Use `fnmatch.translate` for converting wildcards (globs) to regex
mostafa opened this issue · 2 comments
mostafa commented
The fnmatch.translate is part of the standard library and can convert Unix shell-style wildcards into regular expressions. It might create more complex expressions.
kelnage commented
That's a really nice idea - I had no idea that fnmatch existed. However, it does include translating special characters that are not special characters in Sigma rules (the [seq] and [!seq] functionality). So, if we wanted to use that function, we'd need to first wrap any square brackets in the value with more square brackets - which feels to me like it might be introducing more complexity?
mostafa commented
That's why I mentioned the complexity.