Merge pull request #110 from UncoderIO/gis-cortex-add-escape-slash

saltar-ua · web-flow · commit 50fc258957d3 · 2024-05-16T10:49:24.000+03:00
Cortex XSIAM, add escape to equal_modifier method
diff --git a/uncoder-core/app/translator/platforms/palo_alto/escape_manager.py b/uncoder-core/app/translator/platforms/palo_alto/escape_manager.py
@@ -7,7 +7,9 @@
 
 class XQLEscapeManager(EscapeManager):
     escape_map: ClassVar[dict[str, list[EscapeDetails]]] = {
-        ValueType.value: [EscapeDetails(pattern=r'([_!@#$%^&*=+()\[\]{}|;:\'",.<>?/`~\-\s\\])', escape_symbols=r"\\\1")]
+        ValueType.regex_value: [EscapeDetails(pattern=r'([_!@#$%^&*=+()\[\]{}|;:\'",.<>?/`~\-\s\\])', escape_symbols=r"\\\1")],
+        ValueType.value: [EscapeDetails(pattern=r'([\\])', escape_symbols=r"\\\1")],
+
     }
 
 
diff --git a/uncoder-core/app/translator/platforms/palo_alto/renders/cortex_xsiam.py b/uncoder-core/app/translator/platforms/palo_alto/renders/cortex_xsiam.py
@@ -19,6 +19,7 @@
 from typing import Union
 
 from app.translator.const import DEFAULT_VALUE_TYPE
+from app.translator.core.custom_types.values import ValueType
 from app.translator.core.exceptions.render import UnsupportedRenderMethod
 from app.translator.core.models.platform_details import PlatformDetails
 from app.translator.core.render import BaseQueryFieldValue, PlatformQueryRender
@@ -38,11 +39,11 @@ class CortexXSIAMFieldValue(BaseQueryFieldValue):
 
     def equal_modifier(self, field: str, value: DEFAULT_VALUE_TYPE) -> str:
         if isinstance(value, list):
-            values = ", ".join(f'"{v}"' for v in value)
+            values = ", ".join(f'"{self.apply_value(v)}"' for v in value)
             return f"{field} in ({values})"
         if isinstance(value, int):
             return f"{field} = {value}"
-        return f'{field} = "{value}"'
+        return f'{field} = "{self.apply_value(value)}"'
 
     def less_modifier(self, field: str, value: Union[int, str]) -> str:
         return f"{field} < {value}"
@@ -59,30 +60,30 @@ def greater_or_equal_modifier(self, field: str, value: Union[int, str]) -> str:
     def not_equal_modifier(self, field: str, value: DEFAULT_VALUE_TYPE) -> str:
         if isinstance(value, list):
             return f"({self.or_token.join([self.not_equal_modifier(field=field, value=v) for v in value])})"
-        return f'{field} != "{value}"'
+        return f'{field} != "{self.apply_value(value)}"'
 
     def contains_modifier(self, field: str, value: DEFAULT_VALUE_TYPE) -> str:
         if isinstance(value, list):
             return f"({self.or_token.join(self.contains_modifier(field=field, value=v) for v in value)})"
-        return f'{field} contains "{value}"'
+        return f'{field} contains "{self.apply_value(value)}"'
 
     def endswith_modifier(self, field: str, value: DEFAULT_VALUE_TYPE) -> str:
         if isinstance(value, list):
             return (
-                f"({self.or_token.join(self.endswith_modifier(field=field, value=self.apply_value(v)) for v in value)})"
+                f"({self.or_token.join(self.endswith_modifier(field=field, value=v) for v in value)})"
             )
-        return f'{field} ~= ".*{self.apply_value(value)}"'
+        return f'{field} ~= ".*{self.apply_value(value, value_type=ValueType.regex_value)}"'
 
     def startswith_modifier(self, field: str, value: DEFAULT_VALUE_TYPE) -> str:
         if isinstance(value, list):
-            clause = self.or_token.join(self.startswith_modifier(field=field, value=self.apply_value(v)) for v in value)
+            clause = self.or_token.join(self.startswith_modifier(field=field, value=v) for v in value)
             return f"({clause})"
-        return f'{field} ~= "{self.apply_value(value)}.*"'
+        return f'{field} ~= "{self.apply_value(value, value_type=ValueType.regex_value)}.*"'
 
     def regex_modifier(self, field: str, value: DEFAULT_VALUE_TYPE) -> str:
         if isinstance(value, list):
-            return f"({self.or_token.join(self.regex_modifier(field=field, value=self.apply_value(v)) for v in value)})"
-        return f'{field} ~= "{self.apply_value(value)}"'
+            return f"({self.or_token.join(self.regex_modifier(field=field, value=v) for v in value)})"
+        return f'{field} ~= "{self.apply_value(value, value_type=ValueType.regex_value)}"'
 
     def is_none(self, field: str, value: DEFAULT_VALUE_TYPE) -> str:
         if isinstance(value, list):

Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,9 @@`
`7`	`7`
`8`	`8`	`class XQLEscapeManager(EscapeManager):`
`9`	`9`	`escape_map: ClassVar[dict[str, list[EscapeDetails]]] = {`
`10`		- ValueType.value: [EscapeDetails(pattern=r'([_!@#$%^&*=+()\[\]{}\|;:\'",.<>?/`~\-\s\\])', escape_symbols=r"\\\1")]
	`10`	+ ValueType.regex_value: [EscapeDetails(pattern=r'([_!@#$%^&*=+()\[\]{}\|;:\'",.<>?/`~\-\s\\])', escape_symbols=r"\\\1")],
	`11`	`+ ValueType.value: [EscapeDetails(pattern=r'([\\])', escape_symbols=r"\\\1")],`
	`12`	`+`
`11`	`13`	`}`
`12`	`14`
`13`	`15`