Improved validator docstrings

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "pySigma"
-version = "0.8.4"
+version = "0.8.5"
 license = "LGPL-2.1-only"
 description = "Sigma rule processing and conversion tools"
 authors = ["Thomas Patzke <[email protected]>"]

sigma/validators/condition.py

@@ -11,9 +11,7 @@ class DanglingDetectionIssue(SigmaValidationIssue):
     detection_name : str
 
 class DanglingDetectionValidator(SigmaRuleValidator):
-    """
-    Check for detection definitions not referenced from condition.
-    """
+    """Check for detection definitions not referenced from condition. """
     detection_names : Set[str]
 
     def condition_referenced_ids(self, cond : ConditionItem, detections : SigmaDetections) -> Set[str]:

sigma/validators/modifiers.py

@@ -24,6 +24,7 @@ class ModifierAppliedMultipleIssue(SigmaValidationIssue):
     modifiers: Set[Type[SigmaModifier]]
 
 class InvalidModifierCombinationsValidator(SigmaDetectionItemValidator):
+    """Detects invalid combinations of value modifiers."""
     def validate_detection_item(self, detection_item: SigmaDetectionItem) -> List[SigmaValidationIssue]:
         issues = []
 

sigma/validators/tags.py

@@ -11,6 +11,7 @@ class InvalidATTACKTagIssue(SigmaValidationIssue):
     tag: SigmaRuleTag
 
 class ATTACKTagValidator(SigmaTagValidator):
+    """Check for usage of valid MITRE ATT&CK tags."""
     def __init__(self) -> None:
         self.allowed_tags = {
             tactic.lower().replace("-", "_")

sigma/validators/values.py

@@ -6,17 +6,14 @@
 from sigma.types import SigmaString, SpecialChars
 from sigma.validators.base import SigmaDetectionItemValidator, SigmaStringValueValidator, SigmaValidationIssue, SigmaValidationIssueSeverity
 
-
 @dataclass
 class DoubleWildcardIssue(SigmaValidationIssue):
     description: ClassVar[str] = "String contains multiple consecutive * wildcards"
     severity: ClassVar[SigmaValidationIssueSeverity] = SigmaValidationIssueSeverity.LOW
     string : SigmaString
 
 class DoubleWildcardValidator(SigmaStringValueValidator):
-    """
-    Check strings for consecutive multi-character wildcards *.
-    """
+    """Check strings for consecutive multi-character wildcards *."""
     def validate_value(self, value: SigmaString) -> List[SigmaValidationIssue]:
         prev_wildcard = False
         for c in value.s:
@@ -36,9 +33,7 @@ class NumberAsStringIssue(SigmaValidationIssue):
     string : SigmaString
 
 class NumberAsStringValidator(SigmaStringValueValidator):
-    """
-    Check numbers that were expressed as strings.
-    """
+    """Check numbers that were expressed as strings."""
     def validate_value(self, value: SigmaString) -> List[SigmaValidationIssue]:
         if len(value.s) == 1 and isinstance(value.s[0], str):
             try:
@@ -91,6 +86,7 @@ class WildcardInsteadOfEndswithIssue(SigmaValidationIssue):
     detection_item: SigmaDetectionItem
 
 class WildcardsInsteadOfModifiersValidator(SigmaDetectionItemValidator):
+    """Check if wildcards were used where usage of startswith, endswith and contains modifiers would be possible."""
     def validate_detection_item(self, detection_item: SigmaDetectionItem) -> List[SigmaValidationIssue]:
         if all((
             isinstance(value, SigmaString) and