contentctl 5.3.0__tar.gz → 5.3.2__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (169) hide show
  1. {contentctl-5.3.0 → contentctl-5.3.2}/PKG-INFO +1 -1
  2. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/actions/detection_testing/GitService.py +4 -1
  3. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/actions/inspect.py +15 -1
  4. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/actions/validate.py +1 -1
  5. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/abstract_security_content_objects/detection_abstract.py +1 -1
  6. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/errors.py +28 -2
  7. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/lookup.py +1 -1
  8. {contentctl-5.3.0 → contentctl-5.3.2}/pyproject.toml +1 -1
  9. {contentctl-5.3.0 → contentctl-5.3.2}/LICENSE.md +0 -0
  10. {contentctl-5.3.0 → contentctl-5.3.2}/README.md +0 -0
  11. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/__init__.py +0 -0
  12. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/actions/build.py +0 -0
  13. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/actions/deploy_acs.py +0 -0
  14. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/actions/detection_testing/DetectionTestingManager.py +0 -0
  15. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/actions/detection_testing/generate_detection_coverage_badge.py +0 -0
  16. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructure.py +0 -0
  17. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructureContainer.py +0 -0
  18. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructureServer.py +0 -0
  19. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/actions/detection_testing/progress_bar.py +0 -0
  20. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/actions/detection_testing/views/DetectionTestingView.py +0 -0
  21. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/actions/detection_testing/views/DetectionTestingViewCLI.py +0 -0
  22. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/actions/detection_testing/views/DetectionTestingViewFile.py +0 -0
  23. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/actions/detection_testing/views/DetectionTestingViewWeb.py +0 -0
  24. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/actions/doc_gen.py +0 -0
  25. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/actions/initialize.py +0 -0
  26. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/actions/new_content.py +0 -0
  27. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/actions/release_notes.py +0 -0
  28. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/actions/reporting.py +0 -0
  29. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/actions/test.py +0 -0
  30. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/api.py +0 -0
  31. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/contentctl.py +0 -0
  32. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/enrichments/attack_enrichment.py +0 -0
  33. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/enrichments/cve_enrichment.py +0 -0
  34. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/enrichments/splunk_app_enrichment.py +0 -0
  35. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/helper/link_validator.py +0 -0
  36. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/helper/logger.py +0 -0
  37. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/helper/splunk_app.py +0 -0
  38. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/helper/utils.py +0 -0
  39. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/input/director.py +0 -0
  40. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/input/new_content_questions.py +0 -0
  41. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/input/yml_reader.py +0 -0
  42. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/abstract_security_content_objects/security_content_object_abstract.py +0 -0
  43. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/alert_action.py +0 -0
  44. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/annotated_types.py +0 -0
  45. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/atomic.py +0 -0
  46. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/base_test.py +0 -0
  47. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/base_test_result.py +0 -0
  48. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/baseline.py +0 -0
  49. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/baseline_tags.py +0 -0
  50. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/config.py +0 -0
  51. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/constants.py +0 -0
  52. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/content_versioning_service.py +0 -0
  53. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/correlation_search.py +0 -0
  54. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/dashboard.py +0 -0
  55. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/data_source.py +0 -0
  56. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/deployment.py +0 -0
  57. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/deployment_email.py +0 -0
  58. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/deployment_notable.py +0 -0
  59. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/deployment_phantom.py +0 -0
  60. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/deployment_rba.py +0 -0
  61. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/deployment_scheduling.py +0 -0
  62. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/deployment_slack.py +0 -0
  63. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/detection.py +0 -0
  64. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/detection_metadata.py +0 -0
  65. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/detection_stanza.py +0 -0
  66. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/detection_tags.py +0 -0
  67. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/drilldown.py +0 -0
  68. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/enums.py +0 -0
  69. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/integration_test.py +0 -0
  70. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/integration_test_result.py +0 -0
  71. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/investigation.py +0 -0
  72. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/investigation_tags.py +0 -0
  73. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/macro.py +0 -0
  74. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/manual_test.py +0 -0
  75. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/manual_test_result.py +0 -0
  76. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/mitre_attack_enrichment.py +0 -0
  77. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/notable_action.py +0 -0
  78. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/notable_event.py +0 -0
  79. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/playbook.py +0 -0
  80. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/playbook_tags.py +0 -0
  81. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/rba.py +0 -0
  82. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/removed_security_content_object.py +0 -0
  83. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/risk_analysis_action.py +0 -0
  84. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/risk_event.py +0 -0
  85. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/risk_object.py +0 -0
  86. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/savedsearches_conf.py +0 -0
  87. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/security_content_object.py +0 -0
  88. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/story.py +0 -0
  89. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/story_tags.py +0 -0
  90. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/test_attack_data.py +0 -0
  91. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/test_group.py +0 -0
  92. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/threat_object.py +0 -0
  93. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/throttling.py +0 -0
  94. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/unit_test.py +0 -0
  95. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/unit_test_baseline.py +0 -0
  96. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/unit_test_result.py +0 -0
