contentctl 5.0.0a0__py3-none-any.whl → 5.0.0a3__py3-none-any.whl

contentctl/objects/abstract_security_content_objects/security_content_object_abstract.py

@@ -5,7 +5,6 @@ if TYPE_CHECKING:
     from contentctl.objects.deployment import Deployment
     from contentctl.objects.security_content_object import SecurityContentObject
     from contentctl.input.director import DirectorOutputDto
-    from contentctl.objects.config import CustomApp
 
 from contentctl.objects.enums import AnalyticsType
 from contentctl.objects.constants import CONTENTCTL_MAX_STANZA_LENGTH
@@ -22,7 +21,7 @@ from pydantic import (
     HttpUrl,
     NonNegativeInt,
     ConfigDict,
-    model_serializer
+    model_serializer,
 )
 from typing import Tuple, Optional, List, Union
 import pathlib
@@ -32,13 +31,13 @@ NO_FILE_NAME = "NO_FILE_NAME"
 
 
 class SecurityContentObject_Abstract(BaseModel, abc.ABC):
-    model_config = ConfigDict(validate_default=True,extra="forbid")
-    name: str = Field(...,max_length=99)
-    author: str = Field(...,max_length=255)
+    model_config = ConfigDict(validate_default=True, extra="forbid")
+    name: str = Field(..., max_length=99)
+    author: str = Field(..., max_length=255)
     date: datetime.date = Field(...)
     version: NonNegativeInt = Field(...)
-    id: uuid.UUID = Field(...) #we set a default here until all content has a uuid
-    description: str = Field(...,max_length=10000)
+    id: uuid.UUID = Field(...)  # we set a default here until all content has a uuid
+    description: str = Field(..., max_length=10000)
     file_path: Optional[FilePath] = None
     references: Optional[List[HttpUrl]] = None
 
@@ -54,15 +53,18 @@ class SecurityContentObject_Abstract(BaseModel, abc.ABC):
             "version": self.version,
             "id": str(self.id),
             "description": self.description,
-            "references": [str(url) for url in self.references or []]
+            "references": [str(url) for url in self.references or []],
         }
-    
-    
-    def check_conf_stanza_max_length(self, stanza_name:str, max_stanza_length:int=CONTENTCTL_MAX_STANZA_LENGTH) -> None:
+
+    def check_conf_stanza_max_length(
+        self, stanza_name: str, max_stanza_length: int = CONTENTCTL_MAX_STANZA_LENGTH
+    ) -> None:
         if len(stanza_name) > max_stanza_length:
-            raise ValueError(f"conf stanza may only be {max_stanza_length} characters, "
-                             f"but stanza was actually {len(stanza_name)} characters: '{stanza_name}' ")
-    
+            raise ValueError(
+                f"conf stanza may only be {max_stanza_length} characters, "
+                f"but stanza was actually {len(stanza_name)} characters: '{stanza_name}' "
+            )
+
     @staticmethod
     def objectListToNameList(objects: list[SecurityContentObject]) -> list[str]:
         return [object.getName() for object in objects]
@@ -74,17 +76,19 @@ class SecurityContentObject_Abstract(BaseModel, abc.ABC):
 
     @classmethod
     def contentNameToFileName(cls, content_name: str) -> str:
-        return content_name \
-            .replace(' ', '_') \
-            .replace('-', '_') \
-            .replace('.', '_') \
-            .replace('/', '_') \
-            .lower() + ".yml"
+        return (
+            content_name.replace(" ", "_")
+            .replace("-", "_")
+            .replace(".", "_")
+            .replace("/", "_")
+            .lower()
+            + ".yml"
+        )
 
     def ensureFileNameMatchesSearchName(self):
         file_name = self.contentNameToFileName(self.name)
 
-        if (self.file_path is not None and file_name != self.file_path.name):
+        if self.file_path is not None and file_name != self.file_path.name:
             raise ValueError(
                 f"The file name MUST be based off the content 'name' field:\n"
                 f"\t- Expected File Name: {file_name}\n"
@@ -93,7 +97,7 @@ class SecurityContentObject_Abstract(BaseModel, abc.ABC):
 
         return self
 
-    @field_validator('file_path')
+    @field_validator("file_path")
     @classmethod
     def file_path_valid(cls, v: Optional[pathlib.PosixPath], info: ValidationInfo):
         if not v:
@@ -110,7 +114,9 @@ class SecurityContentObject_Abstract(BaseModel, abc.ABC):
         return [str(url) for url in self.references or []]
 
