misp-modules/misp_modules/modules/expansion/sigma_syntax_validator.py

import json
try:
    import yaml
    from sigma.parser.rule import SigmaParser
    from sigma.configuration import SigmaConfiguration
except ImportError:
    print("sigma or yaml is missing, use 'pip3 install sigmatools' to install it.")

misperrors = {'error': 'Error'}
mispattributes = {'input': ['sigma'], 'output': ['text']}
moduleinfo = {
    'version': '0.1',
    'author': 'Christian Studer',
    'module-type': ['expansion', 'hover'],
    'name': 'Sigma Syntax Validator',
    'description': 'An expansion hover module to perform a syntax check on sigma rules.',
    'logo': 'sigma.png',
    'requirements': ['Sigma python library', 'Yaml python library'],
    'features': 'This module takes a Sigma rule attribute as input and performs a syntax check on it.\n\nIt displays then that the rule is valid if it is the case, and the error related to the rule otherwise.',
    'references': ['https://github.com/Neo23x0/sigma/wiki'],
    'input': 'A Sigma attribute.',
    'output': 'Text describing the validity of the Sigma rule.',
}
moduleconfig = []


def handler(q=False):
    if q is False:
        return False
    request = json.loads(q)
    if not request.get('sigma'):
        misperrors['error'] = 'Sigma rule missing'
        return misperrors
    config = SigmaConfiguration()
    try:
        parser = SigmaParser(yaml.safe_load(request.get('sigma')), config)
        result = ("Syntax valid: {}".format(parser.values))
    except Exception as e:
        result = ("Syntax error: {}".format(str(e)))
    return {'results': [{'types': mispattributes['output'], 'values': result}]}


def introspection():
    return mispattributes


def version():
    moduleinfo['config'] = moduleconfig
    return moduleinfo
add: Sigma syntax validator expansion module --> Checks sigma rules syntax - Updated the expansion modules list as well - Updated the requirements list 2018-06-28 10:41:32 +02:00			`import json`
			`try:`
			`import yaml`
fix: Change in the imports 2019-01-21 14:06:38 +01:00			`from sigma.parser.rule import SigmaParser`
			`from sigma.configuration import SigmaConfiguration`
fix: Making python 3.5 happy with the exception type ImportError 2018-09-08 02:53:15 +02:00			`except ImportError:`
add: Sigma syntax validator expansion module --> Checks sigma rules syntax - Updated the expansion modules list as well - Updated the requirements list 2018-06-28 10:41:32 +02:00			`print("sigma or yaml is missing, use 'pip3 install sigmatools' to install it.")`

			`misperrors = {'error': 'Error'}`
			`mispattributes = {'input': ['sigma'], 'output': ['text']}`
chg: [doc] Big doc revamp #680 2024-08-12 11:23:10 +02:00			`moduleinfo = {`
			`'version': '0.1',`
			`'author': 'Christian Studer',`
			`'module-type': ['expansion', 'hover'],`
			`'name': 'Sigma Syntax Validator',`
			`'description': 'An expansion hover module to perform a syntax check on sigma rules.',`
			`'logo': 'sigma.png',`
			`'requirements': ['Sigma python library', 'Yaml python library'],`
			`'features': 'This module takes a Sigma rule attribute as input and performs a syntax check on it.\n\nIt displays then that the rule is valid if it is the case, and the error related to the rule otherwise.',`
			`'references': ['https://github.com/Neo23x0/sigma/wiki'],`
			`'input': 'A Sigma attribute.',`
			`'output': 'Text describing the validity of the Sigma rule.',`
			`}`
add: Sigma syntax validator expansion module --> Checks sigma rules syntax - Updated the expansion modules list as well - Updated the requirements list 2018-06-28 10:41:32 +02:00			`moduleconfig = []`

fix: Make pep8 happy 2018-12-11 15:29:09 +01:00
add: Sigma syntax validator expansion module --> Checks sigma rules syntax - Updated the expansion modules list as well - Updated the requirements list 2018-06-28 10:41:32 +02:00			`def handler(q=False):`
			`if q is False:`
			`return False`
			`request = json.loads(q)`
			`if not request.get('sigma'):`
			`misperrors['error'] = 'Sigma rule missing'`
			`return misperrors`
			`config = SigmaConfiguration()`
			`try:`
fix: [cleanup] Quick clean up on yaml load function 2018-08-07 18:14:29 +02:00			`parser = SigmaParser(yaml.safe_load(request.get('sigma')), config)`
add: Sigma syntax validator expansion module --> Checks sigma rules syntax - Updated the expansion modules list as well - Updated the requirements list 2018-06-28 10:41:32 +02:00			`result = ("Syntax valid: {}".format(parser.values))`
			`except Exception as e:`
			`result = ("Syntax error: {}".format(str(e)))`
			`return {'results': [{'types': mispattributes['output'], 'values': result}]}`

fix: Make pep8 happy 2018-12-11 15:29:09 +01:00
add: Sigma syntax validator expansion module --> Checks sigma rules syntax - Updated the expansion modules list as well - Updated the requirements list 2018-06-28 10:41:32 +02:00			`def introspection():`
			`return mispattributes`

fix: Make pep8 happy 2018-12-11 15:29:09 +01:00
add: Sigma syntax validator expansion module --> Checks sigma rules syntax - Updated the expansion modules list as well - Updated the requirements list 2018-06-28 10:41:32 +02:00			`def version():`
			`moduleinfo['config'] = moduleconfig`
			`return moduleinfo`