Update migration file

ziadhany · ziadhany · commit 99f6341084cf · 2025-12-04T02:22:23.000+02:00
Add a simple test for rule_text, advisory_aliases

Signed-off-by: ziad hany &lt;ziadhany2016@gmail.com&gt;
diff --git a/vulnerabilities/migrations/0104_advisorydetectionrule.py b/vulnerabilities/migrations/0104_advisorydetectionrule.py
diff --git a/vulnerabilities/migrations/0104_detectionrule.py b/vulnerabilities/migrations/0104_detectionrule.py
@@ -1,4 +1,4 @@
-# Generated by Django 4.2.25 on 2025-12-03 02:30
+# Generated by Django 4.2.25 on 2025-12-04 00:14
 
 from django.db import migrations, models
 import django.db.models.deletion
@@ -7,7 +7,7 @@
 class Migration(migrations.Migration):
 
     dependencies = [
-        ("vulnerabilities", "0104_advisorydetectionrule"),
+        ("vulnerabilities", "0103_codecommit_impactedpackage_affecting_commits_and_more"),
     ]
 
     operations = [
@@ -65,7 +65,4 @@ class Migration(migrations.Migration):
                 ),
             ],
         ),
-        migrations.DeleteModel(
-            name="AdvisoryDetectionRule",
-        ),
     ]
diff --git a/vulnerabilities/tests/pipelines/v2_improvers/test_sigma_rules.py b/vulnerabilities/tests/pipelines/v2_improvers/test_sigma_rules.py
@@ -77,3 +77,8 @@ def test_sigma_rules_db_improver(mock_fetch_via_vcs):
         "status": "experimental",
         "title": "Potential Exploitation of RCE Vulnerability CVE-2025-33053 - Image " "Load",
     }
+    assert sigma_rule.advisory == adv1
+    assert (
+        sigma_rule.rule_text
+        == "title: Potential Exploitation of RCE Vulnerability CVE-2025-33053 - Image Load\nid: 04fc4b22-91a6-495a-879d-0144fec5ec03\nrelated:\n    - id: abe06362-a5b9-4371-8724-ebd00cd48a04\n      type: similar\n    - id: 9a2d8b3e-f5a1-4c68-9e21-7d9e1cf8a123\n      type: similar\nstatus: experimental\ndescription: |\n    Detects potential exploitation of remote code execution vulnerability CVE-2025-33053\n    by monitoring suspicious image loads from WebDAV paths. The exploit involves malicious executables from\n    attacker-controlled WebDAV servers loading the Windows system DLLs like gdi32.dll, netapi32.dll, etc.\nreferences:\n    - https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33053\n    - https://research.checkpoint.com/2025/stealth-falcon-zero-day/\nauthor: Swachchhanda Shrawan Poudel (Nextron Systems)\ndate: 2025-06-13\ntags:\n    - attack.command-and-control\n    - attack.execution\n    - attack.defense-evasion\n    - attack.t1218\n    - attack.lateral-movement\n    - attack.t1105\n    - detection.emerging-threats\n    - cve.2025-33053\nlogsource:\n    category: image_load\n    product: windows\ndetection:\n    selection_img_path:\n        Image|startswith: '\\\\\\\\'\n        Image|contains: '\\DavWWWRoot\\'\n    selection_img_bin:\n        Image|endswith:\n            - '\\route.exe'\n            - '\\netsh.exe'\n            - '\\makecab.exe'\n            - '\\dxdiag.exe'\n            - '\\ipconfig.exe'\n            - '\\explorer.exe'\n    condition: all of selection_*\nfalsepositives:\n    - Unknown\nlevel: high"
+    )

Original file line number	Diff line number	Diff line change
`@@ -77,3 +77,8 @@ def test_sigma_rules_db_improver(mock_fetch_via_vcs):`
`77`	`77`	`"status": "experimental",`
`78`	`78`	`"title": "Potential Exploitation of RCE Vulnerability CVE-2025-33053 - Image " "Load",`
`79`	`79`	`}`
	`80`	`+ assert sigma_rule.advisory == adv1`
	`81`	`+ assert (`
	`82`	`+ sigma_rule.rule_text`
	`83`	+ == "title: Potential Exploitation of RCE Vulnerability CVE-2025-33053 - Image Load\nid: 04fc4b22-91a6-495a-879d-0144fec5ec03\nrelated:\n - id: abe06362-a5b9-4371-8724-ebd00cd48a04\n type: similar\n - id: 9a2d8b3e-f5a1-4c68-9e21-7d9e1cf8a123\n type: similar\nstatus: experimental\ndescription: \|\n Detects potential exploitation of remote code execution vulnerability CVE-2025-33053\n by monitoring suspicious image loads from WebDAV paths. The exploit involves malicious executables from\n attacker-controlled WebDAV servers loading the Windows system DLLs like gdi32.dll, netapi32.dll, etc.\nreferences:\n - https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33053\n - https://research.checkpoint.com/2025/stealth-falcon-zero-day/\nauthor: Swachchhanda Shrawan Poudel (Nextron Systems)\ndate: 2025-06-13\ntags:\n - attack.command-and-control\n - attack.execution\n - attack.defense-evasion\n - attack.t1218\n - attack.lateral-movement\n - attack.t1105\n - detection.emerging-threats\n - cve.2025-33053\nlogsource:\n category: image_load\n product: windows\ndetection:\n selection_img_path:\n Image\|startswith: '\\\\\\\\'\n Image\|contains: '\\DavWWWRoot\\'\n selection_img_bin:\n Image\|endswith:\n - '\\route.exe'\n - '\\netsh.exe'\n - '\\makecab.exe'\n - '\\dxdiag.exe'\n - '\\ipconfig.exe'\n - '\\explorer.exe'\n condition: all of selection_*\nfalsepositives:\n - Unknown\nlevel: high"
	`84`	`+ )`