thomaspatzke
commented
4 months ago See comment in issue. Colons are allowed and we don't want to add any restrictions on the field names as there might be valid use cases for colons and likely other characters.
SigmaDetectionItem.from_mapping was previously accepting ':' as valid input from fields,
allowing users to create rules with field such as
Image:endswith: value.Those inputs should be considered as malformed yaml.
Suggested Fix : raise SigmaDetectionError