contentctl 3.6.0__py3-none-any.whl → 4.0.2__py3-none-any.whl

contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructure.py

@@ -10,11 +10,11 @@ import pathlib
 from tempfile import TemporaryDirectory, mktemp
 from ssl import SSLEOFError, SSLZeroReturnError
 from sys import stdout
-from dataclasses import dataclass
+#from dataclasses import dataclass
 from shutil import copyfile
 from typing import Union, Optional
 
-from pydantic import BaseModel, PrivateAttr, Field
+from pydantic import BaseModel, PrivateAttr, Field, dataclasses
 import requests                                                                                     # type: ignore
 import splunklib.client as client                                                                   # type: ignore
 from splunklib.binding import HTTPError                                                             # type: ignore
@@ -23,6 +23,7 @@ import splunklib.results
 from urllib3 import disable_warnings
 import urllib.parse
 
+from contentctl.objects.config import test_common, Infrastructure
 from contentctl.objects.enums import PostTestBehavior, AnalyticsType
 from contentctl.objects.detection import Detection
 from contentctl.objects.base_test import BaseTest
@@ -31,14 +32,10 @@ from contentctl.objects.integration_test import IntegrationTest
 from contentctl.objects.unit_test_attack_data import UnitTestAttackData
 from contentctl.objects.unit_test_result import UnitTestResult
 from contentctl.objects.integration_test_result import IntegrationTestResult
-from contentctl.objects.test_config import TestConfig, Infrastructure
 from contentctl.objects.test_group import TestGroup
 from contentctl.objects.base_test_result import TestResultStatus
 from contentctl.objects.correlation_search import CorrelationSearch, PbarData
 from contentctl.helper.utils import Utils
-from contentctl.actions.detection_testing.DataManipulation import (
-    DataManipulation,
-)
 from contentctl.actions.detection_testing.progress_bar import (
     format_pbar_string,
     TestReportingType,
@@ -66,8 +63,8 @@ class ContainerStoppedException(Exception):
     pass
 
 
-@dataclass(frozen=False)
-class DetectionTestingManagerOutputDto:
+@dataclasses.dataclass(frozen=False)
+class DetectionTestingManagerOutputDto():
     inputQueue: list[Detection] = Field(default_factory=list)
     outputQueue: list[Detection] = Field(default_factory=list)
     skippedQueue: list[Detection] = Field(default_factory=list)
@@ -81,7 +78,7 @@ class DetectionTestingManagerOutputDto:
 
 class DetectionTestingInfrastructure(BaseModel, abc.ABC):
     # thread: threading.Thread = threading.Thread()
-    global_config: TestConfig
+    global_config: test_common
     infrastructure: Infrastructure
     sync_obj: DetectionTestingManagerOutputDto
     hec_token: str = ""
@@ -239,6 +236,7 @@ class DetectionTestingInfrastructure(BaseModel, abc.ABC):
                 self.pbar.write(
                     f"Error getting API connection (not quitting) '{type(e).__name__}': {str(e)}"
                 )
+                print("wow")
                 # self.pbar.write(
                 #     f"Unhandled exception getting connection to splunk server: {str(e)}"
                 # )
@@ -397,7 +395,7 @@ class DetectionTestingInfrastructure(BaseModel, abc.ABC):
             try:
                 self.test_detection(detection)
             except ContainerStoppedException:
-                self.pbar.write(f"Stopped container [{self.get_name()}]")
+                self.pbar.write(f"Warning - container was stopped when trying to execute detection [{self.get_name()}]")
                 self.finish()
                 return
             except Exception as e:
@@ -1196,14 +1194,12 @@ class DetectionTestingInfrastructure(BaseModel, abc.ABC):
     ):
         tempfile = mktemp(dir=tmp_dir)
 
