contentctl 5.0.0a2__py3-none-any.whl → 5.0.0a3__py3-none-any.whl

contentctl/objects/correlation_search.py

@@ -6,25 +6,25 @@ from enum import StrEnum, IntEnum
 from functools import cached_property
 
 from pydantic import ConfigDict, BaseModel, computed_field, Field, PrivateAttr
-from splunklib.results import JSONResultsReader, Message                                            # type: ignore
-from splunklib.binding import HTTPError, ResponseReader                                             # type: ignore
-import splunklib.client as splunklib                                                                # type: ignore
-from tqdm import tqdm                                                                               # type: ignore
+from splunklib.results import JSONResultsReader, Message  # type: ignore
+from splunklib.binding import HTTPError, ResponseReader  # type: ignore
+import splunklib.client as splunklib  # type: ignore
+from tqdm import tqdm  # type: ignore
 
 from contentctl.objects.risk_analysis_action import RiskAnalysisAction
 from contentctl.objects.notable_action import NotableAction
 from contentctl.objects.base_test_result import TestResultStatus
 from contentctl.objects.integration_test_result import IntegrationTestResult
 from contentctl.actions.detection_testing.progress_bar import (
-    format_pbar_string,                                                                             # type: ignore
+    format_pbar_string,  # type: ignore
     TestReportingType,
-    TestingStates
+    TestingStates,
 )
 from contentctl.objects.errors import (
     IntegrationTestingError,
     ServerError,
     ClientError,
-    ValidationFailed
+    ValidationFailed,
 )
 from contentctl.objects.detection import Detection
 from contentctl.objects.risk_event import RiskEvent
@@ -65,7 +65,9 @@ def get_logger() -> logging.Logger:
             handler = logging.NullHandler()
 
         # Format our output
-        formatter = logging.Formatter('%(asctime)s - %(levelname)s:%(name)s - %(message)s')
+        formatter = logging.Formatter(
+            "%(asctime)s - %(levelname)s:%(name)s - %(message)s"
+        )
         handler.setFormatter(formatter)
 
         # Set handler level and add to logger
@@ -79,6 +81,7 @@ class SavedSearchKeys(StrEnum):
     """
     Various keys into the SavedSearch content
     """
+
     # setup the names of the keys we expect to access in content
     EARLIEST_TIME_KEY = "dispatch.earliest_time"
     LATEST_TIME_KEY = "dispatch.latest_time"
@@ -92,6 +95,7 @@ class Indexes(StrEnum):
     """
     Indexes we search against
     """
+
     # setup the names of the risk and notable indexes
     RISK_INDEX = "risk"
     NOTABLE_INDEX = "notable"
@@ -101,6 +105,7 @@ class TimeoutConfig(IntEnum):
     """
     Configuration values for the exponential backoff timer
     """
+
     # base amount to sleep for before beginning exponential backoff during testing
     BASE_SLEEP = 60
 
@@ -118,6 +123,7 @@ class ScheduleConfig(StrEnum):
     """
     Configuraton values for the saved search schedule
     """
+
     EARLIEST_TIME = "-5y@y"
     LATEST_TIME = "-1m@m"
     CRON_SCHEDULE = "*/1 * * * *"
@@ -132,11 +138,10 @@ class ResultIterator:
     :param response_reader: a ResponseReader object
     :param logger: a Logger object
     """
+
     def __init__(self, response_reader: ResponseReader) -> None:
         # init the results reader
-        self.results_reader: JSONResultsReader = JSONResultsReader(
-            response_reader
-        )
+        self.results_reader: JSONResultsReader = JSONResultsReader(response_reader)
 
         # get logger
         self.logger: logging.Logger = get_logger()
@@ -150,18 +155,18 @@ class ResultIterator:
             # log messages, or raise if error
             if isinstance(result, Message):
                 # convert level string to level int
-                level_name = result.type.strip().upper()                                            # type: ignore
+                level_name = result.type.strip().upper()  # type: ignore
                 level: int = logging.getLevelName(level_name)
 
                 # log message at appropriate level and raise if needed
-                message = f"SPLUNK: {result.message}"                                               # type: ignore
+                message = f"SPLUNK: {result.message}"  # type: ignore
                 self.logger.log(level, message)
                 if level == logging.ERROR:
                     raise ServerError(message)
 
             # if dict, just return
             elif isinstance(result, dict):
-                return result                                                                       # type: ignore
+                return result  # type: ignore
 
