fix

alexvolha · alexvolha · commit 30da9af8404a · 2024-07-31T11:32:53.000+03:00
diff --git a/uncoder-core/app/translator/core/mapping.py b/uncoder-core/app/translator/core/mapping.py
@@ -165,7 +165,7 @@ def get_suitable_source_mappings(
                 by_fields.append(source_mapping)
 
                 log_source_signature: LogSourceSignature = source_mapping.log_source_signature
-                if log_source_signature.is_suitable(**log_sources):
+                if log_source_signature and log_source_signature.is_suitable(**log_sources):
                     by_log_sources_and_fields.append(source_mapping)
 
         return by_log_sources_and_fields or by_fields or [self._source_mappings[DEFAULT_MAPPING_NAME]]
diff --git a/uncoder-core/app/translator/platforms/sigma/parsers/sigma.py b/uncoder-core/app/translator/platforms/sigma/parsers/sigma.py
@@ -113,7 +113,7 @@ def parse(self, raw_query_container: RawQueryContainer) -> TokenizedQueryContain
         tokens = self.tokenizer.tokenize(detection=sigma_rule.get("detection"))
         field_tokens = [token.field for token in QueryTokenizer.filter_tokens(tokens, FieldValue)]
         field_names = [field.source_name for field in field_tokens]
-        source_mappings = self.mappings.get_suitable_source_mappings(field_names=field_names, **log_sources)
+        source_mappings = self.mappings.get_suitable_source_mappings(field_names=field_names, log_sources=log_sources)
         QueryTokenizer.set_field_tokens_generic_names_map(field_tokens, source_mappings, self.mappings.default_mapping)
         sigma_fields_tokens = None
         if sigma_fields := sigma_rule.get("fields"):
diff --git a/uncoder-core/app/translator/platforms/splunk/mapping.py b/uncoder-core/app/translator/platforms/splunk/mapping.py
@@ -22,14 +22,14 @@ def __init__(
     def is_suitable(
         self,
         source: Optional[list[str]] = None,
-        source_type: Optional[list[str]] = None,
-        source_category: Optional[list[str]] = None,
+        sourcetype: Optional[list[str]] = None,
+        sourcecategory: Optional[list[str]] = None,
         index: Optional[list[str]] = None,
     ) -> bool:
         conditions = [
             set(source).issubset(self.sources) if source else None,
-            set(source_type).issubset(self.source_types) if source_type else None,
-            set(source_category).issubset(self.source_categories) if source_category else None,
+            set(sourcetype).issubset(self.source_types) if sourcetype else None,
+            set(sourcecategory).issubset(self.source_categories) if sourcecategory else None,
             set(index).issubset(self.indices) if index else None,
         ]
         return self._check_conditions(conditions)
