contentctl 3.6.0__py3-none-any.whl → 4.0.2__py3-none-any.whl

contentctl/actions/build.py

@@ -0,0 +1,89 @@
+import sys
+import shutil
+import os
+
+from dataclasses import dataclass
+
+from contentctl.objects.enums import SecurityContentProduct, SecurityContentType
+from contentctl.input.director import Director, DirectorOutputDto
+from contentctl.output.conf_output import ConfOutput
+from contentctl.output.conf_writer import ConfWriter
+from contentctl.output.ba_yml_output import BAYmlOutput
+from contentctl.output.api_json_output import ApiJsonOutput
+import pathlib
+import json
+import datetime
+from typing import Union
+
+from contentctl.objects.config import build
+
+@dataclass(frozen=True)
+class BuildInputDto:
+    director_output_dto: DirectorOutputDto
+    config:build
+
+
+class Build:
+
+
+
+    def execute(self, input_dto: BuildInputDto) -> DirectorOutputDto:
+        if input_dto.config.build_app:    
+            updated_conf_files:set[pathlib.Path] = set()
+            conf_output = ConfOutput(input_dto.config)
+            updated_conf_files.update(conf_output.writeHeaders())
+            updated_conf_files.update(conf_output.writeObjects(input_dto.director_output_dto.detections, SecurityContentType.detections))
+            updated_conf_files.update(conf_output.writeObjects(input_dto.director_output_dto.stories, SecurityContentType.stories))
+            updated_conf_files.update(conf_output.writeObjects(input_dto.director_output_dto.baselines, SecurityContentType.baselines))
+            updated_conf_files.update(conf_output.writeObjects(input_dto.director_output_dto.investigations, SecurityContentType.investigations))
+            updated_conf_files.update(conf_output.writeObjects(input_dto.director_output_dto.lookups, SecurityContentType.lookups))
+            updated_conf_files.update(conf_output.writeObjects(input_dto.director_output_dto.macros, SecurityContentType.macros))
+            updated_conf_files.update(conf_output.writeAppConf())
+            
+            #Ensure that the conf file we just generated/update is syntactically valid
+            for conf_file in updated_conf_files:
+                ConfWriter.validateConfFile(conf_file) 
+                
+            conf_output.packageApp()
+
+            print(f"Build of '{input_dto.config.app.title}' APP successful to {input_dto.config.getPackageFilePath()}")
+        
+
+        if input_dto.config.build_api:    
+            shutil.rmtree(input_dto.config.getAPIPath(), ignore_errors=True)
+            input_dto.config.getAPIPath().mkdir(parents=True)
+            api_json_output = ApiJsonOutput()
+            for output_objects, output_type in [(input_dto.director_output_dto.detections, SecurityContentType.detections),
+                                                (input_dto.director_output_dto.stories, SecurityContentType.stories),
+                                                (input_dto.director_output_dto.baselines, SecurityContentType.baselines),
+                                                (input_dto.director_output_dto.investigations, SecurityContentType.investigations),
+                                                (input_dto.director_output_dto.lookups, SecurityContentType.lookups),
+                                                (input_dto.director_output_dto.macros, SecurityContentType.macros),
+                                                (input_dto.director_output_dto.deployments, SecurityContentType.deployments)]:
+                api_json_output.writeObjects(output_objects, input_dto.config.getAPIPath(), input_dto.config.app.label, output_type )
+            
+           
+            
+            #create version file for sse api
+            version_file = input_dto.config.getAPIPath()/"version.json"
+            utc_time = datetime.datetime.now(datetime.timezone.utc).replace(microsecond=0,tzinfo=None).isoformat()
+            version_dict = {"version":{"name":f"v{input_dto.config.app.version}","published_at": f"{utc_time}Z"  }}
+            with open(version_file,"w") as version_f:
+                json.dump(version_dict,version_f)
+            
+            print(f"Build of '{input_dto.config.app.title}' API successful to {input_dto.config.getAPIPath()}")
+
+        if input_dto.config.build_ssa:
+            
+            srs_path = input_dto.config.getSSAPath() / 'srs'
+            complex_path = input_dto.config.getSSAPath() / 'complex'
+            shutil.rmtree(srs_path, ignore_errors=True)
+            shutil.rmtree(complex_path, ignore_errors=True)
+            srs_path.mkdir(parents=True)
+            complex_path.mkdir(parents=True)
+            ba_yml_output = BAYmlOutput()
+            ba_yml_output.writeObjects(input_dto.director_output_dto.ssa_detections, str(input_dto.config.getSSAPath()))
+
+            print(f"Build of 'SSA' successful to {input_dto.config.getSSAPath()}")
+                
+        return input_dto.director_output_dto

