search

panther-labs / pySigma-backend-panther

pySigma Panther Backend
https://panther.com/
Apache License 2.0
3 stars 0 forks source link

ModuleNotFoundError: No module named 'black' #57

Open joshnck opened 1 month ago

joshnck commented 1 month ago 
plugins = InstalledSigmaPlugins.autodiscover()
  File "/root/.cache/pypoetry/virtualenvs/sigconverter-io-wa5h0Qwf-py3.10/lib/python3.10/site-packages/sigma/plugins.py", line 193, in autodiscover
    backends = cls._discover_module_directories(sigma.backends, "backends", include_backends)
  File "/root/.cache/pypoetry/virtualenvs/sigconverter-io-wa5h0Qwf-py3.10/lib/python3.10/site-packages/sigma/plugins.py", line 89, in _discover_module_directories
    imported_module = importlib.import_module(mod.name)
  File "/usr/lib/python3.10/importlib/__init__.py", line 126, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 1050, in _gcd_import
  File "<frozen importlib._bootstrap>", line 1027, in _find_and_load
  File "<frozen importlib._bootstrap>", line 1006, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 688, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 883, in exec_module
  File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed
  File "/root/.cache/pypoetry/virtualenvs/sigconverter-io-wa5h0Qwf-py3.10/lib/python3.10/site-packages/sigma/backends/panther/__init__.py", line 1, in <module>
    from .panther_backend import PantherBackend
  File "/root/.cache/pypoetry/virtualenvs/sigconverter-io-wa5h0Qwf-py3.10/lib/python3.10/site-packages/sigma/backends/panther/panther_backend.py", line 4, in <module>
    import black

Looks like this needs to be updated to the latest version of black supported by pySigma black = "^24.4.2"

joshnck commented 1 month ago

Actually, this is a little bit deeper than just the black dependency. Your pyproject.toml file states you support all pySigma ^0.11 versions but when forcing the update of black, I get the following error:

  File "/root/.cache/pypoetry/virtualenvs/sigconverter-io-wa5h0Qwf-py3.10/lib/python3.10/site-packages/sigma/pipelines/panther/panther_pipeline.py", line 55, in panther_pipeline
    return ProcessingPipeline(
  File "<string>", line 15, in __init__
  File "/root/.cache/pypoetry/virtualenvs/sigconverter-io-wa5h0Qwf-py3.10/lib/python3.10/site-packages/sigma/processing/pipeline.py", line 440, in __post_init__
    raise TypeError(
TypeError: Each item in a postprocessing pipeline must be a QueryPostprocessingItem - don't use processing classes directly!

So it seems some refactoring might be necessary to support some of the later versions of pySigma.