Flip wildcard for startswith and endswith

When checking `startswith`, the wildcard should be at the end, and v.v.
for `endswith`.

sigma/modifiers.py

@@ -151,7 +151,7 @@ def modify(
                 val.regexp = val.regexp + ".*"
             val.compile()
         elif isinstance(val, SigmaFieldReference):
-            val.wildcard_start = SpecialChars.WILDCARD_MULTI
+            val.wildcard_end = SpecialChars.WILDCARD_MULTI
         return val
 
 
@@ -169,7 +169,7 @@ def modify(
                 val.regexp = ".*" + val.regexp
             val.compile()
         elif isinstance(val, SigmaFieldReference):
-            val.wildcard_end = SpecialChars.WILDCARD_MULTI
+            val.wildcard_start = SpecialChars.WILDCARD_MULTI
         return val
 
 

tests/test_modifiers.py

@@ -430,14 +430,14 @@ def test_fieldref_startswith(dummy_detection_item):
         SigmaStartswithModifier(dummy_detection_item, [SigmaFieldReferenceModifier]).modify(
             fieldref
         )
-    ) == SigmaFieldReference("field", SpecialChars.WILDCARD_MULTI, None)
+    ) == SigmaFieldReference("field", None, SpecialChars.WILDCARD_MULTI)
 
 
 def test_fieldref_endswith(dummy_detection_item):
     fieldref = SigmaFieldReferenceModifier(dummy_detection_item, []).modify(SigmaString("field"))
     assert (
         SigmaEndswithModifier(dummy_detection_item, [SigmaFieldReferenceModifier]).modify(fieldref)
-    ) == SigmaFieldReference("field", None, SpecialChars.WILDCARD_MULTI)
+    ) == SigmaFieldReference("field", SpecialChars.WILDCARD_MULTI, None)
 
 
 def test_fieldref_wildcard(dummy_detection_item):