From 9f61ce4923786c3dd7db9e63e512cb8a685f84f7 Mon Sep 17 00:00:00 2001 From: eric-forte-elastic <119343520+eric-forte-elastic@users.noreply.github.com> Date: Wed, 11 Oct 2023 11:43:42 -0400 Subject: [PATCH] [FR] Only supporting known compatible rule file types (#3167) * Only supporting known compatible file types * Add --ignore-invalid-files flag * Added support to ignore invalid rule files * Update detection_rules/utils.py Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com> * Update detection_rules/utils.py Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com> * Update detection_rules/utils.py Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com> * Update detection_rules/utils.py Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com> * Update detection_rules/main.py Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com> * reverting main * add punctuation --------- Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com> Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> --- detection_rules/main.py | 2 +- detection_rules/utils.py | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/detection_rules/main.py b/detection_rules/main.py index 84e197ba6..c95ef2c99 100644 --- a/detection_rules/main.py +++ b/detection_rules/main.py @@ -93,7 +93,7 @@ def generate_rules_index(ctx: click.Context, query, overwrite, save_files=True): @click.argument('input-file', type=click.Path(dir_okay=False, exists=True), nargs=-1, required=False) @click.option('--directory', '-d', type=click.Path(file_okay=False, exists=True), help='Load files from a directory') def import_rules(input_file, directory): - """Import rules from json, toml, or Kibana exported rule file(s).""" + """Import rules from json, toml, yaml, or Kibana exported rule file(s).""" rule_files = glob.glob(os.path.join(directory, '**', '*.*'), recursive=True) if directory else [] rule_files = sorted(set(rule_files + list(input_file))) diff --git a/detection_rules/utils.py b/detection_rules/utils.py index b7ef0bf44..265742c52 100644 --- a/detection_rules/utils.py +++ b/detection_rules/utils.py @@ -326,8 +326,10 @@ def load_rule_contents(rule_file: Path, single_only=False) -> list: return contents or [{}] elif extension == '.toml': rule = pytoml.loads(raw_text) + elif extension.lower() in ('yaml', 'yml'): + rule = load_dump(str(rule_file)) else: - rule = load_dump(rule_file) + return [] if isinstance(rule, dict): return [rule]