FireEye Helix transform modifiers logic is never executed

[traut]

In the execution flow, this if condition https://github.com/SigmaHQ/sigma/blob/48265ad71afdebd7416a8cea56055a1cf12a0c5b/tools/sigma/backends/fireeye-helix.py#L108 with the check for instances of SigmaTypeModifier wraps the check for SigmaStartswithModifier and SigmaEndswithModifier: https://github.com/SigmaHQ/sigma/blob/48265ad71afdebd7416a8cea56055a1cf12a0c5b/tools/sigma/backends/fireeye-helix.py#L109

The condition in the last if will never be return true because parent class for the transform modifier classes SigmaTransformModifier does not descend from SigmaTypeModifier but from root parent SigmaModifier.

This means processing of transform modifiers in FireEye Helix backend is broken

[traut]

Interestingly enough, it seems transform modifiers are not even propagated into the backends but are applied during rule parsing phase - https://github.com/SigmaHQ/sigma/blob/48265ad71afdebd7416a8cea56055a1cf12a0c5b/tools/sigma/parser/rule.py#L86

Since SigmaContainsModifier, SigmaStartswithModifier, SigmaEndswithModifier, etc, extend ListOrStringModifierMixin and implement apply_str that modifies string value in place, the fact that modification has happened is not communicated to the backend. If that's the case, all backends with checks for transform modifiers are incorrect and have never-to-be-executed logic.