             # raise for any unexpected types
             else:
@@ -178,14 +183,13 @@ class PbarData(BaseModel):
     :param fq_test_name: the fully qualifed (fq) test name ("<detection_name>:<test_name>") used for logging
     :param start_time: the start time used for logging
     """
-    pbar: tqdm                                                                                      # type: ignore
+
+    pbar: tqdm  # type: ignore
     fq_test_name: str
     start_time: float
 
     # needed to support the tqdm type
-    model_config = ConfigDict(
-        arbitrary_types_allowed=True
-    )
+    model_config = ConfigDict(arbitrary_types_allowed=True)
 
 
 class CorrelationSearch(BaseModel):
@@ -198,6 +202,7 @@ class CorrelationSearch(BaseModel):
     :param pbar_data: the encapsulated info needed for logging w/ pbar
     :param test_index: the index attack data is forwarded to for testing (optionally used in cleanup)
     """
+
     # the detection associated with the correlation search (e.g. "Windows Modify Registry EnableLinkedConnections")
     detection: Detection = Field(...)
 
@@ -232,10 +237,7 @@ class CorrelationSearch(BaseModel):
 
     # Need arbitrary types to allow fields w/ types like SavedSearch; we also want to forbid
     # unexpected fields
-    model_config = ConfigDict(
-        arbitrary_types_allowed=True,
-        extra='forbid'
-    )
+    model_config = ConfigDict(arbitrary_types_allowed=True, extra="forbid")
 
     def model_post_init(self, __context: Any) -> None:
         super().model_post_init(__context)
@@ -309,7 +311,7 @@ class CorrelationSearch(BaseModel):
         The earliest time configured for the saved search
         """
         if self.saved_search is not None:
-            return self.saved_search.content[SavedSearchKeys.EARLIEST_TIME_KEY]                     # type: ignore
+            return self.saved_search.content[SavedSearchKeys.EARLIEST_TIME_KEY]  # type: ignore
         else:
             raise ClientError(
                 "Something unexpected went wrong in initialization; saved_search was not populated"
@@ -321,7 +323,7 @@ class CorrelationSearch(BaseModel):
         The latest time configured for the saved search
         """
         if self.saved_search is not None:
-            return self.saved_search.content[SavedSearchKeys.LATEST_TIME_KEY]                       # type: ignore
+            return self.saved_search.content[SavedSearchKeys.LATEST_TIME_KEY]  # type: ignore
         else:
             raise ClientError(
                 "Something unexpected went wrong in initialization; saved_search was not populated"
@@ -333,7 +335,7 @@ class CorrelationSearch(BaseModel):
         The cron schedule configured for the saved search
         """
         if self.saved_search is not None:
-            return self.saved_search.content[SavedSearchKeys.CRON_SCHEDULE_KEY]                     # type: ignore
+            return self.saved_search.content[SavedSearchKeys.CRON_SCHEDULE_KEY]  # type: ignore
         else:
             raise ClientError(
                 "Something unexpected went wrong in initialization; saved_search was not populated"
@@ -345,7 +347,7 @@ class CorrelationSearch(BaseModel):
         Whether the saved search is enabled
         """
         if self.saved_search is not None:
-            if int(self.saved_search.content[SavedSearchKeys.DISBALED_KEY]):                        # type: ignore
+            if int(self.saved_search.content[SavedSearchKeys.DISBALED_KEY]):  # type: ignore
                 return False
             else:
                 return True
@@ -354,7 +356,7 @@ class CorrelationSearch(BaseModel):
                 "Something unexpected went wrong in initialization; saved_search was not populated"
             )
 
-    @ property
+    @property
     def has_risk_analysis_action(self) -> bool:
         """Whether the correlation search has an associated risk analysis Adaptive Response Action
         :return: a boolean indicating whether it has a risk analysis Adaptive Response Action
@@ -405,11 +407,13 @@ class CorrelationSearch(BaseModel):
         """
         # grab risk details if present
         self._risk_analysis_action = CorrelationSearch._get_risk_analysis_action(
-            self.saved_search.content                                                               # type: ignore
+            self.saved_search.content  # type: ignore
         )
 
