security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[FR] Only supporting known compatible rule file types (#3167)

Browse Source 
* Only supporting known compatible file types

* Add --ignore-invalid-files flag

* Added support to ignore invalid rule files

* Update detection_rules/utils.py

Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>

* Update detection_rules/utils.py

Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>

* Update detection_rules/utils.py

Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>

* Update detection_rules/utils.py

Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>

* Update detection_rules/main.py

Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>

* reverting main

* add punctuation

---------

Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

(cherry picked from commit 9f61ce4923)
This commit is contained in:
eric-forte-elastic
2023-10-11 11:43:42 -04:00
committed by github-actions[bot]
parent c9a1edd9fc
commit f67291561e
2 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
detection_rules/main.py
+1 -1
View File
@@ -93,7 +93,7 @@ def generate_rules_index(ctx: click.Context, query, overwrite, save_files=True):
@click.argument('input-file', type=click.Path(dir_okay=False, exists=True), nargs=-1, required=False)
@click.option('--directory', '-d', type=click.Path(file_okay=False, exists=True), help='Load files from a directory')
def import_rules(input_file, directory):
"""Import rules from json, toml, or Kibana exported rule file(s)."""
"""Import rules from json, toml, yaml, or Kibana exported rule file(s)."""
rule_files = glob.glob(os.path.join(directory, '**', '*.*'), recursive=True) if directory else []
rule_files = sorted(set(rule_files + list(input_file)))
detection_rules/utils.py
+3 -1
View File
@@ -326,8 +326,10 @@ def load_rule_contents(rule_file: Path, single_only=False) -> list:
return contents or [{}]
elif extension == '.toml':
rule = pytoml.loads(raw_text)
elif extension.lower() in ('yaml', 'yml'):
rule = load_dump(str(rule_file))
else:
rule = load_dump(rule_file)
return []
if isinstance(rule, dict):
return [rule]