contentctl/actions/detection_testing/DetectionTestingManager.py

@@ -1,31 +1,15 @@
-from contentctl.objects.test_config import TestConfig
-from contentctl.actions.detection_testing.infrastructures.DetectionTestingInfrastructure import (
-    DetectionTestingInfrastructure,
-)
-from contentctl.actions.detection_testing.infrastructures.DetectionTestingInfrastructureContainer import (
-    DetectionTestingInfrastructureContainer,
-)
-from contentctl.actions.detection_testing.infrastructures.DetectionTestingInfrastructureServer import (
-    DetectionTestingInfrastructureServer,
-)
-
-from contentctl.objects.app import App
-import pathlib
-import os
-from contentctl.helper.utils import Utils
+from typing import List,Union
+from contentctl.objects.config import test, test_servers, Container,Infrastructure
+from contentctl.actions.detection_testing.infrastructures.DetectionTestingInfrastructure import DetectionTestingInfrastructure
+from contentctl.actions.detection_testing.infrastructures.DetectionTestingInfrastructureContainer import DetectionTestingInfrastructureContainer
+from contentctl.actions.detection_testing.infrastructures.DetectionTestingInfrastructureServer import DetectionTestingInfrastructureServer
 from urllib.parse import urlparse
-import time
 from copy import deepcopy
 from contentctl.objects.enums import DetectionTestingTargetInfrastructure
 import signal
 import datetime
-
 # from queue import Queue
-
-CONTAINER_APP_PATH = pathlib.Path("apps")
-
 from dataclasses import dataclass
-
 # import threading
 import ctypes
 from contentctl.actions.detection_testing.infrastructures.DetectionTestingInfrastructure import (
@@ -35,23 +19,17 @@ from contentctl.actions.detection_testing.infrastructures.DetectionTestingInfras
 from contentctl.actions.detection_testing.views.DetectionTestingView import (
     DetectionTestingView,
 )
-
 from contentctl.objects.enums import PostTestBehavior
-
 from pydantic import BaseModel, Field
-from contentctl.input.director import DirectorOutputDto
 from contentctl.objects.detection import Detection
-
-
 import concurrent.futures
-
-import tqdm
+import docker
 
 
 @dataclass(frozen=False)
 class DetectionTestingManagerInputDto:
-    config: TestConfig
-    testContent: DirectorOutputDto
+    config: Union[test,test_servers]
+    detections: List[Detection]
     views: list[DetectionTestingView]
 
 
@@ -67,7 +45,7 @@ class DetectionTestingManager(BaseModel):
 
         # for content in self.input_dto.testContent.detections:
         #    self.pending_queue.put(content)
-        self.output_dto.inputQueue = self.input_dto.testContent.detections
+        self.output_dto.inputQueue = self.input_dto.detections
         self.create_DetectionTestingInfrastructureObjects()
 
     def execute(self) -> DetectionTestingManagerOutputDto:
@@ -87,13 +65,13 @@ class DetectionTestingManager(BaseModel):
                 print("*******************************")
 
         signal.signal(signal.SIGINT, sigint_handler)
-
+        
         with concurrent.futures.ThreadPoolExecutor(
-            max_workers=len(self.input_dto.config.infrastructure_config.infrastructures),
+            max_workers=len(self.input_dto.config.test_instances),
         ) as instance_pool, concurrent.futures.ThreadPoolExecutor(
             max_workers=len(self.input_dto.views)
         ) as view_runner, concurrent.futures.ThreadPoolExecutor(
-            max_workers=len(self.input_dto.config.infrastructure_config.infrastructures),
+            max_workers=len(self.input_dto.config.test_instances),
         ) as view_shutdowner:
 
