Windows misconfiguration

[blabla123sdfa]

Windows is not made by default to understand what a python script is or how to run it, even after the python installation. In order to not modify the registry settings, just add a simple element in the command line array, maintain the cross-platform ability and add more stability.

[wagga40]

Hi, thank you for this PR !

• genRules is deprecated and you can directly use the official sigmac to generate your rulesets (check the related docs here). For the config files you can use the ones available in this repository or the ones available in the official Sigma repository (zircolite.yml, etc. in the config folder)
• Windows misconfiguration :
  • originally this was meant to be used with the pypi distribution version of sigmac the one that is installable with pip install sigmatools (the stable version). In this case, sigmac is in the PATH and is directly recognized as a command line. It ensures compatibility and portability
  • depending on your Python install source (Microsoft Store, Python.org, Chocolatey etc.) the Python interpreter is not always python3. For example, on my Windows workstation it is python. So hardcoding directly python3 is not portable.
  • I understand that some people need to use a fresher version of sigmac so I suggest that instead of hardcoding anything may be adding an optional "--prefix-cmd" parameter that can contains python or python3 or something else is the solution. It is not very clean/secure but it could do the trick. What is your opinion ?
• Encoding
  • using encoding='cp437' is not very portable and cross-platform

[blabla123sdfa]

# import the library needed
import os
import sys

def retrieveRule(self, ruleFile):
        try:
            d={}
            #get python path
            pythonPath = Path(sys.executable)
            cmd = [pythonPath, self.sigmac, "-d", "--target", "sqlite", "-c", self.config, ruleFile, "--backend-option", f'table={self.table}']
            outputRaw = subprocess.run(args=cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, text=True, encoding='cp437')

            output = [rule for rule in outputRaw.stdout.split("\n") if not "Feel free" in rule]
            if "unsupported" in str(output):
                return {"rule": "", "file": ruleFile, "notsupported": True}
            else:
                with open(ruleFile, 'r') as stream:
                    docs = yaml.load_all(stream, Loader=yaml.FullLoader)
                    for doc in docs:
                        for k,v in doc.items():
                            if k == 'title':
                                title = v
                            if k == 'id':
                                d['title'] = title + " - " + self.CRC32_from_string(v)
                            if k in ['description','tags','level','author']:
                                d[k] = v
                d['rule']=output[:-1]
                return {"rule": d.copy(), "file": ruleFile, "notsupported": False}
        except Exception as e:
            return {"bad_file" : ruleFile, "exception" : e}

100% cross-platform. Also please check the other commit.

[wagga40]

Also please check the other commit.

They were OK.

Please commit your new code in the PR. Please note that I won't merge if you leave encoding='cp437', you can add an optional parameter to choose encoding.

Thanks for the work.

[wagga40]

genRules has been removed in favor of using directly Sigmac.