     @classmethod
-    def mapNamesToSecurityContentObjects(cls, v: list[str], director: Union[DirectorOutputDto, None]) -> list[Self]:
+    def mapNamesToSecurityContentObjects(
+        cls, v: list[str], director: Union[DirectorOutputDto, None]
+    ) -> list[Self]:
         if director is not None:
             name_map = director.name_to_content_map
         else:
@@ -130,7 +136,9 @@ class SecurityContentObject_Abstract(BaseModel, abc.ABC):
 
         errors: list[str] = []
         if len(missing_objects) > 0:
-            errors.append(f"Failed to find the following '{cls.__name__}': {missing_objects}")
+            errors.append(
+                f"Failed to find the following '{cls.__name__}': {missing_objects}"
+            )
         if len(mistyped_objects) > 0:
             for mistyped_object in mistyped_objects:
                 errors.append(
@@ -142,13 +150,16 @@ class SecurityContentObject_Abstract(BaseModel, abc.ABC):
             error_string = "\n  - ".join(errors)
             raise ValueError(
                 f"Found {len(errors)} issues when resolving references Security Content Object "
-                f"names:\n  - {error_string}")
+                f"names:\n  - {error_string}"
+            )
 
         # Sort all objects sorted by name
         return sorted(mappedObjects, key=lambda o: o.name)
 
     @staticmethod
-    def getDeploymentFromType(typeField: Union[str, None], info: ValidationInfo) -> Deployment:
+    def getDeploymentFromType(
+        typeField: Union[str, None], info: ValidationInfo
+    ) -> Deployment:
         if typeField is None:
             raise ValueError("'type:' field is missing from YML.")
 
@@ -157,21 +168,25 @@ class SecurityContentObject_Abstract(BaseModel, abc.ABC):
 
         director: Optional[DirectorOutputDto] = info.context.get("output_dto", None)
         if not director:
-            raise ValueError("Cannot set deployment - DirectorOutputDto not passed to Detection Constructor in context")
+            raise ValueError(
+                "Cannot set deployment - DirectorOutputDto not passed to Detection Constructor in context"
+            )
 
         type_to_deployment_name_map = {
             AnalyticsType.TTP: "ESCU Default Configuration TTP",
             AnalyticsType.Hunting: "ESCU Default Configuration Hunting",
             AnalyticsType.Correlation: "ESCU Default Configuration Correlation",
             AnalyticsType.Anomaly: "ESCU Default Configuration Anomaly",
-            "Baseline": "ESCU Default Configuration Baseline"
+            "Baseline": "ESCU Default Configuration Baseline",
         }
         converted_type_field = type_to_deployment_name_map[typeField]
 
         # TODO: This is clunky, but is imported here to resolve some circular import errors
         from contentctl.objects.deployment import Deployment
 
-        deployments = Deployment.mapNamesToSecurityContentObjects([converted_type_field], director)
+        deployments = Deployment.mapNamesToSecurityContentObjects(
+            [converted_type_field], director
+        )
         if len(deployments) == 1:
             return deployments[0]
         elif len(deployments) == 0:
@@ -187,18 +202,19 @@ class SecurityContentObject_Abstract(BaseModel, abc.ABC):
 
     @staticmethod
     def get_objects_by_name(
-        names_to_find: set[str],
-        objects_to_search: list[SecurityContentObject_Abstract]
+        names_to_find: set[str], objects_to_search: list[SecurityContentObject_Abstract]
     ) -> Tuple[list[SecurityContentObject_Abstract], set[str]]:
         raise Exception("get_objects_by_name deprecated")
-        found_objects = list(filter(lambda obj: obj.name in names_to_find, objects_to_search))
+        found_objects = list(
+            filter(lambda obj: obj.name in names_to_find, objects_to_search)
+        )
         found_names = set([obj.name for obj in found_objects])
         missing_names = names_to_find - found_names
         return found_objects, missing_names
 
