contentctl 5.0.0a0__py3-none-any.whl → 5.0.0a3__py3-none-any.whl

contentctl/objects/dashboard.py

@@ -8,7 +8,7 @@ from contentctl.objects.security_content_object import SecurityContentObject
 from contentctl.objects.config import build
 from enum import StrEnum
 
-DEFAULT_DASHBAORD_JINJA2_TEMPLATE = '''<dashboard version="2" theme="{{ dashboard.theme }}">
+DEFAULT_DASHBAORD_JINJA2_TEMPLATE = """<dashboard version="2" theme="{{ dashboard.theme }}">
     <label>{{ dashboard.label(config) }}</label>
     <description></description>
     <definition><![CDATA[
@@ -21,28 +21,40 @@ DEFAULT_DASHBAORD_JINJA2_TEMPLATE = '''<dashboard version="2" theme="{{ dashboar
 	"hideExport": false
 }
     ]]></meta>
-</dashboard>'''
+</dashboard>"""
+
 
 class DashboardTheme(StrEnum):
     light = "light"
     dark = "dark"
 
+
 class Dashboard(SecurityContentObject):
-    j2_template: str = Field(default=DEFAULT_DASHBAORD_JINJA2_TEMPLATE, description="Jinja2 Template used to construct the dashboard")
-    description: str = Field(...,description="A description of the dashboard. This does not have to match "
-                             "the description of the dashboard in the JSON file.", max_length=10000)
-    theme: DashboardTheme = Field(default=DashboardTheme.light, description="The theme of the dashboard. Choose between 'light' and 'dark'.")
-    json_obj: Json[dict[str,Any]] = Field(..., description="Valid JSON object that describes the dashboard")
-    
-    
-    
-    def label(self, config:build)->str:
+    j2_template: str = Field(
+        default=DEFAULT_DASHBAORD_JINJA2_TEMPLATE,
+        description="Jinja2 Template used to construct the dashboard",
+    )
+    description: str = Field(
+        ...,
+        description="A description of the dashboard. This does not have to match "
+        "the description of the dashboard in the JSON file.",
+        max_length=10000,
+    )
+    theme: DashboardTheme = Field(
+        default=DashboardTheme.light,
+        description="The theme of the dashboard. Choose between 'light' and 'dark'.",
+    )
+    json_obj: Json[dict[str, Any]] = Field(
+        ..., description="Valid JSON object that describes the dashboard"
+    )
+
+    def label(self, config: build) -> str:
         return f"{config.app.label} - {self.name}"
-    
+
     @model_validator(mode="before")
     @classmethod
-    def validate_fields_from_json(cls, data:Any)->Any:
-        yml_file_name:str|None = data.get("file_path", None)
+    def validate_fields_from_json(cls, data: Any) -> Any:
+        yml_file_name: str | None = data.get("file_path", None)
         if yml_file_name is None:
             raise ValueError("File name not passed to dashboard constructor")
         yml_file_path = pathlib.Path(yml_file_name)
@@ -50,51 +62,53 @@ class Dashboard(SecurityContentObject):
 
         if not json_file_path.is_file():
             raise ValueError(f"Required file {json_file_path} does not exist.")
-        
-        with open(json_file_path,'r') as jsonFilePointer:
+
+        with open(json_file_path, "r") as jsonFilePointer:
             try:
-                json_obj:dict[str,Any] = json.load(jsonFilePointer)
+                json_obj: dict[str, Any] = json.load(jsonFilePointer)
             except Exception as e:
                 raise ValueError(f"Unable to load data from {json_file_path}: {str(e)}")
 
-        name_from_file = data.get("name",None)
-        name_from_json  = json_obj.get("title",None)
+        name_from_file = data.get("name", None)
+        name_from_json = json_obj.get("title", None)
 
