contentctl 4.4.7__py3-none-any.whl → 5.0.0__py3-none-any.whl

contentctl/objects/dashboard.py

@@ -8,7 +8,7 @@ from contentctl.objects.security_content_object import SecurityContentObject
 from contentctl.objects.config import build
 from enum import StrEnum
 
-DEFAULT_DASHBAORD_JINJA2_TEMPLATE = '''<dashboard version="2" theme="{{ dashboard.theme }}">
+DEFAULT_DASHBAORD_JINJA2_TEMPLATE = """<dashboard version="2" theme="{{ dashboard.theme }}">
     <label>{{ dashboard.label(config) }}</label>
     <description></description>
     <definition><![CDATA[
@@ -21,28 +21,40 @@ DEFAULT_DASHBAORD_JINJA2_TEMPLATE = '''<dashboard version="2" theme="{{ dashboar
 	"hideExport": false
 }
     ]]></meta>
-</dashboard>'''
+</dashboard>"""
+
 
 class DashboardTheme(StrEnum):
     light = "light"
     dark = "dark"
 
+
 class Dashboard(SecurityContentObject):
-    j2_template: str = Field(default=DEFAULT_DASHBAORD_JINJA2_TEMPLATE, description="Jinja2 Template used to construct the dashboard")
-    description: str = Field(...,description="A description of the dashboard. This does not have to match "
-                             "the description of the dashboard in the JSON file.", max_length=10000)
-    theme: DashboardTheme = Field(default=DashboardTheme.light, description="The theme of the dashboard. Choose between 'light' and 'dark'.")
-    json_obj: Json[dict[str,Any]] = Field(..., description="Valid JSON object that describes the dashboard")
-    
-    
-    
-    def label(self, config:build)->str:
+    j2_template: str = Field(
+        default=DEFAULT_DASHBAORD_JINJA2_TEMPLATE,
+        description="Jinja2 Template used to construct the dashboard",
+    )
+    description: str = Field(
+        ...,
+        description="A description of the dashboard. This does not have to match "
+        "the description of the dashboard in the JSON file.",
+        max_length=10000,
+    )
+    theme: DashboardTheme = Field(
+        default=DashboardTheme.light,
+        description="The theme of the dashboard. Choose between 'light' and 'dark'.",
+    )
+    json_obj: Json[dict[str, Any]] = Field(
+        ..., description="Valid JSON object that describes the dashboard"
+    )
+
+    def label(self, config: build) -> str:
         return f"{config.app.label} - {self.name}"
-    
+
     @model_validator(mode="before")
     @classmethod
-    def validate_fields_from_json(cls, data:Any)->Any:
-        yml_file_name:str|None = data.get("file_path", None)
+    def validate_fields_from_json(cls, data: Any) -> Any:
+        yml_file_name: str | None = data.get("file_path", None)
         if yml_file_name is None:
             raise ValueError("File name not passed to dashboard constructor")
         yml_file_path = pathlib.Path(yml_file_name)
@@ -50,51 +62,53 @@ class Dashboard(SecurityContentObject):
 
         if not json_file_path.is_file():
             raise ValueError(f"Required file {json_file_path} does not exist.")
-        
-        with open(json_file_path,'r') as jsonFilePointer:
+
+        with open(json_file_path, "r") as jsonFilePointer:
             try:
-                json_obj:dict[str,Any] = json.load(jsonFilePointer)
+                json_obj: dict[str, Any] = json.load(jsonFilePointer)
             except Exception as e:
                 raise ValueError(f"Unable to load data from {json_file_path}: {str(e)}")
 
-        name_from_file = data.get("name",None)
-        name_from_json  = json_obj.get("title",None)
+        name_from_file = data.get("name", None)
+        name_from_json = json_obj.get("title", None)
 