         # grab notable details if present
-        self._notable_action = CorrelationSearch._get_notable_action(self.saved_search.content)     # type: ignore
+        self._notable_action = CorrelationSearch._get_notable_action(
+            self.saved_search.content
+        )  # type: ignore
 
     def refresh(self) -> None:
         """Refreshes the metadata in the SavedSearch entity, and re-parses the fields we care about
@@ -417,10 +421,9 @@ class CorrelationSearch(BaseModel):
         After operations we expect to alter the state of the SavedSearch, we call refresh so that we have a local
         representation of the new state; then we extrat what we care about into this instance
         """
-        self.logger.debug(
-            f"Refreshing SavedSearch metadata for {self.name}...")
+        self.logger.debug(f"Refreshing SavedSearch metadata for {self.name}...")
         try:
-            self.saved_search.refresh()                                                             # type: ignore
+            self.saved_search.refresh()  # type: ignore
         except HTTPError as e:
             raise ServerError(f"HTTP error encountered during refresh: {e}")
         self._parse_risk_and_notable_actions()
@@ -434,7 +437,7 @@ class CorrelationSearch(BaseModel):
         """
         self.logger.debug(f"Enabling {self.name}...")
         try:
-            self.saved_search.enable()                                                              # type: ignore
+            self.saved_search.enable()  # type: ignore
         except HTTPError as e:
             raise ServerError(f"HTTP error encountered while enabling detection: {e}")
         if refresh:
@@ -449,7 +452,7 @@ class CorrelationSearch(BaseModel):
         """
         self.logger.debug(f"Disabling {self.name}...")
         try:
-            self.saved_search.disable()                                                             # type: ignore
+            self.saved_search.disable()  # type: ignore
         except HTTPError as e:
             raise ServerError(f"HTTP error encountered while disabling detection: {e}")
         if refresh:
@@ -460,7 +463,7 @@ class CorrelationSearch(BaseModel):
         earliest_time: str = ScheduleConfig.EARLIEST_TIME,
         latest_time: str = ScheduleConfig.LATEST_TIME,
         cron_schedule: str = ScheduleConfig.CRON_SCHEDULE,
-        refresh: bool = True
+        refresh: bool = True,
     ) -> None:
         """Updates the correlation search timeframe to work with test data
 
@@ -477,12 +480,12 @@ class CorrelationSearch(BaseModel):
         data = {
             SavedSearchKeys.EARLIEST_TIME_KEY: earliest_time,
             SavedSearchKeys.LATEST_TIME_KEY: latest_time,
-            SavedSearchKeys.CRON_SCHEDULE_KEY: cron_schedule
+            SavedSearchKeys.CRON_SCHEDULE_KEY: cron_schedule,
         }
         self.logger.info(data)
         self.logger.info(f"Updating timeframe for '{self.name}': {data}")
         try:
-            self.saved_search.update(**data)                                                        # type: ignore
+            self.saved_search.update(**data)  # type: ignore
         except HTTPError as e:
             raise ServerError(f"HTTP error encountered while updating timeframe: {e}")
 
@@ -531,7 +534,9 @@ class CorrelationSearch(BaseModel):
 
         # Use the cached risk_events unless we're forcing an update
         if self._risk_events is not None:
-            self.logger.debug(f"Using cached risk events ({len(self._risk_events)} total).")
+            self.logger.debug(
+                f"Using cached risk events ({len(self._risk_events)} total)."
+            )
             return self._risk_events
 
         # TODO (#248): Refactor risk/notable querying to pin to a single savedsearch ID
@@ -553,7 +558,9 @@ class CorrelationSearch(BaseModel):
                         parsed_raw = json.loads(result["_raw"])
                         event = RiskEvent.model_validate(parsed_raw)
                     except Exception:
-                        self.logger.error(f"Failed to parse RiskEvent from search result: {result}")
+                        self.logger.error(
+                            f"Failed to parse RiskEvent from search result: {result}"
+                        )
                         raise
                     events.append(event)
                     self.logger.debug(f"Found risk event for '{self.name}': {event}")
@@ -597,7 +604,9 @@ class CorrelationSearch(BaseModel):
 
         # Use the cached notable_events unless we're forcing an update
         if self._notable_events is not None:
-            self.logger.debug(f"Using cached notable events ({len(self._notable_events)} total).")
+            self.logger.debug(
+                f"Using cached notable events ({len(self._notable_events)} total)."
+            )
             return self._notable_events
 
         # Search for all notable events from a single scheduled search (indicated by orig_sid)
@@ -618,7 +627,9 @@ class CorrelationSearch(BaseModel):
                         parsed_raw = json.loads(result["_raw"])
                         event = NotableEvent.model_validate(parsed_raw)
                     except Exception:
-                        self.logger.error(f"Failed to parse NotableEvent from search result: {result}")
+                        self.logger.error(
+                            f"Failed to parse NotableEvent from search result: {result}"
+                        )
                         raise
                     events.append(event)
                     self.logger.debug(f"Found notable event for '{self.name}': {event}")
@@ -653,7 +664,9 @@ class CorrelationSearch(BaseModel):
                 " with it; cannot validate."
             )
 
