contentctl 4.4.7__py3-none-any.whl → 5.0.0__py3-none-any.whl

contentctl/contentctl.py

@@ -1,31 +1,39 @@
-import traceback
+import pathlib
 import sys
+import traceback
 import warnings
-import pathlib
+
 import tyro
 
-from contentctl.actions.initialize import Initialize
-from contentctl.objects.config import init, validate, build,  new, deploy_acs, test, test_servers, inspect, report, test_common, release_notes
-from contentctl.actions.validate import Validate
-from contentctl.actions.new_content import NewContent
+from contentctl.actions.build import Build, BuildInputDto, DirectorOutputDto
+from contentctl.actions.deploy_acs import Deploy
 from contentctl.actions.detection_testing.GitService import GitService
-from contentctl.actions.build import (
-     BuildInputDto,
-     DirectorOutputDto,
-     Build,
-)
-from contentctl.actions.test import Test
-from contentctl.actions.test import TestInputDto
-from contentctl.actions.reporting import ReportingInputDto, Reporting
+from contentctl.actions.initialize import Initialize
 from contentctl.actions.inspect import Inspect
-from contentctl.input.yml_reader import YmlReader
-from contentctl.actions.deploy_acs import Deploy
+from contentctl.actions.new_content import NewContent
 from contentctl.actions.release_notes import ReleaseNotes
+from contentctl.actions.reporting import Reporting, ReportingInputDto
+from contentctl.actions.test import Test, TestInputDto
+from contentctl.actions.validate import Validate
+from contentctl.input.yml_reader import YmlReader
+from contentctl.objects.config import (
+    build,
+    deploy_acs,
+    init,
+    inspect,
+    new,
+    release_notes,
+    report,
+    test,
+    test_common,
+    test_servers,
+    validate,
+)
 
 # def print_ascii_art():
 #     print(
 #         """
-# Running Splunk Security Content Control Tool (contentctl) 
+# Running Splunk Security Content Control Tool (contentctl)
 # ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
 # ⠀⠀⠀⠀⠀⠀⠀⠀⠀⢶⠛⡇⠀⠀⠀⠀⠀⠀⣠⣦⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
 # ⠀⠀⠀⠀⠀⠀⠀⠀⣀⠼⠖⠛⠋⠉⠉⠓⠢⣴⡻⣾⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
@@ -53,114 +61,137 @@ from contentctl.actions.release_notes import ReleaseNotes
 #     )
 
 
-
-
-def init_func(config:test):    
+def init_func(config: test):
     Initialize().execute(config)
 
 
-def validate_func(config:validate)->DirectorOutputDto:
+def validate_func(config: validate) -> DirectorOutputDto:
     validate = Validate()
     return validate.execute(config)
 
-def report_func(config:report)->None:
+
+def report_func(config: report) -> None:
     # First, perform validation. Remember that the validate
     # configuration is actually a subset of the build configuration
     director_output_dto = validate_func(config)
-    
-    r = Reporting() 
-    return r.execute(ReportingInputDto(director_output_dto=director_output_dto, 
-                                       config=config))
-    
 
-def build_func(config:build)->DirectorOutputDto:
+    r = Reporting()
+    return r.execute(
+        ReportingInputDto(director_output_dto=director_output_dto, config=config)
+    )
+
+
+def build_func(config: build) -> DirectorOutputDto:
     # First, perform validation. Remember that the validate
     # configuration is actually a subset of the build configuration
     director_output_dto = validate_func(config)
     builder = Build()
     return builder.execute(BuildInputDto(director_output_dto, config))
 
-def inspect_func(config:inspect)->str:
-    #Make sure that we have built the most recent version of the app
+
+def inspect_func(config: inspect) -> str:
+    # Make sure that we have built the most recent version of the app
     _ = build_func(config)
     inspect_token = Inspect().execute(config)
     return inspect_token
-    
 
-def release_notes_func(config:release_notes)->None:
+
+def release_notes_func(config: release_notes) -> None:
     ReleaseNotes().release_notes(config)
 
-def new_func(config:new):
-    NewContent().execute(config)
 
+def new_func(config: new):
+    NewContent().execute(config)
 
 
-def deploy_acs_func(config:deploy_acs):
+def deploy_acs_func(config: deploy_acs):
     print("Building and inspecting app...")
     token = inspect_func(config)
     print("App successfully built and inspected.")
     print("Deploying app...")
     Deploy().execute(config, token)
 