-        errors:list[str] = []
+        errors: list[str] = []
         if name_from_json is None:
             errors.append(f"'title' field is missing from {json_file_path}")
         elif name_from_json != name_from_file:
-            errors.append(f"The 'title' field in the JSON file [{json_file_path}] does not match the 'name' field in the YML object [{yml_file_path}]. These two MUST match:\n    "
-                          f"title in JSON : {name_from_json}\n    "
-                          f"title in YML  : {name_from_file}\n    ")
-        
-        description_from_json = json_obj.get("description",None)
+            errors.append(
+                f"The 'title' field in the JSON file [{json_file_path}] does not match the 'name' field in the YML object [{yml_file_path}]. These two MUST match:\n    "
+                f"title in JSON : {name_from_json}\n    "
+                f"title in YML  : {name_from_file}\n    "
+            )
+
+        description_from_json = json_obj.get("description", None)
         if description_from_json is None:
             errors.append("'description' field is missing from field 'json_object'")
-        
-        if len(errors) > 0 :
+
+        if len(errors) > 0:
             err_string = "\n  - ".join(errors)
             raise ValueError(f"Error(s) validating dashboard:\n  - {err_string}")
-        
-        data['name'] = name_from_file
-        data['json_obj'] = json.dumps(json_obj)
+
+        data["name"] = name_from_file
+        data["json_obj"] = json.dumps(json_obj)
         return data
 
-    
     def pretty_print_json_obj(self):
         return json.dumps(self.json_obj, indent=4)
-    
-    def getOutputFilepathRelativeToAppRoot(self, config:build)->pathlib.Path:
+
+    def getOutputFilepathRelativeToAppRoot(self, config: build) -> pathlib.Path:
         filename = f"{self.file_path.stem}.xml".lower()
-        return pathlib.Path("default/data/ui/views")/filename
-    
-    
-    def writeDashboardFile(self, j2_env:Environment, config:build):
+        return pathlib.Path("default/data/ui/views") / filename
+
+    def writeDashboardFile(self, j2_env: Environment, config: build):
         template = j2_env.from_string(self.j2_template)
         dashboard_text = template.render(config=config, dashboard=self)
 
-        with open(config.getPackageDirectoryPath()/self.getOutputFilepathRelativeToAppRoot(config), 'a') as f:
-            output_xml = dashboard_text.encode('utf-8', 'ignore').decode('utf-8')
+        with open(
+            config.getPackageDirectoryPath()
+            / self.getOutputFilepathRelativeToAppRoot(config),
+            "a",
+        ) as f:
+            output_xml = dashboard_text.encode("utf-8", "ignore").decode("utf-8")
             f.write(output_xml)
-
-

contentctl/objects/data_source.py

@@ -1,6 +1,6 @@
 from __future__ import annotations
 from typing import Optional, Any
-from pydantic import Field, HttpUrl, model_serializer, BaseModel, ConfigDict
+from pydantic import Field, HttpUrl, model_serializer, BaseModel
 from contentctl.objects.security_content_object import SecurityContentObject
 
 
@@ -8,6 +8,8 @@ class TA(BaseModel):
     name: str
     url: HttpUrl | None = None
     version: str
+
+
 class DataSource(SecurityContentObject):
     source: str = Field(...)
     sourcetype: str = Field(...)
@@ -19,14 +21,13 @@ class DataSource(SecurityContentObject):
     convert_to_log_source: None | list = None
     example_log: None | str = None
 
-
     @model_serializer
     def serialize_model(self):
-        #Call serializer for parent
+        # Call serializer for parent
         super_fields = super().serialize_model()
-        
-        #All fields custom to this model
-        model:dict[str,Any] = {
+
+        # All fields custom to this model
+        model: dict[str, Any] = {
             "source": self.source,
             "sourcetype": self.sourcetype,
             "separator": self.separator,
@@ -35,12 +36,11 @@ class DataSource(SecurityContentObject):
             "fields": self.fields,
             "field_mappings": self.field_mappings,
             "convert_to_log_source": self.convert_to_log_source,
-            "example_log":self.example_log
+            "example_log": self.example_log,
         }
-        
-        
-        #Combine fields from this model with fields from parent
+
+        # Combine fields from this model with fields from parent
         super_fields.update(model)
-        
-        #return the model
-        return super_fields
+
+        # return the model
+        return super_fields

contentctl/objects/deployment.py

@@ -1,5 +1,11 @@
 from __future__ import annotations
-from pydantic import Field, computed_field,ValidationInfo, model_serializer, NonNegativeInt, ConfigDict
+from pydantic import (
+    Field,
+    computed_field,
+    ValidationInfo,
+    model_serializer,
+    NonNegativeInt,
+)
 from typing import Any
 import uuid
 import datetime
@@ -10,68 +16,69 @@ from contentctl.objects.alert_action import AlertAction
 from contentctl.objects.enums import DeploymentType
 
