fix: Support of the latest version of sigmatools

2019-06-15 08:06:47 +02:00 · 2019-06-15 08:06:47 +02:00 · 2f3ce1b615
parent 1ac85a4879
commit 2f3ce1b615
1 changed files with 8 additions and 13 deletions
--- a/misp_modules/modules/expansion/sigma_queries.py
+++ b/misp_modules/modules/expansion/sigma_queries.py
@ -4,7 +4,6 @@ import json
 try:
    from sigma.parser.collection import SigmaCollectionParser
    from sigma.configuration import SigmaConfiguration
-    from sigma.backends.base import BackendOptions
    from sigma.backends.discovery import getBackend
 except ImportError:
    print("sigma or yaml is missing, use 'pip3 install sigmatools' to install it.")
@ -25,24 +24,20 @@ def handler(q=False):
        misperrors['error'] = 'Sigma rule missing'
        return misperrors
    config = SigmaConfiguration()
-    backend_options = BackendOptions(None)
    f = io.TextIOWrapper(io.BytesIO(request.get('sigma').encode()), encoding='utf-8')
-    parser = SigmaCollectionParser(f, config, None)
+    parser = SigmaCollectionParser(f, config)
    targets = []
-    old_stdout = sys.stdout
-    result = io.StringIO()
-    sys.stdout = result
+    results = []
    for t in sigma_targets:
-        backend = getBackend(t)(config, backend_options, None)
+        backend = getBackend(t)(config, {'rulecomment': False})
        try:
            parser.generate(backend)
-            backend.finalize()
-            print("#NEXT")
-            targets.append(t)
-        except Exception:
+            result = backend.finalize()
+            if result:
+                results.append(result)
+                targets.append(t)
+        except Exception as e:
            continue
-    sys.stdout = old_stdout
-    results = result.getvalue()[:-5].split('#NEXT')
    d_result = {t: r.strip() for t, r in zip(targets, results)}
    return {'results': [{'types': mispattributes['output'], 'values': d_result}]}