-def test_common_func(config:test_common):
-    if type(config) == test:
-        #construct the container Infrastructure objects
+
+def test_common_func(config: test_common):
+    if type(config) is test:
+        # construct the container Infrastructure objects
         config.getContainerInfrastructureObjects()
-        #otherwise, they have already been passed as servers
+        # otherwise, they have already been passed as servers
 
     director_output_dto = build_func(config)
-    gitServer = GitService(director=director_output_dto,config=config)
+    gitServer = GitService(director=director_output_dto, config=config)
     detections_to_test = gitServer.getContent()
 
-    
-
     test_input_dto = TestInputDto(detections_to_test, config)
-    
+
     t = Test()
     t.filter_tests(test_input_dto)
-    
+
     if config.plan_only:
-        #Emit the test plan and quit. Do not actually run the test
-        config.dumpCICDPlanAndQuit(gitServer.getHash(),test_input_dto.detections)
-        return 
-    
+        # Emit the test plan and quit. Do not actually run the test
+        config.dumpCICDPlanAndQuit(gitServer.getHash(), test_input_dto.detections)
+        return
+
     success = t.execute(test_input_dto)
-    
+
     if success:
-        #Everything passed!
+        # Everything passed!
         print("All tests have run successfully or been marked as 'skipped'")
         return
     raise Exception("There was at least one unsuccessful test")
 
+
+CONTENTCTL_5_WARNING = """
+*****************************************************************************
+WARNING - THIS IS AN ALPHA BUILD OF CONTENTCTL 5.
+THERE HAVE BEEN NUMEROUS CHANGES IN CONTENTCTL (ESPECIALLY TO YML FORMATS). 
+YOU ALMOST CERTAINLY DO NOT WANT TO USE THIS BUILD.
+IF YOU ENCOUNTER ERRORS, PLEASE USE THE LATEST CURRENTYLY SUPPORTED RELEASE: 
+
+CONTENTCTL==4.4.7 
+
+YOU HAVE BEEN WARNED!
+*****************************************************************************
+"""
+
+
 def main():
+    print(CONTENTCTL_5_WARNING)
     try:
         configFile = pathlib.Path("contentctl.yml")
-        
+
         # We MUST load a config (with testing info) object so that we can
         # properly construct the command line, including 'contentctl test' parameters.
         if not configFile.is_file():
-            if "init" not in sys.argv and "--help" not in sys.argv and "-h" not in sys.argv:
-                raise Exception(f"'{configFile}' not found in the current directory.\n"
-                                "Please ensure you are in the correct directory or run 'contentctl init' to create a new content pack.")
-            
+            if (
+                "init" not in sys.argv
+                and "--help" not in sys.argv
+                and "-h" not in sys.argv
+            ):
+                raise Exception(
+                    f"'{configFile}' not found in the current directory.\n"
+                    "Please ensure you are in the correct directory or run 'contentctl init' to create a new content pack."
+                )
+
             if "--help" in sys.argv or "-h" in sys.argv:
-                print("Warning - contentctl.yml is missing from this directory. The configuration values showed at the default and are informational only.\n"
-                      "Please ensure that contentctl.yml exists by manually creating it or running 'contentctl init'")
+                print(
+                    "Warning - contentctl.yml is missing from this directory. The configuration values showed at the default and are informational only.\n"
+                    "Please ensure that contentctl.yml exists by manually creating it or running 'contentctl init'"
+                )
             # Otherwise generate a stub config file.
             # It will be used during init workflow
 
             t = test()
             config_obj = t.model_dump()
-            
+
         else:
-            #The file exists, so load it up!
-            config_obj = YmlReader().load_file(configFile)
+            # The file exists, so load it up!
+            config_obj = YmlReader().load_file(configFile, add_fields=False)
             t = test.model_validate(config_obj)
     except Exception as e:
         print(f"Error validating 'contentctl.yml':\n{str(e)}")
         sys.exit(1)
-        
-    
+
     # For ease of generating the constructor, we want to allow construction
     # of an object from default values WITHOUT requiring all fields to be declared
     # with defaults OR in the config file. As such, we construct the model rather
@@ -169,22 +200,19 @@ def main():
 
