contentctl 5.0.0a0__py3-none-any.whl → 5.0.0a3__py3-none-any.whl

contentctl/output/data_source_writer.py

@@ -3,37 +3,50 @@ from contentctl.objects.data_source import DataSource
 from typing import List
 import pathlib
 
-class DataSourceWriter:
 
+class DataSourceWriter:
     @staticmethod
-    def writeDataSourceCsv(data_source_objects: List[DataSource], file_path: pathlib.Path):
-        with open(file_path, mode='w', newline='') as file:
+    def writeDataSourceCsv(
+        data_source_objects: List[DataSource], file_path: pathlib.Path
+    ):
+        with open(file_path, mode="w", newline="") as file:
             writer = csv.writer(file)
             # Write the header
-            writer.writerow([
-                "name", "id", "author", "source", "sourcetype", "separator", 
-                "supported_TA_name", "supported_TA_version", "supported_TA_url",
-                "description"
-            ])
+            writer.writerow(
+                [
+                    "name",
+                    "id",
+                    "author",
+                    "source",
+                    "sourcetype",
+                    "separator",
+                    "supported_TA_name",
+                    "supported_TA_version",
+                    "supported_TA_url",
+                    "description",
+                ]
+            )
             # Write the data
             for data_source in data_source_objects:
-                if  len(data_source.supported_TA) > 0:
+                if len(data_source.supported_TA) > 0:
                     supported_TA_name = data_source.supported_TA[0].name
                     supported_TA_version = data_source.supported_TA[0].version
-                    supported_TA_url = data_source.supported_TA[0].url or ''
+                    supported_TA_url = data_source.supported_TA[0].url or ""
                 else:
-                    supported_TA_name = ''
-                    supported_TA_version = ''
-                    supported_TA_url = ''
-                writer.writerow([
-                    data_source.name,
-                    data_source.id,
-                    data_source.author,
-                    data_source.source,
-                    data_source.sourcetype,
-                    data_source.separator,
-                    supported_TA_name,
-                    supported_TA_version,
-                    supported_TA_url,
-                    data_source.description,
-                ])
+                    supported_TA_name = ""
+                    supported_TA_version = ""
+                    supported_TA_url = ""
+                writer.writerow(
+                    [
+                        data_source.name,
+                        data_source.id,
+                        data_source.author,
+                        data_source.source,
+                        data_source.sourcetype,
+                        data_source.separator,
+                        supported_TA_name,
+                        supported_TA_version,
+                        supported_TA_url,
+                        data_source.description,
+                    ]
+                )

contentctl/output/doc_md_output.py

@@ -1,23 +1,25 @@
 import os
-import asyncio
 import sys
 
 from pathlib import Path
 
-from contentctl.objects.enums import SecurityContentType
 from contentctl.output.jinja_writer import JinjaWriter
 
 
-class DocMdOutput():
+class DocMdOutput:
     index = 0
     files_to_write = 0
-    
+
     def writeObjects(self, objects: list, output_path: str) -> None:
         self.files_to_write = sum([len(obj) for obj in objects])
         self.index = 0
-        progress_percent = ((self.index+1)/self.files_to_write) * 100
-        if (sys.stdout.isatty() and sys.stdin.isatty() and sys.stderr.isatty()):
-            print(f"\r{'Docgen Progress'.rjust(23)}: [{progress_percent:3.0f}%]...", end="", flush=True)
+        progress_percent = ((self.index + 1) / self.files_to_write) * 100
+        if sys.stdout.isatty() and sys.stdin.isatty() and sys.stderr.isatty():
+            print(
+                f"\r{'Docgen Progress'.rjust(23)}: [{progress_percent:3.0f}%]...",
+                end="",
+                flush=True,
+            )
 
         attack_tactics = set()
         datamodels = set()
@@ -33,24 +35,41 @@ class DocMdOutput():
 
             if detection.datamodel:
                 datamodels.update(detection.datamodel)
-        
-        Path(os.path.join(output_path, 'overview')).mkdir(parents=True, exist_ok=True)
-        Path(os.path.join(output_path, 'detections')).mkdir(parents=True, exist_ok=True)
-        Path(os.path.join(output_path, 'stories')).mkdir(parents=True, exist_ok=True)
-        Path(os.path.join(output_path, 'playbooks')).mkdir(parents=True, exist_ok=True)
 