             # Start all the views
@@ -151,14 +129,41 @@ class DetectionTestingManager(BaseModel):
         return self.output_dto
 
     def create_DetectionTestingInfrastructureObjects(self):
-        import sys
+        #Make sure that, if we need to, we pull the appropriate container
+        for infrastructure in self.input_dto.config.test_instances:
+            if (isinstance(self.input_dto.config, test) and isinstance(infrastructure, Container)):
+                try:
+                    client = docker.from_env()
+                except Exception as e:
+                    raise Exception("Unable to connect to docker.  Are you sure that docker is running on this host?")
+                try:
+                    
+                    parts = self.input_dto.config.container_settings.full_image_path.split(':')
+                    if len(parts) != 2:
+                        raise Exception(f"Expected to find a name:tag in {self.input_dto.config.container_settings.full_image_path}, "
+                                        f"but instead found {parts}. Note that this path MUST include the tag, which is separated by ':'")
+                    
+                    print(
+                        f"Getting the latest version of the container image [{self.input_dto.config.container_settings.full_image_path}]...",
+                        end="",
+                        flush=True,
+                    )
+                    client.images.pull(parts[0], tag=parts[1], platform="linux/amd64")
+                    print("done!")
+                    break
+                except Exception as e:
+                    raise Exception(f"Failed to pull docker container image [{self.input_dto.config.container_settings.full_image_path}]: {str(e)}")
 
-        for infrastructure in self.input_dto.config.infrastructure_config.infrastructures:
+        already_staged_container_files = False
+        for infrastructure in self.input_dto.config.test_instances:
 
-            if (
-                self.input_dto.config.infrastructure_config.infrastructure_type
-                == DetectionTestingTargetInfrastructure.container
-            ):
+            if (isinstance(self.input_dto.config, test) and isinstance(infrastructure, Container)):
+                # Stage the files in the apps dir so that they can be passed directly to
+                # subsequent containers. Do this here, instead of inside each container, to
+                # avoid duplicate downloads/moves/copies
+                if not already_staged_container_files:
+                    self.input_dto.config.getContainerEnvironmentString(stage_file=True)
+                    already_staged_container_files = True
 
                 self.detectionTestingInfrastructureObjects.append(
                     DetectionTestingInfrastructureContainer(
@@ -166,11 +171,7 @@ class DetectionTestingManager(BaseModel):
                     )
                 )
 
-            elif (
-                self.input_dto.config.infrastructure_config.infrastructure_type
-                == DetectionTestingTargetInfrastructure.server
-            ):
-
+            elif (isinstance(self.input_dto.config, test_servers) and isinstance(infrastructure, Infrastructure)):
                 self.detectionTestingInfrastructureObjects.append(
                     DetectionTestingInfrastructureServer(
                         global_config=self.input_dto.config, infrastructure=infrastructure, sync_obj=self.output_dto
@@ -179,7 +180,5 @@ class DetectionTestingManager(BaseModel):
 
             else:
 
-                print(
-                    f"Unsupported target infrastructure '{self.input_dto.config.infrastructure_config.infrastructure_type}'"
-                )
-                sys.exit(1)
+                raise Exception(f"Unsupported target infrastructure '{infrastructure}' and config type {self.input_dto.config}")
+                

contentctl/actions/detection_testing/GitService.py

@@ -1,258 +1,176 @@
-import csv
-import glob
 import logging
 import os
 import pathlib
-import subprocess
-import sys
-from typing import Union, Tuple
-from docker import types
-import datetime
-import git
-import yaml
-from git.objects import base
+import pygit2
+from pygit2.enums import DeltaStatus
+from typing import List, Optional
+from pydantic import BaseModel, FilePath
+from typing import TYPE_CHECKING
+if TYPE_CHECKING:
+    from contentctl.input.director import DirectorOutputDto
+    
 
