run black

SigmaHQ · Jan 9, 2025 · 57e7a72 · 57e7a72
1 parent 3f46687
commit 57e7a72
Show file tree

Hide file tree

Showing 5 changed files with 47 additions and 14 deletions.
diff --git a/sigma/conversion/base.py b/sigma/conversion/base.py
@@ -52,7 +52,9 @@
     SigmaNull,
     SigmaQueryExpression,
     SigmaCIDRExpression,
-    SpecialChars, SigmaTimestampPart, TimestampPart,
+    SpecialChars,
+    SigmaTimestampPart,
+    TimestampPart,
 )
 from sigma.conversion.state import ConversionState
 
@@ -1560,14 +1562,23 @@ def convert_condition_field_eq_val_num(
             )
 
     def convert_condition_field_eq_val_timestamp_part(
-            self, cond: ConditionFieldEqualsValueExpression, state: ConversionState
+        self, cond: ConditionFieldEqualsValueExpression, state: ConversionState
     ) -> Any:
         """Conversion of field = timestamp part value expressions"""
         try:
             if isinstance(cond.value, SigmaTimestampPart):
-                return self.field_timestamp_part_expression.format(field=self.escape_and_quote_field(cond.field), timestamp_part=self.timestamp_part_mapping[cond.value.timestamp_part])  + self.eq_token + str(cond.value)
+                return (
+                    self.field_timestamp_part_expression.format(
+                        field=self.escape_and_quote_field(cond.field),
+                        timestamp_part=self.timestamp_part_mapping[cond.value.timestamp_part],
+                    )
+                    + self.eq_token
+                    + str(cond.value)
+                )
             else:
-                raise ValueError(f"Wrong type for cond.value. Expected SigmaTimestampPart, got {type(cond.value)}")
+                raise ValueError(
+                    f"Wrong type for cond.value. Expected SigmaTimestampPart, got {type(cond.value)}"
+                )
         except TypeError as e:  # pragma: no cover
             raise NotImplementedError(
                 f"Field equals numeric value expressions are not supported by the backend: {e}"
@@ -1776,7 +1787,14 @@ def convert_condition_val_timestamp_part(
         self, cond: ConditionValueExpression, state: ConversionState
     ) -> Union[str, DeferredQueryExpression]:
         """Conversion of timestamp part numbers."""
-        return self.field_timestamp_part_expression.format(field=self.escape_and_quote_field(cond.field), timestamp_part=self.timestamp_part_mapping[cond.value.timestamp_part])  + self.eq_token + str(cond.value)
+        return (
+            self.field_timestamp_part_expression.format(
+                field=self.escape_and_quote_field(cond.field),
+                timestamp_part=self.timestamp_part_mapping[cond.value.timestamp_part],
+            )
+            + self.eq_token
+            + str(cond.value)
+        )
 
     def convert_condition_val_re(
         self, cond: ConditionValueExpression, state: ConversionState

diff --git a/sigma/modifiers.py b/sigma/modifiers.py
@@ -29,7 +29,9 @@
     SpecialChars,
     SigmaRegularExpression,
     SigmaCompareExpression,
-    SigmaCIDRExpression, SigmaTimestampPart, TimestampPart,
+    SigmaCIDRExpression,
+    SigmaTimestampPart,
+    TimestampPart,
 )
 from sigma.conditions import ConditionAND
 from sigma.exceptions import SigmaRuleLocation, SigmaTypeError, SigmaValueError

diff --git a/sigma/types.py b/sigma/types.py
@@ -45,6 +45,7 @@ class TimestampPart(Enum):
     MONTH = auto()
     YEAR = auto()
 
+
 @dataclass
 class Placeholder:
     """

diff --git a/tests/test_modifiers.py b/tests/test_modifiers.py
@@ -22,8 +22,13 @@
     SigmaGreaterThanModifier,
     SigmaGreaterThanEqualModifier,
     SigmaExpandModifier,
-    SigmaWindowsDashModifier, SigmaTimestampMinuteModifier, SigmaTimestampHourModifier, SigmaTimestampDayModifier,
-    SigmaTimestampWeekModifier, SigmaTimestampMonthModifier, SigmaTimestampYearModifier,
+    SigmaWindowsDashModifier,
+    SigmaTimestampMinuteModifier,
+    SigmaTimestampHourModifier,
+    SigmaTimestampDayModifier,
+    SigmaTimestampWeekModifier,
+    SigmaTimestampMonthModifier,
+    SigmaTimestampYearModifier,
 )
 from sigma.rule import SigmaDetectionItem
 from sigma.types import (
@@ -40,7 +45,9 @@
     SigmaRegularExpression,
     SigmaCompareExpression,
     SigmaCIDRExpression,
-    SpecialChars, TimestampPart, SigmaTimestampPart,
+    SpecialChars,
+    TimestampPart,
+    SigmaTimestampPart,
 )
 from sigma.conditions import ConditionAND
 from sigma.exceptions import SigmaRuleLocation, SigmaTypeError, SigmaValueError

diff --git a/tests/test_rule.py b/tests/test_rule.py
@@ -18,7 +18,9 @@
     SigmaString,
     SigmaNumber,
     SigmaNull,
-    SigmaRegularExpression, SigmaTimestampPart, TimestampPart,
+    SigmaRegularExpression,
+    SigmaTimestampPart,
+    TimestampPart,
 )
 from sigma.modifiers import (
     SigmaBase64Modifier,
@@ -1615,7 +1617,8 @@ def test_sigmarule_bad_scope():
 
 
 def test_sigmarule_timestamp_modifiers():
-    rule = SigmaRule.from_dict({
+    rule = SigmaRule.from_dict(
+        {
             "title": "Test",
             "logsource": {
                 "category": "process_creation",
@@ -1631,9 +1634,11 @@ def test_sigmarule_timestamp_modifiers():
                     "timestamp|year": 6,
                 },
                 "condition": "selection",
-            }
-    }, source=sigma_exceptions.SigmaRuleLocation("test.yml"),)
-    detection_items = rule.detection['selection'].detection_items
+            },
+        },
+        source=sigma_exceptions.SigmaRuleLocation("test.yml"),
+    )
+    detection_items = rule.detection["selection"].detection_items
     assert detection_items[0].value[0] == SigmaTimestampPart(TimestampPart.MINUTE, 1)
     assert detection_items[1].value[0] == SigmaTimestampPart(TimestampPart.HOUR, 2)
     assert detection_items[2].value[0] == SigmaTimestampPart(TimestampPart.DAY, 3)