-        JinjaWriter.writeObjectsList('doc_story_page.j2', os.path.join(output_path, 'overview/stories.md'), sorted(objects[0], key=lambda x: x.name))
-        self.writeObjectsMd(objects[0], os.path.join(output_path, 'stories'), 'doc_stories.j2')
+        Path(os.path.join(output_path, "overview")).mkdir(parents=True, exist_ok=True)
+        Path(os.path.join(output_path, "detections")).mkdir(parents=True, exist_ok=True)
+        Path(os.path.join(output_path, "stories")).mkdir(parents=True, exist_ok=True)
+        Path(os.path.join(output_path, "playbooks")).mkdir(parents=True, exist_ok=True)
+
+        JinjaWriter.writeObjectsList(
+            "doc_story_page.j2",
+            os.path.join(output_path, "overview/stories.md"),
+            sorted(objects[0], key=lambda x: x.name),
+        )
+        self.writeObjectsMd(
+            objects[0], os.path.join(output_path, "stories"), "doc_stories.j2"
+        )
+
+        JinjaWriter.writeObjectsList(
+            "doc_detection_page.j2",
+            os.path.join(output_path, "overview/detections.md"),
+            sorted(objects[1], key=lambda x: x.name),
+        )
+        self.writeObjectsMd(
+            objects[1], os.path.join(output_path, "detections"), "doc_detections.j2"
+        )
 
-        JinjaWriter.writeObjectsList('doc_detection_page.j2', os.path.join(output_path, 'overview/detections.md'), sorted(objects[1], key=lambda x: x.name))
-        self.writeObjectsMd(objects[1], os.path.join(output_path, 'detections'), 'doc_detections.j2')
+        JinjaWriter.writeObjectsList(
+            "doc_playbooks_page.j2",
+            os.path.join(output_path, "overview/paybooks.md"),
+            sorted(objects[2], key=lambda x: x.name),
+        )
+        self.writeObjectsMd(
+            objects[2], os.path.join(output_path, "playbooks"), "doc_playbooks.j2"
+        )
 
-        JinjaWriter.writeObjectsList('doc_playbooks_page.j2', os.path.join(output_path, 'overview/paybooks.md'), sorted(objects[2], key=lambda x: x.name))
-        self.writeObjectsMd(objects[2], os.path.join(output_path, 'playbooks'), 'doc_playbooks.j2')
-        
         print("Done!")
-    
-    
+
     # def writeNavigationPageObjects(self, objects: list, output_path: str) -> None:
     #     for obj in objects:
     #         JinjaWriter.writeObject('doc_navigation_pages.j2', os.path.join(output_path, '_pages', obj.lower().replace(' ', '_') + '.md'),
@@ -61,10 +80,17 @@ class DocMdOutput():
 
     def writeObjectsMd(self, objects, output_path: str, template_name: str) -> None:
         for obj in objects:
-            progress_percent = ((self.index+1)/self.files_to_write) * 100
-            self.index+=1
-            if (sys.stdout.isatty() and sys.stdin.isatty() and sys.stderr.isatty()):
-                print(f"\r{'Docgen Progress'.rjust(23)}: [{progress_percent:3.0f}%]...", end="", flush=True)
-
-            JinjaWriter.writeObject(template_name, os.path.join(output_path, obj.name.lower().replace(' ', '_') + '.md'), obj)
+            progress_percent = ((self.index + 1) / self.files_to_write) * 100
+            self.index += 1
+            if sys.stdout.isatty() and sys.stdin.isatty() and sys.stderr.isatty():
+                print(
+                    f"\r{'Docgen Progress'.rjust(23)}: [{progress_percent:3.0f}%]...",
+                    end="",
+                    flush=True,
+                )
 
+            JinjaWriter.writeObject(
+                template_name,
+                os.path.join(output_path, obj.name.lower().replace(" ", "_") + ".md"),
+                obj,
+            )

contentctl/output/jinja_writer.py

@@ -4,30 +4,34 @@ from jinja2 import Environment, FileSystemLoader
 
 
 class JinjaWriter:
-
     @staticmethod
-    def writeObjectsList(template_name : str, output_path : str, objects : list) -> None:
-
+    def writeObjectsList(template_name: str, output_path: str, objects: list) -> None:
         j2_env = Environment(
-            loader=FileSystemLoader(os.path.join(os.path.dirname(__file__), 'templates')), 
-            trim_blocks=False)
+            loader=FileSystemLoader(
+                os.path.join(os.path.dirname(__file__), "templates")
+            ),
+            trim_blocks=False,
+        )
 
         template = j2_env.get_template(template_name)
         output = template.render(objects=objects)
-        with open(output_path, 'w') as f:
-            output = output.encode('ascii', 'ignore').decode('ascii')
+        with open(output_path, "w") as f:
+            output = output.encode("ascii", "ignore").decode("ascii")
             f.write(output)
 
-
     @staticmethod
-    def writeObject(template_name : str, output_path : str, object: dict[str,Any]) -> None:
-
+    def writeObject(
+        template_name: str, output_path: str, object: dict[str, Any]
+    ) -> None:
         j2_env = Environment(
-            loader=FileSystemLoader(os.path.join(os.path.dirname(__file__), 'templates')), 
-            trim_blocks=False)
+            loader=FileSystemLoader(
+                os.path.join(os.path.dirname(__file__), "templates")
+            ),
+            trim_blocks=False,
+        )
 
         template = j2_env.get_template(template_name)
         output = template.render(object=object)
-        with open(output_path, 'w') as f:
-            output = output.encode('ascii', 'ignore').decode('ascii')
-            f.write(output)
+        with open(output_path, "w") as f:
+            output = output.encode("ascii", "ignore").decode("ascii")
+            f.write(output)

contentctl/output/json_writer.py

@@ -1,19 +1,31 @@
 import json
 from typing import Any
-class JsonWriter():
 
+
+class JsonWriter:
     @staticmethod
-    def writeJsonObject(file_path : str, object_name: str, objs: list[dict[str,Any]],readable_output:bool=True) -> None:
+    def writeJsonObject(
+        file_path: str,
+        object_name: str,
+        objs: list[dict[str, Any]],
+        readable_output: bool = True,
+    ) -> None:
         try:
-            with open(file_path, 'w') as outfile:
+            with open(file_path, "w") as outfile:
                 if readable_output:
                     # At the cost of slightly larger filesize, improve the redability significantly
                     # by sorting and indenting keys/values
-                    sorted_objs = sorted(objs, key=lambda o: o['name'])
-                    json.dump({object_name:sorted_objs}, outfile, ensure_ascii=False, indent=2)
+                    sorted_objs = sorted(objs, key=lambda o: o["name"])
+                    json.dump(
+                        {object_name: sorted_objs},
+                        outfile,
+                        ensure_ascii=False,
+                        indent=2,
+                    )
                 else:
-                    json.dump({object_name:objs}, outfile, ensure_ascii=False)
+                    json.dump({object_name: objs}, outfile, ensure_ascii=False)
 
         except Exception as e:
-             raise Exception(f"Error serializing object to Json File '{file_path}': {str(e)}")
-            
+            raise Exception(
+                f"Error serializing object to Json File '{file_path}': {str(e)}"
+            )

contentctl/output/svg_output.py

@@ -1,4 +1,3 @@
-import os
 import pathlib
 from typing import List, Any
 
@@ -6,50 +5,69 @@ from contentctl.objects.enums import SecurityContentType
 from contentctl.output.jinja_writer import JinjaWriter
 from contentctl.objects.enums import DetectionStatus
 from contentctl.objects.detection import Detection
-class SvgOutput():
 
-    
-    def get_badge_dict(self, name:str, total_detections:List[Detection], these_detections:List[Detection])->dict[str,Any]:
-        obj:dict[str,Any] = {}
-        obj['name'] = name
+
+class SvgOutput:
+    def get_badge_dict(
+        self,
+        name: str,
+        total_detections: List[Detection],
+        these_detections: List[Detection],
+    ) -> dict[str, Any]:
+        obj: dict[str, Any] = {}
+        obj["name"] = name
 
         if name == "Production":
-            obj['color'] = "Green"
+            obj["color"] = "Green"
         elif name == "Detections":
-            obj['color'] = "Green"
+            obj["color"] = "Green"
         elif name == "Experimental":
-            obj['color'] = "Yellow"
+            obj["color"] = "Yellow"
         elif name == "Deprecated":
-            obj['color'] = "Red"
+            obj["color"] = "Red"
 