     @staticmethod
     def create_filename_to_content_dict(
-        all_objects: list[SecurityContentObject_Abstract]
+        all_objects: list[SecurityContentObject_Abstract],
     ) -> dict[str, SecurityContentObject_Abstract]:
         name_dict: dict[str, SecurityContentObject_Abstract] = dict()
         for object in all_objects:
@@ -206,7 +222,9 @@ class SecurityContentObject_Abstract(BaseModel, abc.ABC):
             # SecurityContentObject (e.g. filter macros that are created at runtime but have no
             # actual file associated)
             if object.file_path is None:
-                raise ValueError(f"SecurityContentObject is missing a file_path: {object.name}")
+                raise ValueError(
+                    f"SecurityContentObject is missing a file_path: {object.name}"
+                )
             name_dict[str(pathlib.Path(object.file_path))] = object
         return name_dict
 
@@ -223,12 +241,16 @@ class SecurityContentObject_Abstract(BaseModel, abc.ABC):
 
     def __lt__(self, other: object) -> bool:
         if not isinstance(other, SecurityContentObject_Abstract):
-            raise Exception(f"SecurityContentObject can only be compared to each other, not to {type(other)}")
+            raise Exception(
+                f"SecurityContentObject can only be compared to each other, not to {type(other)}"
+            )
         return self.name < other.name
 
     def __eq__(self, other: object) -> bool:
         if not isinstance(other, SecurityContentObject_Abstract):
-            raise Exception(f"SecurityContentObject can only be compared to each other, not to {type(other)}")
+            raise Exception(
+                f"SecurityContentObject can only be compared to each other, not to {type(other)}"
+            )
 
         if id(self) == id(other) and self.name == other.name and self.id == other.id:
             # Yes, this is the same object

contentctl/objects/alert_action.py

@@ -8,6 +8,7 @@ from contentctl.objects.deployment_rba import DeploymentRBA
 from contentctl.objects.deployment_slack import DeploymentSlack
 from contentctl.objects.deployment_phantom import DeploymentPhantom
 
+
 class AlertAction(BaseModel):
     model_config = ConfigDict(extra="forbid")
     email: Optional[DeploymentEmail] = None
@@ -16,26 +17,25 @@ class AlertAction(BaseModel):
     slack: Optional[DeploymentSlack] = None
     phantom: Optional[DeploymentPhantom] = None
 
-    
     @model_serializer
     def serialize_model(self):
-        #Call serializer for parent
+        # Call serializer for parent
         model = {}
 
         if self.email is not None:
             raise Exception("Email not implemented")
 
         if self.notable is not None:
-            model['notable'] = self.notable
+            model["notable"] = self.notable
 
         if self.rba is not None and self.rba.enabled:
-            model['rba'] = {'enabled': "true"}
+            model["rba"] = {"enabled": "true"}
 
         if self.slack is not None:
             raise Exception("Slack not implemented")
-        
+
         if self.phantom is not None:
             raise Exception("Phantom not implemented")
-        
-        #return the model
-        return model
+
+        # return the model
+        return model

contentctl/objects/annotated_types.py

@@ -3,4 +3,4 @@ from typing import Annotated
 
 CVE_TYPE = Annotated[str, Field(pattern=r"^CVE-[1|2]\d{3}-\d+$")]
 MITRE_ATTACK_ID_TYPE = Annotated[str, Field(pattern=r"^T\d{4}(.\d{3})?$")]
-APPID_TYPE = Annotated[str,Field(pattern="^[a-zA-Z0-9_-]+$")]
+APPID_TYPE = Annotated[str, Field(pattern="^[a-zA-Z0-9_-]+$")]

contentctl/objects/atomic.py

@@ -1,5 +1,6 @@
 from __future__ import annotations
 from typing import TYPE_CHECKING
+
 if TYPE_CHECKING:
     from contentctl.objects.config import validate
 
@@ -11,12 +12,13 @@ import pathlib
 from enum import StrEnum, auto
 import uuid
 
-class SupportedPlatform(StrEnum):        
+
+class SupportedPlatform(StrEnum):
     windows = auto()
     linux = auto()
     macos = auto()
     containers = auto()
-    # Because the following fields contain special characters 
+    # Because the following fields contain special characters
     # (which cannot be field names) we must specifiy them manually
     google_workspace = "google-workspace"
     iaas_gcp = "iaas:gcp"
@@ -24,7 +26,6 @@ class SupportedPlatform(StrEnum):
     iaas_aws = "iaas:aws"
     azure_ad = "azure-ad"
     office_365 = "office-365"
-    
 
 
 class InputArgumentType(StrEnum):
@@ -40,29 +41,33 @@ class InputArgumentType(StrEnum):
     Path = "Path"
     Url = "Url"
 
