contentctl 4.4.7__tar.gz → 5.0.0a2__tar.gz

{contentctl-4.4.7 → contentctl-5.0.0a2}/PKG-INFO

@@ -1,15 +1,16 @@
-Metadata-Version: 2.1
+Metadata-Version: 2.3
 Name: contentctl
-Version: 4.4.7
+Version: 5.0.0a2
 Summary: Splunk Content Control Tool
 License: Apache 2.0
 Author: STRT
 Author-email: research@splunk.com
-Requires-Python: >=3.11,<3.13
+Requires-Python: >=3.11,<3.14
 Classifier: License :: Other/Proprietary License
 Classifier: Programming Language :: Python :: 3
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
 Requires-Dist: Jinja2 (>=3.1.4,<4.0.0)
 Requires-Dist: PyYAML (>=6.0.2,<7.0.0)
 Requires-Dist: attackcti (>=0.4.0,<0.5.0)
@@ -25,7 +26,7 @@ Requires-Dist: semantic-version (>=2.10.0,<3.0.0)
 Requires-Dist: setuptools (>=69.5.1,<76.0.0)
 Requires-Dist: splunk-sdk (>=2.0.2,<3.0.0)
 Requires-Dist: tqdm (>=4.66.5,<5.0.0)
-Requires-Dist: tyro (>=0.8.3,<0.9.0)
+Requires-Dist: tyro (>=0.9.2,<0.10.0)
 Requires-Dist: xmltodict (>=0.13,<0.15)
 Description-Content-Type: text/markdown
 

contentctl-5.0.0a2/contentctl/actions/build.py

@@ -0,0 +1,103 @@
+import sys
+import shutil
+import os
+
+from dataclasses import dataclass
+
+from contentctl.objects.enums import SecurityContentType
+from contentctl.input.director import Director, DirectorOutputDto
+from contentctl.output.conf_output import ConfOutput
+from contentctl.output.conf_writer import ConfWriter
+from contentctl.output.api_json_output import ApiJsonOutput
+from contentctl.output.data_source_writer import DataSourceWriter
+from contentctl.objects.lookup import CSVLookup, Lookup_Type
+import pathlib
+import json
+import datetime
+import uuid
+
+from contentctl.objects.config import build
+
+@dataclass(frozen=True)
+class BuildInputDto:
+    director_output_dto: DirectorOutputDto
+    config:build
+
+
+class Build:
+
+
+
+    def execute(self, input_dto: BuildInputDto) -> DirectorOutputDto:
+        if input_dto.config.build_app:
+
+            updated_conf_files:set[pathlib.Path] = set()
+            conf_output = ConfOutput(input_dto.config)
+
+
+            # Construct a path to a YML that does not actually exist.
+            # We mock this "fake" path since the YML does not exist.
+            # This ensures the checking for the existence of the CSV is correct
+            data_sources_fake_yml_path = input_dto.config.getPackageDirectoryPath() / "lookups" / "data_sources.yml"
+
+            # Construct a special lookup whose CSV is created at runtime and
+            # written directly into the lookups folder. We will delete this after a build, 
+            # assuming that it is successful.
+            data_sources_lookup_csv_path = input_dto.config.getPackageDirectoryPath() / "lookups" / "data_sources.csv"
+
+
+            
+            DataSourceWriter.writeDataSourceCsv(input_dto.director_output_dto.data_sources, data_sources_lookup_csv_path)
+            input_dto.director_output_dto.addContentToDictMappings(CSVLookup.model_construct(name="data_sources",
+                                                                            id=uuid.UUID("b45c1403-6e09-47b0-824f-cf6e44f15ac8"),
+                                                                            version=1,
+                                                                            author=input_dto.config.app.author_name,