-from contentctl.objects.detection import Detection
-from contentctl.objects.story import Story
-from contentctl.objects.baseline import Baseline
-from contentctl.objects.investigation import Investigation
-from contentctl.objects.playbook import Playbook
 from contentctl.objects.macro import Macro
 from contentctl.objects.lookup import Lookup
-from contentctl.objects.unit_test import UnitTest
-
-from contentctl.objects.enums import DetectionTestingMode, DetectionStatus, AnalyticsType
-import random
-import pathlib
-from contentctl.helper.utils import Utils
-
-from contentctl.objects.test_config import TestConfig
-from contentctl.actions.generate import DirectorOutputDto
+from contentctl.objects.detection import Detection
+from contentctl.objects.security_content_object import SecurityContentObject
+from contentctl.objects.config import test_common, All, Changes, Selected
 
 # Logger
 logging.basicConfig(level=os.environ.get("LOGLEVEL", "INFO"))
 LOGGER = logging.getLogger(__name__)
 
 
-SSA_PREFIX = "ssa___"
-
-
-class GitService:
-    def get_all_content(self, director: DirectorOutputDto) -> DirectorOutputDto:
-        # get a new director that will be used for testing.
-        return DirectorOutputDto(
-            self.get_detections(director),
-            self.get_stories(director),
-            self.get_baselines(director),
-            self.get_investigations(director),
-            self.get_playbooks(director),
-            self.get_macros(director),
-            self.get_lookups(director),
-            [],
-            []
-        )
 
-    def get_stories(self, director: DirectorOutputDto) -> list[Story]:
-        stories: list[Story] = []
-        return stories
+from contentctl.input.director import DirectorOutputDto
 
-    def get_baselines(self, director: DirectorOutputDto) -> list[Baseline]:
-        baselines: list[Baseline] = []
-        return baselines
 
-    def get_investigations(self, director: DirectorOutputDto) -> list[Investigation]:
-        investigations: list[Investigation] = []
-        return investigations
 
-    def get_playbooks(self, director: DirectorOutputDto) -> list[Playbook]:
-        playbooks: list[Playbook] = []
-        return playbooks
+class GitService(BaseModel):
+    director: DirectorOutputDto
+    config: test_common
+    gitHash: Optional[str] = None
+    
+    def getHash(self)->str:
+        if self.gitHash is None:
+            raise Exception("Cannot get hash of repo, it was not set")
+        return self.gitHash
 
-    def get_macros(self, director: DirectorOutputDto) -> list[Macro]:
-        macros: list[Macro] = []
-        return macros
 
-    def get_lookups(self, director: DirectorOutputDto) -> list[Lookup]:
-        lookups: list[Lookup] = []
-        return lookups
-
-    def filter_detections_by_status(self, detections: list[Detection], 
-                                    statuses_to_test: set[DetectionStatus] = {DetectionStatus.production})->list[Detection]:
-        #print("\n".join(sorted([f"{detection.file_path[92:]} - {detection.status}" for detection in detections if DetectionStatus(detection.status) not in statuses_to_test])))
-        #print()
-        return [detection for detection in detections if DetectionStatus(detection.status) in statuses_to_test]
-
-    # TODO (cmcginley): consider listing Correlation type detections as skips rather than excluding
-    #   them from results altogether?
-    def filter_detections_by_type(self, detections: list[Detection], 
-                                  types_to_test: set[AnalyticsType] = {AnalyticsType.Anomaly, AnalyticsType.TTP, AnalyticsType.Hunting})->list[Detection]:
-        #print("\n".join(sorted([f"{detection.file_path[92:]} - {detection.type}" for detection in detections if AnalyticsType(detection.type) not in types_to_test])))
-        #print()
-        return [detection for detection in detections if AnalyticsType(detection.type) in types_to_test]
-    def get_detections(self, director: DirectorOutputDto) -> list[Detection]:
-        if self.config.mode == DetectionTestingMode.selected:
-            detections =  self.get_detections_selected(director)
-        elif self.config.mode == DetectionTestingMode.all:
-            detections =  self.get_detections_all(director)
-        elif self.config.mode == DetectionTestingMode.changes:
-            detections =  self.get_detections_changed(director)
+    def getContent(self)->List[Detection]:
+        if isinstance(self.config.mode, Selected):
+            return self.getSelected(self.config.mode.files)
+        elif isinstance(self.config.mode, Changes):
+            return self.getChanges(self.config.mode.target_branch)
+        if isinstance(self.config.mode, All):
+            return self.getAll()
         else:
-            raise (
-                Exception(
-                    f"Error: Unsupported detection testing mode in GitService: {self.config.mode}"
-                )
-            )
+            raise Exception(f"Could not get content to test. Unsupported test mode '{self.config.mode}'")
+    def getAll(self)->List[Detection]:
+        return self.director.detections
+    
+    def getChanges(self, target_branch:str)->List[Detection]:
+        repo = pygit2.Repository(path=str(self.config.path))
+
+        try:
+            target_tree = repo.revparse_single(target_branch).tree
+            self.gitHash = target_tree.id
+            diffs = repo.index.diff_to_tree(target_tree)
+        except Exception as e:
+            raise Exception(f"Error parsing diff target_branch '{target_branch}'. Are you certain that it exists?")
         
