SigmaHQ / sigma-cli

The Sigma command line interface based on pySigma
132 stars 34 forks source link

check() Provides Same Output with No Rules in Path #22

Closed signus closed 1 year ago

signus commented 1 year ago

As found when checking stdin in #21, the check functionality currently treats an empty Path specification as normal, giving the output as if rules were processed.

(sigma-cli-py3.11) ❯❯❯❯ cat rules/windows/process_creation/certutil_susp_download.yml | sigma check && echo $?                                                                                                          
DEBUG: input: ()
Parsing Sigma rules  [####################################]  100%
Checking Sigma rules  [####################################]  100%

=== Summary ===
Found 0 errors, 0 condition errors and 0 issues.
No rule errors found.
No condition errors found.
No validation issues found.
0
(sigma-cli-py3.11) ❯❯❯❯ sigma check && echo $?                                                                                                                                                                                     
DEBUG: input: ()
Parsing Sigma rules  [####################################]  100%
Checking Sigma rules  [####################################]  100%

=== Summary ===
Found 0 errors, 0 condition errors and 0 issues.
No rule errors found.
No condition errors found.
No validation issues found.
0

This issue could extend #21 in allowing standard input for check while providing a message supplied by the program to indicate that no rules were found and as such no rules were processed (indicating as such in the summary).

Preferably this would produce an exit(1), but this is open to debate, or a potential configuration option.

thomaspatzke commented 1 year ago

Fixed!