From 58ba72d5bfc580bef3e2077030f41b667fa44bcd Mon Sep 17 00:00:00 2001 From: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> Date: Tue, 7 Feb 2023 16:09:17 -0500 Subject: [PATCH] patch fix for 2503 update addressing separate bugs (#2528) --- detection_rules/rule.py | 2 +- tests/test_all_rules.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/detection_rules/rule.py b/detection_rules/rule.py index 874559996..edd8d7d90 100644 --- a/detection_rules/rule.py +++ b/detection_rules/rule.py @@ -1022,7 +1022,7 @@ class TOMLRuleContents(BaseRuleContents, MarshmallowDataclassMixin): """Check for compatibility between restricted fields and the min_stack_version of the rule.""" default_min_stack = get_min_supported_stack_version() if self.metadata.min_stack_version is not None: - min_stack = Version.parse(self.metadata.min_stack_version) + min_stack = Version.parse(self.metadata.min_stack_version, optional_minor_and_patch=True) else: min_stack = default_min_stack restricted = self.data.get_restricted_fields diff --git a/tests/test_all_rules.py b/tests/test_all_rules.py index e38080a1d..617b77586 100644 --- a/tests/test_all_rules.py +++ b/tests/test_all_rules.py @@ -617,8 +617,8 @@ class TestRuleTiming(BaseRuleTest): has_event_ingested = rule.contents.data.timestamp_override == 'event.ingested' indexes = rule.contents.data.get('index', []) beats_indexes = parse_beats_from_index(indexes) - min_stack_is_less_than_82 = Version.parse(rule.contents.metadata.min_stack_version or '7.13.0') \ - < Version.parse("8.2.0") + min_stack_is_less_than_82 = Version.parse(rule.contents.metadata.min_stack_version or '7.13.0', + optional_minor_and_patch=True) < Version.parse("8.2.0") config = rule.contents.data.get('note') or '' rule_str = self.rule_str(rule, trailer=None)