contentctl 5.5.0__tar.gz → 5.5.3__tar.gz

{contentctl-5.5.0 → contentctl-5.5.3}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: contentctl
-Version: 5.5.0
+Version: 5.5.3
 Summary: Splunk Content Control Tool
 License: Apache 2.0
 Author: STRT

{contentctl-5.5.0 → contentctl-5.5.3}/contentctl/actions/build.py

@@ -6,7 +6,7 @@ from dataclasses import dataclass
 
 from contentctl.input.director import DirectorOutputDto
 from contentctl.objects.config import build
-from contentctl.output.api_json_output import ApiJsonOutput
+from contentctl.output.api_json_output import JSON_API_VERSION, ApiJsonOutput
 from contentctl.output.conf_output import ConfOutput
 from contentctl.output.conf_writer import ConfWriter
 
@@ -76,7 +76,9 @@ class Build:
             api_json_output.writeDeployments(input_dto.director_output_dto.deployments)
 
             # create version file for sse api
-            version_file = input_dto.config.getAPIPath() / "version.json"
+            version_file = (
+                input_dto.config.getAPIPath() / f"version_v{JSON_API_VERSION}.json"
+            )
             utc_time = (
                 datetime.datetime.now(datetime.timezone.utc)
                 .replace(microsecond=0, tzinfo=None)

{contentctl-5.5.0 → contentctl-5.5.3}/contentctl/objects/abstract_security_content_objects/security_content_object_abstract.py

@@ -12,6 +12,7 @@ import pathlib
 import pprint
 import uuid
 from abc import abstractmethod
+from collections import Counter
 from difflib import get_close_matches
 from functools import cached_property
 from typing import List, Optional, Tuple, Union
@@ -708,6 +709,15 @@ class SecurityContentObject_Abstract(BaseModel, abc.ABC):
                 "an error in the contentctl codebase which must be resolved."
             )
 
+        # Catch all for finding duplicates in mapped content
+        if (
+            len(duplicates := [name for name, count in Counter(v).items() if count > 1])
+            > 0
+        ):
+            raise ValueError(
+                f"Duplicate {cls.__name__} ({duplicates}) found in list: {v}."
+            )
+
         mappedObjects: list[Self] = []
         mistyped_objects: list[SecurityContentObject_Abstract] = []
         missing_objects: list[str] = []

{contentctl-5.5.0 → contentctl-5.5.3}/contentctl/output/api_json_output.py

@@ -16,6 +16,8 @@ import pathlib
 
 from contentctl.output.json_writer import JsonWriter
 
+JSON_API_VERSION = 2
+
 
 class ApiJsonOutput:
     output_path: pathlib.Path
@@ -70,7 +72,9 @@ class ApiJsonOutput:
         #     del()
 
         JsonWriter.writeJsonObject(
-            os.path.join(self.output_path, "detections.json"), "detections", detections
+            os.path.join(self.output_path, f"detections_v{JSON_API_VERSION}.json"),
+            "detections",
+            detections,
         )
 
     def writeMacros(
@@ -86,7 +90,9 @@ class ApiJsonOutput:
                 if k in macro:
                     del macro[k]
         JsonWriter.writeJsonObject(
-            os.path.join(self.output_path, "macros.json"), "macros", macros
+            os.path.join(self.output_path, f"macros_v{JSON_API_VERSION}.json"),
+            "macros",
+            macros,
         )
 
     def writeStories(
@@ -132,7 +138,9 @@ class ApiJsonOutput:
             ]
 
         JsonWriter.writeJsonObject(
-            os.path.join(self.output_path, "stories.json"), "stories", stories
+            os.path.join(self.output_path, f"stories_v{JSON_API_VERSION}.json"),
+            "stories",
+            stories,
         )
 
     def writeBaselines(
@@ -163,7 +171,9 @@ class ApiJsonOutput:
         ]
 
         JsonWriter.writeJsonObject(
-            os.path.join(self.output_path, "baselines.json"), "baselines", baselines
+            os.path.join(self.output_path, f"baselines_v{JSON_API_VERSION}.json"),
+            "baselines",
+            baselines,
         )
 
     def writeInvestigations(
@@ -195,7 +205,7 @@ class ApiJsonOutput:
             for investigation in objects
         ]
         JsonWriter.writeJsonObject(
-            os.path.join(self.output_path, "response_tasks.json"),
+            os.path.join(self.output_path, f"response_tasks_v{JSON_API_VERSION}.json"),
             "response_tasks",
             investigations,
         )
@@ -227,7 +237,9 @@ class ApiJsonOutput:
                 if k in lookup:
                     del lookup[k]
         JsonWriter.writeJsonObject(
-            os.path.join(self.output_path, "lookups.json"), "lookups", lookups
+            os.path.join(self.output_path, f"lookups_v{JSON_API_VERSION}.json"),
+            "lookups",
+            lookups,
         )
 
     def writeDeployments(
@@ -255,7 +267,7 @@ class ApiJsonOutput:
         # references are not to be included, but have been deleted in the
         # model_serialization logic
         JsonWriter.writeJsonObject(
-            os.path.join(self.output_path, "deployments.json"),
+            os.path.join(self.output_path, f"deployments_v{JSON_API_VERSION}.json"),
             "deployments",
             deployments,
         )

{contentctl-5.5.0 → contentctl-5.5.3}/contentctl/output/templates/savedsearches_detections.j2

@@ -42,7 +42,7 @@ action.correlationsearch.metadata = {{ detection.metadata | tojson }}
 schedule_window = {{ detection.deployment.scheduling.schedule_window }}
 {% if detection.deployment.alert_action.notable %}
 action.notable = 1
-action.notable.param._entities = [{"risk_object_field": "N/A", "risk_object_type": "N/A", "risk_score": "0"}]
+action.notable.param._entities = [{"risk_object_field": "N/A", "risk_object_type": "N/A", "risk_score": 0}]
 action.notable.param.nes_fields = {{ detection.nes_fields }}
 action.notable.param.rule_description = {{ detection.deployment.alert_action.notable.rule_description | custom_jinja2_enrichment_filter(detection) | escapeNewlines()}}
 action.notable.param.rule_title = {% if detection.type | lower == "correlation" %}RBA: {{ detection.deployment.alert_action.notable.rule_title | custom_jinja2_enrichment_filter(detection) }}{% else %}{{ detection.deployment.alert_action.notable.rule_title | custom_jinja2_enrichment_filter(detection) }}{% endif +%}

{contentctl-5.5.0 → contentctl-5.5.3}/pyproject.toml

@@ -1,7 +1,7 @@
 [tool.poetry]
 name = "contentctl"
 
-version = "5.5.0"
+version = "5.5.3"
 
 description = "Splunk Content Control Tool"
 authors = ["STRT <research@splunk.com>"]