 
-class Deployment(SecurityContentObject):    
+class Deployment(SecurityContentObject):
     scheduling: DeploymentScheduling = Field(...)
     alert_action: AlertAction = AlertAction()
     type: DeploymentType = Field(...)
-    author: str = Field(...,max_length=255)
+    author: str = Field(..., max_length=255)
     version: NonNegativeInt = 1
 
-    #Type was the only tag exposed and should likely be removed/refactored.
-    #For transitional reasons, provide this as a computed_field in prep for removal
+    # Type was the only tag exposed and should likely be removed/refactored.
+    # For transitional reasons, provide this as a computed_field in prep for removal
     @computed_field
     @property
-    def tags(self)->dict[str,DeploymentType]:
+    def tags(self) -> dict[str, DeploymentType]:
         return {"type": self.type}
 
-        
     @staticmethod
-    def getDeployment(v:dict[str,Any], info:ValidationInfo)->Deployment:
+    def getDeployment(v: dict[str, Any], info: ValidationInfo) -> Deployment:
         if v != {}:
             # If the user has defined a deployment, then allow it to be validated
             # and override the default deployment info defined in type:Baseline
-            v['type'] = DeploymentType.Embedded
-            
+            v["type"] = DeploymentType.Embedded
+
             detection_name = info.data.get("name", None)
             if detection_name is None:
-                raise ValueError("Could not create inline deployment - Baseline or Detection lacking 'name' field,")
+                raise ValueError(
+                    "Could not create inline deployment - Baseline or Detection lacking 'name' field,"
+                )
 
-            # Add a number of static values            
-            v.update({
-              'name': f"{detection_name} - Inline Deployment",
-              'id':uuid.uuid4(),
-              'date': datetime.date.today(),
-              'description': "Inline deployment created at runtime.",
-              'author': "contentctl tool"
-            })
+            # Add a number of static values
+            v.update(
+                {
+                    "name": f"{detection_name} - Inline Deployment",
+                    "id": uuid.uuid4(),
+                    "date": datetime.date.today(),
+                    "description": "Inline deployment created at runtime.",
+                    "author": "contentctl tool",
+                }
+            )
 
-            
             # This constructs a temporary in-memory deployment,
-            # allowing the deployment to be easily defined in the 
+            # allowing the deployment to be easily defined in the
             # detection on a per detection basis.
             return Deployment.model_validate(v)
-                        
+
         else:
-            return SecurityContentObject.getDeploymentFromType(info.data.get("type",None), info)
-    
+            return SecurityContentObject.getDeploymentFromType(
+                info.data.get("type", None), info
+            )
+
     @model_serializer
     def serialize_model(self):
-        #Call serializer for parent
+        # Call serializer for parent
         super_fields = super().serialize_model()
-        
-        #All fields custom to this model
-        model= {
-            "scheduling": self.scheduling.model_dump(),
-            "tags": self.tags
-        }
 
-        #Combine fields from this model with fields from parent
+        # All fields custom to this model
+        model = {"scheduling": self.scheduling.model_dump(), "tags": self.tags}
+
+        # Combine fields from this model with fields from parent
         model.update(super_fields)
-        
+
         alert_action_fields = self.alert_action.model_dump()
         model.update(alert_action_fields)
 
-        del(model['references'])
-        
-        #return the model
-        return model
+        del model["references"]
+
+        # return the model
+        return model

contentctl/objects/deployment_email.py

@@ -6,4 +6,4 @@ class DeploymentEmail(BaseModel):
     model_config = ConfigDict(extra="forbid")
     message: str
     subject: str
-    to: str
+    to: str

contentctl/objects/deployment_notable.py

@@ -2,8 +2,9 @@ from __future__ import annotations
 from pydantic import BaseModel, ConfigDict
 from typing import List
 
+
 class DeploymentNotable(BaseModel):
     model_config = ConfigDict(extra="forbid")
     rule_description: str
     rule_title: str
-    nes_fields: List[str]
+    nes_fields: List[str]

contentctl/objects/deployment_phantom.py

@@ -4,8 +4,8 @@ from pydantic import BaseModel, ConfigDict
 
 class DeploymentPhantom(BaseModel):
     model_config = ConfigDict(extra="forbid")
-    cam_workers : str
-    label : str
-    phantom_server : str
-    sensitivity : str
-    severity : str
+    cam_workers: str
+    label: str
+    phantom_server: str
+    sensitivity: str
+    severity: str

contentctl/objects/deployment_rba.py

@@ -4,4 +4,4 @@ from pydantic import BaseModel, ConfigDict
 
 class DeploymentRBA(BaseModel):
     model_config = ConfigDict(extra="forbid")
-    enabled: bool = False
+    enabled: bool = False

contentctl/objects/deployment_scheduling.py

@@ -7,4 +7,4 @@ class DeploymentScheduling(BaseModel):
     cron_schedule: str
     earliest_time: str
     latest_time: str
-    schedule_window: str
+    schedule_window: str

contentctl/objects/deployment_slack.py

@@ -5,4 +5,4 @@ from pydantic import BaseModel, ConfigDict
 class DeploymentSlack(BaseModel):
     model_config = ConfigDict(extra="forbid")
     channel: str
-    message: str
+    message: str

contentctl/objects/detection.py

@@ -1,5 +1,8 @@
 from __future__ import annotations
-from contentctl.objects.abstract_security_content_objects.detection_abstract import Detection_Abstract
+from contentctl.objects.abstract_security_content_objects.detection_abstract import (
+    Detection_Abstract,
+)
+
 
 class Detection(Detection_Abstract):
     # Customization to the Detection Class go here.
@@ -12,4 +15,4 @@ class Detection(Detection_Abstract):
     # them or modifying their behavior may cause
     # undefined issues with the contentctl tooling
     # or output of the tooling.
-    pass
+    pass

contentctl/objects/detection_metadata.py

@@ -8,6 +8,7 @@ class DetectionMetadata(BaseModel):
     """
     A model of the metadata line in a detection stanza in savedsearches.conf
     """
+
     # A bool indicating whether the detection is deprecated (serialized as an int, 1 or 0)
     deprecated: bool = Field(...)
 

contentctl/objects/detection_stanza.py

@@ -11,6 +11,7 @@ class DetectionStanza(BaseModel):
     """
     A model representing a stanza for a detection in savedsearches.conf
     """
+
     # The lines that comprise this stanza, in the order they appear in the conf
     lines: list[str] = Field(...)
 
@@ -47,7 +48,9 @@ class DetectionStanza(BaseModel):
             raise Exception(f"No metadata for detection '{self.name}' found in stanza.")
 
         # Parse the metadata JSON into a model
-        return DetectionMetadata.model_validate_json(meta_line[len(DetectionStanza.METADATA_LINE_PREFIX):])
+        return DetectionMetadata.model_validate_json(
+            meta_line[len(DetectionStanza.METADATA_LINE_PREFIX) :]
+        )
 
     @computed_field
     @cached_property
@@ -76,4 +79,6 @@ class DetectionStanza(BaseModel):
         :returns: True if the version still needs to be bumped
         :rtype: bool
         """
-        return (self.hash != previous.hash) and (self.metadata.detection_version <= previous.metadata.detection_version)
+        return (self.hash != previous.hash) and (
+            self.metadata.detection_version <= previous.metadata.detection_version
+        )

contentctl/objects/detection_tags.py

@@ -1,42 +1,45 @@
 from __future__ import annotations
+
 import uuid
 from typing import TYPE_CHECKING, List, Optional, Union
+
 from pydantic import (
+    UUID4,
     BaseModel,
+    ConfigDict,
     Field,
-    computed_field,
-    UUID4,
     HttpUrl,
-    ConfigDict,
-    field_validator,
     ValidationInfo,
+    computed_field,
+    field_validator,
     model_serializer,
-    model_validator
+    model_validator,
 )
+
 from contentctl.objects.story import Story
 from contentctl.objects.throttling import Throttling
+
 if TYPE_CHECKING:
     from contentctl.input.director import DirectorOutputDto
 