-        errors:list[str] = []
+        errors: list[str] = []
         if name_from_json is None:
             errors.append(f"'title' field is missing from {json_file_path}")
         elif name_from_json != name_from_file:
-            errors.append(f"The 'title' field in the JSON file [{json_file_path}] does not match the 'name' field in the YML object [{yml_file_path}]. These two MUST match:\n    "
-                          f"title in JSON : {name_from_json}\n    "
-                          f"title in YML  : {name_from_file}\n    ")
-        
-        description_from_json = json_obj.get("description",None)
+            errors.append(
+                f"The 'title' field in the JSON file [{json_file_path}] does not match the 'name' field in the YML object [{yml_file_path}]. These two MUST match:\n    "
+                f"title in JSON : {name_from_json}\n    "
+                f"title in YML  : {name_from_file}\n    "
+            )
+
+        description_from_json = json_obj.get("description", None)
         if description_from_json is None:
             errors.append("'description' field is missing from field 'json_object'")
-        
-        if len(errors) > 0 :
+
+        if len(errors) > 0:
             err_string = "\n  - ".join(errors)
             raise ValueError(f"Error(s) validating dashboard:\n  - {err_string}")
-        
-        data['name'] = name_from_file
-        data['json_obj'] = json.dumps(json_obj)
+
+        data["name"] = name_from_file
+        data["json_obj"] = json.dumps(json_obj)
         return data
 
-    
     def pretty_print_json_obj(self):
         return json.dumps(self.json_obj, indent=4)
-    
-    def getOutputFilepathRelativeToAppRoot(self, config:build)->pathlib.Path:
+
+    def getOutputFilepathRelativeToAppRoot(self, config: build) -> pathlib.Path:
         filename = f"{self.file_path.stem}.xml".lower()
-        return pathlib.Path("default/data/ui/views")/filename
-    
-    
-    def writeDashboardFile(self, j2_env:Environment, config:build):
+        return pathlib.Path("default/data/ui/views") / filename
+
+    def writeDashboardFile(self, j2_env: Environment, config: build):
         template = j2_env.from_string(self.j2_template)
         dashboard_text = template.render(config=config, dashboard=self)
 
-        with open(config.getPackageDirectoryPath()/self.getOutputFilepathRelativeToAppRoot(config), 'a') as f:
-            output_xml = dashboard_text.encode('utf-8', 'ignore').decode('utf-8')
+        with open(
+            config.getPackageDirectoryPath()
+            / self.getOutputFilepathRelativeToAppRoot(config),
+            "a",
+        ) as f:
+            output_xml = dashboard_text.encode("utf-8", "ignore").decode("utf-8")
             f.write(output_xml)
-
-

contentctl/objects/data_source.py

@@ -2,32 +2,32 @@ from __future__ import annotations
 from typing import Optional, Any
 from pydantic import Field, HttpUrl, model_serializer, BaseModel
 from contentctl.objects.security_content_object import SecurityContentObject
-from contentctl.objects.event_source import EventSource
 
 
 class TA(BaseModel):
     name: str
     url: HttpUrl | None = None
     version: str
+
+
 class DataSource(SecurityContentObject):
     source: str = Field(...)
     sourcetype: str = Field(...)
     separator: Optional[str] = None
     configuration: Optional[str] = None
     supported_TA: list[TA] = []
-    fields: Optional[list] = None
-    field_mappings: Optional[list] = None
-    convert_to_log_source: Optional[list] = None
-    example_log: Optional[str] = None
-
+    fields: None | list = None
+    field_mappings: None | list = None
+    convert_to_log_source: None | list = None
+    example_log: None | str = None
 
     @model_serializer
     def serialize_model(self):
-        #Call serializer for parent
+        # Call serializer for parent
         super_fields = super().serialize_model()
-        
-        #All fields custom to this model
-        model:dict[str,Any] = {
+
+        # All fields custom to this model
+        model: dict[str, Any] = {
             "source": self.source,
             "sourcetype": self.sourcetype,
             "separator": self.separator,
@@ -36,12 +36,11 @@ class DataSource(SecurityContentObject):
             "fields": self.fields,
             "field_mappings": self.field_mappings,
             "convert_to_log_source": self.convert_to_log_source,
-            "example_log":self.example_log
+            "example_log": self.example_log,
         }
-        
-        
-        #Combine fields from this model with fields from parent
+
+        # Combine fields from this model with fields from parent
         super_fields.update(model)
-        
-        #return the model
-        return super_fields
+
+        # return the model
+        return super_fields