+                                                                            date = datetime.date.today(), 
+                                                                            description= "A lookup file that will contain the data source objects for detections.",
+                                                                            lookup_type=Lookup_Type.csv,
+                                                                            file_path=data_sources_fake_yml_path))
+            updated_conf_files.update(conf_output.writeHeaders())
+            updated_conf_files.update(conf_output.writeLookups(input_dto.director_output_dto.lookups))
+            updated_conf_files.update(conf_output.writeDetections(input_dto.director_output_dto.detections))
+            updated_conf_files.update(conf_output.writeStories(input_dto.director_output_dto.stories))
+            updated_conf_files.update(conf_output.writeBaselines(input_dto.director_output_dto.baselines))
+            updated_conf_files.update(conf_output.writeInvestigations(input_dto.director_output_dto.investigations))
+            updated_conf_files.update(conf_output.writeMacros(input_dto.director_output_dto.macros))
+            updated_conf_files.update(conf_output.writeDashboards(input_dto.director_output_dto.dashboards))
+            updated_conf_files.update(conf_output.writeMiscellaneousAppFiles())
+            
+
+            
+            
+            #Ensure that the conf file we just generated/update is syntactically valid
+            for conf_file in updated_conf_files:
+                ConfWriter.validateConfFile(conf_file) 
+                
+            conf_output.packageApp()
+
+            print(f"Build of '{input_dto.config.app.title}' APP successful to {input_dto.config.getPackageFilePath()}")
+        
+
+        if input_dto.config.build_api:    
+            shutil.rmtree(input_dto.config.getAPIPath(), ignore_errors=True)
+            input_dto.config.getAPIPath().mkdir(parents=True)
+            api_json_output = ApiJsonOutput(input_dto.config.getAPIPath(), input_dto.config.app.label)
+            api_json_output.writeDetections(input_dto.director_output_dto.detections)
+            api_json_output.writeStories(input_dto.director_output_dto.stories)
+            api_json_output.writeBaselines(input_dto.director_output_dto.baselines)
+            api_json_output.writeInvestigations(input_dto.director_output_dto.investigations)
+            api_json_output.writeLookups(input_dto.director_output_dto.lookups)
+            api_json_output.writeMacros(input_dto.director_output_dto.macros)
+            api_json_output.writeDeployments(input_dto.director_output_dto.deployments)
+
+            
+            #create version file for sse api
+            version_file = input_dto.config.getAPIPath()/"version.json"
+            utc_time = datetime.datetime.now(datetime.timezone.utc).replace(microsecond=0,tzinfo=None).isoformat()
+            version_dict = {"version":{"name":f"v{input_dto.config.app.version}","published_at": f"{utc_time}Z"  }}
+            with open(version_file,"w") as version_f:
+                json.dump(version_dict,version_f)
+            
+            print(f"Build of '{input_dto.config.app.title}' API successful to {input_dto.config.getAPIPath()}")
+
+        return input_dto.director_output_dto