     models = tyro.extras.subcommand_type_from_defaults(
         {
-            "init":init.model_validate(config_obj),
+            "init": init.model_validate(config_obj),
             "validate": validate.model_validate(config_obj),
             "report": report.model_validate(config_obj),
-            "build":build.model_validate(config_obj),
+            "build": build.model_validate(config_obj),
             "inspect": inspect.model_construct(**t.__dict__),
-            "new":new.model_validate(config_obj),
-            "test":test.model_validate(config_obj),
-            "test_servers":test_servers.model_construct(**t.__dict__),
+            "new": new.model_validate(config_obj),
+            "test": test.model_validate(config_obj),
+            "test_servers": test_servers.model_construct(**t.__dict__),
             "release_notes": release_notes.model_construct(**config_obj),
-            "deploy_acs": deploy_acs.model_construct(**t.__dict__)
+            "deploy_acs": deploy_acs.model_construct(**t.__dict__),
         }
     )
-    
-
 
-   
     config = None
     try:
         # Since some model(s) were constructed and not model_validated, we have to catch
@@ -192,26 +220,25 @@ def main():
         with warnings.catch_warnings(action="ignore"):
             config = tyro.cli(models)
 
-        
-        if type(config) == init:
+        if type(config) is init:
             t.__dict__.update(config.__dict__)
             init_func(t)
-        elif type(config) == validate:
+        elif type(config) is validate:
             validate_func(config)
-        elif type(config) == report:
+        elif type(config) is report:
             report_func(config)
-        elif type(config) == build:
+        elif type(config) is build:
             build_func(config)
-        elif type(config) == new:
+        elif type(config) is new:
             new_func(config)
-        elif type(config) == inspect:
+        elif type(config) is inspect:
             inspect_func(config)
-        elif type(config) == release_notes:
+        elif type(config) is release_notes:
             release_notes_func(config)
-        elif type(config) == deploy_acs:
+        elif type(config) is deploy_acs:
             updated_config = deploy_acs.model_validate(config)
             deploy_acs_func(updated_config)
-        elif type(config) == test or type(config) == test_servers:
+        elif type(config) is test or type(config) is test_servers:
             test_common_func(config)
         else:
             raise Exception(f"Unknown command line type '{type(config).__name__}'")
@@ -220,20 +247,27 @@ def main():
         sys.exit(1)
     except Exception as e:
         if config is None:
-            print("There was a serious issue where the config file could not be created.\n"
-                  "The entire stack trace is provided below (please include it if filing a bug report).\n")
+            print(
+                "There was a serious issue where the config file could not be created.\n"
+                "The entire stack trace is provided below (please include it if filing a bug report).\n"
+            )
             traceback.print_exc()
         elif config.verbose:
-            print("Verbose error logging is ENABLED.\n"
-                  "The entire stack trace has been provided below (please include it if filing a bug report):\n")
+            print(
+                "Verbose error logging is ENABLED.\n"
+                "The entire stack trace has been provided below (please include it if filing a bug report):\n"
+            )
             traceback.print_exc()
         else:
-            print("Verbose error logging is DISABLED.\n"
-                  "Please use the --verbose command line argument if you need more context for your error or file a bug report.")
-            print(e)
-            
+            print(
+                "Verbose error logging is DISABLED.\n"
+                "Please use the --verbose command line argument if you need more context for your error or file a bug report."
+            )
+
+        print(e)
+        print(CONTENTCTL_5_WARNING)
         sys.exit(1)
 
 
 if __name__ == "__main__":
-    main()
+    main()

contentctl/enrichments/attack_enrichment.py

@@ -1,121 +1,161 @@
-
 from __future__ import annotations
-import sys
 from attackcti import attack_client
 import logging
 from pydantic import BaseModel
 from dataclasses import field
 from typing import Any
 from pathlib import Path
-from contentctl.objects.mitre_attack_enrichment import MitreAttackEnrichment, MitreTactics
+from contentctl.objects.mitre_attack_enrichment import (
+    MitreAttackEnrichment,
+    MitreTactics,
+)
 from contentctl.objects.config import validate
 from contentctl.objects.annotated_types import MITRE_ATTACK_ID_TYPE
-logging.getLogger('taxii2client').setLevel(logging.CRITICAL)
+
+logging.getLogger("taxii2client").setLevel(logging.CRITICAL)
 