-        risk_object_counts: dict[int, int] = {id(x): 0 for x in self.detection.rba.risk_objects}
+        risk_object_counts: dict[int, int] = {
+            id(x): 0 for x in self.detection.rba.risk_objects
+        }
 
         # Get the risk events; note that we use the cached risk events, expecting they were
         # saved by a prior call to risk_event_exists
@@ -670,7 +683,9 @@ class CorrelationSearch(BaseModel):
             event.validate_against_detection(self.detection)
 
             # Update risk object count based on match
-            matched_risk_object = event.get_matched_risk_object(self.detection.rba.risk_objects)
+            matched_risk_object = event.get_matched_risk_object(
+                self.detection.rba.risk_objects
+            )
             self.logger.debug(
                 f"Matched risk event (object={event.es_risk_object}, type={event.es_risk_object_type}) "
                 f"to detection's risk object (name={matched_risk_object.field}, "
@@ -740,7 +755,9 @@ class CorrelationSearch(BaseModel):
 
     # NOTE: it would be more ideal to switch this to a system which gets the handle of the saved search job and polls
     #   it for completion, but that seems more tricky
-    def test(self, max_sleep: int = TimeoutConfig.MAX_SLEEP, raise_on_exc: bool = False) -> IntegrationTestResult:
+    def test(
+        self, max_sleep: int = TimeoutConfig.MAX_SLEEP, raise_on_exc: bool = False
+    ) -> IntegrationTestResult:
         """Execute the integration test
 
         Executes an integration test for this CorrelationSearch. First, ensures no matching risk/notables already exist
@@ -772,9 +789,7 @@ class CorrelationSearch(BaseModel):
 
         try:
             # first make sure the indexes are currently empty and the detection is starting from a disabled state
-            self.logger.debug(
-                "Cleaning up any pre-existing risk/notable events..."
-            )
+            self.logger.debug("Cleaning up any pre-existing risk/notable events...")
             self.update_pbar(TestingStates.PRE_CLEANUP)
             if self.risk_event_exists():
                 self.logger.warning(
@@ -806,7 +821,9 @@ class CorrelationSearch(BaseModel):
                 # loop so long as the elapsed time is less than max_sleep
                 while elapsed_sleep_time < max_sleep:
                     # sleep so the detection job can finish
-                    self.logger.info(f"Waiting {time_to_sleep} for {self.name} so it can finish")
+                    self.logger.info(
+                        f"Waiting {time_to_sleep} for {self.name} so it can finish"
+                    )
                     self.update_pbar(TestingStates.VALIDATING)
                     time.sleep(time_to_sleep)
                     elapsed_sleep_time += time_to_sleep
@@ -895,7 +912,7 @@ class CorrelationSearch(BaseModel):
                     wait_duration=elapsed_sleep_time,
                     exception=e,
                 )
-                self.logger.exception(result.message)                    # type: ignore
+                self.logger.exception(result.message)  # type: ignore
             else:
                 raise e
         except Exception as e:
@@ -905,7 +922,10 @@ class CorrelationSearch(BaseModel):
 
         # log based on result status
         if result is not None:
-            if result.status == TestResultStatus.PASS or result.status == TestResultStatus.SKIP:
+            if (
+                result.status == TestResultStatus.PASS
+                or result.status == TestResultStatus.SKIP
+            ):
                 self.logger.info(f"{result.status.name}: {result.message}")
             elif result.status == TestResultStatus.FAIL:
                 self.logger.error(f"{result.status.name}: {result.message}")
@@ -928,11 +948,11 @@ class CorrelationSearch(BaseModel):
         :param query: the SPL string to run
         """
         self.logger.debug(f"Executing query: `{query}`")
-        job = self.service.search(query, exec_mode="blocking")                                      # type: ignore
+        job = self.service.search(query, exec_mode="blocking")  # type: ignore
 
         # query the results, catching any HTTP status code errors
         try:
-            response_reader: ResponseReader = job.results(output_mode="json")                       # type: ignore
+            response_reader: ResponseReader = job.results(output_mode="json")  # type: ignore
         except HTTPError as e:
             # e.g. ->  HTTP 400 Bad Request -- b'{"messages":[{"type":"FATAL","text":"Error in \'delete\' command: You
             #   have insufficient privileges to delete events."}]}'
@@ -940,7 +960,7 @@ class CorrelationSearch(BaseModel):
             self.logger.error(message)
             raise ServerError(message)
 