+        #Get the uncommitted changes in the current directory
+        diffs2 = repo.index.diff_to_workdir()
         
-        detections = self.filter_detections_by_status(detections)
-        
-        detections = self.filter_detections_by_type(detections)
-        return detections
-
-    def get_detections_selected(self, director: DirectorOutputDto) -> list[Detection]:
-        detections_to_test: list[Detection] = []
-        requested_set = set(self.requested_detections)
-        missing_detections: set[pathlib.Path] = set()
-
-        for requested in requested_set:
-            matching = list(
-                filter(
-                    lambda detection: pathlib.Path(detection.file_path).resolve()
-                    == requested.resolve(),
-                    director.detections,
-                )
-            )
-            if len(matching) == 1:
-                detections_to_test.append(matching.pop())
-            elif len(matching) == 0:
-                missing_detections.add(requested)
+        #Combine the uncommitted changes with the committed changes
+        all_diffs = list(diffs) + list(diffs2)
+
+        #Make a filename to content map
+        filepath_to_content_map = { obj.file_path:obj for (_,obj) in self.director.name_to_content_map.items()} 
+        updated_detections:List[Detection] = []
+        updated_macros:List[Macro] = []
+        updated_lookups:List[Lookup] =[]
+
+        for diff in all_diffs:
+            if type(diff) == pygit2.Patch:
+                if diff.delta.status in (DeltaStatus.ADDED, DeltaStatus.MODIFIED, DeltaStatus.RENAMED):
+                    #print(f"{DeltaStatus(diff.delta.status).name:<8}:{diff.delta.new_file.raw_path}")
+                    decoded_path = pathlib.Path(diff.delta.new_file.raw_path.decode('utf-8'))
+                    if 'app_template/' in str(decoded_path) or 'ssa_detections' in str(decoded_path) or str(self.config.getBuildDir()) in str(decoded_path):
+                        #Ignore anything that is embedded in the app template.
+                        #Also ignore ssa detections
+                        pass
+                    elif 'detections/' in str(decoded_path) and decoded_path.suffix == ".yml":
+                        detectionObject = filepath_to_content_map.get(decoded_path, None)
+                        if isinstance(detectionObject, Detection):
+                            updated_detections.append(detectionObject)
+                        else:
+                            raise Exception(f"Error getting detection object for file {str(decoded_path)}")
+                        
+                    elif 'macros/' in str(decoded_path) and decoded_path.suffix == ".yml":
+                        macroObject = filepath_to_content_map.get(decoded_path, None)
+                        if isinstance(macroObject, Macro):
+                            updated_macros.append(macroObject)
+                        else:
+                            raise Exception(f"Error getting macro object for file {str(decoded_path)}")
+
+                    elif 'lookups/' in str(decoded_path):
+                        # We need to convert this to a yml. This means we will catch
+                        # both changes to a csv AND changes to the YML that uses it
+                        
+                        
+                        if decoded_path.suffix == ".yml":
+                            updatedLookup = filepath_to_content_map.get(decoded_path, None)
+                            if not isinstance(updatedLookup,Lookup):
+                                raise Exception(f"Expected {decoded_path} to be type {type(Lookup)}, but instead if was {(type(lookupObject))}")
+                            updated_lookups.append(updatedLookup)
+
+                        elif decoded_path.suffix == ".csv":
+                            # If the CSV was updated, we want to make sure that we 
+                            # add the correct corresponding Lookup object.
+                            #Filter to find the Lookup Object the references this CSV
+                            matched = list(filter(lambda x: x.filename is not None and x.filename == decoded_path, self.director.lookups))
+                            if len(matched) == 0:
+                                raise Exception(f"Failed to find any lookups that reference the modified CSV file  '{decoded_path}'")
+                            elif len(matched) > 1:
+                                raise Exception(f"More than 1 Lookup reference the modified CSV file '{decoded_path}': {[l.file_path for l in matched ]}")
+                            else:
+                                updatedLookup = matched[0]
+                        else:
+                            raise Exception(f"Error getting lookup object for file {str(decoded_path)}")
+                        
+                        if updatedLookup not in updated_lookups:
+                            # It is possible that both th CSV and YML have been modified for the same lookup,
+                            # and we do not want to add it twice. 
+                            updated_lookups.append(updatedLookup)
+
+                    else:
+                        pass
+                        #print(f"Ignore changes to file {decoded_path} since it is not a detection, macro, or lookup.")
+                
+                # else:
+                #     print(f"{diff.delta.new_file.raw_path}:{DeltaStatus(diff.delta.status).name} (IGNORED)")
+                #     pass
             else:
-                raise (
-                    Exception(
-                        f"Error: multiple detection files found when attemping to resolve [{str(requested)}]"
-                    )
-                )
-
-        if len(missing_detections) > 0:
-            missing_detections_str = "\n\t - ".join(
-                [str(path.absolute()) for path in missing_detections]
-            )
-            print(director.detections)
-            raise (
-                Exception(
-                    f"Failed to find the following detection file(s) for testing:\n\t - {missing_detections_str}"
-                )
-            )
+                raise Exception(f"Unrecognized type {type(diff)}")
 
