Skip to content

[Bug] view-rule passes path as string #1472

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ghost opened this issue Sep 7, 2021 · 0 comments · Fixed by #1073
Closed

[Bug] view-rule passes path as string #1472

ghost opened this issue Sep 7, 2021 · 0 comments · Fixed by #1073
Labels
bug Something isn't working

Comments

@ghost
Copy link

ghost commented Sep 7, 2021

Describe the bug
When using the view-rule command the program crashes with a stack trace:

█▀▀▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄   ▄      █▀▀▄ ▄  ▄ ▄   ▄▄▄ ▄▄▄
█  █ █▄▄  █  █▄▄ █    █   █  █ █ █▀▄ █      █▄▄▀ █  █ █   █▄▄ █▄▄
█▄▄▀ █▄▄  █  █▄▄ █▄▄  █  ▄█▄ █▄█ █ ▀▄█      █ ▀▄ █▄▄█ █▄▄ █▄▄ ▄▄█

rules/network/command_and_control_cobalt_strike_beacon.toml
Error loading rule in rules/network/command_and_control_cobalt_strike_beacon.toml
Traceback (most recent call last):
  File "/usr/lib/python3.8/runpy.py", line 194, in _run_module_as_main
    return _run_code(code, main_globals, None,
  File "/usr/lib/python3.8/runpy.py", line 87, in _run_code
    exec(code, run_globals)
  File "/home/code/git/detection-rules/detection_rules/__main__.py", line 34, in <module>
    main()
  File "/home/code/git/detection-rules/detection_rules/__main__.py", line 31, in main
    root(prog_name="detection_rules")
  File "/home/code/git/detection-rules/env/detection-rules-build/lib/python3.8/site-packages/click/core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "/home/code/git/detection-rules/env/detection-rules-build/lib/python3.8/site-packages/click/core.py", line 717, in main
    rv = self.invoke(ctx)
  File "/home/code/git/detection-rules/env/detection-rules-build/lib/python3.8/site-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/home/code/git/detection-rules/env/detection-rules-build/lib/python3.8/site-packages/click/core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/home/code/git/detection-rules/env/detection-rules-build/lib/python3.8/site-packages/click/core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "/home/code/git/detection-rules/env/detection-rules-build/lib/python3.8/site-packages/click/decorators.py", line 17, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/home/code/git/detection-rules/detection_rules/main.py", line 164, in view_rule
    rule = RuleCollection().load_file(rule_file)
  File "/home/code/git/detection-rules/detection_rules/rule_loader.py", line 209, in load_file
    path = path.resolve()
AttributeError: 'str' object has no attribute 'resolve'

To Reproduce
$ env/detection-rules-build/bin/python -m detection_rules view-rule rules/network/command_and_control_cobalt_strike_beacon.toml

Expected behavior
Show the rule content

Desktop (please complete the following information):

  • OS: Ubuntu
  • Version: 20.04

Additional context

The problem is in main.py. We could replace:

rule = RuleCollection().load_file(rule_file)

with:

rule = RuleCollection().load_file(Path(rule_file))
@ghost ghost added the bug Something isn't working label Sep 7, 2021
@ghost ghost mentioned this issue Sep 7, 2021
Closed
@brokensound77 brokensound77 mentioned this issue Sep 7, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Bug] CLI Fixes brokensound77/detection-rules
0 participants