Skip to content

Commit

Permalink
fix keywords bug and add comments (#964)
Browse files Browse the repository at this point in the history
Signed-off-by: Joanne Wang <[email protected]>
  • Loading branch information
jowg-amazon committed Apr 4, 2024
1 parent 68f37d3 commit b889d98
Showing 1 changed file with 16 additions and 6 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -329,18 +329,34 @@ public Object convertConditionFieldEqValQueryExpr(ConditionFieldEqualsValueExpre
return null;
}*/

/**
* Method used when structure of Sigma Rule does not have a field associated with the condition item and the value
* is a SigmaString type
* Ex:
* condition: selection_1
* selection1:
* - keyword1
*/
@Override
public Object convertConditionValStr(ConditionValueExpression condition) throws SigmaValueError {
SigmaString value = (SigmaString) condition.getValue();
boolean containsWildcard = value.containsWildcard();
return String.format(Locale.getDefault(), (containsWildcard? this.unboundWildcardExpression: this.unboundValueStrExpression), this.convertValueStr((SigmaString) condition.getValue()));
}

/**
* Method used when structure of Sigma Rule does not have a field associated with the condition item and the value
* is a SigmaNumber type
*/
@Override
public Object convertConditionValNum(ConditionValueExpression condition) {
return String.format(Locale.getDefault(), this.unboundValueNumExpression, condition.getValue().toString());
}

/**
* Method used when structure of Sigma Rule does not have a field associated with the condition item and the value
* is a SigmaRegularExpression type
*/
@Override
public Object convertConditionValRe(ConditionValueExpression condition) {
return String.format(Locale.getDefault(), this.unboundReExpression, convertValueRe((SigmaRegularExpression) condition.getValue()));
Expand Down Expand Up @@ -445,12 +461,6 @@ private String getFinalField(String field) {
return this.getMappedField(field);
}

private String getFinalValueField() {
String field = "_" + valExpCount;
valExpCount++;
return field;
}

public static class AggregationQueries implements Writeable, ToXContentObject {
private static final String AGG_QUERY = "aggQuery";
private static final String BUCKET_TRIGGER_QUERY = "bucketTriggerQuery";
Expand Down

0 comments on commit b889d98

Please sign in to comment.