def value()

in geneve/kql/kql2eql.py [0:0]

• 17 lines of code
• 10 McCabe index (conditional complexity)

    def value(self, tree):
        # TODO: check the logic for kuery.peg
        value = self.unescape_literal(tree.children[0])

        if self.scoped_field is None:
            raise self.error(tree, "Value not tied to field")

        field_name = self.scoped_field
        field = self.to_eql_field(field_name)
        value = self.convert_value(field_name, value, tree)
        value_ast = eql.ast.Literal.from_python(value)

        if value is None:
            return eql.ast.IsNull(field)

        if eql.utils.is_string(value) and value.replace("*", "") == "":
            return eql.ast.IsNotNull(field)

        if eql.utils.is_string(value) and "*" in value:
            return eql.ast.FunctionCall("wildcard", [field, value_ast])

        if self.get_field_types(field_name) == {"ip"} and "/" in value:
            return eql.ast.FunctionCall("cidrMatch", [field, value_ast])

        return eql.ast.Comparison(field, "==", value_ast)