{contentctl-4.4.7 → contentctl-5.0.0a2}/contentctl/actions/detection_testing/DetectionTestingManager.py

@@ -5,7 +5,6 @@ from contentctl.actions.detection_testing.infrastructures.DetectionTestingInfras
 from contentctl.actions.detection_testing.infrastructures.DetectionTestingInfrastructureServer import DetectionTestingInfrastructureServer
 from urllib.parse import urlparse
 from copy import deepcopy
-from contentctl.objects.enums import DetectionTestingTargetInfrastructure
 import signal
 import datetime
 # from queue import Queue

contentctl-5.0.0a2/contentctl/actions/detection_testing/GitService.py

@@ -0,0 +1,247 @@
+import logging
+import os
+import pathlib
+from typing import TYPE_CHECKING, List, Optional
+
+import pygit2
+from pydantic import BaseModel, FilePath
+from pygit2.enums import DeltaStatus
+
+if TYPE_CHECKING:
+    from contentctl.input.director import DirectorOutputDto
+
+from contentctl.objects.config import All, Changes, Selected, test_common
+from contentctl.objects.data_source import DataSource
+from contentctl.objects.detection import Detection
+from contentctl.objects.lookup import CSVLookup, Lookup
+from contentctl.objects.macro import Macro
+from contentctl.objects.security_content_object import SecurityContentObject
+
+# Logger
+logging.basicConfig(level=os.environ.get("LOGLEVEL", "INFO"))
+LOGGER = logging.getLogger(__name__)
+
+
+from contentctl.input.director import DirectorOutputDto
+
+
+class GitService(BaseModel):
+    director: DirectorOutputDto
+    config: test_common
+    gitHash: Optional[str] = None
+
+    def getHash(self) -> str:
+        if self.gitHash is None:
+            raise Exception("Cannot get hash of repo, it was not set")
+        return self.gitHash
+
+    def getContent(self) -> List[Detection]:
+        if isinstance(self.config.mode, Selected):
+            return self.getSelected(self.config.mode.files)
+        elif isinstance(self.config.mode, Changes):
+            return self.getChanges(self.config.mode.target_branch)
+        if isinstance(self.config.mode, All):
+            return self.getAll()
+        else:
+            raise Exception(
+                f"Could not get content to test. Unsupported test mode '{self.config.mode}'"
+            )
+
+    def getAll(self) -> List[Detection]:
+        return self.director.detections
+
+    def getChanges(self, target_branch: str) -> List[Detection]:
+        repo = pygit2.Repository(path=str(self.config.path))
+
+        try:
+            target_tree = repo.revparse_single(target_branch).tree
+            self.gitHash = target_tree.id
+            diffs = repo.index.diff_to_tree(target_tree)
+        except Exception:
+            raise Exception(
+                f"Error parsing diff target_branch '{target_branch}'. Are you certain that it exists?"
+            )
+
+        # Get the uncommitted changes in the current directory
+        diffs2 = repo.index.diff_to_workdir()
+
+        # Combine the uncommitted changes with the committed changes
+        all_diffs = list(diffs) + list(diffs2)
+
+        # Make a filename to content map
+        filepath_to_content_map = {
+            obj.file_path: obj for (_, obj) in self.director.name_to_content_map.items()
+        }
+
+        updated_detections: set[Detection] = set()
+        updated_macros: set[Macro] = set()
+        updated_lookups: set[Lookup] = set()
+        updated_datasources: set[DataSource] = set()
+
+        for diff in all_diffs:
+            if type(diff) == pygit2.Patch:
+                if diff.delta.status in (
+                    DeltaStatus.ADDED,
+                    DeltaStatus.MODIFIED,
+                    DeltaStatus.RENAMED,
+                ):
+                    # print(f"{DeltaStatus(diff.delta.status).name:<8}:{diff.delta.new_file.raw_path}")
+                    decoded_path = pathlib.Path(
+                        diff.delta.new_file.raw_path.decode("utf-8")
+                    )
+                    # Note that we only handle updates to detections, lookups, and macros at this time. All other changes are ignored.
+                    if (
+                        decoded_path.is_relative_to(self.config.path / "detections")
+                        and decoded_path.suffix == ".yml"
+                    ):
+                        detectionObject = filepath_to_content_map.get(
+                            decoded_path, None
+                        )
+                        if isinstance(detectionObject, Detection):
+                            updated_detections.add(detectionObject)
+                        else:
+                            raise Exception(
+                                f"Error getting detection object for file {str(decoded_path)}"
+                            )
+
+                    elif (
+                        decoded_path.is_relative_to(self.config.path / "macros")
+                        and decoded_path.suffix == ".yml"
+                    ):
+                        macroObject = filepath_to_content_map.get(decoded_path, None)
+                        if isinstance(macroObject, Macro):
+                            updated_macros.add(macroObject)
+                        else:
+                            raise Exception(
+                                f"Error getting macro object for file {str(decoded_path)}"
+                            )
+
+                    elif (
+                        decoded_path.is_relative_to(self.config.path / "data_sources")
+                        and decoded_path.suffix == ".yml"
+                    ):
+                        datasourceObject = filepath_to_content_map.get(
+                            decoded_path, None
+                        )
+                        if isinstance(datasourceObject, DataSource):
+                            updated_datasources.add(datasourceObject)
+                        else:
+                            raise Exception(
+                                f"Error getting data source object for file {str(decoded_path)}"