-        if not (
-            attack_data_file.data.startswith("https://")
-            or attack_data_file.data.startswith("http://")
-        ):
-            if pathlib.Path(attack_data_file.data).is_file():
+        if not (str(attack_data_file.data).startswith("http://") or 
+                str(attack_data_file.data).startswith("https://")) :
+            if pathlib.Path(str(attack_data_file.data)).is_file():
                 self.format_pbar_string(TestReportingType.GROUP, test_group.name, "Copying Data", test_group_start_time)
                 try:
-                    copyfile(attack_data_file.data, tempfile)
+                    copyfile(str(attack_data_file.data), tempfile)
                 except Exception as e:
                     raise Exception(
                         f"Error copying local Attack Data File for [{test_group.name}] - [{attack_data_file.data}]: "
@@ -1229,7 +1225,7 @@ class DetectionTestingInfrastructure(BaseModel, abc.ABC):
                 )
 
                 Utils.download_file_from_http(
-                    attack_data_file.data, tempfile, self.pbar, overwrite_file=True
+                    str(attack_data_file.data), tempfile, self.pbar, overwrite_file=True
                 )
             except Exception as e:
                 raise (
@@ -1238,12 +1234,6 @@ class DetectionTestingInfrastructure(BaseModel, abc.ABC):
                     )
                 )
 
-        # Update timestamps before replay
-        if attack_data_file.update_timestamp:
-            data_manipulation = DataManipulation()
-            data_manipulation.manipulate_timestamp(
-                tempfile, attack_data_file.sourcetype, attack_data_file.source
-            )
 
         # Upload the data
         self.format_pbar_string(
@@ -1366,7 +1356,7 @@ class DetectionTestingInfrastructure(BaseModel, abc.ABC):
         pass
 
     def finish(self):
-        self.pbar.bar_format = f"Stopped container [{self.get_name()}]"
+        self.pbar.bar_format = f"Finished running tests on instance: [{self.get_name()}]"
         self.pbar.update()
         self.pbar.close()
 

contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructureContainer.py

@@ -1,21 +1,19 @@
 from contentctl.actions.detection_testing.infrastructures.DetectionTestingInfrastructure import (
     DetectionTestingInfrastructure,
 )
+from contentctl.objects.config import test
 import docker.models.resource
 import docker.models.containers
 import docker
 import docker.types
-from contentctl.objects.test_config import (
-    CONTAINER_APP_DIR,
-    LOCAL_APP_DIR,
-)
 
 
 class DetectionTestingInfrastructureContainer(DetectionTestingInfrastructure):
+    global_config: test
     container: docker.models.resource.Model = None
 
     def start(self):
-        if self.global_config.infrastructure_config.persist_and_reuse_container:
+        if self.global_config.container_settings.leave_running:
             # If we are configured to use the persistent container, then check and see if it's already
             # running. If so, just use it without additional configuration.
             try:
@@ -76,8 +74,8 @@ class DetectionTestingInfrastructureContainer(DetectionTestingInfrastructure):
 
