DictQuery cannot parse paths with backslashes #12
Comments
|
Greetings @tjt7a! I'm replying here to confirm that this is indeed an upstream issue within cyberlis/dictquery. In short, the path part of your query is ran against multiple matches to identify what type of syntax it is; it looks like it should be recognized as a I have submitted a pull request with a potential solution for this behavior here. In the meanwhile, the only workaround I can see would be to apply the regex match change in the above pull request to your local installation of dictquery, which should allow you to use paths with backslashes in your queries. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm trying to use sigma's dictquery backend, which generated a query that contains a portion that like this:
query1 = "(Image LIKE '\AppData\Local\Temp')"
When I attempt to compile this:
dq.compile(query1)
I get the following error:
Traceback (most recent call last):
File "", line 1, in
File "/home/tjt7a/.cache/pypoetry/virtualenvs/sigma-cli-NoEUEN38-py3.10/lib/python3.10/site-packages/dictquery/init.py", line 22, in compile
ast = parser.parse(query)
File "/home/tjt7a/.cache/pypoetry/virtualenvs/sigma-cli-NoEUEN38-py3.10/lib/python3.10/site-packages/dictquery/parsers.py", line 198, in parse
return self.orstatement()
File "/home/tjt7a/.cache/pypoetry/virtualenvs/sigma-cli-NoEUEN38-py3.10/lib/python3.10/site-packages/dictquery/parsers.py", line 223, in orstatement
leftval = self.andstatement()
File "/home/tjt7a/.cache/pypoetry/virtualenvs/sigma-cli-NoEUEN38-py3.10/lib/python3.10/site-packages/dictquery/parsers.py", line 233, in andstatement
leftval = self.expression()
File "/home/tjt7a/.cache/pypoetry/virtualenvs/sigma-cli-NoEUEN38-py3.10/lib/python3.10/site-packages/dictquery/parsers.py", line 243, in expression
return self.expr()
File "/home/tjt7a/.cache/pypoetry/virtualenvs/sigma-cli-NoEUEN38-py3.10/lib/python3.10/site-packages/dictquery/parsers.py", line 247, in expr
obj = self.orstatement()
File "/home/tjt7a/.cache/pypoetry/virtualenvs/sigma-cli-NoEUEN38-py3.10/lib/python3.10/site-packages/dictquery/parsers.py", line 223, in orstatement
leftval = self.andstatement()
File "/home/tjt7a/.cache/pypoetry/virtualenvs/sigma-cli-NoEUEN38-py3.10/lib/python3.10/site-packages/dictquery/parsers.py", line 233, in andstatement
leftval = self.expression()
File "/home/tjt7a/.cache/pypoetry/virtualenvs/sigma-cli-NoEUEN38-py3.10/lib/python3.10/site-packages/dictquery/parsers.py", line 243, in expression
return self.expr()
File "/home/tjt7a/.cache/pypoetry/virtualenvs/sigma-cli-NoEUEN38-py3.10/lib/python3.10/site-packages/dictquery/parsers.py", line 258, in expr
if self._accept('LIKE'):
File "/home/tjt7a/.cache/pypoetry/virtualenvs/sigma-cli-NoEUEN38-py3.10/lib/python3.10/site-packages/dictquery/parsers.py", line 213, in _accept
self._advance()
File "/home/tjt7a/.cache/pypoetry/virtualenvs/sigma-cli-NoEUEN38-py3.10/lib/python3.10/site-packages/dictquery/parsers.py", line 201, in _advance
self.tok, self.nexttok = self.nexttok, next(self.tokens, None)
File "/home/tjt7a/.cache/pypoetry/virtualenvs/sigma-cli-NoEUEN38-py3.10/lib/python3.10/site-packages/dictquery/tokenizer.py", line 48, in gen_tokens
raise DQSyntaxError("Unexpected character at pos %d" % match.start())
dictquery.exceptions.DQSyntaxError: Unexpected character at pos 12
Do I have any other options than to translate all occurrences of '' into '/'?
This is a repeat of a bug I submitted to DictQuery, here: cyberlis/dictquery#5
Because I'm not sure which of the two modules should address this issue.
Thank you,
Tom Tracy II
The text was updated successfully, but these errors were encountered: