Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit26e468c

Browse files
committed
gis-9195 fixes
1 parent26402af commit26e468c

File tree

3 files changed

+115
-4
lines changed

3 files changed

+115
-4
lines changed

‎uncoder-core/app/translator/platforms/microsoft/renders/microsoft_sentinel_rule.py‎

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@
2626
fromapp.translator.core.custom_types.meta_infoimportSeverityType
2727
fromapp.translator.core.mappingimportSourceMapping
2828
fromapp.translator.core.models.platform_detailsimportPlatformDetails
29-
fromapp.translator.core.models.query_containerimportMetaInfoContainer,MitreInfoContainer
29+
fromapp.translator.core.models.query_containerimportMetaInfoContainer,MitreInfoContainer,RawQueryContainer
3030
fromapp.translator.managersimportrender_manager
3131
fromapp.translator.platforms.microsoft.constimportDEFAULT_MICROSOFT_SENTINEL_RULE,microsoft_sentinel_rule_details
3232
fromapp.translator.platforms.microsoft.mappingimportMicrosoftSentinelMappings,microsoft_sentinel_rule_mappings
@@ -105,9 +105,10 @@ def finalize_query(
105105
not_supported_functions:Optional[list]=None,
106106
unmapped_fields:Optional[list[str]]=None,
107107
*args,# noqa: ARG002
108-
**kwargs,# noqa: ARG002
108+
**kwargs,
109109
)->str:
110-
query=super().finalize_query(prefix=prefix,query=query,functions=functions)
110+
ifnotkwargs.get("raw_query",False):
111+
query=super().finalize_query(prefix=prefix,query=query,functions=functions)
111112
rule=copy.deepcopy(DEFAULT_MICROSOFT_SENTINEL_RULE)
112113
rule["query"]=query
113114
rule["displayName"]=meta_info.titleor_AUTOGENERATED_TEMPLATE
@@ -130,3 +131,8 @@ def finalize_query(
130131
json_rule=json.dumps(rule,indent=4,sort_keys=False)
131132
json_rule=self.wrap_with_unmapped_fields(json_rule,unmapped_fields)
132133
returnself.wrap_with_not_supported_functions(json_rule,not_supported_functions)
134+
135+
defgenerate_from_raw_query_container(self,query_container:RawQueryContainer)->str:
136+
returnself.finalize_query(
137+
prefix="",query=query_container.query,functions="",meta_info=query_container.meta_info,raw_query=True
138+
)

‎uncoder-core/app/translator/platforms/sentinel_one/escape_manager.py‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
classSentinelOnePowerQueryEscapeManager(EscapeManager):
1010
escape_map:ClassVar[dict[str,list[EscapeDetails]]]= {
1111
ValueType.value: [EscapeDetails(pattern=r"\\",escape_symbols=r"\\\\")],
12-
ValueType.regex_value: [EscapeDetails(pattern=r"([$^*+()\[\]{}|.?\-\\])",escape_symbols=r"\\\\\\\\")],
12+
ValueType.regex_value: [EscapeDetails(pattern=r"([$^*+()\[\]{}|.?\-\\])",escape_symbols=r"\\\1")],
1313
SentinelOneValueType.double_escape_regex_value: [EscapeDetails(pattern=r"\\",escape_symbols=r"\\\\")],
1414
}
1515

Lines changed: 105 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,105 @@
1+
fromtypingimportUnion
2+
3+
fromapp.translator.constimportDEFAULT_VALUE_TYPE
4+
fromapp.translator.core.custom_types.valuesimportValueType
5+
fromapp.translator.core.models.platform_detailsimportPlatformDetails
6+
fromapp.translator.core.renderimportBaseFieldValueRender,PlatformQueryRender
7+
fromapp.translator.core.str_value_managerimportStrValueManager
8+
fromapp.translator.managersimportrender_manager
9+
fromapp.translator.platforms.sentinel_one.constimportsentinel_one_power_query_details
10+
fromapp.translator.platforms.sentinel_one.mappingimport (
11+
SentinelOnePowerQueryMappings,
12+
sentinel_one_power_query_query_mappings,
13+
)
14+
fromapp.translator.platforms.sentinel_one.str_value_managerimportsentinel_one_power_query_str_value_manager
15+
16+
17+
classSentinelOnePowerQueryFieldValue(BaseFieldValueRender):
18+
details:PlatformDetails=sentinel_one_power_query_details
19+
str_value_manager:StrValueManager=sentinel_one_power_query_str_value_manager
20+
list_token=", "
21+
22+
@staticmethod
23+
def_wrap_str_value(value:str)->str:
24+
returnf'"{value}"'
25+
26+
defequal_modifier(self,field:str,value:DEFAULT_VALUE_TYPE)->str:
27+
ifisinstance(value,list):
28+
values=self.list_token.join(
29+
self._pre_process_value(field,v,value_type=ValueType.value,wrap_str=True)forvinvalue
30+
)
31+
returnf"{field} in ({values})"
32+
value=self._pre_process_value(field,value,value_type=ValueType.value,wrap_str=True)
33+
returnf"{field} ={value}"
34+
35+
defless_modifier(self,field:str,value:Union[int,str])->str:
36+
value=self._pre_process_value(field,value,value_type=ValueType.value,wrap_str=True)
37+
returnf"{field} <{value}"
38+
39+
defless_or_equal_modifier(self,field:str,value:Union[int,str])->str:
40+
value=self._pre_process_value(field,value,value_type=ValueType.value,wrap_str=True)
41+
returnf"{field} <={value}"
42+
43+
defgreater_modifier(self,field:str,value:Union[int,str])->str:
44+
value=self._pre_process_value(field,value,value_type=ValueType.value,wrap_str=True)
45+
returnf"{field} >{value}"
46+
47+
defgreater_or_equal_modifier(self,field:str,value:Union[int,str])->str:
48+
value=self._pre_process_value(field,value,value_type=ValueType.value,wrap_str=True)
49+
returnf"{field} >={value}"
50+
51+
defnot_equal_modifier(self,field:str,value:DEFAULT_VALUE_TYPE)->str:
52+
ifisinstance(value,list):
53+
values=self.list_token.join(
54+
self._pre_process_value(field,v,value_type=ValueType.value,wrap_str=True,wrap_int=True)
55+
forvinvalue
56+
)
57+
returnf"{field} != ({values})"
58+
value=self._pre_process_value(field,value,value_type=ValueType.value,wrap_str=True,wrap_int=True)
59+
returnf"{field} !={value}"
60+
61+
defcontains_modifier(self,field:str,value:DEFAULT_VALUE_TYPE)->str:
62+
ifisinstance(value,list):
63+
values=self.list_token.join(
64+
self._pre_process_value(field,v,value_type=ValueType.value,wrap_str=True,wrap_int=True)
65+
forvinvalue
66+
)
67+
returnf"{field} contains ({values})"
68+
value=self._pre_process_value(field,value,value_type=ValueType.value,wrap_str=True,wrap_int=True)
69+
returnf"{field} contains{value}"
70+
71+
defendswith_modifier(self,field:str,value:DEFAULT_VALUE_TYPE)->str:
72+
returnself.contains_modifier(field,value)
73+
74+
defstartswith_modifier(self,field:str,value:DEFAULT_VALUE_TYPE)->str:
75+
returnself.contains_modifier(field,value)
76+
77+
defregex_modifier(self,field:str,value:DEFAULT_VALUE_TYPE)->str:
78+
ifisinstance(value,list):
79+
values=self.list_token.join(
80+
self.str_value_manager.escape_manager.escape(
81+
self._pre_process_value(field,v,value_type=ValueType.regex_value,wrap_str=True,wrap_int=True)
82+
)
83+
forvinvalue
84+
)
85+
returnf"{field} matches ({values})"
86+
value=self._pre_process_value(field,value,value_type=ValueType.regex_value,wrap_str=True,wrap_int=True)
87+
value=self.str_value_manager.escape_manager.escape(value)
88+
returnf"{field} matches{value}"
89+
90+
defis_none(self,field:str,value:DEFAULT_VALUE_TYPE)->str:# noqa: ARG002
91+
returnf'not ({field} matches "\\.*")'
92+
93+
defis_not_none(self,field:str,value:DEFAULT_VALUE_TYPE)->str:# noqa: ARG002
94+
returnf'{field} matches "\\.*"'
95+
96+
97+
@render_manager.register
98+
classSentinelOnePowerQueryRender(PlatformQueryRender):
99+
details:PlatformDetails=sentinel_one_power_query_details
100+
mappings:SentinelOnePowerQueryMappings=sentinel_one_power_query_query_mappings
101+
or_token="or"
102+
and_token="and"
103+
not_token="not"
104+
comment_symbol="//"
105+
field_value_render=SentinelOnePowerQueryFieldValue(or_token=or_token)

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp