clue-api 1.4.0.dev125__tar.gz → 1.4.0.dev136__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (93) hide show
  1. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/PKG-INFO +1 -1
  2. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/common/regex.py +5 -0
  3. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/constants/supported_types.py +14 -2
  4. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/pyproject.toml +2 -5
  5. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/LICENSE +0 -0
  6. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/README.md +0 -0
  7. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/.gitignore +0 -0
  8. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/__init__.py +0 -0
  9. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/api/__init__.py +0 -0
  10. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/api/base.py +0 -0
  11. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/api/v1/__init__.py +0 -0
  12. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/api/v1/actions.py +0 -0
  13. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/api/v1/auth.py +0 -0
  14. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/api/v1/configs.py +0 -0
  15. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/api/v1/fetchers.py +0 -0
  16. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/api/v1/lookup.py +0 -0
  17. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/api/v1/registration.py +0 -0
  18. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/api/v1/static.py +0 -0
  19. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/app.py +0 -0
  20. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/cache/__init__.py +0 -0
  21. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/common/__init__.py +0 -0
  22. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/common/classification.py +0 -0
  23. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/common/classification.yml +0 -0
  24. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/common/dict_utils.py +0 -0
  25. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/common/exceptions.py +0 -0
  26. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/common/forge.py +0 -0
  27. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/common/json_utils.py +0 -0
  28. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/common/list_utils.py +0 -0
  29. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/common/logging/__init__.py +0 -0
  30. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/common/logging/audit.py +0 -0
  31. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/common/logging/format.py +0 -0
  32. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/common/str_utils.py +0 -0
  33. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/common/swagger.py +0 -0
  34. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/common/uid.py +0 -0
  35. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/config.py +0 -0
  36. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/constants/__init__.py +0 -0
  37. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/constants/env.py +0 -0
  38. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/cronjobs/__init__.py +0 -0
  39. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/cronjobs/plugins.py +0 -0
  40. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/error.py +0 -0
  41. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/extensions/__init__.py +0 -0
  42. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/extensions/config.py +0 -0
  43. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/gunicorn_config.py +0 -0
  44. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/healthz.py +0 -0
  45. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/helper/discover.py +0 -0
  46. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/helper/headers.py +0 -0
  47. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/helper/oauth.py +0 -0
  48. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/models/__init__.py +0 -0
  49. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/models/actions.py +0 -0
  50. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/models/config.py +0 -0
  51. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/models/fetchers.py +0 -0
  52. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/models/graph.py +0 -0
  53. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/models/model_list.py +0 -0
  54. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/models/network.py +0 -0
  55. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/models/results/__init__.py +0 -0
  56. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/models/results/base.py +0 -0
  57. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/models/results/graph.py +0 -0
  58. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/models/results/image.py +0 -0
  59. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/models/results/status.py +0 -0
  60. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/models/results/validation.py +0 -0
  61. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/models/selector.py +0 -0
  62. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/models/validators.py +0 -0
  63. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/patched.py +0 -0
  64. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/plugin/__init__.py +0 -0
  65. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/plugin/celery_app.py +0 -0
  66. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/plugin/helpers/__init__.py +0 -0
  67. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/plugin/helpers/central_server.py +0 -0
  68. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/plugin/helpers/email_render.py +0 -0
  69. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/plugin/helpers/token.py +0 -0
  70. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/plugin/helpers/trino.py +0 -0
  71. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/plugin/models.py +0 -0
  72. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/plugin/utils.py +0 -0
  73. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/py.typed +0 -0
  74. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/remote/__init__.py +0 -0
  75. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/remote/datatypes/__init__.py +0 -0
  76. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/remote/datatypes/cache.py +0 -0
  77. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/remote/datatypes/events.py +0 -0
  78. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/remote/datatypes/hash.py +0 -0
  79. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/remote/datatypes/queues/__init__.py +0 -0
  80. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/remote/datatypes/queues/comms.py +0 -0
  81. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/remote/datatypes/set.py +0 -0
  82. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/remote/datatypes/user_quota_tracker.py +0 -0
  83. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/security/__init__.py +0 -0
  84. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/security/obo.py +0 -0
  85. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/security/utils.py +0 -0
  86. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/services/action_service.py +0 -0
  87. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/services/auth_service.py +0 -0
  88. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/services/config_service.py +0 -0
  89. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/services/fetcher_service.py +0 -0
  90. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/services/jwt_service.py +0 -0
  91. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/services/lookup_service.py +0 -0
  92. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/services/type_service.py +0 -0
  93. {clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/services/user_service.py +0 -0
{clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: clue-api
3
- Version: 1.4.0.dev125
3
+ Version: 1.4.0.dev136
4
4
  Summary: Clue distributed enrichment service
5
5
  License: MIT
6
6
  License-File: LICENSE
{clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/common/regex.py RENAMED
@@ -40,3 +40,8 @@ URI_ONLY = f"^{URI_REGEX}$"
40
40
  UUID4_REGEX = r"^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$"
41
41
 
