chore: lint

.pre-commit-config.yaml

@@ -4,8 +4,3 @@ repos:
     rev: 24.4.2
     hooks:
       - id: black
-        # It is recommended to specify the latest version of Python
-        # supported by your project here, or alternatively use
-        # pre-commit's default_language_version, see
-        # https://pre-commit.com/#top_level-default_language_version
-        language_version: python3.11

sigma/modifiers.py

@@ -394,7 +394,9 @@ class SigmaExpandModifier(SigmaValueModifier):
     specific list item or lookup by the processing pipeline.
     """
 
-    def modify(self, val: Union[SigmaString, SigmaRegularExpression]) -> Union[SigmaString, SigmaRegularExpression]:
+    def modify(
+        self, val: Union[SigmaString, SigmaRegularExpression]
+    ) -> Union[SigmaString, SigmaRegularExpression]:
         return val.insert_placeholders()
 
 

sigma/processing/transformations/placeholder.py

@@ -56,7 +56,9 @@ def __post_init__(self):
 
     def apply_value(
         self, field: str, val: Union[SigmaString, SigmaRegularExpression]
-    ) -> Union[SigmaString, Iterable[SigmaString], SigmaRegularExpression, Iterable[SigmaRegularExpression]]:
+    ) -> Union[
+        SigmaString, Iterable[SigmaString], SigmaRegularExpression, Iterable[SigmaRegularExpression]
+    ]:
         if val.contains_placeholder(self.include, self.exclude):
             return val.replace_placeholders(self.placeholder_replacements_base)
         else:

sigma/types.py

@@ -705,7 +705,11 @@ class SigmaRegularExpression(SigmaType):
         SigmaRegularExpressionFlag.DOTALL: "s",
     }
 
-    def __init__(self, regexp: Union[str, SigmaString], flags: Optional[Set[SigmaRegularExpressionFlag]] = None):
+    def __init__(
+        self,
+        regexp: Union[str, SigmaString],
+        flags: Optional[Set[SigmaRegularExpressionFlag]] = None,
+    ):
         if isinstance(regexp, str):
             regexp = SigmaString(regexp)
 
@@ -771,10 +775,12 @@ def escape(
             prefix = ""
 
         return prefix + escape_char.join([self.regexp.original[i:j] for i, j in ranges])
-
-    def contains_placeholder(self, include: Optional[List[str]] = None, exclude: Optional[List[str]] = None) -> bool:
+
+    def contains_placeholder(
+        self, include: Optional[List[str]] = None, exclude: Optional[List[str]] = None
+    ) -> bool:
         return self.regexp.contains_placeholder(include, exclude)
-    
+
     def insert_placeholders(self) -> "SigmaRegularExpression":
         """
         Replace %something% placeholders with Placeholder stub objects that can be later handled by the processing
@@ -783,17 +789,18 @@ def insert_placeholders(self) -> "SigmaRegularExpression":
         self.regexp = self.regexp.insert_placeholders()
         return self
 
-    def replace_placeholders(self, callback: Callable[[Placeholder], Iterator[Union[str, SpecialChars, Placeholder]]]) -> List["SigmaRegularExpression"]:
+    def replace_placeholders(
+        self, callback: Callable[[Placeholder], Iterator[Union[str, SpecialChars, Placeholder]]]
+    ) -> List["SigmaRegularExpression"]:
         """
         Replace all occurrences of string part matching regular expression with placeholder.
         """
         return [
-            SigmaRegularExpression(
-                regexp=sigmastr.convert(),
-                flags=self.flags
-            ) for sigmastr in self.regexp.replace_placeholders(callback)
+            SigmaRegularExpression(regexp=sigmastr.convert(), flags=self.flags)
+            for sigmastr in self.regexp.replace_placeholders(callback)
         ]
 
+
 @dataclass
 class SigmaCIDRExpression(NoPlainConversionMixin, SigmaType):
     """CIDR IP address range expression type"""

tests/test_conversion_base.py

@@ -14,7 +14,7 @@
     FieldMappingTransformation,
     QueryExpressionPlaceholderTransformation,
     SetStateTransformation,
-    ValueListPlaceholderTransformation
+    ValueListPlaceholderTransformation,
 )
 from sigma.exceptions import SigmaPlaceholderError, SigmaTypeError, SigmaValueError
 import pytest
@@ -1323,9 +1323,10 @@ def test_convert_value_regex_value_list():
         vars={"test": ["pat.*tern/foobar", "pat.*te\\rn/foobar"]},
     )
     backend = TextQueryTestBackend(pipeline)
-    assert backend.convert(
-        SigmaCollection.from_yaml(
-            """
+    assert (
+        backend.convert(
+            SigmaCollection.from_yaml(
+                """
             title: Test
             status: test
             logsource:
@@ -1336,8 +1337,10 @@ def test_convert_value_regex_value_list():
                     field|re|expand: "%test%"
                 condition: sel
             """
+            )
         )
-    ) == ["field=/pat.*tern\\/foo\\bar/ or field=/pat.*te\\\\rn\\/foo\\bar/"]
+        == ["field=/pat.*tern\\/foo\\bar/ or field=/pat.*te\\\\rn\\/foo\\bar/"]
+    )
 
 
 def test_convert_value_cidr_wildcard_native_ipv4(test_backend):

tests/test_modifiers.py

@@ -493,7 +493,9 @@ def test_expand(dummy_detection_item):
 
 
 def test_expand_re(dummy_detection_item):
-    assert SigmaExpandModifier(dummy_detection_item, []).modify(SigmaRegularExpression("test%var%test")).regexp.s == (
+    assert SigmaExpandModifier(dummy_detection_item, []).modify(
+        SigmaRegularExpression("test%var%test")
+    ).regexp.s == (
         "test",
         Placeholder("var"),
         "test",