Moved CompareOperators out from SigmaCompareExpression

Fixes #264

sigma/backends/test/backend.py

@@ -7,7 +7,7 @@
 from sigma.pipelines.test import dummy_test_pipeline
 from sigma.processing.pipeline import ProcessingItem, ProcessingPipeline
 from sigma.processing.transformations import FieldMappingTransformation
-from sigma.types import SigmaCompareExpression
+from sigma.types import CompareOperators, SigmaCompareExpression
 
 
 class TextQueryTestBackend(TextQueryBackend):
@@ -62,11 +62,11 @@ class TextQueryTestBackend(TextQueryBackend):
     cidr_expression: ClassVar[str] = "cidrmatch('{field}', \"{value}\")"
 
     compare_op_expression: ClassVar[str] = "{field}{operator}{value}"
-    compare_operators: ClassVar[Dict[SigmaCompareExpression.CompareOperators, str]] = {
-        SigmaCompareExpression.CompareOperators.LT: "<",
-        SigmaCompareExpression.CompareOperators.LTE: "<=",
-        SigmaCompareExpression.CompareOperators.GT: ">",
-        SigmaCompareExpression.CompareOperators.GTE: ">=",
+    compare_operators: ClassVar[Dict[CompareOperators, str]] = {
+        CompareOperators.LT: "<",
+        CompareOperators.LTE: "<=",
+        CompareOperators.GT: ">",
+        CompareOperators.GTE: ">=",
     }
 
     field_equals_field_expression: ClassVar[str] = "{field1}=fieldref({field2})"

sigma/conversion/base.py

@@ -38,6 +38,7 @@
     ConditionType,
 )
 from sigma.types import (
+    CompareOperators,
     SigmaBool,
     SigmaCasedString,
     SigmaExists,
@@ -823,7 +824,7 @@ class variables. If this is not sufficient, the respective methods can be implem
     compare_op_expression: ClassVar[Optional[str]] = (
         None  # Compare operation query as format string with placeholders {field}, {operator} and {value}
     )
-    compare_operators: ClassVar[Optional[Dict[SigmaCompareExpression.CompareOperators, str]]] = (
+    compare_operators: ClassVar[Optional[Dict[CompareOperators, str]]] = (
         None  # Mapping between CompareOperators elements and strings used as replacement for {operator} in compare_op_expression
     )
 

sigma/modifiers.py

@@ -15,6 +15,7 @@
 from collections.abc import Sequence as SequenceABC
 from base64 import b64encode
 from sigma.types import (
+    CompareOperators,
     Placeholder,
     SigmaBool,
     SigmaCasedString,
@@ -321,7 +322,7 @@ def modify(self, val: Sequence[SigmaType]) -> List[SigmaType]:
 class SigmaCompareModifier(SigmaValueModifier):
     """Base class for numeric comparison operator modifiers."""
 
-    op: ClassVar[SigmaCompareExpression.CompareOperators]
+    op: ClassVar[CompareOperators]
 
     def modify(self, val: SigmaNumber) -> SigmaCompareExpression:
         return SigmaCompareExpression(val, self.op, self.source)
@@ -330,33 +331,25 @@ def modify(self, val: SigmaNumber) -> SigmaCompareExpression:
 class SigmaLessThanModifier(SigmaCompareModifier):
     """Numeric less than (<) matching."""
 
-    op: ClassVar[SigmaCompareExpression.CompareOperators] = (
-        SigmaCompareExpression.CompareOperators.LT
-    )
+    op: ClassVar[CompareOperators] = CompareOperators.LT
 
 
 class SigmaLessThanEqualModifier(SigmaCompareModifier):
     """Numeric less than or equal (<=) matching."""
 
-    op: ClassVar[SigmaCompareExpression.CompareOperators] = (
-        SigmaCompareExpression.CompareOperators.LTE
-    )
+    op: ClassVar[CompareOperators] = CompareOperators.LTE
 
 
 class SigmaGreaterThanModifier(SigmaCompareModifier):
     """Numeric greater than (>) matching."""
 