-from contentctl.objects.mitre_attack_enrichment import MitreAttackEnrichment
+from contentctl.objects.annotated_types import CVE_TYPE, MITRE_ATTACK_ID_TYPE
+from contentctl.objects.atomic import AtomicEnrichment, AtomicTest
 from contentctl.objects.constants import ATTACK_TACTICS_KILLCHAIN_MAPPING
-from contentctl.objects.observable import Observable
 from contentctl.objects.enums import (
-    Cis18Value,
     AssetType,
-    SecurityDomain,
+    Cis18Value,
     KillChainPhase,
     NistCategory,
-    SecurityContentProductName
+    SecurityContentProductName,
+    SecurityDomain,
 )
-from contentctl.objects.atomic import AtomicEnrichment, AtomicTest
-from contentctl.objects.annotated_types import MITRE_ATTACK_ID_TYPE, CVE_TYPE
+from contentctl.objects.mitre_attack_enrichment import MitreAttackEnrichment
 
 
 class DetectionTags(BaseModel):
     # detection spec
 
-    model_config = ConfigDict(validate_default=False, extra='forbid')
+    model_config = ConfigDict(validate_default=False, extra="forbid")
     analytic_story: list[Story] = Field(...)
     asset_type: AssetType = Field(...)
     group: list[str] = []
@@ -44,9 +47,6 @@ class DetectionTags(BaseModel):
     mitre_attack_id: List[MITRE_ATTACK_ID_TYPE] = []
     nist: list[NistCategory] = []
 
-    # TODO (cmcginley): observable should be removed as well, yes?
-    # TODO (#249): Add pydantic validator to ensure observables are unique within a detection
-    observable: List[Observable] = []
     product: list[SecurityContentProductName] = Field(..., min_length=1)
     throttling: Optional[Throttling] = None
     security_domain: SecurityDomain = Field(...)
@@ -54,7 +54,9 @@ class DetectionTags(BaseModel):
     atomic_guid: List[AtomicTest] = []
 
     # enrichment
-    mitre_attack_enrichments: List[MitreAttackEnrichment] = Field([], validate_default=True)
+    mitre_attack_enrichments: List[MitreAttackEnrichment] = Field(
+        [], validate_default=True
+    )
 
     @computed_field
     @property
@@ -84,38 +86,6 @@ class DetectionTags(BaseModel):
     # TODO (#268): Validate manual_test has length > 0 if not None
     manual_test: Optional[str] = None
 
-    # The following validator is temporarily disabled pending further discussions
-    # @validator('message')
-    # def validate_message(cls,v,values):
-
-    #     observables:list[Observable] = values.get("observable",[])
-    #     observable_names = set([o.name for o in observables])
-    #     #find all of the observables used in the message by name
-    #     name_match_regex = r"\$([^\s.]*)\$"
-
-    #     message_observables = set()
-
-    #     #Make sure that all observable names in
-    #     for match in re.findall(name_match_regex, v):
-    #         #Remove
-    #         match_without_dollars = match.replace("$", "")
-    #         message_observables.add(match_without_dollars)
-
-    #     missing_observables = message_observables - observable_names
-    #     unused_observables = observable_names - message_observables
-    #     if len(missing_observables) > 0:
-    #         raise ValueError(
-    #             "The following observables are referenced in the message, but were not declared as"
-    #             f" observables: {missing_observables}"
-    #         )
-
-    #     if len(unused_observables) > 0:
-    #         raise ValueError(
-    #             "The following observables were declared, but are not referenced in the message:"
-    #             f" {unused_observables}"
-    #         )
-    #     return v
-
     @model_serializer
     def serialize_model(self):
         # Since this field has no parent, there is no need to call super() serialization function
@@ -127,7 +97,7 @@ class DetectionTags(BaseModel):
             "nist": self.nist,
             "security_domain": self.security_domain,
             "mitre_attack_id": self.mitre_attack_id,
-            "mitre_attack_enrichments": self.mitre_attack_enrichments
+            "mitre_attack_enrichments": self.mitre_attack_enrichments,
         }
 