  97. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/api_json_output.py +0 -0
  98. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/attack_nav_output.py +0 -0
  99. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/attack_nav_writer.py +0 -0
  100. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/conf_output.py +0 -0
  101. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/conf_writer.py +0 -0
  102. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/doc_md_output.py +0 -0
  103. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/jinja_writer.py +0 -0
  104. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/json_writer.py +0 -0
  105. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/runtime_csv_writer.py +0 -0
  106. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/svg_output.py +0 -0
  107. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/templates/analyticstories_detections.j2 +0 -0
  108. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/templates/analyticstories_investigations.j2 +0 -0
  109. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/templates/analyticstories_stories.j2 +0 -0
  110. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/templates/app.conf.j2 +0 -0
  111. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/templates/app.manifest.j2 +0 -0
  112. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/templates/collections.j2 +0 -0
  113. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/templates/content-version.j2 +0 -0
  114. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/templates/detection_count.j2 +0 -0
  115. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/templates/detection_coverage.j2 +0 -0
  116. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/templates/doc_detection_page.j2 +0 -0
  117. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/templates/doc_detections.j2 +0 -0
  118. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/templates/doc_navigation.j2 +0 -0
  119. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/templates/doc_navigation_pages.j2 +0 -0
  120. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/templates/doc_playbooks.j2 +0 -0
  121. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/templates/doc_playbooks_page.j2 +0 -0
  122. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/templates/doc_stories.j2 +0 -0
  123. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/templates/doc_story_page.j2 +0 -0
  124. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/templates/es_investigations_investigations.j2 +0 -0
  125. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/templates/es_investigations_stories.j2 +0 -0
  126. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/templates/header.j2 +0 -0
  127. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/templates/macros.j2 +0 -0
  128. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/templates/panel.j2 +0 -0
  129. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/templates/savedsearches_baselines.j2 +0 -0
  130. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/templates/savedsearches_detections.j2 +0 -0
  131. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/templates/savedsearches_investigations.j2 +0 -0
  132. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/templates/server.conf.j2 +0 -0
  133. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/templates/transforms.j2 +0 -0
  134. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/templates/workflow_actions.j2 +0 -0
  135. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/output/yml_writer.py +0 -0
  136. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/templates/README.md +0 -0
  137. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/templates/app_default.yml +0 -0
  138. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/templates/app_template/README/essoc_story_detail.txt +0 -0
  139. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/templates/app_template/README/essoc_summary.txt +0 -0
  140. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/templates/app_template/README/essoc_usage_dashboard.txt +0 -0
  141. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/templates/app_template/README.md +0 -0
  142. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/templates/app_template/default/analytic_stories.conf +0 -0
  143. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/templates/app_template/default/commands.conf +0 -0
  144. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/templates/app_template/default/data/ui/nav/default.xml +0 -0
  145. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/templates/app_template/default/data/ui/views/escu_summary.xml +0 -0
  146. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/templates/app_template/default/data/ui/views/feedback.xml +0 -0
  147. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/templates/app_template/default/use_case_library.conf +0 -0
  148. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/templates/app_template/lookups/mitre_enrichment.csv +0 -0
  149. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/templates/app_template/metadata/default.meta +0 -0
  150. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/templates/app_template/static/appIcon.png +0 -0
  151. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/templates/app_template/static/appIconAlt.png +0 -0
  152. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/templates/app_template/static/appIconAlt_2x.png +0 -0
  153. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/templates/app_template/static/appIcon_2x.png +0 -0
  154. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/templates/data_sources/sysmon_eventid_1.yml +0 -0
  155. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/templates/datamodels_cim.conf +0 -0
  156. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/templates/datamodels_custom.conf +0 -0
  157. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/templates/deployments/escu_default_configuration_anomaly.yml +0 -0
  158. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/templates/deployments/escu_default_configuration_baseline.yml +0 -0
  159. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/templates/deployments/escu_default_configuration_correlation.yml +0 -0
  160. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/templates/deployments/escu_default_configuration_hunting.yml +0 -0
  161. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/templates/deployments/escu_default_configuration_ttp.yml +0 -0
  162. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/templates/detections/application/.gitkeep +0 -0
  163. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/templates/detections/cloud/.gitkeep +0 -0
  164. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/templates/detections/endpoint/anomalous_usage_of_7zip.yml +0 -0
  165. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/templates/detections/network/.gitkeep +0 -0
  166. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/templates/detections/web/.gitkeep +0 -0
  167. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/templates/macros/security_content_ctime.yml +0 -0
  168. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/templates/macros/security_content_summariesonly.yml +0 -0
  169. {contentctl-5.3.0 → contentctl-5.3.2}/contentctl/templates/stories/cobalt_strike.yml +0 -0
{contentctl-5.3.0 → contentctl-5.3.2}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.3
2
2
  Name: contentctl
3
- Version: 5.3.0
3
+ Version: 5.3.2
4
4
  Summary: Splunk Content Control Tool
5
5
  License: Apache 2.0
6
6
  Author: STRT
{contentctl-5.3.0 → contentctl-5.3.2}/contentctl/actions/detection_testing/GitService.py RENAMED
@@ -14,7 +14,7 @@ from contentctl.input.director import DirectorOutputDto
14
14
  from contentctl.objects.config import All, Changes, Selected, test_common
15
15
  from contentctl.objects.data_source import DataSource
16
16
  from contentctl.objects.detection import Detection
17
- from contentctl.objects.lookup import CSVLookup, Lookup
17
+ from contentctl.objects.lookup import CSVLookup, Lookup, RuntimeCSV
18
18
  from contentctl.objects.macro import Macro
19
19
  from contentctl.objects.security_content_object import SecurityContentObject
20
20
 
