From ca3fc161f1cd31054fa2c0662462f849b7e49569 Mon Sep 17 00:00:00 2001
From: Thomas Patzke <thomas@patzke.org>
Date: Tue, 16 May 2023 23:45:01 +0200
Subject: [PATCH] Last backend pipeline

The last composite pipeline used by a backend is now stored in the
last_processing_pipeline object variable.
---
 sigma/conversion/base.py      | 7 ++++---
 tests/test_conversion_base.py | 3 ++-
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/sigma/conversion/base.py b/sigma/conversion/base.py
index 79e20576..54afd7a8 100644
--- a/sigma/conversion/base.py
+++ b/sigma/conversion/base.py
@@ -68,6 +68,7 @@ class Backend(ABC):
     requires_pipeline : ClassVar[bool] = False            # Does the backend requires that a processing pipeline is provided?
 
     processing_pipeline : ProcessingPipeline
+    last_processing_pipeline : ProcessingPipeline
     backend_processing_pipeline : ClassVar[ProcessingPipeline] = ProcessingPipeline()
     output_format_processing_pipeline : ClassVar[Dict[str, ProcessingPipeline]] = defaultdict(ProcessingPipeline)
     config : Dict[str, Any]
@@ -106,11 +107,11 @@ def convert_rule(self, rule : SigmaRule, output_format : Optional[str] = None) -
         """
         state = ConversionState()
         try:
-            processing_pipeline = self.backend_processing_pipeline + self.processing_pipeline + self.output_format_processing_pipeline[output_format or self.default_format]
+            self.last_processing_pipeline = self.backend_processing_pipeline + self.processing_pipeline + self.output_format_processing_pipeline[output_format or self.default_format]
 
             error_state = "applying processing pipeline on"
-            processing_pipeline.apply(rule)             # 1. Apply transformations
-            state.processing_state = processing_pipeline.state
+            self.last_processing_pipeline.apply(rule)             # 1. Apply transformations
+            state.processing_state = self.last_processing_pipeline.state
 
             error_state = "converting"
             queries = [                                 # 2. Convert condition
diff --git a/tests/test_conversion_base.py b/tests/test_conversion_base.py
index 7838ce0e..9dd86fcd 100644
--- a/tests/test_conversion_base.py
+++ b/tests/test_conversion_base.py
@@ -16,7 +16,7 @@ def test_backend():
         ProcessingPipeline([
             ProcessingItem(FieldMappingTransformation({
                 "fieldB": "mappedB",
-            })),
+            }), identifier="mappingB"),
             ProcessingItem(
                 AddFieldnameSuffixTransformation(".test"),
                 field_name_conditions=[ IncludeFieldCondition(["suffix"]) ],
@@ -63,6 +63,7 @@ def test_backend_and_custom_pipeline(test_backend):
                 condition: sel
         """)
     ) == ['mappedA="valueA" and mappedB="valueB" and fieldC="valueC"']
+    assert "mappingB" in test_backend.last_processing_pipeline.applied_ids
 
 def test_backend_custom_format_pipeline(test_backend):
     assert test_backend.convert(