From 1f1e8219b0fcda7b11463152fa9e8898bd5083db Mon Sep 17 00:00:00 2001
From: Viktor Hrebeniuk <76157115+saltar-ua@users.noreply.github.com>
Date: Thu, 16 May 2024 09:39:52 +0300
Subject: [PATCH 1/2] Cortex XSIAM, add escape to equal_modifier method
---
.../translator/platforms/palo_alto/renders/cortex_xsiam.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/uncoder-core/app/translator/platforms/palo_alto/renders/cortex_xsiam.py b/uncoder-core/app/translator/platforms/palo_alto/renders/cortex_xsiam.py
index 5ced749f..feac26d8 100644
--- a/uncoder-core/app/translator/platforms/palo_alto/renders/cortex_xsiam.py
+++ b/uncoder-core/app/translator/platforms/palo_alto/renders/cortex_xsiam.py
@@ -38,11 +38,11 @@ class CortexXSIAMFieldValue(BaseQueryFieldValue):
def equal_modifier(self, field: str, value: DEFAULT_VALUE_TYPE) -> str:
if isinstance(value, list):
- values = ", ".join(f'"{v}"' for v in value)
+ values = ", ".join(f'"{self.apply_value(v)}"' for v in value)
return f"{field} in ({values})"
if isinstance(value, int):
return f"{field} = {value}"
- return f'{field} = "{value}"'
+ return f'{field} = "{self.apply_value(value)}"'
def less_modifier(self, field: str, value: Union[int, str]) -> str:
return f"{field} < {value}"
From a6d985fa081046fbdfa938efd8fdb154edba776c Mon Sep 17 00:00:00 2001
From: Viktor Hrebeniuk <76157115+saltar-ua@users.noreply.github.com>
Date: Thu, 16 May 2024 10:17:45 +0300
Subject: [PATCH 2/2] Cortex XSIAM, add escape to equal_modifier method
---
.../platforms/palo_alto/escape_manager.py | 4 +++-
.../platforms/palo_alto/renders/cortex_xsiam.py | 17 +++++++++--------
2 files changed, 12 insertions(+), 9 deletions(-)
diff --git a/uncoder-core/app/translator/platforms/palo_alto/escape_manager.py b/uncoder-core/app/translator/platforms/palo_alto/escape_manager.py
index 82ccd258..5ea90f40 100644
--- a/uncoder-core/app/translator/platforms/palo_alto/escape_manager.py
+++ b/uncoder-core/app/translator/platforms/palo_alto/escape_manager.py
@@ -7,7 +7,9 @@
class XQLEscapeManager(EscapeManager):
escape_map: ClassVar[dict[str, list[EscapeDetails]]] = {
- ValueType.value: [EscapeDetails(pattern=r'([_!@#$%^&*=+()\[\]{}|;:\'",.<>?/`~\-\s\\])', escape_symbols=r"\\\1")]
+ ValueType.regex_value: [EscapeDetails(pattern=r'([_!@#$%^&*=+()\[\]{}|;:\'",.<>?/`~\-\s\\])', escape_symbols=r"\\\1")],
+ ValueType.value: [EscapeDetails(pattern=r'([\\])', escape_symbols=r"\\\1")],
+
}
diff --git a/uncoder-core/app/translator/platforms/palo_alto/renders/cortex_xsiam.py b/uncoder-core/app/translator/platforms/palo_alto/renders/cortex_xsiam.py
index feac26d8..5f6c95c6 100644
--- a/uncoder-core/app/translator/platforms/palo_alto/renders/cortex_xsiam.py
+++ b/uncoder-core/app/translator/platforms/palo_alto/renders/cortex_xsiam.py
@@ -19,6 +19,7 @@
from typing import Union
from app.translator.const import DEFAULT_VALUE_TYPE
+from app.translator.core.custom_types.values import ValueType
from app.translator.core.exceptions.render import UnsupportedRenderMethod
from app.translator.core.models.platform_details import PlatformDetails
from app.translator.core.render import BaseQueryFieldValue, PlatformQueryRender
@@ -59,30 +60,30 @@ def greater_or_equal_modifier(self, field: str, value: Union[int, str]) -> str:
def not_equal_modifier(self, field: str, value: DEFAULT_VALUE_TYPE) -> str:
if isinstance(value, list):
return f"({self.or_token.join([self.not_equal_modifier(field=field, value=v) for v in value])})"
- return f'{field} != "{value}"'
+ return f'{field} != "{self.apply_value(value)}"'
def contains_modifier(self, field: str, value: DEFAULT_VALUE_TYPE) -> str:
if isinstance(value, list):
return f"({self.or_token.join(self.contains_modifier(field=field, value=v) for v in value)})"
- return f'{field} contains "{value}"'
+ return f'{field} contains "{self.apply_value(value)}"'
def endswith_modifier(self, field: str, value: DEFAULT_VALUE_TYPE) -> str:
if isinstance(value, list):
return (
- f"({self.or_token.join(self.endswith_modifier(field=field, value=self.apply_value(v)) for v in value)})"
+ f"({self.or_token.join(self.endswith_modifier(field=field, value=v) for v in value)})"
)
- return f'{field} ~= ".*{self.apply_value(value)}"'
+ return f'{field} ~= ".*{self.apply_value(value, value_type=ValueType.regex_value)}"'
def startswith_modifier(self, field: str, value: DEFAULT_VALUE_TYPE) -> str:
if isinstance(value, list):
- clause = self.or_token.join(self.startswith_modifier(field=field, value=self.apply_value(v)) for v in value)
+ clause = self.or_token.join(self.startswith_modifier(field=field, value=v) for v in value)
return f"({clause})"
- return f'{field} ~= "{self.apply_value(value)}.*"'
+ return f'{field} ~= "{self.apply_value(value, value_type=ValueType.regex_value)}.*"'
def regex_modifier(self, field: str, value: DEFAULT_VALUE_TYPE) -> str:
if isinstance(value, list):
- return f"({self.or_token.join(self.regex_modifier(field=field, value=self.apply_value(v)) for v in value)})"
- return f'{field} ~= "{self.apply_value(value)}"'
+ return f"({self.or_token.join(self.regex_modifier(field=field, value=v) for v in value)})"
+ return f'{field} ~= "{self.apply_value(value, value_type=ValueType.regex_value)}"'
def is_none(self, field: str, value: DEFAULT_VALUE_TYPE) -> str:
if isinstance(value, list):
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy