feat: add pysigma templating

run.py

@@ -10,9 +10,12 @@
 from sigma.plugins import InstalledSigmaPlugins
 from sigma.collection import SigmaCollection
 from sigma.exceptions import SigmaError
+from sigma.processing import pipeline
+from sigma.processing.pipeline import ProcessingPipeline
 
 app = Flask(__name__)
 plugins = InstalledSigmaPlugins.autodiscover()
+pipeline_generic = pipeline.ProcessingPipeline()
 backends = plugins.backends
 pipeline_resolver = plugins.get_pipeline_resolver()
 pipelines = list(pipeline_resolver.list_pipelines())
@@ -56,11 +59,26 @@ def convert():
         for p in request.json["pipeline"]:
             pipeline.append(p)
 
+    template_pipeline = ""
+    if request.json["template"]:
+        try:
+            template = str(base64.b64decode(request.json["template"]), "utf-8")
+            print(request.json)
+            template_pipeline = pipeline_generic.from_yaml(template)
+        except:
+            print("Error while parsing the template")
+
     target = request.json["target"]
     format = request.json["format"]
 
     backend_class = backends[target]
     processing_pipeline = pipeline_resolver.resolve(pipeline)
+
+    if isinstance(template_pipeline, ProcessingPipeline):
+        processing_pipeline += template_pipeline
+    else:
+        print("no processing pipeline")
+
     backend: Backend = backend_class(processing_pipeline=processing_pipeline)
 
     try:

static/js/index.js

@@ -23,7 +23,7 @@ new TomSelect("#select-pipeline", {
   labelField: "label"
 });
 
-// inital stuff todo when page is loaded
+// initial stuff todo when page is loaded
 window.onload = function () {
   // Get the fragment section from the current URL, without the '#' character
   const fragment = window.location.hash.substring(1);
@@ -47,6 +47,12 @@ window.onload = function () {
     sigmaJar.updateCode(rule)
   }
 
+  // check if template parameter is in url
+  if(urlParameter.has('template')){
+    let template = atob(urlParameter.get('template'));
+    templateJar.updateCode(template)
+  }
+
   let backendSelect = document.getElementById("select-backend");
   // get parameter backend from url and check if it's a valid option
   if(urlParameter.has('backend') && backendSelect.querySelectorAll('option[value$="' + urlParameter.get('backend') + '"]').length > 0) {
@@ -105,9 +111,10 @@ function generateShareLink() {
   let backend = getSelectValue("select-backend");
   let format = getSelectValue("select-format");
   let rule = encodeURIComponent(btoa(sigmaJar.toString()));
+  let template = encodeURIComponent(btoa(templateJar.toString()));
 
   // generate link with parameters
-  let shareParams =  "#backend=" + backend + "&format=" + format + "&rule=" + rule;
+  let shareParams =  "#backend=" + backend + "&format=" + format + "&rule=" + rule + "&template=" + template;
   let shareUrl = location.protocol + "//" + location.host + "/" + shareParams;
   window.history.pushState({}, null, shareParams);
 
@@ -169,19 +176,20 @@ function generateCli() {
   Prism.highlightElement(cliCode); // rerun code highlighting
 }
 
-function convert(sigmaRule) {
+function convert(sigmaRule, templatePysigma) {
   let queryCode = document.getElementById("query-code");
 
   let backend = getSelectValue("select-backend");
   let format = getSelectValue("select-format");
   let pipelines = getSelectValue("select-pipeline");
-
+  
   // create json object
   const params = {
     rule: btoa(sigmaRule),
     pipeline: pipelines,
     target: backend,
-    format: format
+    format: format,
+    template: btoa(templatePysigma)
   };
 
   // send post request

templates/index.html

@@ -163,6 +163,7 @@
     - Monitoring activity
 level: high</code></pre>
         </div>
+
         <div class="lg:col-span-1 self-start lg:px-2">
           <p class="text-lg text-white font-bold">
             <span class="px-3 py-2 border-x border-t rounded border-sigma-blue">
@@ -173,6 +174,13 @@
           <pre class="border border-sigma-blue">
             <code id="query-code" class="language-splunk-spl text-sm">the generated query should be displayed here :)</code></pre>
         </div>
+
+        <div class="lg:col-span-1 self-start lg:px-2">
+          <p class="text-lg text-white font-bold">
+            <span class="px-3 py-2 border-x border-t rounded border-sigma-blue">Post-Processing Template</span>
+          </p>
+          <pre onclick="focusSelect('template-code')" class="border border-sigma-blue"><code id="template-code" class="language-yaml text-sm"></code></pre>
+        </div>
       </div>
     </div>
 
@@ -195,10 +203,18 @@
     import {
       withLineNumbers
     } from 'https://medv.io/codejar/linenumbers.js'
+
     window.sigmaJar = CodeJar(document.querySelector('#rule-code'), el => Prism.highlightElement(el))
     sigmaJar.onUpdate(sigmaRule => {
       if (sigmaRule.length > 0) {
-        convert(sigmaRule)
+        convert(sigmaRule, templateJar.toString())
+      }
+    })
+
+    window.templateJar = CodeJar(document.querySelector('#template-code'), el => Prism.highlightElement(el))
+    templateJar.onUpdate(templatePysigma => {
+      if (templatePysigma.length > 0) {
+        convert(sigmaJar.toString(), templatePysigma)
       }
     })
   </script>