DictQuery cannot parse paths with backslashes #5
Description
I'm trying to use sigma's dictquery backend, here:
https://github.com/unqork-external/pySigma-backend-dictquery
Which generated a query that contains a portion that like this:
query1 = "(Image LIKE '\AppData\Local\Temp\')"
When I attempt to compile this:
dq.compile(query1)
I get the following error:
Traceback (most recent call last):
File "", line 1, in
File "/home/tjt7a/.cache/pypoetry/virtualenvs/sigma-cli-NoEUEN38-py3.10/lib/python3.10/site-packages/dictquery/init.py", line 22, in compile
ast = parser.parse(query)
File "/home/tjt7a/.cache/pypoetry/virtualenvs/sigma-cli-NoEUEN38-py3.10/lib/python3.10/site-packages/dictquery/parsers.py", line 198, in parse
return self.orstatement()
File "/home/tjt7a/.cache/pypoetry/virtualenvs/sigma-cli-NoEUEN38-py3.10/lib/python3.10/site-packages/dictquery/parsers.py", line 223, in orstatement
leftval = self.andstatement()
File "/home/tjt7a/.cache/pypoetry/virtualenvs/sigma-cli-NoEUEN38-py3.10/lib/python3.10/site-packages/dictquery/parsers.py", line 233, in andstatement
leftval = self.expression()
File "/home/tjt7a/.cache/pypoetry/virtualenvs/sigma-cli-NoEUEN38-py3.10/lib/python3.10/site-packages/dictquery/parsers.py", line 243, in expression
return self.expr()
File "/home/tjt7a/.cache/pypoetry/virtualenvs/sigma-cli-NoEUEN38-py3.10/lib/python3.10/site-packages/dictquery/parsers.py", line 247, in expr
obj = self.orstatement()
File "/home/tjt7a/.cache/pypoetry/virtualenvs/sigma-cli-NoEUEN38-py3.10/lib/python3.10/site-packages/dictquery/parsers.py", line 223, in orstatement
leftval = self.andstatement()
File "/home/tjt7a/.cache/pypoetry/virtualenvs/sigma-cli-NoEUEN38-py3.10/lib/python3.10/site-packages/dictquery/parsers.py", line 233, in andstatement
leftval = self.expression()
File "/home/tjt7a/.cache/pypoetry/virtualenvs/sigma-cli-NoEUEN38-py3.10/lib/python3.10/site-packages/dictquery/parsers.py", line 243, in expression
return self.expr()
File "/home/tjt7a/.cache/pypoetry/virtualenvs/sigma-cli-NoEUEN38-py3.10/lib/python3.10/site-packages/dictquery/parsers.py", line 258, in expr
if self._accept('LIKE'):
File "/home/tjt7a/.cache/pypoetry/virtualenvs/sigma-cli-NoEUEN38-py3.10/lib/python3.10/site-packages/dictquery/parsers.py", line 213, in _accept
self._advance()
File "/home/tjt7a/.cache/pypoetry/virtualenvs/sigma-cli-NoEUEN38-py3.10/lib/python3.10/site-packages/dictquery/parsers.py", line 201, in _advance
self.tok, self.nexttok = self.nexttok, next(self.tokens, None)
File "/home/tjt7a/.cache/pypoetry/virtualenvs/sigma-cli-NoEUEN38-py3.10/lib/python3.10/site-packages/dictquery/tokenizer.py", line 48, in gen_tokens
raise DQSyntaxError("Unexpected character at pos %d" % match.start())
dictquery.exceptions.DQSyntaxError: Unexpected character at pos 12
Do I have any other options than to translate all occurrences of '\' into '/'?
Thank you,
Tom Tracy II