+                            )
+
+                    elif decoded_path.is_relative_to(self.config.path / "lookups"):
+                        # We need to convert this to a yml. This means we will catch
+                        # both changes to a csv AND changes to the YML that uses it
+                        if decoded_path.suffix == ".yml":
+                            updatedLookup = filepath_to_content_map.get(
+                                decoded_path, None
+                            )
+                            if not isinstance(updatedLookup, Lookup):
+                                raise Exception(
+                                    f"Expected {decoded_path} to be type {type(Lookup)}, but instead if was {(type(updatedLookup))}"
+                                )
+                            updated_lookups.add(updatedLookup)
+
+                        elif decoded_path.suffix == ".csv":
+                            # If the CSV was updated, we want to make sure that we
+                            # add the correct corresponding Lookup object.
+                            # Filter to find the Lookup Object the references this CSV
+                            matched = list(
+                                filter(
+                                    lambda x: isinstance(x, CSVLookup)
+                                    and x.filename == decoded_path,
+                                    self.director.lookups,
+                                )
+                            )
+                            if len(matched) == 0:
+                                raise Exception(
+                                    f"Failed to find any lookups that reference the modified CSV file  '{decoded_path}'"
+                                )
+                            elif len(matched) > 1:
+                                raise Exception(
+                                    f"More than 1 Lookup reference the modified CSV file '{decoded_path}': {[match.file_path for match in matched]}"
+                                )
+                            else:
+                                updatedLookup = matched[0]
+                        elif decoded_path.suffix == ".mlmodel":
+                            # Detected a changed .mlmodel file. However, since we do not have testing for these detections at
+                            # this time, we will ignore this change.
+                            updatedLookup = None
+
+                        else:
+                            raise Exception(
+                                f"Detected a changed file in the lookups/ directory '{str(decoded_path)}'.\n"
+                                "Only files ending in .csv, .yml, or .mlmodel are supported in this "
+                                "directory. This file must be removed from the lookups/ directory."
+                            )
+
+                        if (
+                            updatedLookup is not None
+                            and updatedLookup not in updated_lookups
+                        ):
+                            # It is possible that both the CSV and YML have been modified for the same lookup,
+                            # and we do not want to add it twice.
+                            updated_lookups.add(updatedLookup)
+
+                    else:
+                        pass
+                        # print(f"Ignore changes to file {decoded_path} since it is not a detection, macro, or lookup.")
+            else:
+                raise Exception(f"Unrecognized diff type {type(diff)}")
+
+        # If a detection has at least one dependency on changed content,
+        # then we must test it again
+
+        changed_macros_and_lookups_and_datasources: set[Macro | Lookup | DataSource] = (
+            updated_macros.union(updated_lookups, updated_datasources)
+        )
+
+        for detection in self.director.detections:
+            if detection in updated_detections:
+                # we are already planning to test it, don't need
+                # to add it again
+                continue
+
+            for obj in changed_macros_and_lookups_and_datasources:
+                if obj in detection.get_content_dependencies():
+                    updated_detections.add(detection)
+                    break
+
+        # Print out the names of all modified/new content
+        modifiedAndNewContentString = "\n - ".join(
+            sorted([d.name for d in updated_detections])
+        )
+
+        print(
+            f"[{len(updated_detections)}] Pieces of modifed and new content (this may include experimental/deprecated/manual_test content):\n - {modifiedAndNewContentString}"
+        )
+        return sorted(list(updated_detections))
+
+    def getSelected(self, detectionFilenames: List[FilePath]) -> List[Detection]:
+        filepath_to_content_map: dict[FilePath, SecurityContentObject] = {
+            obj.file_path: obj
+            for (_, obj) in self.director.name_to_content_map.items()
+            if obj.file_path is not None
+        }
+        errors = []
+        detections: List[Detection] = []
+        for name in detectionFilenames:
+            obj = filepath_to_content_map.get(name, None)
+            if obj is None:
+                errors.append(
+                    f"There is no detection file or security_content_object at '{name}'"
+                )
+            elif not isinstance(obj, Detection):
+                errors.append(
+                    f"The security_content_object at '{name}' is of type '{type(obj).__name__}', NOT '{Detection.__name__}'"
+                )
+            else:
+                detections.append(obj)
+
+        if errors:
+            errorsString = "\n - ".join(errors)
+            raise Exception(
+                f"The following errors were encountered while getting selected detections to test:\n - {errorsString}"
+            )
+        return detections

