faab08ac..81e1d281 100644 --- a/sigma/processing/conditions/values.py +++ b/sigma/processing/conditions/values.py @@ -1,7 +1,6 @@ from dataclasses import dataclass from typing import Union -import sigma from sigma.processing.conditions.base import ( ValueProcessingCondition, ) diff --git a/sigma/processing/finalization.py b/sigma/processing/finalization.py index 74d83985..a9d584d3 100644 --- a/sigma/processing/finalization.py +++ b/sigma/processing/finalization.py @@ -1,7 +1,7 @@ from abc import abstractmethod from dataclasses import dataclass, field import json -from typing import Any, Dict, List, Literal, Optional +from typing import Any, Dict, List, Optional import yaml import sigma @@ -107,7 +107,7 @@ def __post_init__(self): @classmethod def from_dict(cls, d: Dict) -> "NestedFinalizer": - if not "finalizers" in d: + if "finalizers" not in d: raise SigmaConfigurationError("Nested finalizer requires a 'finalizers' key.") fs = [] for finalizer in d["finalizers"]: diff --git a/sigma/processing/transformations/base.py b/sigma/processing/transformations/base.py index adb0eebc..1de3e3dc 100644 --- a/sigma/processing/transformations/base.py +++ b/sigma/processing/transformations/base.py @@ -1,11 +1,8 @@ from abc import ABC, abstractmethod -from functools import partial from sigma.conditions import SigmaCondition from typing import ( - Any, Iterable, List, - Dict, Optional, Union, ) @@ -58,7 +55,7 @@ def set_pipeline(self, pipeline: "sigma.processing.pipeline.ProcessingPipeline") if self._pipeline is None: self._pipeline = pipeline else: - raise SigmaTransformationError(f"Pipeline for transformation was already set.") + raise SigmaTransformationError("Pipeline for transformation was already set.") def _clear_pipeline(self) -> None: self._pipeline = None diff --git a/sigma/processing/transformations/condition.py b/sigma/processing/transformations/condition.py index c24f7670..b4a56918 100644 --- a/sigma/processing/transformations/condition.py +++ b/sigma/processing/transformations/condition.py @@ -1,7 +1,5 @@ -from abc import abstractmethod from sigma.conditions import SigmaCondition from typing import ( - Any, List, Dict, Optional, @@ -10,7 +8,6 @@ from dataclasses import dataclass, field import random import string -import sigma from sigma.processing.transformations.base import ( ConditionTransformation, ) diff --git a/sigma/processing/transformations/failure.py b/sigma/processing/transformations/failure.py index 0c23571f..d9aea533 100644 --- a/sigma/processing/transformations/failure.py +++ b/sigma/processing/transformations/failure.py @@ -1,5 +1,4 @@ from dataclasses import dataclass -import sigma from sigma.processing.transformations.base import ( DetectionItemTransformation, Transformation, diff --git a/sigma/processing/transformations/fields.py b/sigma/processing/transformations/fields.py index 8d370e45..c52ac8ef 100644 --- a/sigma/processing/transformations/fields.py +++ b/sigma/processing/transformations/fields.py @@ -7,7 +7,6 @@ Callable, ) from dataclasses import dataclass, field -import sigma from sigma.processing.transformations.base import ( FieldMappingTransformationBase, Transformation, diff --git a/sigma/processing/transformations/placeholder.py b/sigma/processing/transformations/placeholder.py index f30027a1..a81cadf5 100644 --- a/sigma/processing/transformations/placeholder.py +++ b/sigma/processing/transformations/placeholder.py @@ -1,6 +1,5 @@ from abc import abstractmethod from typing import ( - Any, Iterable, List, Dict, @@ -150,6 +149,6 @@ def apply_value( return SigmaQueryExpression(self.expression, self.mapping.get(p.name) or p.name) else: # SigmaString contains placeholder as well as other parts raise SigmaValueError( - f"Placeholder query expression transformation only allows placeholder-only strings." + "Placeholder query expression transformation