contentctl 4.4.7__py3-none-any.whl → 5.0.0__py3-none-any.whl

contentctl/objects/base_test_result.py

@@ -1,8 +1,8 @@
 from typing import Union, Any
-from enum import Enum
+from enum import StrEnum
 
 from pydantic import ConfigDict, BaseModel
-from splunklib.data import Record                                                                   # type: ignore
+from splunklib.data import Record  # type: ignore
 
 from contentctl.helper.utils import Utils
 
@@ -10,8 +10,9 @@ from contentctl.helper.utils import Utils
 # TODO (#267): Align test reporting more closely w/ status enums (as it relates to "untested")
 # TODO (PEX-432): add status "UNSET" so that we can make sure the result is always of this enum
 #   type; remove mypy ignores associated w/ these typing issues once we do
-class TestResultStatus(str, Enum):
+class TestResultStatus(StrEnum):
     """Enum for test status (e.g. pass/fail)"""
+
     # Test failed (detection did NOT fire appropriately)
     FAIL = "fail"
 
@@ -35,6 +36,7 @@ class BaseTestResult(BaseModel):
     """
     Base class for test results
     """
+
     # Message for the result
     message: Union[None, str] = None
 
@@ -54,10 +56,7 @@ class BaseTestResult(BaseModel):
     sid_link: Union[None, str] = None
 
     # Needed to allow for embedding of Exceptions in the model
-    model_config = ConfigDict(
-        validate_assignment=True,
-        arbitrary_types_allowed=True
-    )
+    model_config = ConfigDict(validate_assignment=True, arbitrary_types_allowed=True)
 
     @property
     def passed(self) -> bool:
@@ -81,7 +80,10 @@ class BaseTestResult(BaseModel):
         Property returning True if status is FAIL or ERROR; False otherwise (PASS, SKIP)
         :returns: bool indicating fialure if True
         """
-        return self.status == TestResultStatus.FAIL or self.status == TestResultStatus.ERROR
+        return (
+            self.status == TestResultStatus.FAIL
+            or self.status == TestResultStatus.ERROR
+        )
 
     @property
     def complete(self) -> bool:
@@ -94,7 +96,13 @@ class BaseTestResult(BaseModel):
     def get_summary_dict(
         self,
         model_fields: list[str] = [
-            "success", "exception", "message", "sid_link", "status", "duration", "wait_duration"
+            "success",
+            "exception",
+            "message",
+            "sid_link",
+            "status",
+            "duration",
+            "wait_duration",
         ],
         job_fields: list[str] = ["search", "resultCount", "runDuration"],
     ) -> dict[str, Any]:
@@ -113,7 +121,7 @@ class BaseTestResult(BaseModel):
                 # Exceptions and enums cannot be serialized, so convert to str
                 if isinstance(getattr(self, field), Exception):
                     summary_dict[field] = str(getattr(self, field))
-                elif isinstance(getattr(self, field), Enum):
+                elif isinstance(getattr(self, field), StrEnum):
                     summary_dict[field] = str(getattr(self, field))
                 else:
                     summary_dict[field] = getattr(self, field)
@@ -125,7 +133,7 @@ class BaseTestResult(BaseModel):
         # Grab the job content fields required
         for field in job_fields:
             if self.job_content is not None:
-                value: Any = self.job_content.get(field, None)                                      # type: ignore
+                value: Any = self.job_content.get(field, None)  # type: ignore
 
                 # convert runDuration to a fixed width string representation of a float
                 if field == "runDuration":

contentctl/objects/baseline.py

@@ -1,57 +1,89 @@
-
 from __future__ import annotations
-from typing import Annotated, Optional, List,Any
-from pydantic import field_validator, ValidationInfo, Field, model_serializer
-from contentctl.objects.deployment import Deployment
-from contentctl.objects.security_content_object import SecurityContentObject
-from contentctl.objects.enums import DataModel
-from contentctl.objects.baseline_tags import BaselineTags
 
-from contentctl.objects.config import CustomApp
+from typing import TYPE_CHECKING, Annotated, Any, List, Literal
 
+if TYPE_CHECKING:
+    from contentctl.input.director import DirectorOutputDto
+
+from pydantic import (
+    Field,
+    ValidationInfo,
+    computed_field,
+    field_validator,
+    model_serializer,
+)
+
+from contentctl.objects.baseline_tags import BaselineTags
+from contentctl.objects.config import CustomApp
+from contentctl.objects.constants import (
+    CONTENTCTL_BASELINE_STANZA_NAME_FORMAT_TEMPLATE,
+    CONTENTCTL_MAX_SEARCH_NAME_LENGTH,
+)
+from contentctl.objects.deployment import Deployment
+from contentctl.objects.enums import DataModel, DetectionStatus
+from contentctl.objects.lookup import Lookup
+from contentctl.objects.security_content_object import SecurityContentObject
 
