From 2f3ce1b6153540739d5db889e71f1c0bcd9a259d Mon Sep 17 00:00:00 2001 From: chrisr3d Date: Sat, 15 Jun 2019 08:06:47 +0200 Subject: [PATCH] fix: Support of the latest version of sigmatools --- .../modules/expansion/sigma_queries.py | 21 +++++++------------ 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/misp_modules/modules/expansion/sigma_queries.py b/misp_modules/modules/expansion/sigma_queries.py index 7799f2a..009c785 100644 --- a/misp_modules/modules/expansion/sigma_queries.py +++ b/misp_modules/modules/expansion/sigma_queries.py @@ -4,7 +4,6 @@ import json try: from sigma.parser.collection import SigmaCollectionParser from sigma.configuration import SigmaConfiguration - from sigma.backends.base import BackendOptions from sigma.backends.discovery import getBackend except ImportError: print("sigma or yaml is missing, use 'pip3 install sigmatools' to install it.") @@ -25,24 +24,20 @@ def handler(q=False): misperrors['error'] = 'Sigma rule missing' return misperrors config = SigmaConfiguration() - backend_options = BackendOptions(None) f = io.TextIOWrapper(io.BytesIO(request.get('sigma').encode()), encoding='utf-8') - parser = SigmaCollectionParser(f, config, None) + parser = SigmaCollectionParser(f, config) targets = [] - old_stdout = sys.stdout - result = io.StringIO() - sys.stdout = result + results = [] for t in sigma_targets: - backend = getBackend(t)(config, backend_options, None) + backend = getBackend(t)(config, {'rulecomment': False}) try: parser.generate(backend) - backend.finalize() - print("#NEXT") - targets.append(t) - except Exception: + result = backend.finalize() + if result: + results.append(result) + targets.append(t) + except Exception as e: continue - sys.stdout = old_stdout - results = result.getvalue()[:-5].split('#NEXT') d_result = {t: r.strip() for t, r in zip(targets, results)} return {'results': [{'types': mispattributes['output'], 'values': d_result}]}