@@ -148,6 +148,9 @@ class GitService(BaseModel):
148
148
  matched = list(
149
149
  filter(
150
150
  lambda x: isinstance(x, CSVLookup)
151
+ and not isinstance(
152
+ x, RuntimeCSV
153
+ ) # RuntimeCSV is not used directly by any content
151
154
  and x.filename == decoded_path,
152
155
  self.director.lookups,
153
156
  )
{contentctl-5.3.0 → contentctl-5.3.2}/contentctl/actions/inspect.py RENAMED
@@ -16,6 +16,7 @@ from contentctl.objects.errors import (
16
16
  DetectionMissingError,
17
17
  MetadataValidationError,
18
18
  VersionBumpingError,
19
+ VersionBumpingTooFarError,
19
20
  VersionDecrementedError,
20
21
  )
21
22
  from contentctl.objects.savedsearches_conf import SavedsearchesConf
@@ -101,7 +102,7 @@ class Inspect:
101
102
  -F "app_package=@<PATH/APP-PACKAGE>" \
102
103
  -F "included_tags=cloud" \
103
104
  --url "https://appinspect.splunk.com/v1/app/validate"
104
-
105
+
105
106
  This is confirmed by the great resource:
106
107
  https://curlconverter.com/
107
108
  """
@@ -429,6 +430,19 @@ class Inspect:
429
430
  )
430
431
  )
431
432
 