-        return ResultIterator(response_reader)                                                      # type: ignore
+        return ResultIterator(response_reader)  # type: ignore
 
     def _delete_index(self, index: str) -> None:
         """Deletes events in a given index
@@ -991,7 +1011,7 @@ class CorrelationSearch(BaseModel):
 
         # Add indexes to purge
         if delete_test_index:
-            self.indexes_to_purge.add(self.test_index)                                              # type: ignore
+            self.indexes_to_purge.add(self.test_index)  # type: ignore
         if self._risk_events is not None:
             self.indexes_to_purge.add(Indexes.RISK_INDEX)
         if self._notable_events is not None:
@@ -1019,5 +1039,5 @@ class CorrelationSearch(BaseModel):
             self.pbar_data.fq_test_name,
             state,
             self.pbar_data.start_time,
-            True
+            True,
         )

contentctl/objects/dashboard.py

@@ -8,7 +8,7 @@ from contentctl.objects.security_content_object import SecurityContentObject
 from contentctl.objects.config import build
 from enum import StrEnum
 
-DEFAULT_DASHBAORD_JINJA2_TEMPLATE = '''<dashboard version="2" theme="{{ dashboard.theme }}">
+DEFAULT_DASHBAORD_JINJA2_TEMPLATE = """<dashboard version="2" theme="{{ dashboard.theme }}">
     <label>{{ dashboard.label(config) }}</label>
     <description></description>
     <definition><![CDATA[
@@ -21,28 +21,40 @@ DEFAULT_DASHBAORD_JINJA2_TEMPLATE = '''<dashboard version="2" theme="{{ dashboar
 	"hideExport": false
 }
     ]]></meta>
-</dashboard>'''
+</dashboard>"""
+
 
 class DashboardTheme(StrEnum):
     light = "light"
     dark = "dark"
 
+
 class Dashboard(SecurityContentObject):
-    j2_template: str = Field(default=DEFAULT_DASHBAORD_JINJA2_TEMPLATE, description="Jinja2 Template used to construct the dashboard")
-    description: str = Field(...,description="A description of the dashboard. This does not have to match "
-                             "the description of the dashboard in the JSON file.", max_length=10000)
-    theme: DashboardTheme = Field(default=DashboardTheme.light, description="The theme of the dashboard. Choose between 'light' and 'dark'.")
-    json_obj: Json[dict[str,Any]] = Field(..., description="Valid JSON object that describes the dashboard")
-    
-    
-    
-    def label(self, config:build)->str:
+    j2_template: str = Field(
+        default=DEFAULT_DASHBAORD_JINJA2_TEMPLATE,
+        description="Jinja2 Template used to construct the dashboard",
+    )
+    description: str = Field(
+        ...,
+        description="A description of the dashboard. This does not have to match "
+        "the description of the dashboard in the JSON file.",
+        max_length=10000,
+    )
+    theme: DashboardTheme = Field(
+        default=DashboardTheme.light,
+        description="The theme of the dashboard. Choose between 'light' and 'dark'.",
+    )
+    json_obj: Json[dict[str, Any]] = Field(
+        ..., description="Valid JSON object that describes the dashboard"
+    )
+
+    def label(self, config: build) -> str:
         return f"{config.app.label} - {self.name}"
-    
+
     @model_validator(mode="before")
     @classmethod
-    def validate_fields_from_json(cls, data:Any)->Any:
-        yml_file_name:str|None = data.get("file_path", None)
+    def validate_fields_from_json(cls, data: Any) -> Any:
+        yml_file_name: str | None = data.get("file_path", None)
         if yml_file_name is None:
             raise ValueError("File name not passed to dashboard constructor")
         yml_file_path = pathlib.Path(yml_file_name)
@@ -50,51 +62,53 @@ class Dashboard(SecurityContentObject):
 
         if not json_file_path.is_file():
             raise ValueError(f"Required file {json_file_path} does not exist.")
-        
-        with open(json_file_path,'r') as jsonFilePointer:
+
+        with open(json_file_path, "r") as jsonFilePointer:
             try:
-                json_obj:dict[str,Any] = json.load(jsonFilePointer)
+                json_obj: dict[str, Any] = json.load(jsonFilePointer)
             except Exception as e:
                 raise ValueError(f"Unable to load data from {json_file_path}: {str(e)}")
 