-        return detections_to_test
 
-    def get_detections_all(self, director: DirectorOutputDto) -> list[Detection]:
-        # Assume we don't need to remove anything, like deprecated or experimental from this
-        return director.detections
-
-    def get_detections_changed(self, director: DirectorOutputDto) -> list[Detection]:
-        if self.repo is None:
-            raise (
-                Exception(
-                    f"Error: self.repo must be initialized before getting changed detections."
-                )
-            )
-        
-        target_branch_repo_object = self.repo.commit(f"origin/{self.config.version_control_config.target_branch}")
-        test_branch_repo_object = self.repo.commit(self.config.version_control_config.test_branch)
-        differences = target_branch_repo_object.diff(test_branch_repo_object)
-        
-        new_content = []
-        modified_content =  []
-        deleted_content = []
-        renamed_content = []
-
-        for content in differences.iter_change_type("M"):
-            modified_content.append(content.b_path)
-        for content in differences.iter_change_type("A"):
-            new_content.append(content.b_path)
-        for content in differences.iter_change_type("D"):
-            deleted_content.append(content.b_path)
-        for content in differences.iter_change_type("R"):
-            renamed_content.append(content.b_path)
-            
-        #Changes to detections, macros, and lookups should trigger a re-test for anything which uses them
-        changed_lookups_list = list(filter(lambda x: x.startswith("lookups"), new_content+modified_content))
-        changed_lookups = set()
-        
-        #We must account for changes to the lookup yml AND for the underlying csv
-        for lookup in changed_lookups_list:
-            if lookup.endswith(".csv"): 
-                lookup = lookup.replace(".csv", ".yml")
-            changed_lookups.add(lookup)
-
-        # At some point we should account for macros which contain other macros...
-        changed_macros = set(filter(lambda x: x.startswith("macros"), new_content+modified_content))
-        changed_macros_and_lookups = set([str(pathlib.Path(filename).absolute()) for filename in changed_lookups.union(changed_macros)])
-
-        changed_detections = set(filter(lambda x: x.startswith("detections"), new_content+modified_content+renamed_content))
-
-        #Check and see if content that has been modified uses any of the changed macros or lookups
-        for detection in director.detections:
-            deps = set([content.file_path for content in detection.get_content_dependencies()])
-            if not deps.isdisjoint(changed_macros_and_lookups):
-                changed_detections.add(detection.file_path)
-
-        changed_detections_string = '\n - '.join(changed_detections)
-        #print(f"The following [{len(changed_detections)}] detections, or their dependencies (macros/lookups), have changed:\n - {changed_detections_string}")
-        return Detection.get_detections_from_filenames(changed_detections, director.detections)
-
-    def __init__(self, config: TestConfig):
+        # If a detection has at least one dependency on changed content,
+        # then we must test it again
+        changed_macros_and_lookups = updated_macros + updated_lookups
         
