Skip to content

Commit 4c14e94

Browse files
tarnopolskyitarnopolskyi
committed
fix forti_siem
1 parent 7519303 commit 4c14e94

File tree

1 file changed

+33
-3
lines changed

1 file changed

+33
-3
lines changed

uncoder-core/app/translator/platforms/forti_siem/renders/forti_siem_rule.py

Lines changed: 33 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@
1818
from typing import Optional, Union
1919

2020
from app.translator.const import DEFAULT_VALUE_TYPE
21+
from app.translator.core.context_vars import with_meta_info_annotation_ctx_var
2122
from app.translator.core.custom_types.meta_info import SeverityType
2223
from app.translator.core.custom_types.tokens import OperatorType
2324
from app.translator.core.custom_types.values import ValueType
@@ -192,8 +193,9 @@ def render_query(
192193
functions: str,
193194
meta_info: Optional[MetaInfoContainer] = None,
194195
source_mapping: Optional[SourceMapping] = None, # noqa: ARG002
196+
fields: Optional[set[str]] = None,
195197
*args, # noqa: ARG002
196-
**kwargs,
198+
**kwargs, # noqa: ARG002
197199
) -> str:
198200
query = super().render_query(prefix=prefix, query=query, functions=functions)
199201
rule = FORTI_SIEM_RULE.replace("<header_placeholder>", self.generate_rule_header(meta_info))
@@ -203,11 +205,39 @@ def render_query(
203205
description = meta_info.description.replace("\n", " ") or _AUTOGENERATED_TEMPLATE
204206
rule = rule.replace("<description_placeholder>", description)
205207
rule = rule.replace("<incident_def_placeholder>", self.generate_event_type(title, meta_info.severity))
206-
args_list = self.get_args_list(kwargs.get("fields", set()).copy())
208+
args_list = self.get_args_list(fields.copy())
207209
rule = rule.replace("<args_list_placeholder>", self.get_args_str(args_list))
208210
rule = rule.replace("<query_placeholder>", query)
209211
rule = rule.replace("<group_by_attr_placeholder>", ", ".join(args_list))
210-
return rule.replace("<attr_list_placeholder>", self.get_attr_str(kwargs.get("fields", set()).copy()))
212+
return rule.replace("<attr_list_placeholder>", self.get_attr_str(fields.copy()))
213+
214+
def finalize_query(
215+
self,
216+
prefix: str,
217+
query: str,
218+
functions: str,
219+
meta_info: Optional[MetaInfoContainer] = None,
220+
source_mapping: Optional[SourceMapping] = None,
221+
not_supported_functions: Optional[list] = None,
222+
fields: Optional[set[str]] = None,
223+
*args, # noqa: ARG002
224+
**kwargs, # noqa: ARG002
225+
) -> str:
226+
query = self.render_query(
227+
prefix=prefix,
228+
query=query,
229+
functions=functions,
230+
meta_info=meta_info,
231+
source_mapping=source_mapping,
232+
fields=fields,
233+
)
234+
if with_meta_info_annotation_ctx_var.get() is False:
235+
return query
236+
query = self.wrap_query_with_meta_info(meta_info=meta_info, query=query)
237+
if not_supported_functions:
238+
rendered_not_supported = self.render_not_supported_functions(not_supported_functions)
239+
return query + rendered_not_supported
240+
return query
211241

212242
@staticmethod
213243
def get_attr_str(fields: set[str]) -> str:

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy