From 9eb5d8da4de86dc6e7f7448ff030a449a5f48fee Mon Sep 17 00:00:00 2001
From: Ryan Plas <ryan.plas@stage2sec.com>
Date: Mon, 13 Jul 2020 17:02:28 -0400
Subject: [PATCH] Add logsource attribute rule test

---
 tests/test_rules.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/tests/test_rules.py b/tests/test_rules.py
index c0662e960..47897a711 100755
--- a/tests/test_rules.py
+++ b/tests/test_rules.py
@@ -513,6 +513,15 @@ class TestRules(unittest.TestCase):
         self.assertEqual(faulty_rules, [], Fore.RED + 
                          "There are rules with non-conform 'title' fields. Please check: https://github.com/Neo23x0/sigma/wiki/Rule-Creation-Guide#title")
 
+    def test_invalid_logsource_attributes(self):
+        faulty_rules = []
+        for file in self.yield_next_rule_file_path(self.path_to_rules):
+            logsource = self.get_rule_part(file_path=file, part_name="logsource")
+            for key in logsource:
+                if key.lower() not in ['category', 'product', 'service', 'definition']:
+                    print(Fore.RED + "Rule {} has a logsource with an invalid field ({})".format(file, key))
+
+
 if __name__ == "__main__":
     init(autoreset=True)
     unittest.main()