 
 class AttackEnrichment(BaseModel):
     data: dict[str, MitreAttackEnrichment] = field(default_factory=dict)
-    use_enrichment:bool = True
-    
+    use_enrichment: bool = True
+
     @staticmethod
-    def getAttackEnrichment(config:validate)->AttackEnrichment:
+    def getAttackEnrichment(config: validate) -> AttackEnrichment:
         enrichment = AttackEnrichment(use_enrichment=config.enrichments)
         _ = enrichment.get_attack_lookup(config.mitre_cti_repo_path, config.enrichments)
         return enrichment
-    
-    def getEnrichmentByMitreID(self, mitre_id:MITRE_ATTACK_ID_TYPE)->MitreAttackEnrichment:
+
+    def getEnrichmentByMitreID(
+        self, mitre_id: MITRE_ATTACK_ID_TYPE
+    ) -> MitreAttackEnrichment:
         if not self.use_enrichment:
-            raise Exception("Error, trying to add Mitre Enrichment, but use_enrichment was set to False")
-        
+            raise Exception(
+                "Error, trying to add Mitre Enrichment, but use_enrichment was set to False"
+            )
+
         enrichment = self.data.get(mitre_id, None)
         if enrichment is not None:
             return enrichment
         else:
-            raise Exception(f"Error, Unable to find Mitre Enrichment for MitreID {mitre_id}")
-        
-    def addMitreIDViaGroupNames(self, technique:dict[str,Any], tactics:list[str], groupNames:list[str])->None:
-        technique_id = technique['technique_id']
-        technique_obj = technique['technique']
+            raise Exception(
+                f"Error, Unable to find Mitre Enrichment for MitreID {mitre_id}"
+            )
+
+    def addMitreIDViaGroupNames(
+        self, technique: dict[str, Any], tactics: list[str], groupNames: list[str]
+    ) -> None:
+        technique_id = technique["technique_id"]
+        technique_obj = technique["technique"]
         tactics.sort()
-        
+
         if technique_id in self.data:
             raise Exception(f"Error, trying to redefine MITRE ID '{technique_id}'")
-        self.data[technique_id] = MitreAttackEnrichment.model_validate({'mitre_attack_id':technique_id, 
-                                                                        'mitre_attack_technique':technique_obj, 
-                                                                        'mitre_attack_tactics':tactics, 
-                                                                        'mitre_attack_groups':groupNames,
-                                                                        'mitre_attack_group_objects':[]}) 
-
-    def addMitreIDViaGroupObjects(self, technique:dict[str,Any], tactics:list[MitreTactics],  groupDicts:list[dict[str,Any]])->None:
-        technique_id = technique['technique_id']
-        technique_obj = technique['technique']
+        self.data[technique_id] = MitreAttackEnrichment.model_validate(
+            {
+                "mitre_attack_id": technique_id,
+                "mitre_attack_technique": technique_obj,
+                "mitre_attack_tactics": tactics,
+                "mitre_attack_groups": groupNames,
+                "mitre_attack_group_objects": [],
+            }
+        )
+
+    def addMitreIDViaGroupObjects(
+        self,
+        technique: dict[str, Any],
+        tactics: list[MitreTactics],
+        groupDicts: list[dict[str, Any]],
+    ) -> None:
+        technique_id = technique["technique_id"]
+        technique_obj = technique["technique"]
         tactics.sort()
-        
-        groupNames:list[str] = sorted([group['group'] for group in groupDicts])
-        
+
+        groupNames: list[str] = sorted([group["group"] for group in groupDicts])
+
         if technique_id in self.data:
             raise Exception(f"Error, trying to redefine MITRE ID '{technique_id}'")
-        
-        self.data[technique_id] = MitreAttackEnrichment.model_validate({'mitre_attack_id': technique_id, 
-                                                                        'mitre_attack_technique': technique_obj, 
-                                                                        'mitre_attack_tactics': tactics, 
-                                                                        'mitre_attack_groups': groupNames,
-                                                                        'mitre_attack_group_objects': groupDicts})
-
-    
-    def get_attack_lookup(self, input_path: Path, enrichments:bool = False) -> dict[str,MitreAttackEnrichment]:            
-        attack_lookup:dict[str,MitreAttackEnrichment] = {}
+
+        self.data[technique_id] = MitreAttackEnrichment.model_validate(
+            {
+                "mitre_attack_id": technique_id,
+                "mitre_attack_technique": technique_obj,
+                "mitre_attack_tactics": tactics,
+                "mitre_attack_groups": groupNames,
+                "mitre_attack_group_objects": groupDicts,
+            }
+        )
+
+    def get_attack_lookup(
+        self, input_path: Path, enrichments: bool = False
+    ) -> dict[str, MitreAttackEnrichment]:
+        attack_lookup: dict[str, MitreAttackEnrichment] = {}
         if not enrichments:
             return attack_lookup
-        
+
         try:
