Replies: 3 comments
-
|
Hi @mostafa! Thanks for pointing this out, it's indeed an issue because the initial intention was to raise an exception for this case, perhaps a A general decision I've made for pySigma is to not recover gracefully in such situations but to fail hard if the result will not work as expected by the rule writer. The reason is, that there are lots of users who convert the whole rule repository into queries and expect that these work without reviewing them. For placeholders there's the |
Beta Was this translation helpful? Give feedback.
-
|
Created an issue #138 |
Beta Was this translation helpful? Give feedback.
-
|
@thomaspatzke |
Beta Was this translation helpful? Give feedback.
-
Hey @thomaspatzke,
I've been working on placeholders and found out that if a placeholder is defined in the rule, and there's no matching transformation in any of the provided pipelines, it'll be regarded as an unknown type and a
TypeErroris raised. TheTypeErroris caught by the generalExceptionblock and returned with a generic message:TypeError: unhashable type: 'Placeholder' (while applying processing pipeline on rule /path/to/some_rule.yml)This is not very useful, so I suggest we catch the exception and modify this line to consider
Placeholdera special object to returnNO_VALUE_PROVIDEDinstead. This way, the query is safely converted, yet the value of the placeholder will beNO_VALUE_PROVIDED. I made two fixes to address this, and they more or less do the same thing:I'd be very happy to have your feedback on this. (This look more like an issue, rather than an idea for discussion. 😁)
CC: @kelnage
Beta Was this translation helpful? Give feedback.
All reactions