         mounts = [
             docker.types.Mount(
-                source=str(LOCAL_APP_DIR.absolute()),
-                target=str(CONTAINER_APP_DIR.absolute()),
+                source=str(self.global_config.getLocalAppDir()),
+                target=str(self.global_config.getContainerAppDir()),
                 type="bind",
                 read_only=True,
             )
@@ -86,18 +84,32 @@ class DetectionTestingInfrastructureContainer(DetectionTestingInfrastructure):
         environment = {}
         environment["SPLUNK_START_ARGS"] = "--accept-license"
         environment["SPLUNK_PASSWORD"] = self.infrastructure.splunk_app_password
-        environment["SPLUNK_APPS_URL"] = ",".join(
-            p.environment_path for p in self.global_config.apps 
-        )
+        # Files have already been staged by the time that we call this. Files must only be staged
+        # once, not staged by every container
+        environment["SPLUNK_APPS_URL"] = self.global_config.getContainerEnvironmentString(stage_file=False)
         if (
-            self.global_config.splunkbase_password is not None
-            and self.global_config.splunkbase_username is not None
+            self.global_config.splunk_api_username is not None
+            and self.global_config.splunk_api_password is not None
         ):
-            environment["SPLUNKBASE_USERNAME"] = self.global_config.splunkbase_username
-            environment["SPLUNKBASE_PASSWORD"] = self.global_config.splunkbase_password
-
+            environment["SPLUNKBASE_USERNAME"] = self.global_config.splunk_api_username
+            environment["SPLUNKBASE_PASSWORD"] = self.global_config.splunk_api_password
+        
+
+
+        def emit_docker_run_equivalent():
+            environment_string = " ".join([f'-e "{k}={environment.get(k)}"' for k in environment.keys()])
+            print(f"\n\ndocker run -d "\
+                  f"-p {self.infrastructure.web_ui_port}:8000 "
+                  f"-p {self.infrastructure.hec_port}:8088 "
+                  f"-p {self.infrastructure.api_port}:8089 "
+                  f"{environment_string} "            
+                  f" --name {self.get_name()} "
+                  f"--platform linux/amd64 "
+                  f"{self.global_config.container_settings.full_image_path}\n\n")
+        #emit_docker_run_equivalent()
+        
         container = self.get_docker_client().containers.create(
-            self.global_config.infrastructure_config.full_image_path,
+            self.global_config.container_settings.full_image_path,
             ports=ports_dict,
             environment=environment,
             name=self.get_name(),
@@ -105,6 +117,18 @@ class DetectionTestingInfrastructureContainer(DetectionTestingInfrastructure):
             detach=True,
             platform="linux/amd64"
         )
+        
+        if self.global_config.enterpriseSecurityInApps():
+            #ES sets up https, so make sure it is included in the link
+            address = f"https://{self.infrastructure.instance_address}:{self.infrastructure.web_ui_port}"
+        else:
+            address = f"http://{self.infrastructure.instance_address}:{self.infrastructure.web_ui_port}"
+        print(f"\nStarted container with the following information:\n"
+              f"\tname    : [{self.get_name()}]\n"
+              f"\taddress : [{address}]\n"
+              f"\tusername: [{self.infrastructure.splunk_app_username}]\n"
+              f"\tpassword: [{self.infrastructure.splunk_app_password}]\n"
+              )
 
         return container
 
@@ -119,13 +143,15 @@ class DetectionTestingInfrastructureContainer(DetectionTestingInfrastructure):
         try:
             # If the user wants to persist the container (or use a previously configured container), then DO NOT remove it.
             # Emit the following message, which they will see on initial setup and teardown at the end of the test. 
-            if self.global_config.infrastructure_config.persist_and_reuse_container:
+            if self.global_config.container_settings.leave_running:
                 print(f"\nContainer [{self.get_name()}] has NOT been terminated because 'contentctl_test.yml ---> infrastructure_config ---> persist_and_reuse_container = True'")
                 print(f"To remove it, please manually run the following at the command line: `docker container rm -fv {self.get_name()}`\n")
                 return
             # container was found, so now we try to remove it
             # v also removes volumes linked to the container
             container.remove(v=removeVolumes, force=forceRemove)
+            print(f"container [{self.get_name()}] successfully removed")
+
             # remove it even if it is running. remove volumes as well
             # No need to print that the container has been removed, it is expected behavior
 

contentctl/actions/detection_testing/views/DetectionTestingView.py

@@ -3,7 +3,8 @@ import datetime
 
 from pydantic import BaseModel
 
-from contentctl.objects.test_config import TestConfig
+from contentctl.objects.config import test_common
+
 from contentctl.actions.detection_testing.infrastructures.DetectionTestingInfrastructure import (
     DetectionTestingManagerOutputDto,
 )
@@ -12,7 +13,7 @@ from contentctl.objects.enums import DetectionStatus
 
 
 class DetectionTestingView(BaseModel, abc.ABC):
-    config: TestConfig
+    config: test_common
     sync_obj: DetectionTestingManagerOutputDto
 
     interval: float = 10

contentctl/actions/detection_testing/views/DetectionTestingViewFile.py

@@ -1,11 +1,3 @@
-from pydantic import BaseModel
-import abc
-from typing import Callable
-from contentctl.objects.test_config import TestConfig
-from contentctl.actions.detection_testing.infrastructures.DetectionTestingInfrastructure import (
-    DetectionTestingManagerOutputDto,
-)
-
 from contentctl.actions.detection_testing.views.DetectionTestingView import (
     DetectionTestingView,
 )

contentctl/actions/doc_gen.py

@@ -13,7 +13,7 @@ class DocGenInputDto:
 class DocGen:
 
     def execute(self, input_dto: DocGenInputDto) -> None:
-        director_output_dto = DirectorOutputDto([],[],[],[],[],[],[],[])
+        director_output_dto = DirectorOutputDto([],[],[],[],[],[],[],[],[],[])
         director = Director(director_output_dto)
         director.execute(input_dto.director_input_dto)
 

contentctl/actions/initialize.py

@@ -2,81 +2,44 @@
 import shutil
 import os
 import pathlib
-from dataclasses import dataclass
-from contentctl.objects.config import Config, TestConfig, PASSWORD
-from contentctl.output.yml_writer import YmlWriter
-import json
 
