PyPI - pySigma - Versions diffs - 1.3.0__tar.gz → 1.3.2__tar.gz - Mend

pySigma 1.3.0tar.gz → 1.3.2tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (65) hide show

{pysigma-1.3.0 → pysigma-1.3.2}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pySigma
-Version: 1.3.0
+Version: 1.3.2
 Summary: Sigma rule processing and conversion tools
 License-Expression: LGPL-2.1-only
 License-File: LICENSE

{pysigma-1.3.0 → pysigma-1.3.2}/pyproject.toml RENAMED Viewed

@@ -1,6 +1,6 @@
 [project]
 name = "pySigma"
-version = "1.3.0"
+version = "1.3.2"
 license = "LGPL-2.1-only"
 description = "Sigma rule processing and conversion tools"
 authors = [

{pysigma-1.3.0 → pysigma-1.3.2}/sigma/conversion/base.py RENAMED Viewed

@@ -987,6 +987,11 @@ class Backend(ABC):
         This is the place where syntactic elements of the target format for the specific query are added,
         e.g. adding query metadata.
         """
+        if output_format not in self.formats:
+            raise SigmaBackendError(
+                f"Unknown output format '{output_format}', "
+                f"must be one of: {', '.join(self.formats.keys())}"
+            )
         backend_query = self.__getattribute__("finalize_query_" + output_format)(
             rule, query, index, state
         )
@@ -1003,6 +1008,11 @@ class Backend(ABC):
     def finalize(self, queries: list[Any], output_format: str) -> Any:
         """Finalize output. Dispatches to format-specific method."""
+        if output_format not in self.formats:
+            raise SigmaBackendError(
+                f"Unknown output format '{output_format}', "
+                f"must be one of: {', '.join(self.formats.keys())}"
+            )
         output = self.__getattribute__("finalize_output_" + output_format)(queries)
         return self.last_processing_pipeline.finalize(output)

{pysigma-1.3.0 → pysigma-1.3.2}/sigma/processing/pipeline.py RENAMED Viewed

@@ -4,6 +4,7 @@ from collections import defaultdict
 from dataclasses import dataclass, field
 from functools import partial
 import hashlib
+import os
 from typing import (
     Literal,
     Mapping,
@@ -858,8 +859,18 @@ class ProcessingPipeline:
         processing_pipeline: str,
         allow_template_vars: bool = False,
         vars_allowed_paths: tuple[str, ...] | None = None,
+        source_path: str | None = None,
     ) -> "ProcessingPipeline":
-        """Convert YAML input string into processing pipeline."""
+        """Convert YAML input string into processing pipeline.
+        If *source_path* is provided and *vars_allowed_paths* is ``None``, the
+        directory containing *source_path* is automatically used as the only
+        allowed base directory for template vars files. This prevents a
+        pipeline YAML from referencing vars files outside its own directory
+        tree.
+        """
+        if vars_allowed_paths is None and source_path is not None:
+            vars_allowed_paths = (os.path.dirname(os.path.realpath(source_path)),)
         try:
             parsed_pipeline = yaml.safe_load(processing_pipeline)
         except yaml.parser.ParserError as e:

{pysigma-1.3.0 → pysigma-1.3.2}/sigma/processing/resolver.py RENAMED Viewed

@@ -63,7 +63,7 @@ class ProcessingPipelineResolver:
         except KeyError:  # identifier not found, try it as path
             try:
                 with open(spec, "r") as f:
-                    return ProcessingPipeline.from_yaml(f.read())
+                    return ProcessingPipeline.from_yaml(f.read(), source_path=spec)
             except OSError as e:
                 raise SigmaPipelineNotFoundError(spec)

{pysigma-1.3.0 → pysigma-1.3.2}/sigma/validators/core/tags.py RENAMED Viewed

@@ -43,7 +43,10 @@ class ATTACKTagValidator(SigmaTagValidator):
     """Check for usage of valid MITRE ATT&CK tags."""
     def __init__(self) -> None:
-        self.allowed_tags = (
+        self.allowed_tags: set[str] | None = None
+    def _load_allowed_tags(self) -> set[str]:
+        return (
             {tactic.lower() for tactic in mitre_attack.mitre_attack_tactics.values()}
             .union({technique.lower() for technique in mitre_attack.mitre_attack_techniques.keys()})
             .union(
@@ -62,6 +65,8 @@ class ATTACKTagValidator(SigmaTagValidator):
         )
     def validate_tag(self, tag: SigmaRuleTag) -> list[SigmaValidationIssue]:
+        if self.allowed_tags is None:
+            self.allowed_tags = self._load_allowed_tags()
         if tag.namespace == "attack" and tag.name not in self.allowed_tags:
             return [InvalidATTACKTagIssue([self.rule], tag)]
         return []
@@ -78,13 +83,18 @@ class D3FENDTagValidator(SigmaTagValidator):
     """Check for usage of valid MITRE D3FEND tags."""
     def __init__(self) -> None:
-        self.allowed_tags = (
+        self.allowed_tags: set[str] | None = None
+    def _load_allowed_tags(self) -> set[str]:
+        return (
             {tactic.lower() for tactic in mitre_d3fend.mitre_d3fend_tactics.keys()}
             .union({technique.lower() for technique in mitre_d3fend.mitre_d3fend_techniques.keys()})
             .union({artefact for artefact in mitre_d3fend.mitre_d3fend_artifacts.keys()})
         )
     def validate_tag(self, tag: SigmaRuleTag) -> list[SigmaValidationIssue]:
+        if self.allowed_tags is None:
+            self.allowed_tags = self._load_allowed_tags()
         if tag.namespace == "d3fend" and tag.name not in self.allowed_tags:
             return [InvalidD3FENDagIssue([self.rule], tag)]
         return []