{contentctl-4.4.7 → contentctl-5.0.0a2}/contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructure.py

@@ -442,7 +442,7 @@ class DetectionTestingInfrastructure(BaseModel, abc.ABC):
                     self.format_pbar_string(
                         TestReportingType.GROUP,
                         test_group.name,
-                        FinalTestingStates.SKIP.value,
+                        FinalTestingStates.SKIP,
                         start_time=time.time(),
                         set_pbar=False,
                     )
@@ -483,7 +483,7 @@ class DetectionTestingInfrastructure(BaseModel, abc.ABC):
                 self.format_pbar_string(
                     TestReportingType.GROUP,
                     test_group.name,
-                    TestingStates.DONE_GROUP.value,
+                    TestingStates.DONE_GROUP,
                     start_time=setup_results.start_time,
                     set_pbar=False,
                 )
@@ -504,7 +504,7 @@ class DetectionTestingInfrastructure(BaseModel, abc.ABC):
         self.format_pbar_string(
             TestReportingType.GROUP,
             test_group.name,
-            TestingStates.BEGINNING_GROUP.value,
+            TestingStates.BEGINNING_GROUP,
             start_time=setup_start_time
         )
         # https://github.com/WoLpH/python-progressbar/issues/164
@@ -544,7 +544,7 @@ class DetectionTestingInfrastructure(BaseModel, abc.ABC):
         self.format_pbar_string(
             TestReportingType.GROUP,
             test_group.name,
-            TestingStates.DELETING.value,
+            TestingStates.DELETING,
             start_time=test_group_start_time,
         )
 
@@ -632,7 +632,7 @@ class DetectionTestingInfrastructure(BaseModel, abc.ABC):
                 self.format_pbar_string(
                     TestReportingType.UNIT,
                     f"{detection.name}:{test.name}",
-                    FinalTestingStates.SKIP.value,
+                    FinalTestingStates.SKIP,
                     start_time=test_start_time,
                     set_pbar=False,
                 )
@@ -664,7 +664,7 @@ class DetectionTestingInfrastructure(BaseModel, abc.ABC):
                 self.format_pbar_string(
                     TestReportingType.UNIT,
                     f"{detection.name}:{test.name}",
-                    FinalTestingStates.ERROR.value,
+                    FinalTestingStates.ERROR,
                     start_time=test_start_time,
                     set_pbar=False,
                 )
@@ -724,7 +724,7 @@ class DetectionTestingInfrastructure(BaseModel, abc.ABC):
                 res = "ERROR"
                 link = detection.search
             else:
-                res = test.result.status.value.upper()                                              # type: ignore
+                res = test.result.status.upper()                                              # type: ignore
                 link = test.result.get_summary_dict()["sid_link"]
 
             self.format_pbar_string(
@@ -755,7 +755,7 @@ class DetectionTestingInfrastructure(BaseModel, abc.ABC):
                 self.format_pbar_string(
                     TestReportingType.UNIT,
                     f"{detection.name}:{test.name}",
-                    FinalTestingStates.PASS.value,
+                    FinalTestingStates.PASS,
                     start_time=test_start_time,
                     set_pbar=False,
                 )
@@ -766,7 +766,7 @@ class DetectionTestingInfrastructure(BaseModel, abc.ABC):
                 self.format_pbar_string(
                     TestReportingType.UNIT,
                     f"{detection.name}:{test.name}",
-                    FinalTestingStates.SKIP.value,
+                    FinalTestingStates.SKIP,
                     start_time=test_start_time,
                     set_pbar=False,
                 )
@@ -777,7 +777,7 @@ class DetectionTestingInfrastructure(BaseModel, abc.ABC):
                 self.format_pbar_string(
                     TestReportingType.UNIT,
                     f"{detection.name}:{test.name}",
-                    FinalTestingStates.FAIL.value,
+                    FinalTestingStates.FAIL,
                     start_time=test_start_time,
                     set_pbar=False,
                 )
@@ -788,7 +788,7 @@ class DetectionTestingInfrastructure(BaseModel, abc.ABC):
                 self.format_pbar_string(
                     TestReportingType.UNIT,
                     f"{detection.name}:{test.name}",
-                    FinalTestingStates.ERROR.value,
+                    FinalTestingStates.ERROR,
                     start_time=test_start_time,
                     set_pbar=False,
                 )
@@ -821,7 +821,7 @@ class DetectionTestingInfrastructure(BaseModel, abc.ABC):
         test_start_time = time.time()
 
         # First, check to see if the test should be skipped (Hunting or Correlation)
-        if detection.type in [AnalyticsType.Hunting.value, AnalyticsType.Correlation.value]:
+        if detection.type in [AnalyticsType.Hunting, AnalyticsType.Correlation]:
             test.skip(
                 f"TEST SKIPPED: detection is type {detection.type} and cannot be integration "
                 "tested at this time"
@@ -843,11 +843,11 @@ class DetectionTestingInfrastructure(BaseModel, abc.ABC):
             # Determine the reporting state (we should only encounter SKIP/FAIL/ERROR)
             state: str
             if test.result.status == TestResultStatus.SKIP:
-                state = FinalTestingStates.SKIP.value
+                state = FinalTestingStates.SKIP
             elif test.result.status == TestResultStatus.FAIL:
-                state = FinalTestingStates.FAIL.value
+                state = FinalTestingStates.FAIL
             elif test.result.status == TestResultStatus.ERROR:
-                state = FinalTestingStates.ERROR.value
+                state = FinalTestingStates.ERROR
             else:
                 raise ValueError(
                     f"Status for (integration) '{detection.name}:{test.name}' was preemptively set"
@@ -891,7 +891,7 @@ class DetectionTestingInfrastructure(BaseModel, abc.ABC):
                 self.format_pbar_string(
                     TestReportingType.INTEGRATION,
                     f"{detection.name}:{test.name}",
-                    FinalTestingStates.FAIL.value,
+                    FinalTestingStates.FAIL,
                     start_time=test_start_time,
                     set_pbar=False,
                 )
@@ -935,7 +935,7 @@ class DetectionTestingInfrastructure(BaseModel, abc.ABC):
             if test.result is None:
                 res = "ERROR"
             else:
-                res = test.result.status.value.upper()                                              # type: ignore
+                res = test.result.status.upper()                                              # type: ignore
 
             # Get the link to the saved search in this specific instance
             link = f"https://{self.infrastructure.instance_address}:{self.infrastructure.web_ui_port}"
@@ -968,7 +968,7 @@ class DetectionTestingInfrastructure(BaseModel, abc.ABC):
                 self.format_pbar_string(
                     TestReportingType.INTEGRATION,
                     f"{detection.name}:{test.name}",
-                    FinalTestingStates.PASS.value,
+                    FinalTestingStates.PASS,
                     start_time=test_start_time,
                     set_pbar=False,
                 )
@@ -979,7 +979,7 @@ class DetectionTestingInfrastructure(BaseModel, abc.ABC):
                 self.format_pbar_string(
                     TestReportingType.INTEGRATION,
                     f"{detection.name}:{test.name}",
-                    FinalTestingStates.SKIP.value,
+                    FinalTestingStates.SKIP,
                     start_time=test_start_time,
                     set_pbar=False,
                 )
@@ -990,7 +990,7 @@ class DetectionTestingInfrastructure(BaseModel, abc.ABC):
                 self.format_pbar_string(
                     TestReportingType.INTEGRATION,
                     f"{detection.name}:{test.name}",
-                    FinalTestingStates.FAIL.value,
+                    FinalTestingStates.FAIL,
                     start_time=test_start_time,
                     set_pbar=False,
                 )
@@ -1001,7 +1001,7 @@ class DetectionTestingInfrastructure(BaseModel, abc.ABC):
                 self.format_pbar_string(
                     TestReportingType.INTEGRATION,
                     f"{detection.name}:{test.name}",
-                    FinalTestingStates.ERROR.value,
+                    FinalTestingStates.ERROR,
                     start_time=test_start_time,
                     set_pbar=False,
                 )
@@ -1077,7 +1077,7 @@ class DetectionTestingInfrastructure(BaseModel, abc.ABC):
                 self.format_pbar_string(
                     TestReportingType.UNIT,
                     f"{detection.name}:{test.name}",
-                    TestingStates.PROCESSING.value,
+                    TestingStates.PROCESSING,
                     start_time=start_time
                 )
 
