From e6d4cb15bd14dd967d53993abf86cbd4d95b4c34 Mon Sep 17 00:00:00 2001
From: frack113 <62423083+frack113@users.noreply.github.com>
Date: Sun, 12 Sep 2021 20:04:58 +0200
Subject: [PATCH 1/2] fix NoneType error

---
 tests/test_rules.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tests/test_rules.py b/tests/test_rules.py
index 9cfd82c0e..045268f53 100755
--- a/tests/test_rules.py
+++ b/tests/test_rules.py
@@ -585,6 +585,10 @@ class TestRules(unittest.TestCase):
            ]
         for file in self.yield_next_rule_file_path(self.path_to_rules):
             logsource = self.get_rule_part(file_path=file, part_name="logsource")
+            if not logsource:
+                print(Fore.RED + "Rule {} has no 'logsource'.".format(file))
+                faulty_rules.append(file)
+                continue           
             valid = True
             for key in logsource:
                 if key.lower() not in valid_logsource:

From 29490f350d7c8ff26205f6517d305d45c9134e8e Mon Sep 17 00:00:00 2001
From: frack113 <62423083+frack113@users.noreply.github.com>
Date: Sun, 12 Sep 2021 20:13:58 +0200
Subject: [PATCH 2/2] fix NoneType object has no attribute get

---
 tests/test_rules.py | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/tests/test_rules.py b/tests/test_rules.py
index 045268f53..d4f2e0ef5 100755
--- a/tests/test_rules.py
+++ b/tests/test_rules.py
@@ -308,16 +308,17 @@ class TestRules(unittest.TestCase):
         faulty_rules = []
         for file in self.yield_next_rule_file_path(self.path_to_rules):
             logsource = self.get_rule_part(file_path=file, part_name="logsource")
-            service = logsource.get('service', '')
-            if service.lower() == 'sysmon':
-                with open(file,encoding='utf-8') as f:
-                    found = False
-                    for line in f:
-                        if re.search(r'.*EventID:.*$', line):  # might be on a single line or in multiple lines
-                            found = True
-                            break
-                    if not found:
-                        faulty_rules.append(file)
+            if logsource:
+                service = logsource.get('service', '')
+                if service.lower() == 'sysmon':
+                    with open(file,encoding='utf-8') as f:
+                        found = False
+                        for line in f:
+                            if re.search(r'.*EventID:.*$', line):  # might be on a single line or in multiple lines
+                                found = True
+                                break
+                        if not found:
+                            faulty_rules.append(file)
 
         self.assertEqual(faulty_rules, [], Fore.RED + 
                          "There are rules using sysmon events but with no EventID specified")