-        name_from_file = data.get("name",None)
-        name_from_json  = json_obj.get("title",None)
+        name_from_file = data.get("name", None)
+        name_from_json = json_obj.get("title", None)
 
-        errors:list[str] = []
+        errors: list[str] = []
         if name_from_json is None:
             errors.append(f"'title' field is missing from {json_file_path}")
         elif name_from_json != name_from_file:
-            errors.append(f"The 'title' field in the JSON file [{json_file_path}] does not match the 'name' field in the YML object [{yml_file_path}]. These two MUST match:\n    "
-                          f"title in JSON : {name_from_json}\n    "
-                          f"title in YML  : {name_from_file}\n    ")
-        
-        description_from_json = json_obj.get("description",None)
+            errors.append(
+                f"The 'title' field in the JSON file [{json_file_path}] does not match the 'name' field in the YML object [{yml_file_path}]. These two MUST match:\n    "
+                f"title in JSON : {name_from_json}\n    "
+                f"title in YML  : {name_from_file}\n    "
+            )
+
+        description_from_json = json_obj.get("description", None)
         if description_from_json is None:
             errors.append("'description' field is missing from field 'json_object'")
-        
-        if len(errors) > 0 :
+
+        if len(errors) > 0:
             err_string = "\n  - ".join(errors)
             raise ValueError(f"Error(s) validating dashboard:\n  - {err_string}")
-        
-        data['name'] = name_from_file
-        data['json_obj'] = json.dumps(json_obj)
+
+        data["name"] = name_from_file
+        data["json_obj"] = json.dumps(json_obj)
         return data
 
-    
     def pretty_print_json_obj(self):
         return json.dumps(self.json_obj, indent=4)
-    
-    def getOutputFilepathRelativeToAppRoot(self, config:build)->pathlib.Path:
+
+    def getOutputFilepathRelativeToAppRoot(self, config: build) -> pathlib.Path:
         filename = f"{self.file_path.stem}.xml".lower()
-        return pathlib.Path("default/data/ui/views")/filename
-    
-    
-    def writeDashboardFile(self, j2_env:Environment, config:build):
+        return pathlib.Path("default/data/ui/views") / filename
+
+    def writeDashboardFile(self, j2_env: Environment, config: build):
         template = j2_env.from_string(self.j2_template)
         dashboard_text = template.render(config=config, dashboard=self)
 
-        with open(config.getPackageDirectoryPath()/self.getOutputFilepathRelativeToAppRoot(config), 'a') as f:
-            output_xml = dashboard_text.encode('utf-8', 'ignore').decode('utf-8')
+        with open(
+            config.getPackageDirectoryPath()
+            / self.getOutputFilepathRelativeToAppRoot(config),
+            "a",
+        ) as f:
+            output_xml = dashboard_text.encode("utf-8", "ignore").decode("utf-8")
             f.write(output_xml)
-
-

contentctl/objects/data_source.py

@@ -1,6 +1,6 @@
 from __future__ import annotations
 from typing import Optional, Any
-from pydantic import Field, HttpUrl, model_serializer, BaseModel, ConfigDict
+from pydantic import Field, HttpUrl, model_serializer, BaseModel
 from contentctl.objects.security_content_object import SecurityContentObject
 
 
@@ -8,6 +8,8 @@ class TA(BaseModel):
     name: str
     url: HttpUrl | None = None
     version: str
+
+
 class DataSource(SecurityContentObject):
     source: str = Field(...)
     sourcetype: str = Field(...)
@@ -19,14 +21,13 @@ class DataSource(SecurityContentObject):
     convert_to_log_source: None | list = None
     example_log: None | str = None
 
-
     @model_serializer
     def serialize_model(self):
-        #Call serializer for parent
+        # Call serializer for parent
         super_fields = super().serialize_model()
-        
-        #All fields custom to this model
-        model:dict[str,Any] = {
+
+        # All fields custom to this model
+        model: dict[str, Any] = {
             "source": self.source,
             "sourcetype": self.sourcetype,
             "separator": self.separator,
@@ -35,12 +36,11 @@ class DataSource(SecurityContentObject):
             "fields": self.fields,
             "field_mappings": self.field_mappings,
             "convert_to_log_source": self.convert_to_log_source,
-            "example_log":self.example_log
+            "example_log": self.example_log,
         }
-        
-        
-        #Combine fields from this model with fields from parent
+
+        # Combine fields from this model with fields from parent
         super_fields.update(model)
-        
-        #return the model
-        return super_fields
+
+        # return the model
+        return super_fields