From 416de03cdcd2b8d902b9253e4a51e01d2b474232 Mon Sep 17 00:00:00 2001
From: Mostafa Moradian <mostafamoradian0@gmail.com>
Date: Fri, 15 Mar 2024 11:03:15 +0100
Subject: [PATCH] Merge PR #4769 from @mostafa - Update sigma validation
 workflow

chore: Add comment to the code
chore: Ignore inaccessible file
chore: Switch to using the action for validating Sigma rules

Thanks: @mostafa
---
 .github/workflows/sigma-validation.yml  | 13 +------------
 tests/validate-sigma-schema/validate.py | 11 ++++++++++-
 2 files changed, 11 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/sigma-validation.yml b/.github/workflows/sigma-validation.yml
index 2c962c56b..471bf98b0 100644
--- a/.github/workflows/sigma-validation.yml
+++ b/.github/workflows/sigma-validation.yml
@@ -35,19 +35,8 @@ jobs:
   validate-sigma-rules:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - name: Set up Python 3.10
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.10"
-      - name: Install dependencies
-        run: pip install requests check-jsonschema
       - name: Validate Sigma rules
-        run: |
-          echo "Validating Sigma rules against sigma-schema.json"
-          check-jsonschema --schemafile $(python tests/validate-sigma-schema/validate.py schema) $(python tests/validate-sigma-schema/validate.py rules)
+        uses: SigmaHQ/validate-sigma-rules@v0
         env:
           SIGMA_RULES_PATH: |-
             ./rules
diff --git a/tests/validate-sigma-schema/validate.py b/tests/validate-sigma-schema/validate.py
index 5428ee15e..359b405e3 100644
--- a/tests/validate-sigma-schema/validate.py
+++ b/tests/validate-sigma-schema/validate.py
@@ -73,7 +73,16 @@ def generate_all_files(
     """
 
     for path in root.rglob("*"):
-        if not path.is_file() or any([path.match(ex) for ex in excludes]):
+        # NOTE: path.is_file() is used to skip directories, however it will also
+        # skip symlinks to files and these symlinked files might reside in inaccessible
+        # directories, hence it'll raise a PermissionError. This is why it is run
+        # using sudo in the action.yml file. If running as sudo is not an option,
+        # the code can be modified to catch the PermissionError and skip the file.
+        try:
+            if not path.is_file() or any([path.match(ex) for ex in excludes]):
+                continue
+        except PermissionError:
+            warnings.warn(f"PermissionError: Could not access {path}, skipping file")
             continue
 
         if path.suffix in extensions: