Added condition existence check to post-init method

thomaspatzke · thomaspatzke · commit f94438aa5d13 · 2025-04-13T10:30:45.000+02:00
diff --git a/sigma/rule/detection.py b/sigma/rule/detection.py
@@ -454,6 +454,10 @@ def __post_init__(self):
             raise sigma_exceptions.SigmaDetectionError(
                 "No detections defined in Sigma rule", source=self.source
             )
+        if self.condition == [] or self.condition is None:
+            raise sigma_exceptions.SigmaConditionError(
+                "Sigma rule must contain at least one condition", source=self.source
+            )
         self.parsed_condition = [SigmaCondition(cond, self, self.source) for cond in self.condition]
 
     @classmethod
diff --git a/tests/test_conditions.py b/tests/test_conditions.py
@@ -45,7 +45,7 @@ def sigma_simple_detections():
                 ]
             ),
         },
-        list(),
+        condition=["any of them"],
     )
 
 
@@ -142,7 +142,7 @@ def sigma_detections():
                 ]
             ),
         },
-        list(),
+        condition=["any of them"],
     )
 
 
@@ -156,7 +156,7 @@ def sigma_invalid_detections():
                 ]
             ),
         },
-        list(),
+        condition=["any of them"],
     )
 
 
@@ -180,7 +180,7 @@ def sigma_underscore_detections():
                 ]
             ),
         },
-        list(),
+        condition=["any of them"],
     )
 
 
diff --git a/tests/test_rule.py b/tests/test_rule.py
@@ -622,6 +622,32 @@ def test_sigmadetections_fromdict_no_condition():
         )
 
 
+def test_sigmadetections_empty_condition_list():
+    with pytest.raises(
+        sigma_exceptions.SigmaConditionError, match="at least one condition.*test.yml"
+    ):
+        SigmaDetections(
+            detections={
+                "selection": SigmaDetection([SigmaDetectionItem("key", [], [SigmaString("value")])])
+            },
+            condition=[],
+            source=sigma_exceptions.SigmaRuleLocation("test.yml"),
+        )
+
+
+def test_sigmadetections_none_condition():
+    with pytest.raises(
+        sigma_exceptions.SigmaConditionError, match="at least one condition.*test.yml"
+    ):
+        SigmaDetections(
+            detections={
+                "selection": SigmaDetection([SigmaDetectionItem("key", [], [SigmaString("value")])])
+            },
+            condition=None,
+            source=sigma_exceptions.SigmaRuleLocation("test.yml"),
+        )
+
+
 def test_detectionitem_all_modified_key_plain_values_postprocess():
     """
     Test if postprocessed condition result of an all-modified field-bound value list results in an

Original file line number	Diff line number	Diff line change
`@@ -45,7 +45,7 @@ def sigma_simple_detections():`
`45`	`45`	`]`
`46`	`46`	`),`
`47`	`47`	`},`
`48`		`- list(),`
	`48`	`+ condition=["any of them"],`
`49`	`49`	`)`
`50`	`50`
`51`	`51`
`@@ -142,7 +142,7 @@ def sigma_detections():`
`142`	`142`	`]`
`143`	`143`	`),`
`144`	`144`	`},`
`145`		`- list(),`
	`145`	`+ condition=["any of them"],`
`146`	`146`	`)`
`147`	`147`
`148`	`148`
`@@ -156,7 +156,7 @@ def sigma_invalid_detections():`
`156`	`156`	`]`
`157`	`157`	`),`
`158`	`158`	`},`
`159`		`- list(),`
	`159`	`+ condition=["any of them"],`
`160`	`160`	`)`
`161`	`161`
`162`	`162`
`@@ -180,7 +180,7 @@ def sigma_underscore_detections():`
`180`	`180`	`]`
`181`	`181`	`),`
`182`	`182`	`},`
`183`		`- list(),`
	`183`	`+ condition=["any of them"],`
`184`	`184`	`)`
`185`	`185`
`186`	`186`