42
42
  EMAIL_PATH_REGEX = r"^[A-Z]+_EMAIL://.*"
43
+ MAC_ADDRESS_REGEX = r"^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$"
44
+ COMMUNITY_ID_REGEX = r"^1:[A-Za-z0-9+/]{27}=$"
45
+ JA3_REGEX = r"^[0-9a-fA-F]{32}$"
46
+ JA4_REGEX = r"^[a-zA-Z0-9]+(?:_[a-zA-Z0-9-]+)+$"
47
+ ZEEK_ID_REGEX = r"^[A-Za-z0-9]{15,22}$"
{clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/clue/constants/supported_types.py RENAMED
@@ -1,16 +1,21 @@
1
1
  from clue.common.logging import get_logger
2
2
  from clue.common.regex import (
3
+ COMMUNITY_ID_REGEX,
3
4
  DOMAIN_ONLY_REGEX,
4
5
  EMAIL_PATH_REGEX,
5
6
  EMAIL_REGEX,
6
7
  IPV4_ONLY_REGEX,
7
8
  IPV6_ONLY_REGEX,
9
+ JA3_REGEX,
10
+ JA4_REGEX,
11
+ MAC_ADDRESS_REGEX,
8
12
  MD5_REGEX,
9
13
  PORT_REGEX,
10
14
  SHA1_REGEX,
11
15
  SHA256_REGEX,
12
16
  URI_ONLY,
13
17
  UUID4_REGEX,
18
+ ZEEK_ID_REGEX,
14
19
  )
15
20
 
16
21
  logger = get_logger(__file__)
@@ -33,10 +38,17 @@ SUPPORTED_TYPES = {
33
38
  "sha256": SHA256_REGEX,
34
39
  "telemetry": None,
35
40
  "hostname": None,
36
- "tenant-id": UUID4_REGEX,
41
+ "tenant_id": UUID4_REGEX,
42
+ "mac_address": MAC_ADDRESS_REGEX,
43
+ "command_line": None,
44
+ "community_id": COMMUNITY_ID_REGEX,
45
+ "ja3": JA3_REGEX,
46
+ "ja4": JA4_REGEX,
47
+ "zeek_id": ZEEK_ID_REGEX,
37
48
  }
38
49
 
39
- CASE_INSENSITIVE_TYPES = ["ip", "domain", "port", "tenant-id"]
50
+
51
+ CASE_INSENSITIVE_TYPES = ["ip", "domain", "port", "tenant_id", "mac_address"]
40
52
 
41
53
 
42
54
  def add_supported_type(
{clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/pyproject.toml RENAMED
@@ -108,10 +108,7 @@ ignore = [
108
108
  "TRY003",
109
109
  "TRY300",
110
110
  ]
111
- exclude = [
112
- "plugins/assemblyline_lookup/app.py",
113
- "plugins/**/test*.py",
114
- ]
111
+ exclude = ["plugins/assemblyline_lookup/app.py", "plugins/**/test*.py"]
115
112
 
116
113
  [tool.ruff.lint.flake8-annotations]
117
114
  ignore-fully-untyped = true
@@ -142,7 +139,7 @@ log_cli_level = "WARN"
142
139
  [tool.poetry]
143
140
  package-mode = true
144
141
  name = "clue-api"
145
- version = "1.4.0.dev125"
142
+ version = "1.4.0.dev136"
146
143
  description = "Clue distributed enrichment service"
147
144
  authors = ["Canadian Centre for Cyber Security <contact@cyber.gc.ca>"]
148
145
  license = "MIT"
{clue_api-1.4.0.dev125 → clue_api-1.4.0.dev136}/LICENSE RENAMED
File without changes