Expand description
Built-in linter for Sigma rules, correlations, and filters.
Validates raw serde_yaml::Value documents against the Sigma specification
v2.1.0 constraints — catching metadata issues that the parser silently
ignores (invalid enums, date formats, tag patterns, etc.).
§Usage
use rsigma_parser::lint::{lint_yaml_value, Severity};
let yaml = "title: Test\nlogsource:\n category: test\ndetection:\n sel:\n field: value\n condition: sel\n";
let value: serde_yaml::Value = serde_yaml::from_str(yaml).unwrap();
let warnings = lint_yaml_value(&value);
for w in &warnings {
if w.severity == Severity::Error {
eprintln!("{}", w.message);
}
}Structs§
- File
Lint Result - Result of linting a single file (may contain multiple YAML documents).
- Fix
- A suggested fix for a lint finding.
- Inline
Suppressions - Parsed inline suppression directives from YAML source text.
- Lint
Config - Configuration for lint rule suppression and severity overrides.
- Lint
Warning - A single lint finding.
- Span
- A source span (line/column, both 0-indexed).
Enums§
- FixDisposition
- Whether a fix is safe to apply automatically or needs manual review.
- FixPatch
- A single patch operation within a
Fix. - Lint
Rule - Identifies which lint rule fired.
- Severity
- Severity of a lint finding.
Functions§
- apply_
suppressions - Apply suppression from config and inline comments to lint warnings.
- lint_
yaml_ directory - Lint all
.yml/.yamlfiles in a directory recursively. - lint_
yaml_ directory_ with_ config - Lint a directory with config-based suppression.
- lint_
yaml_ file - Lint all YAML documents in a file.
- lint_
yaml_ file_ with_ config - Lint a file with config-based suppression.
- lint_
yaml_ str - Lint a raw YAML string, returning warnings with resolved source spans.
- lint_
yaml_ str_ with_ config - Lint a raw YAML string with config-based suppression.
- lint_
yaml_ value - Lint a single YAML document value.
- parse_
inline_ suppressions - Parse
# rsigma-disablecomments from raw YAML text.