-        obj['count'] = len(total_detections)
-        if obj['count'] == 0:
-            obj['coverage'] = "NaN"
+        obj["count"] = len(total_detections)
+        if obj["count"] == 0:
+            obj["coverage"] = "NaN"
         else:
-            obj['coverage'] = len(these_detections) / obj['count']
-            obj['coverage'] = "{:.0%}".format(obj['coverage'])
+            obj["coverage"] = len(these_detections) / obj["count"]
+            obj["coverage"] = "{:.0%}".format(obj["coverage"])
         return obj
-    
-    def writeObjects(self, detections: List[Detection], output_path: pathlib.Path, type: SecurityContentType = None) -> None:
-        
-        
-
-        total_dict:dict[str,Any] = self.get_badge_dict("Detections", detections, detections)
-        production_dict:dict[str,Any] = self.get_badge_dict("% Production", detections, [detection for detection in detections if detection.status == DetectionStatus.production])
-        #deprecated_dict = self.get_badge_dict("Deprecated", detections, [detection for detection in detections if detection.status == DetectionStatus.deprecated])
-        #experimental_dict = self.get_badge_dict("Experimental", detections, [detection for detection in detections if detection.status == DetectionStatus.experimental])
-        
-        
-
-
-        #Total number of detections
-        JinjaWriter.writeObject('detection_count.j2', output_path /'detection_count.svg', total_dict)
-        #JinjaWriter.writeObject('detection_count.j2', os.path.join(output_path, 'production_count.svg'), production_dict)
-        #JinjaWriter.writeObject('detection_count.j2', os.path.join(output_path, 'deprecated_count.svg'), deprecated_dict)
-        #JinjaWriter.writeObject('detection_count.j2', os.path.join(output_path, 'experimental_count.svg'), experimental_dict)
-
-        #Percentage of detections that are production
-        JinjaWriter.writeObject('detection_coverage.j2', output_path/'detection_coverage.svg', production_dict)
-        #JinjaWriter.writeObject('detection_coverage.j2', os.path.join(output_path, 'detection_coverage.svg'), deprecated_dict)
-        #JinjaWriter.writeObject('detection_coverage.j2', os.path.join(output_path, 'detection_coverage.svg'), experimental_dict)
 
+    def writeObjects(
+        self,
+        detections: List[Detection],
+        output_path: pathlib.Path,
+        type: SecurityContentType = None,
+    ) -> None:
+        total_dict: dict[str, Any] = self.get_badge_dict(
+            "Detections", detections, detections
+        )
+        production_dict: dict[str, Any] = self.get_badge_dict(
+            "% Production",
+            detections,
+            [
+                detection
+                for detection in detections
+                if detection.status == DetectionStatus.production
+            ],
+        )
+        # deprecated_dict = self.get_badge_dict("Deprecated", detections, [detection for detection in detections if detection.status == DetectionStatus.deprecated])
+        # experimental_dict = self.get_badge_dict("Experimental", detections, [detection for detection in detections if detection.status == DetectionStatus.experimental])
+
+        # Total number of detections
+        JinjaWriter.writeObject(
+            "detection_count.j2", output_path / "detection_count.svg", total_dict
+        )
+        # JinjaWriter.writeObject('detection_count.j2', os.path.join(output_path, 'production_count.svg'), production_dict)
+        # JinjaWriter.writeObject('detection_count.j2', os.path.join(output_path, 'deprecated_count.svg'), deprecated_dict)
+        # JinjaWriter.writeObject('detection_count.j2', os.path.join(output_path, 'experimental_count.svg'), experimental_dict)
+
+        # Percentage of detections that are production
+        JinjaWriter.writeObject(
+            "detection_coverage.j2",
+            output_path / "detection_coverage.svg",
+            production_dict,
+        )
+        # JinjaWriter.writeObject('detection_coverage.j2', os.path.join(output_path, 'detection_coverage.svg'), deprecated_dict)
+        # JinjaWriter.writeObject('detection_coverage.j2', os.path.join(output_path, 'detection_coverage.svg'), experimental_dict)