433
+ # Versions should never increase more than one version between releases
434
+ if (
435
+ current_stanza.metadata.detection_version
436
+ > previous_stanza.metadata.detection_version + 1
437
+ ):
438
+ validation_errors[rule_name].append(
439
+ VersionBumpingTooFarError(
440
+ rule_name=rule_name,
441
+ current_version=current_stanza.metadata.detection_version,
442
+ previous_version=previous_stanza.metadata.detection_version,
443
+ )
444
+ )
445
+
432
446
  # Convert our dict mapping to a flat list of errors for use in reporting
433
447
  validation_error_list = [
434
448
  x for inner_list in validation_errors.values() for x in inner_list
{contentctl-5.3.0 → contentctl-5.3.2}/contentctl/actions/validate.py RENAMED
@@ -54,7 +54,7 @@ class Validate:
54
54
  """
55
55
  lookupsDirectory = repo_path / "lookups"
56
56
 
57
- # Get all of the files referneced by Lookups
57
+ # Get all of the files referenced by Lookups
58
58
  usedLookupFiles: list[pathlib.Path] = [
59
59
  lookup.filename
60
60
  for lookup in director_output_dto.lookups
{contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/abstract_security_content_objects/detection_abstract.py RENAMED
@@ -547,7 +547,7 @@ class Detection_Abstract(SecurityContentObject):
547
547
  {
548
548
  "name": lookup.name,
549
549
  "description": lookup.description,
550
- "filename": lookup.filename.name,
550
+ "filename": lookup.filename.name, # This does not cause an issue for RuntimeCSV type because they are not used by any detections
551
551
  "default_match": lookup.default_match,
552
552
  "case_sensitive_match": "true"
553
553
  if lookup.case_sensitive_match
{contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/errors.py RENAMED
@@ -185,7 +185,7 @@ class VersionBumpingError(VersioningError):
185
185
  return (
186
186
  f"Rule '{self.rule_name}' has changed in current build compared to previous "
187
187
  "build (stanza hashes differ); the detection version should be bumped "
188
- f"to at least {self.previous_version + 1}."
188
+ f"to {self.previous_version + 1}."
189
189
  )
190
190
 
191
191
  @property
@@ -194,4 +194,30 @@ class VersionBumpingError(VersioningError):
194
194
  A short-form error message
195
195
  :returns: a str, the message
196
196
  """
197
- return f"Detection version in current build should be bumped to at least {self.previous_version + 1}."
197
+ return f"Detection version in current build should be bumped to {self.previous_version + 1}."
198
+
199
+
200
+ class VersionBumpingTooFarError(VersioningError):
201
+ """
202
+ An error indicating the detection changed but its version was bumped too far
203
+ """
204
+
205
+ @property
206
+ def long_message(self) -> str:
207
+ """
208
+ A long-form error message
209
+ :returns: a str, the message
210
+ """
211
+ return (
212
+ f"Rule '{self.rule_name}' has changed in current build compared to previous "
213
+ "build (stanza hashes differ); however the detection version increased too much"
214
+ f"The version should be reduced to {self.previous_version + 1}."
215
+ )
216
+
217
+ @property
218
+ def short_message(self) -> str:
219
+ """
220
+ A short-form error message
221
+ :returns: a str, the message
222
+ """
223
+ return f"Detection version in current build should be reduced to {self.previous_version + 1}."
{contentctl-5.3.0 → contentctl-5.3.2}/contentctl/objects/lookup.py RENAMED
@@ -257,7 +257,7 @@ class CSVLookup(FileBackedLookup):
257
257
  """
258
258
  if self.file_path is None:
259
259
  raise ValueError(
260
- f"Cannot get the filename of the lookup {self.lookup_type} because the YML file_path attribute is None"
260
+ f"Cannot get the filename of the lookup {self.lookup_type} for content [{self.name}] because the YML file_path attribute is None"
261
261
  ) # type: ignore
262
262
 
263
263
  csv_file = self.file_path.parent / f"{self.file_path.stem}.{self.lookup_type}" # type: ignore
{contentctl-5.3.0 → contentctl-5.3.2}/pyproject.toml RENAMED
@@ -1,7 +1,7 @@
1
1
  [tool.poetry]
2
2
  name = "contentctl"
3
3
 
4
- version = "5.3.0"
4
+ version = "5.3.2"
5
5
 
6
6
  description = "Splunk Content Control Tool"
7
7
  authors = ["STRT <research@splunk.com>"]
{contentctl-5.3.0 → contentctl-5.3.2}/LICENSE.md RENAMED
File without changes
{contentctl-5.3.0 → contentctl-5.3.2}/README.md RENAMED
File without changes
{contentctl-5.3.0 → contentctl-5.3.2}/contentctl/api.py RENAMED
File without changes