-        self.requested_detections: list[pathlib.Path] = []
-        self.config = config
-        if config.version_control_config is not None:
-            self.repo = git.Repo(config.version_control_config.repo_path)
-        else:
-            self.repo = None
-            
-        
-        if config.mode == DetectionTestingMode.changes: 
-            if self.repo is None:
-                raise Exception("You are using detection mode 'changes', but the app does not have a version_control_config in contentctl_test.yml.")
-            return
-        elif config.mode == DetectionTestingMode.all:
-            return
-        elif config.mode == DetectionTestingMode.selected:
-            if config.detections_list is None or len(config.detections_list) < 1:
-                raise (
-                    Exception(
-                        f"Error: detection mode [{config.mode}] REQUIRES that [{config.detections_list}] contains 1 or more detections, but the value is [{config.detections_list}]"
-                    )
-                )
+        for detection in self.director.detections:
+            if detection in updated_detections:
+                # we are already planning to test it, don't need 
+                # to add it again
+                continue
+
+            for obj in changed_macros_and_lookups:
+                if obj in detection.get_content_dependencies():
+                   updated_detections.append(detection)
+                   break
+
+        #Print out the names of all modified/new content
+        modifiedAndNewContentString = "\n - ".join(sorted([d.name for d in updated_detections]))
+
+        print(f"[{len(updated_detections)}] Pieces of modifed and new content to test:\n - {modifiedAndNewContentString}")
+        return updated_detections
+
+    def getSelected(self, detectionFilenames:List[FilePath])->List[Detection]:
+        filepath_to_content_map:dict[FilePath, SecurityContentObject] = { obj.file_path:obj for (_,obj) in self.director.name_to_content_map.items() if obj.file_path is not None} 
+        errors = []
+        detections:List[Detection] = []
+        for name in detectionFilenames:
+            obj = filepath_to_content_map.get(name,None)
+            if obj == None:
+                errors.append(f"There is no detection file or security_content_object at '{name}'")
+            elif not isinstance(obj, Detection):
+                errors.append(f"The security_content_object at '{name}' is of type '{type(obj).__name__}', NOT '{Detection.__name__}'")
             else:
-                # Ensure that all of the detections exist
-                missing_files = [
-                    detection
-                    for detection in config.detections_list
-                    if not pathlib.Path(detection).is_file()
-                ]
-                if len(missing_files) > 0:
-                    missing_string = "\n\t - ".join(missing_files)
-                    raise (
-                        Exception(
-                            f"Error: The following detection(s) test do not exist:\n\t - {missing_files}"
-                        )
-                    )
-                else:
-                    self.requested_detections = [
-                        pathlib.Path(detection_file_name)
-                        for detection_file_name in config.detections_list
-                    ]
-                    
-        else:
-            raise Exception(f"Unsupported detection testing mode [{config.mode}].  "\
-                            "Supported detection testing modes are [{DetectionTestingMode._member_names_}]")
-        return
-            
+                detections.append(obj)
 
-    def clone_project(self, url, project, branch):
-        LOGGER.info(f"Clone Security Content Project")
-        repo_obj = git.Repo.clone_from(url, project, branch=branch)
-        return repo_obj
+        if len(errors) > 0:
+            errorsString = "\n - ".join(errors)
+            raise Exception(f"There following errors were encountered while getting selected detections to test:\n - {errorsString}")
+        return detections