-    op: ClassVar[SigmaCompareExpression.CompareOperators] = (
-        SigmaCompareExpression.CompareOperators.GT
-    )
+    op: ClassVar[CompareOperators] = CompareOperators.GT
 
 
 class SigmaGreaterThanEqualModifier(SigmaCompareModifier):
     """Numeric greater than or equal (>=) matching."""
 
-    op: ClassVar[SigmaCompareExpression.CompareOperators] = (
-        SigmaCompareExpression.CompareOperators.GTE
-    )
+    op: ClassVar[CompareOperators] = CompareOperators.GTE
 
 
 class SigmaFieldReferenceModifier(SigmaValueModifier):

sigma/types.py

@@ -779,16 +779,17 @@ def expand(
         return patterns
 
 
+class CompareOperators(Enum):
+    LT = auto()  # <
+    LTE = auto()  # <=
+    GT = auto()  # >
+    GTE = auto()  # >=
+
+
 @dataclass
 class SigmaCompareExpression(NoPlainConversionMixin, SigmaType):
     """Type for numeric comparison."""
 
-    class CompareOperators(Enum):
-        LT = auto()  # <
-        LTE = auto()  # <=
-        GT = auto()  # >
-        GTE = auto()  # >=
-
     number: SigmaNumber
     op: CompareOperators
     source: Optional[SigmaRuleLocation] = None

tests/test_modifiers.py

@@ -26,6 +26,7 @@
 )
 from sigma.rule import SigmaDetectionItem
 from sigma.types import (
+    CompareOperators,
     SigmaBool,
     SigmaCasedString,
     SigmaExists,
@@ -388,25 +389,25 @@ def test_all(dummy_detection_item):
 def test_lt(dummy_detection_item):
     assert SigmaLessThanModifier(dummy_detection_item, []).modify(
         SigmaNumber(123)
-    ) == SigmaCompareExpression(SigmaNumber(123), SigmaCompareExpression.CompareOperators.LT)
+    ) == SigmaCompareExpression(SigmaNumber(123), CompareOperators.LT)
 
 
 def test_lte(dummy_detection_item):
     assert SigmaLessThanEqualModifier(dummy_detection_item, []).modify(
         SigmaNumber(123)
-    ) == SigmaCompareExpression(SigmaNumber(123), SigmaCompareExpression.CompareOperators.LTE)
+    ) == SigmaCompareExpression(SigmaNumber(123), CompareOperators.LTE)
 
 
 def test_gt(dummy_detection_item):
     assert SigmaGreaterThanModifier(dummy_detection_item, []).modify(
         SigmaNumber(123)
-    ) == SigmaCompareExpression(SigmaNumber(123), SigmaCompareExpression.CompareOperators.GT)
+    ) == SigmaCompareExpression(SigmaNumber(123), CompareOperators.GT)
 
 
 def test_gte(dummy_detection_item):
     assert SigmaGreaterThanEqualModifier(dummy_detection_item, []).modify(
         SigmaNumber(123)
-    ) == SigmaCompareExpression(SigmaNumber(123), SigmaCompareExpression.CompareOperators.GTE)
+    ) == SigmaCompareExpression(SigmaNumber(123), CompareOperators.GTE)
 
 
 def test_fieldref(dummy_detection_item):

tests/test_types.py

@@ -10,6 +10,7 @@
     SigmaRegularExpressionError,
 )
 from sigma.types import (
+    CompareOperators,
     SigmaBool,
     SigmaCasedString,
     SigmaCompareExpression,
@@ -757,13 +758,9 @@ def test_cidr_invalid():
 
 def test_compare_to_plain():
     with pytest.raises(SigmaValueError, match="can't be converted into a plain representation"):
-        SigmaCompareExpression(
-            SigmaNumber(123), SigmaCompareExpression.CompareOperators.LTE
-        ).to_plain()
+        SigmaCompareExpression(SigmaNumber(123), CompareOperators.LTE).to_plain()
 
 
 def test_compare_string():
     with pytest.raises(SigmaTypeError, match="expects number"):
-        SigmaCompareExpression(
-            SigmaString("123"), SigmaCompareExpression.CompareOperators.LTE
-        ).to_plain()
+        SigmaCompareExpression(SigmaString("123"), CompareOperators.LTE).to_plain()