contentctl/objects/deployment.py

@@ -1,5 +1,11 @@
 from __future__ import annotations
-from pydantic import Field, computed_field,ValidationInfo, model_serializer, NonNegativeInt
+from pydantic import (
+    Field,
+    computed_field,
+    ValidationInfo,
+    model_serializer,
+    NonNegativeInt,
+)
 from typing import Any
 import uuid
 import datetime
@@ -11,75 +17,68 @@ from contentctl.objects.enums import DeploymentType
 
 
 class Deployment(SecurityContentObject):
-    #id: str = None
-    #date: str = None
-    #author: str = None
-    #description: str = None
-    #contentType: SecurityContentType = SecurityContentType.deployments
-    
-    
     scheduling: DeploymentScheduling = Field(...)
     alert_action: AlertAction = AlertAction()
     type: DeploymentType = Field(...)
-    author: str = Field(...,max_length=255)
+    author: str = Field(..., max_length=255)
     version: NonNegativeInt = 1
 
-    #Type was the only tag exposed and should likely be removed/refactored.
-    #For transitional reasons, provide this as a computed_field in prep for removal
+    # Type was the only tag exposed and should likely be removed/refactored.
+    # For transitional reasons, provide this as a computed_field in prep for removal
     @computed_field
     @property
-    def tags(self)->dict[str,DeploymentType]:
+    def tags(self) -> dict[str, DeploymentType]:
         return {"type": self.type}
 
-        
     @staticmethod
-    def getDeployment(v:dict[str,Any], info:ValidationInfo)->Deployment:
+    def getDeployment(v: dict[str, Any], info: ValidationInfo) -> Deployment:
         if v != {}:
             # If the user has defined a deployment, then allow it to be validated
             # and override the default deployment info defined in type:Baseline
-            v['type'] = DeploymentType.Embedded
-            
+            v["type"] = DeploymentType.Embedded
+
             detection_name = info.data.get("name", None)
             if detection_name is None:
-                raise ValueError("Could not create inline deployment - Baseline or Detection lacking 'name' field,")
+                raise ValueError(
+                    "Could not create inline deployment - Baseline or Detection lacking 'name' field,"
+                )
 
-            # Add a number of static values            
-            v.update({
-              'name': f"{detection_name} - Inline Deployment",
-              'id':uuid.uuid4(),
-              'date': datetime.date.today(),
-              'description': "Inline deployment created at runtime.",
-              'author': "contentctl tool"
-            })
+            # Add a number of static values
+            v.update(
+                {
+                    "name": f"{detection_name} - Inline Deployment",
+                    "id": uuid.uuid4(),
+                    "date": datetime.date.today(),
+                    "description": "Inline deployment created at runtime.",
+                    "author": "contentctl tool",
+                }
+            )
 
-            
             # This constructs a temporary in-memory deployment,
-            # allowing the deployment to be easily defined in the 
+            # allowing the deployment to be easily defined in the
             # detection on a per detection basis.
             return Deployment.model_validate(v)
-                        
+
         else:
-            return SecurityContentObject.getDeploymentFromType(info.data.get("type",None), info)
-    
+            return SecurityContentObject.getDeploymentFromType(
+                info.data.get("type", None), info
+            )
+
     @model_serializer
     def serialize_model(self):
-        #Call serializer for parent
+        # Call serializer for parent
         super_fields = super().serialize_model()
-        
-        #All fields custom to this model
-        model= {
-            "scheduling": self.scheduling.model_dump(),
-            "tags": self.tags
-        }
 
-        
-        #Combine fields from this model with fields from parent
+        # All fields custom to this model
+        model = {"scheduling": self.scheduling.model_dump(), "tags": self.tags}
+
+        # Combine fields from this model with fields from parent
         model.update(super_fields)
-        
+
         alert_action_fields = self.alert_action.model_dump()
         model.update(alert_action_fields)
 
-        del(model['references'])
-        
-        #return the model
-        return model
+        del model["references"]
+
+        # return the model
+        return model

contentctl/objects/deployment_email.py

@@ -1,8 +1,9 @@
 from __future__ import annotations
-from pydantic import BaseModel
+from pydantic import BaseModel, ConfigDict
 
 
 class DeploymentEmail(BaseModel):
+    model_config = ConfigDict(extra="forbid")
     message: str
     subject: str
-    to: str
+    to: str

contentctl/objects/deployment_notable.py

@@ -1,8 +1,10 @@
 from __future__ import annotations
-from pydantic import BaseModel
+from pydantic import BaseModel, ConfigDict
 from typing import List
 
+
 class DeploymentNotable(BaseModel):
+    model_config = ConfigDict(extra="forbid")
     rule_description: str
     rule_title: str
-    nes_fields: List[str]
+    nes_fields: List[str]

contentctl/objects/deployment_phantom.py

@@ -1,10 +1,11 @@
 from __future__ import annotations
-from pydantic import BaseModel
+from pydantic import BaseModel, ConfigDict
 
 
 class DeploymentPhantom(BaseModel):
-    cam_workers : str
-    label : str
-    phantom_server : str
-    sensitivity : str
-    severity : str
+    model_config = ConfigDict(extra="forbid")
+    cam_workers: str
+    label: str
+    phantom_server: str
+    sensitivity: str
+    severity: str

contentctl/objects/deployment_rba.py

@@ -1,6 +1,7 @@
 from __future__ import annotations
-from pydantic import BaseModel
+from pydantic import BaseModel, ConfigDict
 
 
 class DeploymentRBA(BaseModel):
-    enabled: bool = False
+    model_config = ConfigDict(extra="forbid")
+    enabled: bool = False

contentctl/objects/deployment_scheduling.py

@@ -1,9 +1,10 @@
 from __future__ import annotations
-from pydantic import BaseModel
+from pydantic import BaseModel, ConfigDict
 
 
 class DeploymentScheduling(BaseModel):
+    model_config = ConfigDict(extra="forbid")
     cron_schedule: str
     earliest_time: str
     latest_time: str
-    schedule_window: str
+    schedule_window: str

contentctl/objects/deployment_slack.py

@@ -1,7 +1,8 @@
 from __future__ import annotations
-from pydantic import BaseModel
+from pydantic import BaseModel, ConfigDict
 
 
 class DeploymentSlack(BaseModel):
+    model_config = ConfigDict(extra="forbid")
     channel: str
-    message: str
+    message: str

contentctl/objects/detection.py

@@ -1,5 +1,8 @@
 from __future__ import annotations
-from contentctl.objects.abstract_security_content_objects.detection_abstract import Detection_Abstract
+from contentctl.objects.abstract_security_content_objects.detection_abstract import (
+    Detection_Abstract,
+)
+
 
 class Detection(Detection_Abstract):
     # Customization to the Detection Class go here.
@@ -12,4 +15,4 @@ class Detection(Detection_Abstract):
     # them or modifying their behavior may cause
     # undefined issues with the contentctl tooling
     # or output of the tooling.
-    pass
+    pass

contentctl/objects/detection_metadata.py

@@ -8,6 +8,7 @@ class DetectionMetadata(BaseModel):
     """
     A model of the metadata line in a detection stanza in savedsearches.conf
     """
+
     # A bool indicating whether the detection is deprecated (serialized as an int, 1 or 0)
     deprecated: bool = Field(...)
 

contentctl/objects/detection_stanza.py

@@ -11,6 +11,7 @@ class DetectionStanza(BaseModel):
     """
     A model representing a stanza for a detection in savedsearches.conf
     """
+
     # The lines that comprise this stanza, in the order they appear in the conf
     lines: list[str] = Field(...)
 
@@ -47,7 +48,9 @@ class DetectionStanza(BaseModel):
             raise Exception(f"No metadata for detection '{self.name}' found in stanza.")
 
         # Parse the metadata JSON into a model
-        return DetectionMetadata.model_validate_json(meta_line[len(DetectionStanza.METADATA_LINE_PREFIX):])
+        return DetectionMetadata.model_validate_json(
+            meta_line[len(DetectionStanza.METADATA_LINE_PREFIX) :]
+        )
 
     @computed_field
     @cached_property
@@ -76,4 +79,6 @@ class DetectionStanza(BaseModel):
         :returns: True if the version still needs to be bumped
         :rtype: bool
         """
-        return (self.hash != previous.hash) and (self.metadata.detection_version <= previous.metadata.detection_version)
+        return (self.hash != previous.hash) and (
+            self.metadata.detection_version <= previous.metadata.detection_version
+        )