+
 class AtomicExecutor(BaseModel):
     model_config = ConfigDict(extra="forbid")
     name: str
-    elevation_required: Optional[bool] = False #Appears to be optional
+    elevation_required: Optional[bool] = False  # Appears to be optional
     command: Optional[str] = None
     steps: Optional[str] = None
     cleanup_command: Optional[str] = None
 
-    @model_validator(mode='after')
-    def ensure_mutually_exclusive_fields(self)->Self:
+    @model_validator(mode="after")
+    def ensure_mutually_exclusive_fields(self) -> Self:
         if self.command is not None and self.steps is not None:
-            raise ValueError("command and steps cannot both be defined in the executor section.  Exactly one must be defined.")
+            raise ValueError(
+                "command and steps cannot both be defined in the executor section.  Exactly one must be defined."
+            )
         elif self.command is None and self.steps is None:
-            raise ValueError("Neither command nor steps were defined in the executor section.  Exactly one must be defined.")
+            raise ValueError(
+                "Neither command nor steps were defined in the executor section.  Exactly one must be defined."
+            )
         return self
-    
 
 
 class InputArgument(BaseModel):
-    model_config = ConfigDict(extra='forbid')
+    model_config = ConfigDict(extra="forbid")
     description: str
     type: InputArgumentType
-    default: Union[str,int,float,None] = None
+    default: Union[str, int, float, None] = None
 
 
 class DependencyExecutorType(StrEnum):
@@ -71,43 +76,51 @@ class DependencyExecutorType(StrEnum):
     bash = auto()
     command_prompt = auto()
 
+
 class AtomicDependency(BaseModel):
-    model_config = ConfigDict(extra='forbid')
+    model_config = ConfigDict(extra="forbid")
     description: str
     prereq_command: str
     get_prereq_command: str
 
+
 class AtomicTest(BaseModel):
-    model_config = ConfigDict(extra='forbid')
+    model_config = ConfigDict(extra="forbid")
     name: str
     auto_generated_guid: UUID4
     description: str
     supported_platforms: List[SupportedPlatform]
     executor: AtomicExecutor
-    input_arguments: Optional[Dict[str,InputArgument]] = None
+    input_arguments: Optional[Dict[str, InputArgument]] = None
     dependencies: Optional[List[AtomicDependency]] = None
     dependency_executor_name: Optional[DependencyExecutorType] = None
 
     @staticmethod
     def AtomicTestWhenTestIsMissing(auto_generated_guid: UUID4) -> AtomicTest:
-        return AtomicTest(name="Missing Atomic",
-                          auto_generated_guid=auto_generated_guid,
-                          description="This is a placeholder AtomicTest. Either the auto_generated_guid is incorrect or it there was an exception while parsing its AtomicFile.",
-                          supported_platforms=[],
-                          executor=AtomicExecutor(name="Placeholder Executor (failed to find auto_generated_guid)", 
-                                                  command="Placeholder command (failed to find auto_generated_guid)"))    
-    
+        return AtomicTest(
+            name="Missing Atomic",
+            auto_generated_guid=auto_generated_guid,
+            description="This is a placeholder AtomicTest. Either the auto_generated_guid is incorrect or it there was an exception while parsing its AtomicFile.",
+            supported_platforms=[],
+            executor=AtomicExecutor(
+                name="Placeholder Executor (failed to find auto_generated_guid)",
+                command="Placeholder command (failed to find auto_generated_guid)",
+            ),
+        )
+
     @classmethod
-    def parseArtRepo(cls, repo_path:pathlib.Path)->dict[uuid.UUID, AtomicTest]:
+    def parseArtRepo(cls, repo_path: pathlib.Path) -> dict[uuid.UUID, AtomicTest]:
         test_mapping: dict[uuid.UUID, AtomicTest] = {}
-        atomics_path = repo_path/"atomics"
+        atomics_path = repo_path / "atomics"
         if not atomics_path.is_dir():
-            raise FileNotFoundError(f"WARNING: Atomic Red Team repo exists at {repo_path}, "
-                                    f"but atomics directory does NOT exist at {atomics_path}. "
-                                    "Was it deleted or renamed?")
-
-        atomic_files:List[AtomicFile] = []
-        error_messages:List[str] = []
+            raise FileNotFoundError(
+                f"WARNING: Atomic Red Team repo exists at {repo_path}, "
+                f"but atomics directory does NOT exist at {atomics_path}. "
+                "Was it deleted or renamed?"
+            )
+
+        atomic_files: List[AtomicFile] = []
+        error_messages: List[str] = []
         for obj_path in atomics_path.glob("**/T*.yaml"):
             try:
                 atomic_files.append(cls.constructAtomicFile(obj_path))
@@ -115,14 +128,16 @@ class AtomicTest(BaseModel):
                 error_messages.append(f"File [{obj_path}]\n{str(e)}")
 