-            print(f"Performing MITRE Enrichment using the repository at {input_path}...",end="", flush=True)
-            # The existence of the input_path is validated during cli argument validation, but it is 
+            print(
+                f"Performing MITRE Enrichment using the repository at {input_path}...",
+                end="",
+                flush=True,
+            )
+            # The existence of the input_path is validated during cli argument validation, but it is
             # possible that the repo is in the wrong format. If the following directories do not
-            # exist, then attack_client will fall back to resolving via REST API. We do not 
-            # want this as it is slow and error prone, so we will force an exception to 
+            # exist, then attack_client will fall back to resolving via REST API. We do not
+            # want this as it is slow and error prone, so we will force an exception to
             # be generated.
-            enterprise_path = input_path/"enterprise-attack"
-            mobile_path = input_path/"ics-attack"
-            ics_path = input_path/"mobile-attack"
-            if not (enterprise_path.is_dir() and mobile_path.is_dir() and ics_path.is_dir()):
-                raise FileNotFoundError("One or more of the following paths does not exist: "
-                                        f"{[str(enterprise_path),str(mobile_path),str(ics_path)]}. "
-                                        f"Please ensure that the {input_path} directory "
-                                        "has been git cloned correctly.") 
+            enterprise_path = input_path / "enterprise-attack"
+            mobile_path = input_path / "ics-attack"
+            ics_path = input_path / "mobile-attack"
+            if not (
+                enterprise_path.is_dir() and mobile_path.is_dir() and ics_path.is_dir()
+            ):
+                raise FileNotFoundError(
+                    "One or more of the following paths does not exist: "
+                    f"{[str(enterprise_path), str(mobile_path), str(ics_path)]}. "
+                    f"Please ensure that the {input_path} directory "
+                    "has been git cloned correctly."
+                )
             lift = attack_client(
-                local_paths= {
-                    "enterprise":str(enterprise_path),
-                    "mobile":str(mobile_path),
-                    "ics":str(ics_path)
+                local_paths={
+                    "enterprise": str(enterprise_path),
+                    "mobile": str(mobile_path),
+                    "ics": str(ics_path),
                 }
             )
-            
-            all_enterprise_techniques = lift.get_enterprise_techniques(stix_format=False)
-            enterprise_relationships = lift.get_enterprise_relationships(stix_format=False)
+
+            all_enterprise_techniques = lift.get_enterprise_techniques(
+                stix_format=False
+            )
+            enterprise_relationships = lift.get_enterprise_relationships(
+                stix_format=False
+            )
             enterprise_groups = lift.get_enterprise_groups(stix_format=False)
-            
+
             for technique in all_enterprise_techniques:
-                apt_groups:list[dict[str,Any]] = []
+                apt_groups: list[dict[str, Any]] = []
                 for relationship in enterprise_relationships:
-                    if (relationship['target_object'] == technique['id']) and relationship['source_object'].startswith('intrusion-set'):
+                    if (
+                        relationship["target_object"] == technique["id"]
+                    ) and relationship["source_object"].startswith("intrusion-set"):
                         for group in enterprise_groups:
-                            if relationship['source_object'] == group['id']:
+                            if relationship["source_object"] == group["id"]:
                                 apt_groups.append(group)
-                                #apt_groups.append(group['group'])
+                                # apt_groups.append(group['group'])
 
                 tactics = []
-                if ('tactic' in technique):
-                    for tactic in technique['tactic']:
-                        tactics.append(tactic.replace('-',' ').title())
+                if "tactic" in technique:
+                    for tactic in technique["tactic"]:
+                        tactics.append(tactic.replace("-", " ").title())
 
                 self.addMitreIDViaGroupObjects(technique, tactics, apt_groups)
-                attack_lookup[technique['technique_id']] = {'technique': technique['technique'], 'tactics': tactics, 'groups': apt_groups}
-
+                attack_lookup[technique["technique_id"]] = {
+                    "technique": technique["technique"],
+                    "tactics": tactics,
+                    "groups": apt_groups,
+                }
 
-        
         except Exception as err:
             raise Exception(f"Error getting MITRE Enrichment: {str(err)}")
-        
+
         print("Done!")
-        return attack_lookup
+        return attack_lookup