only allows placeholder-only strings." ) return None diff --git a/sigma/processing/transformations/rule.py b/sigma/processing/transformations/rule.py index d13e66f5..47f234a9 100644 --- a/sigma/processing/transformations/rule.py +++ b/sigma/processing/transformations/rule.py @@ -1,13 +1,9 @@ -from abc import abstractmethod from typing import ( Any, - List, - Dict, Optional, Union, ) from dataclasses import dataclass, field -import sigma from sigma.correlations import SigmaCorrelationRule from sigma.processing.transformations.base import ( Transformation, diff --git a/sigma/processing/transformations/state.py b/sigma/processing/transformations/state.py index d15ee93e..2e7b484e 100644 --- a/sigma/processing/transformations/state.py +++ b/sigma/processing/transformations/state.py @@ -1,6 +1,5 @@ from typing import Any from dataclasses import dataclass -import sigma from sigma.processing.transformations.base import Transformation from sigma.rule import SigmaRule From 2fb79ef0ab07add5074099b114b6477580fa6f85 Mon Sep 17 00:00:00 2001 From: Hendrik Baecker Date: Sat, 8 Mar 2025 19:25:29 +0100 Subject: [PATCH 6/9] fix: linting issues --- sigma/pipelines/test/pipeline.py | 1 - 1 file changed, 1 deletion(-) diff --git a/sigma/pipelines/test/pipeline.py b/sigma/pipelines/test/pipeline.py index 6d86692c..5a82bad5 100644 --- a/sigma/pipelines/test/pipeline.py +++ b/sigma/pipelines/test/pipeline.py @@ -4,7 +4,6 @@ from sigma.processing.transformations import ( AddConditionTransformation, FieldMappingTransformation, - FieldFunctionTransformation, ) From 61c7d72d48d5dbd6a0830f5fadc06128dfe4577e Mon Sep 17 00:00:00 2001 From: Hendrik Baecker Date: Sat, 8 Mar 2025 19:37:50 +0100 Subject: [PATCH 7/9] fix: linting issues --- sigma/backends/test/backend.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sigma/backends/test/backend.py b/sigma/backends/test/backend.py index 1737cb43..3feaab49 100644 --- a/sigma/backends/test/backend.py +++ b/sigma/backends/test/backend.py @@ -1,6 +1,6 @@ from collections import defaultdict import re -from typing import Any, ClassVar, Dict, List, Optional, Pattern, Tuple, cast +from typing import Any, ClassVar, Dict, List, Optional, Pattern, cast from sigma.conversion.base import TextQueryBackend from sigma.conversion.state import ConversionState @@ -8,7 +8,7 @@ from sigma.processing.pipeline import ProcessingItem, ProcessingPipeline from sigma.processing.transformations import FieldMappingTransformation from sigma.rule.rule import SigmaRule -from sigma.types import CompareOperators, SigmaCompareExpression +from sigma.types import CompareOperators class TextQueryTestBackend(TextQueryBackend): From e8cf21e43b5d3ba43539c9c273f6bc221908fade Mon Sep 17 00:00:00 2001 From: Hendrik Baecker Date: Sat, 8 Mar 2025 19:37:54 +0100 Subject: [PATCH 8/9] fix: linting issues --- sigma/conversion/base.py | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/sigma/conversion/base.py b/sigma/conversion/base.py index d2e9b1fb..42f275de 100644 --- a/sigma/conversion/base.py +++ b/sigma/conversion/base.py @@ -6,7 +6,6 @@ from sigma.correlations import ( SigmaCorrelationCondition, SigmaCorrelationConditionOperator, - SigmaCorrelationFieldAlias, SigmaCorrelationFieldAliases, SigmaCorrelationRule, SigmaCorrelationTimespan, @@ -18,7 +17,6 @@ from sigma.exceptions import ( ExceptionOnUsage, SigmaBackendError, - SigmaConfigurationError, SigmaConversionError, SigmaError, SigmaValueError, @@ -26,7 +24,6 @@ from sigma.conversion.deferred import DeferredQueryExpression from typing import ( Iterator, - Never, Pattern, Union, ClassVar, @@ -48,7 +45,6 @@ ConditionNOT, ConditionFieldEqualsValueExpression, ConditionValueExpression, - ConditionType, ) from sigma.types import ( CompareOperators, @@ -1466,7 +1462,7 @@ def convert_condition_field_eq_val( def is_parent_not( cond: Union[ ConditionItem, ConditionFieldEqualsValueExpression, ConditionValueExpression - ] + ], ) -> bool: if cond.parent is None: return False From 21de9a003202706644b5c7c2d57b71cd8ce71343 Mon Sep 17 00:00:00 2001 From: Hendrik Baecker Date: Sat, 8 Mar 2025 20:02:18 +0100 Subject: [PATCH 9/9] fix: linting issues --- sigma/collection.py | 3 +-- sigma/conditions.py | 2 +- sigma/correlations.py | 22 +++++++++++----------- sigma/exceptions.py | 6 ------ sigma/filters.py | 1 - sigma/plugins.py | 2 +- sigma/types.py | 1 - sigma/validators/base.py | 9 ++++----- 8 files changed, 18 insertions(+), 28 deletions(-) diff --git a/sigma/collection.py b/sigma/collection.py index 9cb18799..26ba5f37 100644 --- a/sigma/collection.py +++ b/sigma/collection.py @@ -1,7 +1,7 @@ from dataclasses import InitVar, dataclass, field from functools import reduce from pathlib import Path -from typing import Any, Callable, Dict, Iterable, List, Optional, Union, IO, cast +from typing import Any, Callable, Dict, Iterable, List, Optional, Union, IO from uuid import UUID import yaml @@ -15,7 +15,6 @@ ) from sigma.rule import SigmaRule, SigmaRuleBase from sigma.filters import SigmaFilter -from typing import TypeVar, Union NestedDict = Dict[str, Union[str, int, float, bool, None, "NestedDict"]] diff --git a/sigma/conditions.py b/sigma/conditions.py index baef315d..8bcb329a 100644 --- a/sigma/conditions.py +++ b/sigma/conditions.py @@ -11,7 +11,7 @@ ParseResults, ParseException, ) -from typing import ClassVar, List, Literal, Optional, Union, Type, cast +from typing import ClassVar, List, Optional, Union, Type, cast from sigma.types import SigmaType from sigma.exceptions import SigmaConditionError, SigmaRuleLocation import sigma diff --git a/sigma/correlations.py b/sigma/correlations.py index ffc5e322..3b22e0e7 100644 --- a/sigma/correlations.py +++ b/sigma/correlations.py @@ -1,6 +1,6 @@ from dataclasses import dataclass, field from enum import Enum, auto -from typing import Any, Dict, Iterator, List, Literal, Optional, Set, Union, Iterable +from typing import Any, Dict, Iterator, List, Literal, Optional, Set, Union import sigma.exceptions as sigma_exceptions from sigma.exceptions import SigmaRuleLocation, SigmaTimespanError @@ -72,7 +72,7 @@ def from_dict( ops = frozenset(SigmaCorrelationConditionOperator.operators()) if len(d_keys.intersection(ops)) != 1: raise sigma_exceptions.SigmaCorrelationConditionError( - f"Sigma correlation condition must have exactly one condition item", source=source + "Sigma correlation condition must have exactly one condition item", source=source ) unknown_keys = d_keys.difference(ops).difference({"field"}) if unknown_keys: @@ -268,7 +268,7 @@ def from_dict( else: # no correlation type provided errors.append( sigma_exceptions.SigmaCorrelationTypeError( - f"Sigma correlation rule without type", source=source + "Sigma correlation rule without type", source=source ) ) @@ -282,13 +282,13 @@ def from_dict( else: errors.append( sigma_exceptions.SigmaCorrelationRuleError( - f"Rule reference must be plain string or list.", source=source + "Rule reference must be plain string or list.", source=source ) ) else: errors.append( sigma_exceptions.SigmaCorrelationRuleError( - f"Sigma correlation rule without rule references", source=source + "Sigma correlation rule without rule references", source=source ) ) @@ -298,7 +298,7 @@ def from_dict( if not isinstance(generate, bool): errors.append( sigma_exceptions.SigmaCorrelationRuleError( - f"Sigma correlation generate definition must be a boolean", source=source + "Sigma correlation generate definition must be a boolean", source=source ) ) else: @@ -314,7 +314,7 @@ def from_dict( else: errors.append( sigma_exceptions.SigmaCorrelationRuleError( - f"Sigma correlation group-by definition must be string or list", + "Sigma correlation group-by definition