Merge branch 'main' into version-1

SigmaHQ · Nov 13, 2024 · 447fdf3 · 447fdf3
2 parents 3756763 + aa8719a
commit 447fdf3
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 2 deletions.
diff --git a/sigma/processing/transformations/meta.py b/sigma/processing/transformations/meta.py
@@ -25,8 +25,12 @@ class NestedProcessingTransformation(Transformation):
     def __post_init__(self):
         from sigma.processing.pipeline import (
             ProcessingPipeline,
+            ProcessingItem,
         )  # TODO: move to top-level after restructuring code
 
+        self.items = [
+            i if isinstance(i, ProcessingItem) else ProcessingItem.from_dict(i) for i in self.items
+        ]
         self._nested_pipeline = ProcessingPipeline(items=self.items)
 
     @classmethod

diff --git a/tests/test_processing_transformations.py b/tests/test_processing_transformations.py
@@ -24,6 +24,7 @@
     IncludeFieldCondition,
     RuleContainsDetectionItemCondition,
     RuleProcessingItemAppliedCondition,
+    rule_conditions,
 )
 from sigma.processing.pipeline import ProcessingItem, ProcessingPipeline
 from sigma.processing.transformations import (
@@ -71,7 +72,6 @@
     RuleConditionFalse,
     RuleConditionTrue,
     TransformationAppend,
-    inject_test_classes,
 )
 
 
@@ -1826,7 +1826,10 @@ def nested_pipeline_transformation():
     )
 
 
-def test_nested_pipeline_transformation_from_dict(nested_pipeline_transformation):
+def test_nested_pipeline_transformation_from_dict(nested_pipeline_transformation, monkeypatch):
+    monkeypatch.setitem(transformations, "append", TransformationAppend)
+    monkeypatch.setitem(rule_conditions, "true", RuleConditionTrue)
+    monkeypatch.setitem(rule_conditions, "false", RuleConditionFalse)
     assert (
         NestedProcessingTransformation.from_dict(
             {
@@ -1848,6 +1851,37 @@ def test_nested_pipeline_transformation_from_dict(nested_pipeline_transformation
     )
 
 
+def test_nested_pipeline_transformation_from_yaml(nested_pipeline_transformation, monkeypatch):
+    monkeypatch.setitem(transformations, "append", TransformationAppend)
+    monkeypatch.setitem(rule_conditions, "true", RuleConditionTrue)
+    monkeypatch.setitem(rule_conditions, "false", RuleConditionFalse)
+    assert (
+        ProcessingPipeline.from_yaml(
+            """
+        name: Test
+        priority: 100
+        transformations:
+            - type: nest
+              items:
+              - id: test
+                type: append
+                s: Test
+                rule_conditions:
+                - type: "true"
+                  dummy: test-true
+                - type: "false"
+                  dummy: test-false
+                rule_cond_op: or
+        """
+        )
+        == ProcessingPipeline(
+            name="Test",
+            priority=100,
+            items=[ProcessingItem(nested_pipeline_transformation)],
+        )
+    )
+
+
 def test_nested_pipeline_transformation_from_dict_apply(
     dummy_pipeline, sigma_rule, nested_pipeline_transformation
 ):