contentctl/output/templates/savedsearches_detections.j2

@@ -74,7 +74,7 @@ action.notable.param.security_domain = {{ detection.tags.security_domain }}
 {% if detection.rba %}
 action.notable.param.severity = {{ detection.rba.severity }}
 {% else %}
-{# Correlations do not have detection.rba defined, but should get a default severity #} 
+{# Correlations do not have detection.rba defined, but should get a default severity #}
 action.notable.param.severity = high 
 {% endif %}
 {% endif %}

contentctl/output/templates/transforms.j2

@@ -16,8 +16,8 @@ case_sensitive_match = {{ lookup.case_sensitive_match | lower }}
 {% if lookup.description is defined and lookup.description != None %}
 # description = {{ lookup.description | escapeNewlines() }}
 {% endif %}
-{% if lookup.match_type is defined and lookup.match_type != None %}
-match_type = {{ lookup.match_type }}
+{% if lookup.match_type | length > 0 %}
+match_type = {{ lookup.match_type_to_conf_format }}
 {% endif %}
 {% if lookup.max_matches is defined and lookup.max_matches != None %}
 max_matches = {{ lookup.max_matches }}

contentctl/output/yml_writer.py

@@ -1,4 +1,3 @@
-
 import yaml
 from typing import Any
 from enum import StrEnum, IntEnum
@@ -8,25 +7,22 @@ from enum import StrEnum, IntEnum
 # to write to files:
 # yaml.representer.RepresenterError: ('cannot represent an object',.....
 yaml.SafeDumper.add_multi_representer(
-    StrEnum,
-    yaml.representer.SafeRepresenter.represent_str
+    StrEnum, yaml.representer.SafeRepresenter.represent_str
 )
 
 yaml.SafeDumper.add_multi_representer(
-    IntEnum,
-    yaml.representer.SafeRepresenter.represent_int
+    IntEnum, yaml.representer.SafeRepresenter.represent_int
 )
 
-class YmlWriter:
 
+class YmlWriter:
     @staticmethod
-    def writeYmlFile(file_path : str, obj : dict[Any,Any]) -> None:
-
-        with open(file_path, 'w') as outfile:
+    def writeYmlFile(file_path: str, obj: dict[Any, Any]) -> None:
+        with open(file_path, "w") as outfile:
             yaml.safe_dump(obj, outfile, default_flow_style=False, sort_keys=False)
 
     @staticmethod
-    def writeDetection(file_path: str, obj: dict[Any,Any]) -> None:
+    def writeDetection(file_path: str, obj: dict[Any, Any]) -> None:
         output = dict()
         output["name"] = obj["name"]
         output["id"] = obj["id"]
@@ -35,7 +31,7 @@ class YmlWriter:
         output["author"] = obj["author"]
         output["type"] = obj["type"]
         output["status"] = obj["status"]
-        output["data_source"] = obj['data_sources']
+        output["data_source"] = obj["data_sources"]
         output["description"] = obj["description"]
         output["search"] = obj["search"]
         output["how_to_implement"] = obj["how_to_implement"]
@@ -45,20 +41,18 @@ class YmlWriter:
         output["tests"] = obj["tags"]
 
         YmlWriter.writeYmlFile(file_path=file_path, obj=output)
- 
+
     @staticmethod
-    def writeStory(file_path: str, obj: dict[Any,Any]) -> None:
+    def writeStory(file_path: str, obj: dict[Any, Any]) -> None:
         output = dict()
-        output['name'] = obj['name']
-        output['id'] = obj['id']
-        output['version'] = obj['version']
-        output['date'] = obj['date']
-        output['author'] = obj['author']
-        output['description'] = obj['description']
-        output['narrative'] = obj['narrative']
-        output['references'] = obj['references']
-        output['tags'] = obj['tags']
+        output["name"] = obj["name"]
+        output["id"] = obj["id"]
+        output["version"] = obj["version"]
+        output["date"] = obj["date"]
+        output["author"] = obj["author"]
+        output["description"] = obj["description"]
+        output["narrative"] = obj["narrative"]
+        output["references"] = obj["references"]
+        output["tags"] = obj["tags"]
 
         YmlWriter.writeYmlFile(file_path=file_path, obj=output)
- 
-

{contentctl-5.0.0a0.dist-info → contentctl-5.0.0a3.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: contentctl
-Version: 5.0.0a0
+Version: 5.0.0a3
 Summary: Splunk Content Control Tool
 License: Apache 2.0
 Author: STRT