-@dataclass(frozen=True)
-class InitializeInputDto:
-    path: pathlib.Path
-    demo: bool = False
+from pydantic import RootModel 
+from contentctl.objects.config import test
+from contentctl.output.yml_writer import YmlWriter
 
 
 class Initialize:
 
-    def execute(self, input_dto: InitializeInputDto) -> None:
-
-        c = Config()
+    def execute(self, config: test) -> None:
+        # construct a test object from the init object
+        # This way we can easily populate a yml with ALL the important
+        # fields for validating, building, and testing your app. 
         
-        t = TestConfig.construct() #Disable validation for default object
+        YmlWriter.writeYmlFile(str(config.path/'contentctl.yml'), config.model_dump()) 
 
-        config_as_dict = c.dict()
-        config_as_dict.pop("test")
-        YmlWriter.writeYmlFile(os.path.join(input_dto.path, 'contentctl.yml'), config_as_dict)
-
-        
-        # This field serialization hack is required to get
-        # enums declared in Pydantic Models serialized properly
-        # without emitting tags that make them hard to read in yml
+        #Create the following empty directories:
+        for emptyDir in ['lookups', 'baselines', 'docs', 'reporting', 'investigations']:
+            #Throw an error if this directory already exists
+            (config.path/emptyDir).mkdir(exist_ok=False)
         
-        j = json.dumps(t.dict(),sort_keys=False)
-        obj=json.loads(j)
-        YmlWriter.writeYmlFile(os.path.join(input_dto.path, 'contentctl_test.yml'), dict(obj))
-
 
-        folders = ['detections', 'stories', 'lookups', 'macros', 'baselines', 'dist', 'docs', 'reporting', 'investigations']
-        for folder in folders:
-            os.makedirs(os.path.join(input_dto.path, folder))
-
-        # Working Detection
-        source_path = pathlib.Path(os.path.join(os.path.dirname(__file__), '../templates/detections/'))
-        dest_path = pathlib.Path(os.path.join(input_dto.path, 'detections'))
-        detections_to_populate = ['anomalous_usage_of_7zip.yml']
-        if input_dto.demo:
-            detections_to_populate += ['anomalous_usage_of_7zip_validation_fail.yml', 
-                                      'anomalous_usage_of_7zip_test_fail.yml']     
-                
-        for detection_name in detections_to_populate: 
-            shutil.copyfile(
-                source_path/detection_name, 
-                dest_path/detection_name)
+        #copy the contents of all template directories
+        for templateDir, targetDir in [
+            ('../templates/app_template/', 'app_template'),
+            ('../templates/deployments/', 'deployments'),
+            ('../templates/detections/', 'detections'),
+            ('../templates/macros/','macros'),
+            ('../templates/stories/', 'stories'),
+        ]:
+            source_directory = pathlib.Path(os.path.dirname(__file__))/templateDir
+            target_directory = config.path/targetDir
+            #Throw an exception if the target exists
+            shutil.copytree(source_directory, target_directory, dirs_exist_ok=False)
         
+        #Create the config file as well
+        shutil.copyfile(pathlib.Path(os.path.dirname(__file__))/'../templates/README','README')
 
-        shutil.copytree(
-            os.path.join(os.path.dirname(__file__), '../templates/deployments'), 
-            os.path.join(input_dto.path, 'deployments')
-        )
-
-        shutil.copyfile(
-            os.path.join(os.path.dirname(__file__), '../templates/stories/cobalt_strike.yml'), 
-            os.path.join(input_dto.path, 'stories', 'cobalt_strike.yml')
-        )
-
-        shutil.copyfile(
-            os.path.join(os.path.dirname(__file__), '../templates/macros/security_content_ctime.yml'), 
-            os.path.join(input_dto.path, 'macros', 'security_content_ctime.yml')
-        )
-
-        shutil.copyfile(
-            os.path.join(os.path.dirname(__file__), '../templates/macros/security_content_summariesonly.yml'), 
-            os.path.join(input_dto.path, 'macros', 'security_content_summariesonly.yml')
-        )
-
-        shutil.copyfile(
-            os.path.join(os.path.dirname(__file__), '../templates/README'), 
-            os.path.join(input_dto.path, 'README')
-        )
 
