Update to v0.5.1 (#3)

* Add SigmahqInvalidAllModifierValidator

* Add SigmahqFieldDuplicateValueValidator

* Add tests

* Update Readme

* Update version to 0.5.1

* add missing config and fix SigmahqTitleCase

* Move to LF

README.md

@@ -12,28 +12,30 @@ Create all validators specific to the requirements of the SigmaHQ rules reposito
 
 | Name | Description|
 | --- | ---|
-| sigmahq_fieldname_cast                | Check field name have a cast error.                          |
-| sigmahq_invalid_fieldname             | Check field name do not exist in the logsource.              |
-| sigmahq_invalid_field_source          | Check field Source use with Eventlog.                        |
-| sigmahq_space_fieldname               | Check field name have a space.                               |
-| sigmahq_filename_prefix               | Check rule filename match SigmaHQ prefix standard.           |
-| sigmahq_filename                      | Check rule filename match SigmaHQ standard.                  |
-| sigmahq_logsource_valid               | Checks if rule has valid logsource.                          |
 | sigmahq_date_existence                | Checks if rule has a data.                                   |
 | sigmahq_description_existence         | Checks if rule has a description.                            |
 | sigmahq_description_length            | Checks if rule has a description.                            |
 | sigmahq_falsepositives_banned_word    | Checks if rule falsepositive start with a banned word.       |
 | sigmahq_falsepositives_capital        | Checks if rule falsepositive start with a capital.           |
 | sigmahq_falsepositives_typo_word      | Checks if rule falsepositive start with a common typo error. |
+| sigmahq_field_duplicate_value         | Check uniques value in field list.                           |
+| sigmahq_fieldname_cast                | Check field name have a cast error.                          |
+| sigmahq_filename                      | Check rule filename match SigmaHQ standard.                  |
+| sigmahq_filename_prefix               | Check rule filename match SigmaHQ prefix standard.           |
+| sigmahq_invalid_all_modifier          | Check All modifier used with a single value.                 |
+| sigmahq_invalid_field_source          | Check field Source use with Eventlog.                        |
+| sigmahq_invalid_fieldname             | Check field name do not exist in the logsource.              |
 | sigmahq_level_existence               | Checks if rule has a level.                                  |
 | sigmahq_link_description              | Checks if rule description use a link instead of references. |
+| sigmahq_logsource_valid               | Checks if rule has valid logsource.                          |
+| sigmahq_space_fieldname               | Check field name have a space.                               |
 | sigmahq_status_deprecated             | Checks if rule has a status DEPRECATED.                      |
 | sigmahq_status_existence              | Checks if rule has a status.                                 |
 | sigmahq_status_unsupported            | Checks if rule has a status UNSUPPORTED.                     |
 | sigmahq_title_case                    | Checks if rule title use capitalization.                     |
-| sigmahq_title_end                     | Checks if rule end with a dot(.).                            |
-| sigmahq_title_length                  | Checks if rule has a title length longer than 110.           |
-| sigmahq_title_start                   | Checks if rule start with Detects.                           |
+| sigmahq_title_end                     | Checks if rule title end with a dot(.).                      |
+| sigmahq_title_length                  | Checks if rule has a title too long.                         |
+| sigmahq_title_start                   | Checks if rule title start with Detects.                     |
 
 # Data
 

print-coverage.py

@@ -1,15 +1,15 @@
-# Prints code testing coverage as percentage for badge generation.
-from defusedxml.ElementTree import parse
-
-tree = parse("cov.xml")
-root = tree.getroot()
-coverage = float(root.attrib["line-rate"]) * 100
-print(f"COVERAGE={coverage:3.4}%")
-if coverage >= 95.0:
-    print("COVERAGE_COLOR=green")
-elif coverage >= 90.0:
-    print("COVERAGE_COLOR=yellow")
-elif coverage >= 85.0:
-    print("COVERAGE_COLOR=orange")
-else:
-    print("COVERAGE_COLOR=red")
+# Prints code testing coverage as percentage for badge generation.
+from defusedxml.ElementTree import parse
+
+tree = parse("cov.xml")
+root = tree.getroot()
+coverage = float(root.attrib["line-rate"]) * 100
+print(f"COVERAGE={coverage:3.4}%")
+if coverage >= 95.0:
+    print("COVERAGE_COLOR=green")
+elif coverage >= 90.0:
+    print("COVERAGE_COLOR=yellow")
+elif coverage >= 85.0:
+    print("COVERAGE_COLOR=orange")
+else:
+    print("COVERAGE_COLOR=red")

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "pySigma-validators-sigmahq"
-version = "0.5.0"
+version = "0.5.1"
 description = "pySigma SigmaHQ validators"
 authors = ["François Hubaut <frack113@users.noreply.github.com>"]
 license = "LGPL-2.1-only"

sigma/validators/sigmahq/__init__.py

@@ -1,23 +1,23 @@
-from importlib import import_module
-from pathlib import Path
-from pkgutil import iter_modules
-from inspect import getmembers, isabstract, isclass
-import re
-
-from sigma.validators.base import SigmaRuleValidator
-from .config import ConfigHq
-
-validators = {
-    re.sub("([A-Z]+)", "_\\1", name.replace("Validator", ""))[
-        1:
-    ].lower(): cls  # NameOfSomeCheckValidator -> name_of_some_check
-    for _, submodule, _ in iter_modules(
-        [str(Path(__file__).resolve().parent)]
-    )  # Iterate over modules, str around Path is due to issue with PosixPath from Python 3.10
-    for name, cls in getmembers(
-        import_module(__name__ + "." + submodule, isclass)
-    )  # Iterate over classes
-    if not isabstract(cls)
-    and name.endswith("Validator")
-    and issubclass(cls, SigmaRuleValidator)  # Class filtering
-}
+from importlib import import_module
+from pathlib import Path
+from pkgutil import iter_modules
+from inspect import getmembers, isabstract, isclass
+import re
+
+from sigma.validators.base import SigmaRuleValidator
+from .config import ConfigHq
+
+validators = {
+    re.sub("([A-Z]+)", "_\\1", name.replace("Validator", ""))[
+        1:
+    ].lower(): cls  # NameOfSomeCheckValidator -> name_of_some_check
+    for _, submodule, _ in iter_modules(
+        [str(Path(__file__).resolve().parent)]
+    )  # Iterate over modules, str around Path is due to issue with PosixPath from Python 3.10
+    for name, cls in getmembers(
+        import_module(__name__ + "." + submodule, isclass)
+    )  # Iterate over classes
+    if not isabstract(cls)
+    and name.endswith("Validator")
+    and issubclass(cls, SigmaRuleValidator)  # Class filtering
+}