Updated CI pipeline

cyberphor · Oct 13, 2024 · 8cec2e1 · 8cec2e1
1 parent 471a4f4
commit 8cec2e1
Show file tree

Hide file tree

Showing 2 changed files with 102 additions and 34 deletions.
diff --git a/print-coverage.py b/print-coverage.py
@@ -12,4 +12,4 @@
 elif coverage >= 85.0:
     print("COVERAGE_COLOR=orange")
 else:
-    print("COVERAGE_COLOR=red")
+    print("COVERAGE_COLOR=red")
diff --git a/tests/test_backend_powershell.py b/tests/test_backend_powershell.py
@@ -4,14 +4,18 @@
 from sigma.collection import SigmaCollection
 from sigma.exceptions import SigmaFeatureNotSupportedByBackendError
 
+
 @pytest.fixture
 def powershell_backend():
     pipeline = powershell_pipeline()
     return PowerShellBackend(pipeline)
 
+
 def test_powershell_and_expression(powershell_backend: PowerShellBackend):
-    assert powershell_backend.convert(
-        SigmaCollection.from_yaml("""
+    assert (
+        powershell_backend.convert(
+            SigmaCollection.from_yaml(
+                """
             title: Test
             status: test
             logsource:
@@ -22,12 +26,20 @@ def test_powershell_and_expression(powershell_backend: PowerShellBackend):
                     EventID: 4688
                     field: value
                 condition: selection
-        """)
-    ) == ['Get-WinEvent -FilterHashTable @{LogName = "Security"; Id = 4688} | Read-WinEvent | Where-Object {$_.field -eq "value"}']
+        """
+            )
+        )
+        == [
+            'Get-WinEvent -FilterHashTable @{LogName = "Security"; Id = 4688} | Read-WinEvent | Where-Object {$_.field -eq "value"}'
+        ]
+    )
+
 
 def test_powershell_or_expression(powershell_backend: PowerShellBackend):
-    assert powershell_backend.convert(
-        SigmaCollection.from_yaml("""
+    assert (
+        powershell_backend.convert(
+            SigmaCollection.from_yaml(
+                """
             title: Test
             status: test
             logsource:
@@ -41,12 +53,20 @@ def test_powershell_or_expression(powershell_backend: PowerShellBackend):
                 selection3:
                     fieldB: valueB
                 condition: 1 of sel*
-        """)
-    ) == ['Get-WinEvent -FilterHashTable @{LogName = "Security"; Id = 4688} | Read-WinEvent | Where-Object {$_.fieldA -eq "valueA" -or $_.fieldB -eq "valueB"}']
+        """
+            )
+        )
+        == [
+            'Get-WinEvent -FilterHashTable @{LogName = "Security"; Id = 4688} | Read-WinEvent | Where-Object {$_.fieldA -eq "valueA" -or $_.fieldB -eq "valueB"}'
+        ]
+    )
+
 
 def test_powershell_and_or_expression(powershell_backend: PowerShellBackend):
-    assert powershell_backend.convert(
-        SigmaCollection.from_yaml("""
+    assert (
+        powershell_backend.convert(
+            SigmaCollection.from_yaml(
+                """
             title: Test
             status: test
             logsource:
@@ -61,12 +81,20 @@ def test_powershell_and_or_expression(powershell_backend: PowerShellBackend):
                         - valueB1
                         - valueB2
                 condition: sel
-        """)
-    ) == ['Get-WinEvent -LogName "Security" | Read-WinEvent | Where-Object {($_.fieldA -in ("valueA1", "valueA2")) -and ($_.fieldB -in ("valueB1", "valueB2"))}']
+        """
+            )
+        )
+        == [
+            'Get-WinEvent -LogName "Security" | Read-WinEvent | Where-Object {($_.fieldA -in ("valueA1", "valueA2")) -and ($_.fieldB -in ("valueB1", "valueB2"))}'
+        ]
+    )
+
 
 def test_powershell_or_and_expression(powershell_backend: PowerShellBackend):
-    assert powershell_backend.convert(
-        SigmaCollection.from_yaml("""
+    assert (
+        powershell_backend.convert(
+            SigmaCollection.from_yaml(
+                """
             title: Test
             status: test
             logsource:
@@ -80,18 +108,27 @@ def test_powershell_or_and_expression(powershell_backend: PowerShellBackend):
                     fieldA: valueA2
                     fieldB: valueB2
                 condition: 1 of sel*
-        """)
-    ) == ['Get-WinEvent -LogName "Security" | Read-WinEvent | Where-Object {($_.fieldA -eq "valueA1" -and $_.fieldB -eq "valueB1") -or ($_.fieldA -eq "valueA2" -and $_.fieldB -eq "valueB2")}']
+        """
+            )
+        )
+        == [
+            'Get-WinEvent -LogName "Security" | Read-WinEvent | Where-Object {($_.fieldA -eq "valueA1" -and $_.fieldB -eq "valueB1") -or ($_.fieldA -eq "valueA2" -and $_.fieldB -eq "valueB2")}'
+        ]
+    )
+
 
 # TODO: add test_powershell_not_expression
 
 # TODO: add test_powershell_not_and_expression
 
 # TODO: add test_powershell_and_not_expression
 
+
 def test_powershell_in_expression(powershell_backend: PowerShellBackend):
-    assert powershell_backend.convert(
-        SigmaCollection.from_yaml("""
+    assert (
+        powershell_backend.convert(
+            SigmaCollection.from_yaml(
+                """
             title: Test
             status: test
             logsource:
@@ -104,15 +141,23 @@ def test_powershell_in_expression(powershell_backend: PowerShellBackend):
                         - valueB
                         - valueC*
                 condition: sel
-        """)
-    ) == ['Get-WinEvent -LogName "Security" | Read-WinEvent | Where-Object {$_.fieldA -eq "valueA" -or $_.fieldA -eq "valueB" -or $_.fieldA.StartsWith("valueC")}']
-    # TODO: 
+        """
+            )
+        )
+        == [
+            'Get-WinEvent -LogName "Security" | Read-WinEvent | Where-Object {$_.fieldA -eq "valueA" -or $_.fieldA -eq "valueB" -or $_.fieldA.StartsWith("valueC")}'
+        ]
+    )
+    # TODO:
     # achieve this ($_.fieldA -in ("valueA", "valueB") -or ($_.fieldA -like "valueC*")
     # would also involve re-writing how cidr expressions are converted
 
+
 def test_powershell_regex_query(powershell_backend: PowerShellBackend):
-    assert powershell_backend.convert(
-        SigmaCollection.from_yaml("""
+    assert (
+        powershell_backend.convert(
+            SigmaCollection.from_yaml(
+                """
             title: Test
             status: test
             logsource:
@@ -123,12 +168,20 @@ def test_powershell_regex_query(powershell_backend: PowerShellBackend):
                     fieldA|re: foo.*bar
                     fieldB: foo
                 condition: sel
-        """)
-    ) == ['Get-WinEvent -LogName "Security" | Read-WinEvent | Where-Object {$_.fieldA -match "foo.*bar" -and $_.fieldB -eq "foo"}']
+        """
+            )
+        )
+        == [
+            'Get-WinEvent -LogName "Security" | Read-WinEvent | Where-Object {$_.fieldA -match "foo.*bar" -and $_.fieldB -eq "foo"}'
+        ]
+    )
+
 
 def test_powershell_cidr_query(powershell_backend: PowerShellBackend):
-    assert powershell_backend.convert(
-        SigmaCollection.from_yaml("""
+    assert (
+        powershell_backend.convert(
+            SigmaCollection.from_yaml(
+                """
             title: Test
             status: test
             logsource:
@@ -139,12 +192,20 @@ def test_powershell_cidr_query(powershell_backend: PowerShellBackend):
                     EventID: 5156
                     SourceAddress|cidr: 10.0.0.0/16
                 condition: sel
-        """)
-    ) == ['Get-WinEvent -FilterHashTable @{LogName = "Security"; Id = 5156} | Read-WinEvent | Where-Object {$_.SourceAddress.StartsWith("10.0.")}']
+        """
+            )
+        )
+        == [
+            'Get-WinEvent -FilterHashTable @{LogName = "Security"; Id = 5156} | Read-WinEvent | Where-Object {$_.SourceAddress.StartsWith("10.0.")}'
+        ]
+    )
+
 
 def test_powershell_field_name_with_whitespace(powershell_backend: PowerShellBackend):
-    assert powershell_backend.convert(
-        SigmaCollection.from_yaml("""
+    assert (
+        powershell_backend.convert(
+            SigmaCollection.from_yaml(
+                """
             title: Test
             status: test
             logsource:
@@ -154,14 +215,21 @@ def test_powershell_field_name_with_whitespace(powershell_backend: PowerShellBac
                 sel:
                     field name: value
                 condition: sel
-        """)
-    ) == ['Get-WinEvent -LogName "Security" | Read-WinEvent | Where-Object {$_.fieldname -eq "value"}']
+        """
+            )
+        )
+        == [
+            'Get-WinEvent -LogName "Security" | Read-WinEvent | Where-Object {$_.fieldname -eq "value"}'
+        ]
+    )
+
 
 def test_powershell_format1_output(powershell_backend: PowerShellBackend):
     """Test for output format format1."""
     # TODO: implement a test for the output format
     pass
 
+
 def test_powershell_format2_output(powershell_backend: PowerShellBackend):
     """Test for output format format2."""
     # TODO: implement a test for the output format