         if len(error_messages) > 0:
-            exceptions_string = '\n\n'.join(error_messages)
-            print(f"WARNING: The following [{len(error_messages)}] ERRORS were generated when parsing the Atomic Red Team Repo.\n"
-                   "Please raise an issue so that they can be fixed at https://github.com/redcanaryco/atomic-red-team/issues.\n"
-                   "Note that this is only a warning and contentctl will ignore Atomics contained in these files.\n"
-                  f"However, if you have written a detection that references them, 'contentctl build --enrichments' will fail:\n\n{exceptions_string}")
-        
+            exceptions_string = "\n\n".join(error_messages)
+            print(
+                f"WARNING: The following [{len(error_messages)}] ERRORS were generated when parsing the Atomic Red Team Repo.\n"
+                "Please raise an issue so that they can be fixed at https://github.com/redcanaryco/atomic-red-team/issues.\n"
+                "Note that this is only a warning and contentctl will ignore Atomics contained in these files.\n"
+                f"However, if you have written a detection that references them, 'contentctl build --enrichments' will fail:\n\n{exceptions_string}"
+            )
+
         # Now iterate over all the files, collect all the tests, and return the dict mapping
-        redefined_guids:set[uuid.UUID] = set()
+        redefined_guids: set[uuid.UUID] = set()
         for atomic_file in atomic_files:
             for atomic_test in atomic_file.atomic_tests:
                 if atomic_test.auto_generated_guid in test_mapping:
@@ -130,23 +145,25 @@ class AtomicTest(BaseModel):
                 else:
                     test_mapping[atomic_test.auto_generated_guid] = atomic_test
         if len(redefined_guids) > 0:
-            guids_string = '\n\t'.join([str(guid) for guid in redefined_guids])
-            raise Exception(f"The following [{len(redefined_guids)}] Atomic Test"
-                            " auto_generated_guid(s) were defined more than once. "
-                            f"auto_generated_guids MUST be unique:\n\t{guids_string}")
+            guids_string = "\n\t".join([str(guid) for guid in redefined_guids])
+            raise Exception(
+                f"The following [{len(redefined_guids)}] Atomic Test"
+                " auto_generated_guid(s) were defined more than once. "
+                f"auto_generated_guids MUST be unique:\n\t{guids_string}"
+            )
 
         print(f"Successfully parsed [{len(test_mapping)}] Atomic Red Team Tests!")
         return test_mapping
-    
+
     @classmethod
-    def constructAtomicFile(cls, file_path:pathlib.Path)->AtomicFile:
-        yml_dict = YmlReader.load_file(file_path) 
+    def constructAtomicFile(cls, file_path: pathlib.Path) -> AtomicFile:
+        yml_dict = YmlReader.load_file(file_path)
         atomic_file = AtomicFile.model_validate(yml_dict)
         return atomic_file
 
 
 class AtomicFile(BaseModel):
-    model_config = ConfigDict(extra='forbid')
+    model_config = ConfigDict(extra="forbid")
     file_path: FilePath
     attack_technique: str
     display_name: str
@@ -154,18 +171,18 @@ class AtomicFile(BaseModel):
 
 
 class AtomicEnrichment(BaseModel):
-    data: dict[uuid.UUID,AtomicTest] = dataclasses.field(default_factory = dict)
+    data: dict[uuid.UUID, AtomicTest] = dataclasses.field(default_factory=dict)
     use_enrichment: bool = False
 