-        print('The following folders were created: {0} under {1}.\nContent pack has been initialized, please run `new` to create new content.'.format(folders, input_dto.path))
+        print(f"The app '{config.app.title}' has been initialized. "
+              "Please run 'contentctl new --type {detection,story}' to create new content")
 

contentctl/actions/inspect.py

@@ -0,0 +1,260 @@
+import sys
+
+
+from dataclasses import dataclass
+
+import pathlib
+import json
+import datetime
+
+
+from contentctl.objects.config import inspect
+from requests import Session, post, get
+from requests.auth import HTTPBasicAuth
+import timeit
+import time
+@dataclass(frozen=True)
+class InspectInputDto:
+    config:inspect
+
+
+class Inspect:
+
+    def execute(self, config: inspect) -> str:
+        if config.build_app or config.build_api:    
+         
+            self.inspectAppCLI(config)
+            appinspect_token = self.inspectAppAPI(config)
+            
+            
+            return appinspect_token
+
+        else:
+            raise Exception("Inspect only supported for app and api build targets")    
+    
+    def getElapsedTime(self, startTime:float)->datetime.timedelta:
+        return datetime.timedelta(seconds=round(timeit.default_timer() - startTime))
+
+
+    def inspectAppAPI(self, config: inspect)->str:
+        session = Session()
+        session.auth = HTTPBasicAuth(config.splunk_api_username, config.splunk_api_password)
+        if config.stack_type not in ['victoria', 'classic']:
+            raise Exception(f"stack_type MUST be either 'classic' or 'victoria', NOT '{config.stack_type}'")
+        
+        APPINSPECT_API_LOGIN = "https://api.splunk.com/2.0/rest/login/splunk"
+        
+            
+        
+        res = session.get(APPINSPECT_API_LOGIN)
+        #If login failed or other failure, raise an exception
+        res.raise_for_status()
+        
+        authorization_bearer = res.json().get("data",{}).get("token",None)
+        APPINSPECT_API_VALIDATION_REQUEST = "https://appinspect.splunk.com/v1/app/validate"
+        headers = {
+            "Authorization": f"bearer {authorization_bearer}",
+            "Cache-Control": "no-cache"
+        }
+        
+        package_path = config.getPackageFilePath(include_version=False)
+        if not package_path.is_file():
+            raise Exception(f"Cannot run Appinspect API on App '{config.app.title}' - "
+                            f"no package exists as expected path '{package_path}'.\nAre you "
+                            "trying to 'contentctl acs_deploy' the package BEFORE running 'contentctl build'?")
+        
+        files = {
+            "app_package": open(package_path,"rb"),
+            "included_tags":(None,"cloud")
+        } 
+        
+        res = post(APPINSPECT_API_VALIDATION_REQUEST, headers=headers, files=files)
+
+        res.raise_for_status()
+
+        request_id = res.json().get("request_id",None)
+        APPINSPECT_API_VALIDATION_STATUS = f"https://appinspect.splunk.com/v1/app/validate/status/{request_id}?included_tags=private_{config.stack_type}"
+        headers = headers = {
+            "Authorization": f"bearer {authorization_bearer}"
+        }
+        startTime = timeit.default_timer()
+        # the first time, wait for 40 seconds. subsequent times, wait for less.
+        # this is because appinspect takes some time to return, so there is no sense
+        # checking many times when we know it will take at least 40 seconds to run.
+        iteration_wait_time = 40
+        while True:
+            
+            res = get(APPINSPECT_API_VALIDATION_STATUS, headers=headers)
+            res.raise_for_status()
+            status = res.json().get("status",None)
+            if status in ["PROCESSING", "PREPARING"]:
+                print(f"[{self.getElapsedTime(startTime)}] Appinspect API is {status}...")
+                time.sleep(iteration_wait_time)
+                iteration_wait_time = 1
+                continue
+            elif status == "SUCCESS":
+                print(f"[{self.getElapsedTime(startTime)}] Appinspect API has finished!")
+                break
+            else:
+                raise Exception(f"Error - Unknown Appinspect API status '{status}'")
+        
+        
+
+        #We have finished running appinspect, so get the report
