Closed leogr closed 2 months ago
I fully support this feature request!
Just the first thing that comes to mind, introducing basename
would also probably conflict with fd.filename
, that is basename(fd.name)
would be totally the same thing as fd.filename
. We would probably need a deprecation plan for that field or other similar ones if any.
fd.filename
. We would probably need a deprecation plan for that field or other similar ones if any.
Totally :+1:
/assign
Motivation
The
basename()
transformer will make it easier for rule authors to write concise and effective rules, particularly for fields returning a full path by extracting the base name from a field returning a full path.Note that this is particularly useful in conjunction with
proc.exepath
which provides the resolved symlink path eventually, sinceproc.exe
can't provide the resolved path because it, by convention, equals toargv[0]
.Feature
Introduce the
basename(<path>)
transformer that works similarly to the basename util.This transformer returns the base name of a given
<path>
(i.e. a string) as an argument.Alternatives
No compelling alternatives. For the record, some discarded solutions:
proc.exe
(breaking change + inconsistency)proc.exepath.basename
) comes with too many cons:basename()
)proc.pexepath
andproc.aexepath
, increasing complexityAdditional context
cc @darryk10 @loresuso