     @classmethod
-    def getAtomicEnrichment(cls, config:validate)->AtomicEnrichment:
+    def getAtomicEnrichment(cls, config: validate) -> AtomicEnrichment:
         enrichment = AtomicEnrichment(use_enrichment=config.enrichments)
         if config.enrichments:
             enrichment.data = AtomicTest.parseArtRepo(config.atomic_red_team_repo_path)
 
         return enrichment
 
-    def getAtomic(self, atomic_guid: uuid.UUID)->AtomicTest:
+    def getAtomic(self, atomic_guid: uuid.UUID) -> AtomicTest:
         if self.use_enrichment:
             if atomic_guid in self.data:
                 return self.data[atomic_guid]
@@ -175,10 +192,3 @@ class AtomicEnrichment(BaseModel):
             # If enrichment is not enabled, for the sake of compatability
             # return a stub test with no useful or meaningful information.
             return AtomicTest.AtomicTestWhenTestIsMissing(atomic_guid)
-
-    
-
-    
-
-        
-    

contentctl/objects/base_test.py

@@ -2,7 +2,7 @@ from enum import StrEnum
 from typing import Union
 from abc import ABC, abstractmethod
 
-from pydantic import BaseModel,ConfigDict
+from pydantic import BaseModel, ConfigDict
 
 from contentctl.objects.base_test_result import BaseTestResult
 
@@ -11,6 +11,7 @@ class TestType(StrEnum):
     """
     Types of tests
     """
+
     UNIT = "unit"
     INTEGRATION = "integration"
     MANUAL = "manual"

contentctl/objects/base_test_result.py

@@ -2,7 +2,7 @@ from typing import Union, Any
 from enum import StrEnum
 
 from pydantic import ConfigDict, BaseModel
-from splunklib.data import Record                                                                   # type: ignore
+from splunklib.data import Record  # type: ignore
 
 from contentctl.helper.utils import Utils
 
@@ -12,6 +12,7 @@ from contentctl.helper.utils import Utils
 #   type; remove mypy ignores associated w/ these typing issues once we do
 class TestResultStatus(StrEnum):
     """Enum for test status (e.g. pass/fail)"""
+
     # Test failed (detection did NOT fire appropriately)
     FAIL = "fail"
 
@@ -35,6 +36,7 @@ class BaseTestResult(BaseModel):
     """
     Base class for test results
     """
+
     # Message for the result
     message: Union[None, str] = None
 
@@ -54,10 +56,7 @@ class BaseTestResult(BaseModel):
     sid_link: Union[None, str] = None
 
     # Needed to allow for embedding of Exceptions in the model
-    model_config = ConfigDict(
-        validate_assignment=True,
-        arbitrary_types_allowed=True
-    )
+    model_config = ConfigDict(validate_assignment=True, arbitrary_types_allowed=True)
 
     @property
     def passed(self) -> bool:
@@ -81,7 +80,10 @@ class BaseTestResult(BaseModel):
         Property returning True if status is FAIL or ERROR; False otherwise (PASS, SKIP)
         :returns: bool indicating fialure if True
         """
-        return self.status == TestResultStatus.FAIL or self.status == TestResultStatus.ERROR
+        return (
+            self.status == TestResultStatus.FAIL
+            or self.status == TestResultStatus.ERROR
+        )
 
     @property
     def complete(self) -> bool:
@@ -94,7 +96,13 @@ class BaseTestResult(BaseModel):
     def get_summary_dict(
         self,
         model_fields: list[str] = [
-            "success", "exception", "message", "sid_link", "status", "duration", "wait_duration"
+            "success",
+            "exception",
+            "message",
+            "sid_link",
+            "status",
+            "duration",
+            "wait_duration",
         ],
         job_fields: list[str] = ["search", "resultCount", "runDuration"],
     ) -> dict[str, Any]:
@@ -125,7 +133,7 @@ class BaseTestResult(BaseModel):
         # Grab the job content fields required
         for field in job_fields:
             if self.job_content is not None:
-                value: Any = self.job_content.get(field, None)                                      # type: ignore
+                value: Any = self.job_content.get(field, None)  # type: ignore
 
                 # convert runDuration to a fixed width string representation of a float
                 if field == "runDuration":