+        APPINSPECT_API_REPORT = f"https://appinspect.splunk.com/v1/app/report/{request_id}?included_tags=private_{config.stack_type}"
+        #Get human-readable HTML report
+        headers = headers = {
+            "Authorization": f"bearer {authorization_bearer}",
+            "Content-Type": "text/html"
+        }
+        res = get(APPINSPECT_API_REPORT, headers=headers)
+        res.raise_for_status()
+        report_html = res.content
+        
+        #Get JSON report for processing
+        headers = headers = {
+            "Authorization": f"bearer {authorization_bearer}",
+            "Content-Type": "application/json"
+        }
+        res = get(APPINSPECT_API_REPORT, headers=headers)
+        res.raise_for_status()
+        report_json = res.json()
+        
+        # Just get app path here to avoid long function calls in the open() calls below
+        appPath = config.getPackageFilePath(include_version=True)
+        appinpect_html_path = appPath.with_suffix(appPath.suffix+".appinspect_api_results.html")
+        appinspect_json_path = appPath.with_suffix(appPath.suffix+".appinspect_api_results.json")
+        #Use the full path of the app, but update the suffix to include info about appinspect
+        with open(appinpect_html_path, "wb") as report:
+            report.write(report_html)
+        with open(appinspect_json_path, "w") as report:
+            json.dump(report_json, report)
+        
+        
+        self.parseAppinspectJsonLogFile(appinspect_json_path)
+      
+
+        return authorization_bearer
+    
+    
+    def inspectAppCLI(self, config:inspect)-> None:
+        
+        try:
+            raise Exception("Local spunk-appinspect Not Supported at this time (you may use the appinspect api). If you would like to locally inspect your app with"
+                  "Python 3.7, 3.8, or 3.9 (with limited support), please refer to:\n"
+                  "\t - https://dev.splunk.com/enterprise/docs/developapps/testvalidate/appinspect/useappinspectclitool/")
+            from splunk_appinspect.main import (
+                validate, MODE_OPTION, APP_PACKAGE_ARGUMENT, OUTPUT_FILE_OPTION, 
+                LOG_FILE_OPTION, INCLUDED_TAGS_OPTION, EXCLUDED_TAGS_OPTION, 
+                PRECERT_MODE, TEST_MODE)
+        except Exception as e:
+            print(e)
+            # print("******WARNING******")
+            # if sys.version_info.major == 3 and sys.version_info.minor > 9:
+            #     print("The package splunk-appinspect was not installed due to a current issue with the library on Python3.10+.  "
+            #           "Please use the following commands to set up a virtualenvironment in a different folder so you may run appinspect manually (if desired):"
+            #           "\n\tpython3.9 -m venv .venv" 
+            #           "\n\tsource .venv/bin/activate"
+            #           "\n\tpython3 -m pip install splunk-appinspect"
+            #           f"\n\tsplunk-appinspect inspect {self.getPackagePath(include_version=False).relative_to(pathlib.Path('.').absolute())} --mode precert")    
+                
+            # else:
+            #     print("splunk-appinspect is only compatable with Python3.9 at this time.  Please see the following open issue here: https://github.com/splunk/contentctl/issues/28")
+            # print("******WARNING******")
+            return
+
+        # Note that all tags are available and described here:
+        # https://dev.splunk.com/enterprise/reference/appinspect/appinspecttagreference/ 
+        # By default, precert mode will run ALL checks.  Explicitly included or excluding tags will 
+        # change this behavior. To give the most thorough inspection, we leave these empty so that
+        # ALL checks are run
+        included_tags = []
+        excluded_tags = []
+
+        appinspect_output = self.dist/f"{self.config.build.title}-{self.config.build.version}.appinspect_cli_results.json"
+        appinspect_logging = self.dist/f"{self.config.build.title}-{self.config.build.version}.appinspect_cli_logging.log"
+        try:
+            arguments_list = [(APP_PACKAGE_ARGUMENT, str(self.getPackagePath(include_version=False)))]
+            options_list = []
+            options_list += [MODE_OPTION, TEST_MODE]
+            options_list += [OUTPUT_FILE_OPTION, str(appinspect_output)]
+            options_list += [LOG_FILE_OPTION, str(appinspect_logging)]
+            
+            #If there are any tags defined, then include them here