must be string or list", source=source, ) ) @@ -329,7 +329,7 @@ def from_dict( else: errors.append( sigma_exceptions.SigmaCorrelationRuleError( - f"Sigma correlation rule without timespan", source=source + "Sigma correlation rule without timespan", source=source ) ) @@ -341,7 +341,7 @@ def from_dict( else: errors.append( sigma_exceptions.SigmaCorrelationRuleError( - f"Sigma correlation aliases definition must be a dict", source=source + "Sigma correlation aliases definition must be a dict", source=source ) ) else: @@ -355,7 +355,7 @@ def from_dict( else: errors.append( sigma_exceptions.SigmaCorrelationRuleError( - f"Sigma correlation condition definition must be a dict", source=source + "Sigma correlation condition definition must be a dict", source=source ) ) elif correlation_type not in ( @@ -364,7 +364,7 @@ def from_dict( ): errors.append( sigma_exceptions.SigmaCorrelationRuleError( - f"Non-temporal Sigma correlation rule without condition", source=source + "Non-temporal Sigma correlation rule without condition", source=source ) ) elif correlation_type in ( diff --git a/sigma/exceptions.py b/sigma/exceptions.py index 2fa0b984..da87f947 100644 --- a/sigma/exceptions.py +++ b/sigma/exceptions.py @@ -288,12 +288,6 @@ def __str__(self): return f"{self.error} in expression '{self.expression}' at location {self.location}" -class SigmaFeatureNotSupportedByBackendError(SigmaError): - """Sigma feature is not supported by the backend.""" - - pass - - class SigmaDescriptionError(SigmaError): """Error in Sigma rule description""" diff --git a/sigma/filters.py b/sigma/filters.py index 8e383fdc..c518af66 100644 --- a/sigma/filters.py +++ b/sigma/filters.py @@ -3,7 +3,6 @@ import string from dataclasses import dataclass, field from typing import List, Optional, Union -from uuid import UUID from sigma import exceptions as sigma_exceptions from sigma.correlations import SigmaCorrelationRule, SigmaRuleReference diff --git a/sigma/plugins.py b/sigma/plugins.py index d0d3e3fb..e260b5c0 100644 --- a/sigma/plugins.py +++ b/sigma/plugins.py @@ -333,7 +333,7 @@ def is_installed(self) -> bool: try: subprocess.check_call([sys.executable, "-m", "pip", "-qqq", "show", self.package]) return True - except: + except Exception: return False def has_capability(self, capability: SigmaPluginCapability) -> bool: diff --git a/sigma/types.py b/sigma/types.py index c9bb2e8b..12cfcb8f 100644 --- a/sigma/types.py +++ b/sigma/types.py @@ -12,7 +12,6 @@ Type, Union, List, - Tuple, Optional, Any, Iterable, diff --git a/sigma/validators/base.py b/sigma/validators/base.py index 6afabd69..2d77a389 100644 --- a/sigma/validators/base.py +++ b/sigma/validators/base.py @@ -1,9 +1,7 @@ from abc import ABC, abstractmethod from dataclasses import dataclass, fields from enum import Enum, auto -import re -from typing import ClassVar, Dict, List, Optional, Set, Type -import sigma +from typing import ClassVar, List, Optional, Set, Type from sigma.correlations import SigmaCorrelationRule from sigma.rule import SigmaDetection, SigmaDetectionItem, SigmaRule, SigmaRuleBase, SigmaRuleTag from sigma.types import SigmaString, SigmaType @@ -39,12 +37,12 @@ class SigmaValidationIssue(ABC): severity: ClassVar[SigmaValidationIssueSeverity] rules: List[SigmaRuleBase] - def __post_init__(self): + def __post_init__(self) -> None: """Ensure that `self.rules` contains a list, even when a single rule was provided.""" if isinstance(self.rules, SigmaRuleBase): self.rules = [self.rules] - def __str__(self): + def __str__(self) -> str: rules = ", ".join( [ str(rule.source) if rule.source is not None else str(rule.id) or rule.title @@ -80,6 +78,7 @@ def validate(self, rule: SigmaRuleBase) -> List[SigmaValidationIssue]: :rtype: List[SigmaValidationIssue] """ self.rule = rule + return [] def finalize(self) -> List[SigmaValidationIssue]: """