@@ -1086,7 +1086,7 @@ class DetectionTestingInfrastructure(BaseModel, abc.ABC):
             self.format_pbar_string(
                 TestReportingType.UNIT,
                 f"{detection.name}:{test.name}",
-                TestingStates.SEARCHING.value,
+                TestingStates.SEARCHING,
                 start_time=start_time,
             )
 
@@ -1094,6 +1094,7 @@ class DetectionTestingInfrastructure(BaseModel, abc.ABC):
             job = self.get_conn().search(query=search, **kwargs)
             results = JSONResultsReader(job.results(output_mode="json"))
 
+            # TODO (cmcginley): @ljstella you're removing this ultimately, right?
             # Consolidate a set of the distinct observable field names
             observable_fields_set = set([o.name for o in detection.tags.observable]) # keeping this around for later
             risk_object_fields_set = set([o.name for o in detection.tags.observable if "Victim" in o.role ]) # just the "Risk Objects"
@@ -1121,7 +1122,10 @@ class DetectionTestingInfrastructure(BaseModel, abc.ABC):
                     missing_risk_objects = risk_object_fields_set - results_fields_set
                     if len(missing_risk_objects) > 0:
                         # Report a failure in such cases
-                        e = Exception(f"The observable field(s) {missing_risk_objects} are missing in the detection results")
+                        e = Exception(
+                            f"The risk object field(s) {missing_risk_objects} are missing in the "
+                            "detection results"
+                        )
                         test.result.set_job_content(
                             job.content,
                             self.infrastructure,
@@ -1137,6 +1141,8 @@ class DetectionTestingInfrastructure(BaseModel, abc.ABC):
                     # on a field.  In this case, the field will appear but will not contain any values
                     current_empty_fields: set[str] = set()
 
+                    # TODO (cmcginley): @ljstella is this something we're keeping for testing as
+                    #   well?
                     for field in observable_fields_set:
                         if result.get(field, 'null') == 'null':
                             if field in risk_object_fields_set:
@@ -1289,7 +1295,7 @@ class DetectionTestingInfrastructure(BaseModel, abc.ABC):
                 self.format_pbar_string(
                     TestReportingType.GROUP,
                     test_group.name,
-                    TestingStates.DOWNLOADING.value,
+                    TestingStates.DOWNLOADING,
                     start_time=test_group_start_time
                 )
 
@@ -1307,7 +1313,7 @@ class DetectionTestingInfrastructure(BaseModel, abc.ABC):
         self.format_pbar_string(
             TestReportingType.GROUP,
             test_group.name,
-            TestingStates.REPLAYING.value,
+            TestingStates.REPLAYING,
             start_time=test_group_start_time
         )
 

{contentctl-4.4.7 → contentctl-5.0.0a2}/contentctl/actions/detection_testing/progress_bar.py

@@ -1,10 +1,10 @@
 import time
-from enum import Enum
+from enum import StrEnum
 from tqdm import tqdm
 import datetime
 
 
-class TestReportingType(str, Enum):
+class TestReportingType(StrEnum):
     """
     5-char identifiers for the type of testing being reported on
     """
@@ -21,7 +21,7 @@ class TestReportingType(str, Enum):
     INTEGRATION = "INTEG"
 
 
-class TestingStates(str, Enum):
+class TestingStates(StrEnum):
     """
     Defined testing states
     """
@@ -40,10 +40,10 @@ class TestingStates(str, Enum):
 
 
 # the longest length of any state
-LONGEST_STATE = max(len(w.value) for w in TestingStates)
+LONGEST_STATE = max(len(w) for w in TestingStates)
 
 
-class FinalTestingStates(str, Enum):
+class FinalTestingStates(StrEnum):
     """
     The possible final states for a test (for pbar reporting)
     """
@@ -82,7 +82,7 @@ def format_pbar_string(
     :returns: a formatted string for use w/ pbar
     """
     # Extract and ljust our various fields
-    field_one = test_reporting_type.value
+    field_one = test_reporting_type
     field_two = test_name.ljust(MAX_TEST_NAME_LENGTH)
     field_three = state.ljust(LONGEST_STATE)
     field_four = datetime.timedelta(seconds=round(time.time() - start_time))