-from contentctl.objects.constants import CONTENTCTL_MAX_SEARCH_NAME_LENGTH,CONTENTCTL_BASELINE_STANZA_NAME_FORMAT_TEMPLATE
 
 class Baseline(SecurityContentObject):
-    name:str = Field(...,max_length=CONTENTCTL_MAX_SEARCH_NAME_LENGTH)
-    type: Annotated[str,Field(pattern="^Baseline$")] = Field(...)
-    datamodel: Optional[List[DataModel]] = None
+    name: str = Field(..., max_length=CONTENTCTL_MAX_SEARCH_NAME_LENGTH)
+    type: Annotated[str, Field(pattern="^Baseline$")] = Field(...)
     search: str = Field(..., min_length=4)
     how_to_implement: str = Field(..., min_length=4)
     known_false_positives: str = Field(..., min_length=4)
     tags: BaselineTags = Field(...)
-
+    lookups: list[Lookup] = Field([], validate_default=True)
     # enrichment
     deployment: Deployment = Field({})
-    
+    status: Literal[DetectionStatus.production, DetectionStatus.deprecated]
+
+    @field_validator("lookups", mode="before")
+    @classmethod
+    def getBaselineLookups(cls, v: list[str], info: ValidationInfo) -> list[Lookup]:
+        """
+        This function has been copied and renamed from the Detection_Abstract class
+        """
+        director: DirectorOutputDto = info.context.get("output_dto", None)
+        search: str | None = info.data.get("search", None)
+        if search is None:
+            raise ValueError("Search was None - is this file missing the search field?")
+
+        lookups = Lookup.get_lookups(search, director)
+        return lookups
 
-    def get_conf_stanza_name(self, app:CustomApp)->str:
-        stanza_name = CONTENTCTL_BASELINE_STANZA_NAME_FORMAT_TEMPLATE.format(app_label=app.label, detection_name=self.name)
+    def get_conf_stanza_name(self, app: CustomApp) -> str:
+        stanza_name = CONTENTCTL_BASELINE_STANZA_NAME_FORMAT_TEMPLATE.format(
+            app_label=app.label, detection_name=self.name
+        )
         self.check_conf_stanza_max_length(stanza_name)
         return stanza_name
 
     @field_validator("deployment", mode="before")
-    def getDeployment(cls, v:Any, info:ValidationInfo)->Deployment:
-        return Deployment.getDeployment(v,info)
-    
+    def getDeployment(cls, v: Any, info: ValidationInfo) -> Deployment:
+        return Deployment.getDeployment(v, info)
+
+    @computed_field
+    @property
+    def datamodel(self) -> List[DataModel]:
+        return [dm for dm in DataModel if dm in self.search]
 
     @model_serializer
     def serialize_model(self):
-        #Call serializer for parent
+        # Call serializer for parent
         super_fields = super().serialize_model()
-        
-        #All fields custom to this model
-        model= {
+
+        # All fields custom to this model
+        model = {
             "tags": self.tags.model_dump(),
             "type": self.type,
             "search": self.search,
-            "how_to_implement":self.how_to_implement,
-            "known_false_positives":self.known_false_positives,
+            "how_to_implement": self.how_to_implement,
+            "known_false_positives": self.known_false_positives,
             "datamodel": self.datamodel,
         }
-        
-        #Combine fields from this model with fields from parent
+
+        # Combine fields from this model with fields from parent
         super_fields.update(model)
-        
-        #return the model
-        return super_fields
+
+        # return the model
+        return super_fields

contentctl/objects/baseline_tags.py

@@ -1,5 +1,12 @@
 from __future__ import annotations
-from pydantic import BaseModel, Field, field_validator, ValidationInfo, model_serializer
+from pydantic import (
+    BaseModel,
+    Field,
+    field_validator,
+    ValidationInfo,
+    model_serializer,
+    ConfigDict,
+)
 from typing import List, Any, Union
 
 from contentctl.objects.story import Story
@@ -8,36 +15,35 @@ from contentctl.objects.enums import SecurityContentProductName
 from contentctl.objects.enums import SecurityDomain
 
 
-
-
-
 class BaselineTags(BaseModel):
+    model_config = ConfigDict(extra="forbid")
     analytic_story: list[Story] = Field(...)
-    #deployment: Deployment = Field('SET_IN_GET_DEPLOYMENT_FUNCTION')
+    # deployment: Deployment = Field('SET_IN_GET_DEPLOYMENT_FUNCTION')
     # TODO (#223): can we remove str from the possible types here?
-    detections: List[Union[Detection,str]] = Field(...)
-    product: List[SecurityContentProductName] = Field(...,min_length=1)
-    required_fields: List[str] = Field(...,min_length=1)
+    detections: List[Union[Detection, str]] = Field(...)
+    product: List[SecurityContentProductName] = Field(..., min_length=1)
     security_domain: SecurityDomain = Field(...)
 
+    @field_validator("analytic_story", mode="before")
+    def getStories(cls, v: Any, info: ValidationInfo) -> List[Story]:
+        return Story.mapNamesToSecurityContentObjects(
+            v, info.context.get("output_dto", None)
+        )
 
-    @field_validator("analytic_story",mode="before")
-    def getStories(cls, v:Any, info:ValidationInfo)->List[Story]:
-        return Story.mapNamesToSecurityContentObjects(v, info.context.get("output_dto",None))
-    
-    
     @model_serializer
-    def serialize_model(self):    
-        #All fields custom to this model
-        model= {
+    def serialize_model(self):
+        # All fields custom to this model
+        model = {
             "analytic_story": [story.name for story in self.analytic_story],
-            "detections": [detection.name for detection in self.detections if isinstance(detection,Detection)],
+            "detections": [
+                detection.name
+                for detection in self.detections
+                if isinstance(detection, Detection)
+            ],
             "product": self.product,
-            "required_fields":self.required_fields,
-            "security_domain":self.security_domain,
-            "deployments": None
+            "security_domain": self.security_domain,
+            "deployments": None,
         }
-        
-        
-        #return the model
-        return model
+
+        # return the model
+        return model