Skip to content

Commit

Permalink
SingleTextQueryBackend ignores empty components in composed queries
Browse files Browse the repository at this point in the history 
Example: one component of a AND-composition is ignored if invoked
generate* call returns None.
  • Loading branch information
@thomaspatzke
thomaspatzke committed Jun 21, 2018
1 parent d8a7bca commit e72c0d5
Showing 1 changed file with 22 additions and 4 deletions.
26 changes: 22 additions & 4 deletions tools/sigma/backends.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -381,16 +381,34 @@ class SingleTextQueryBackend(RulenameCommentMixin, BaseBackend, QuoteCharMixin):
mapListValueExpression = None # Syntax for field/value condititons where map value is a list

def generateANDNode(self, node):
return self.andToken.join([self.generateNode(val) for val in node])
generated = [ self.generateNode(val) for val in node ]
filtered = [ g for g in generated if g is not None ]
if filtered:
return self.andToken.join(filtered)
else:
return None

def generateORNode(self, node):
return self.orToken.join([self.generateNode(val) for val in node])
generated = [ self.generateNode(val) for val in node ]
filtered = [ g for g in generated if g is not None ]
if filtered:
return self.orToken.join(filtered)
else:
return None

def generateNOTNode(self, node):
return self.notToken + self.generateNode(node.item)
generated = self.generateNode(node.item)
if generated is not None:
return self.notToken + generated
else:
return None

def generateSubexpressionNode(self, node):
return self.subExpression % self.generateNode(node.items)
generated = self.generateNode(node.items)
if generated:
return self.subExpression % generated
else:
return None

def generateListNode(self, node):
if not set([type(value) for value in node]).issubset({str, int}):
Expand Down

0 comments on commit e72c0d5

Please sign in to comment.