+            for opt in included_tags:
+                options_list += [INCLUDED_TAGS_OPTION, opt]
+            for opt in excluded_tags:
+                options_list += [EXCLUDED_TAGS_OPTION, opt]
+
+            cmdline = options_list + [arg[1] for arg in arguments_list]        
+            validate(cmdline)
+    
+        except SystemExit as e:
+            if e.code == 0:
+                # The sys.exit called inside of appinspect validate closes stdin.  We need to
+                # reopen it.
+                sys.stdin = open("/dev/stdin","r")
+                print(f"AppInspect passed! Please check [ {appinspect_output} , {appinspect_logging} ] for verbose information.")
+            else:
+                if sys.version.startswith('3.11') or sys.version.startswith('3.12'):
+                    raise Exception("At this time, AppInspect may fail on valid apps under Python>=3.11 with " 
+                                    "the error 'global flags not at the start of the expression at position 1'. "  
+                                    "If you encounter this error, please run AppInspect on a version of Python "
+                                    "<3.11.  This issue is currently tracked. Please review the appinspect "
+                                    "report output above for errors.")
+                else: 
+                    raise Exception("AppInspect Failure - Please review the appinspect report output above for errors.")        
+        finally:
+                # appinspect outputs the log in json format, but does not format it to be easier
+                # to read (it is all in one line). Read back that file and write it so it
+                # is easier to understand
+                
+                #Note that this may raise an exception itself!
+                self.parseAppinspectJsonLogFile(appinspect_output)
+
+    def parseAppinspectJsonLogFile(self, logfile_path:pathlib.Path, 
+                                   status_types:list[str] = ["error", "failure", "manual_check", "warning"], 
+                                   exception_types = ["error","failure","manual_check"] )->None:
+        if not set(exception_types).issubset(set(status_types)):
+                raise Exception(f"Error - exception_types {exception_types} MUST be a subset of status_types {status_types}, but it is not")
+        with open(logfile_path, "r+") as logfile:
+            j = json.load(logfile)
+            #Seek back to the beginning of the file. We don't need to clear
+            #it sice we will always write AT LEAST the same number of characters
+            #back as we read (due to the addition of whitespace)
+            logfile.seek(0)
+            json.dump(j, logfile, indent=3, )
+            
+        reports = j.get("reports", [])
+        if len(reports) != 1:
+            raise Exception("Expected to find one appinspect report but found 0")
+        verbose_errors = []
+        
+        for group in reports[0].get("groups", []):
+            for check in group.get("checks",[]):
+                if check.get("result","") in status_types:                                    
+                    verbose_errors.append(f" - {check.get('result','')} [{group.get('name','NONAME')}: {check.get('name', 'NONAME')}]")
+        verbose_errors.sort()
+        
+        summary = j.get("summary", None)
+        if summary is None:
+            raise Exception("Missing summary from appinspect report")
+        msgs = []
+        generated_exception = False
+        for key in status_types:
+            if summary.get(key,0)>0:
+                msgs.append(f" - {summary.get(key,0)} {key}s")
+                if key in exception_types:
+                    generated_exception = True
+        if len(msgs)>0 or len(verbose_errors):
+            summary = '\n'.join(msgs)
+            details = '\n'.join(verbose_errors)
+            summary = f"{summary}\nDetails:\n{details}"
+            if generated_exception:
+                raise Exception(f"AppInspect found [{','.join(exception_types)}] that MUST be addressed to pass AppInspect API:\n{summary}")        
+            else:
+                print(f"AppInspect found [{','.join(status_types)}] that MAY cause a failure during AppInspect API:\n{summary}")            
+        else:
+            print("AppInspect was successful!")
+                
+        return