     @model_validator(mode="after")
@@ -141,9 +111,13 @@ class DetectionTags(BaseModel):
                 f" at runtime. Instead, this field contained: {self.mitre_attack_enrichments}"
             )
 
-        output_dto: Union[DirectorOutputDto, None] = info.context.get("output_dto", None)
+        output_dto: Union[DirectorOutputDto, None] = info.context.get(
+            "output_dto", None
+        )
         if output_dto is None:
-            raise ValueError("Context not provided to detection.detection_tags model post validator")
+            raise ValueError(
+                "Context not provided to detection.detection_tags model post validator"
+            )
 
         if output_dto.attack_enrichment.use_enrichment is False:
             return self
@@ -152,7 +126,9 @@ class DetectionTags(BaseModel):
         missing_tactics: list[str] = []
         for mitre_attack_id in self.mitre_attack_id:
             try:
-                mitre_enrichments.append(output_dto.attack_enrichment.getEnrichmentByMitreID(mitre_attack_id))
+                mitre_enrichments.append(
+                    output_dto.attack_enrichment.getEnrichmentByMitreID(mitre_attack_id)
+                )
             except Exception:
                 missing_tactics.append(mitre_attack_id)
 
@@ -163,7 +139,7 @@ class DetectionTags(BaseModel):
 
         return self
 
-    '''
+    """
     @field_validator('mitre_attack_enrichments', mode="before")
     @classmethod
     def addAttackEnrichments(cls, v:list[MitreAttackEnrichment], info:ValidationInfo)->list[MitreAttackEnrichment]:
@@ -181,31 +157,43 @@ class DetectionTags(BaseModel):
         enrichments = []
 
         return enrichments
-    '''
+    """
 
-    @field_validator('analytic_story', mode="before")
+    @field_validator("analytic_story", mode="before")
     @classmethod
-    def mapStoryNamesToStoryObjects(cls, v: list[str], info: ValidationInfo) -> list[Story]:
+    def mapStoryNamesToStoryObjects(
+        cls, v: list[str], info: ValidationInfo
+    ) -> list[Story]:
         if info.context is None:
             raise ValueError("ValidationInfo.context unexpectedly null")
 
-        return Story.mapNamesToSecurityContentObjects(v, info.context.get("output_dto", None))
+        return Story.mapNamesToSecurityContentObjects(
+            v, info.context.get("output_dto", None)
+        )
 
     def getAtomicGuidStringArray(self) -> List[str]:
-        return [str(atomic_guid.auto_generated_guid) for atomic_guid in self.atomic_guid]
+        return [
+            str(atomic_guid.auto_generated_guid) for atomic_guid in self.atomic_guid
+        ]
 
-    @field_validator('atomic_guid', mode="before")
+    @field_validator("atomic_guid", mode="before")
     @classmethod
-    def mapAtomicGuidsToAtomicTests(cls, v: List[UUID4], info: ValidationInfo) -> List[AtomicTest]:
+    def mapAtomicGuidsToAtomicTests(
+        cls, v: List[UUID4], info: ValidationInfo
+    ) -> List[AtomicTest]:
         if len(v) == 0:
             return []
 
         if info.context is None:
             raise ValueError("ValidationInfo.context unexpectedly null")
 
-        output_dto: Union[DirectorOutputDto, None] = info.context.get("output_dto", None)
+        output_dto: Union[DirectorOutputDto, None] = info.context.get(
+            "output_dto", None
+        )
         if output_dto is None:
-            raise ValueError("Context not provided to detection.detection_tags.atomic_guid validator")
+            raise ValueError(
+                "Context not provided to detection.detection_tags.atomic_guid validator"
+            )
 
         atomic_enrichment: AtomicEnrichment = output_dto.atomic_enrichment
 
@@ -247,4 +235,6 @@ class DetectionTags(BaseModel):
         elif len(missing_tests) > 0:
             raise ValueError(missing_tests_string)
 
-        return matched_tests + [AtomicTest.AtomicTestWhenTestIsMissing(test) for test in missing_tests]
+        return matched_tests + [
+            AtomicTest.AtomicTestWhenTestIsMissing(test) for test in missing_tests
+        ]