howler-api 2.10.0.dev167__tar.gz → 2.10.0.dev176__tar.gz

{howler_api-2.10.0.dev167 → howler_api-2.10.0.dev176}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: howler-api
-Version: 2.10.0.dev167
+Version: 2.10.0.dev176
 Summary: Howler - API server
 License: MIT
 Keywords: howler,alerting,gc,canada,cse-cst,cse,cst,cyber,cccs

{howler_api-2.10.0.dev167 → howler_api-2.10.0.dev176}/howler/api/v1/action.py

@@ -1,19 +1,9 @@
 import json
-from typing import Any, Optional
 
 from flask import Response, request
 
 import howler.actions as actions
-from howler.api import (
-    bad_request,
-    created,
-    forbidden,
-    internal_error,
-    make_subapi_blueprint,
-    no_content,
-    not_found,
-    ok,
-)
+from howler.api import bad_request, created, forbidden, internal_error, make_subapi_blueprint, no_content, not_found, ok
 from howler.common.exceptions import HowlerException
 from howler.common.loader import datastore
 from howler.common.logging.audit import audit
@@ -22,7 +12,7 @@ from howler.config import CLASSIFICATION
 from howler.odm.models.action import Action
 from howler.odm.models.user import User
 from howler.security import api_login
-from howler.services.action_service import VALID_TRIGGERS
+from howler.services import action_service
 
 SUB_API = "action"
 classification_definition = CLASSIFICATION.get_parsed_classification_definition()
@@ -51,41 +41,6 @@ def get_actions(**_) -> Response:
     return ok(datastore().action.search("*:*", as_obj=False)["items"])
 
 
-def validate_action(new_action: Any) -> Optional[Response]:  # noqa: C901
-    """Validate a new action"""
-    if not isinstance(new_action, dict):
-        return bad_request(err="Incorrect data structure!")
-
-    if "name" not in new_action:
-        return bad_request(err="You must specify a name.")
-    elif not new_action["name"]:
-        return bad_request(err="Name cannot be empty.")
-
-    if "query" not in new_action:
-        return bad_request(err="You must specify a query.")
-    elif not new_action["query"]:
-        return bad_request(err="Query cannot be empty.")
-
-    operations = new_action.get("operations", None)
-    if operations is None:
-        return bad_request(err="You must specify a list of operations.")
-
-    if not isinstance(operations, list):
-        return bad_request(err="'operations' must be a list of operations.")
-
-    if len(operations) < 1:
-        return bad_request(err="You must specify at least one operation.")
-
-    operation_ids = [o["operation_id"] for o in operations]
-    if len(operation_ids) != len(set(operation_ids)):
-        return bad_request(err="You must have a maximum of one operation of each type in the action.")
-
-    if set(new_action.get("triggers", [])) - set(VALID_TRIGGERS):
-        return bad_request(err="Invalid trigger provided.")
-
-    return None
-
-
 @generate_swagger_docs()
 @action_api.route("/", methods=["POST"])
 @api_login(audit=False, check_xsrf_token=False, required_type=["automation_basic"])
@@ -120,7 +75,7 @@ def add_action(user: User, **_) -> Response:
     if new_action is None:
         return bad_request(err="You must specify an action")
 
-    if error := validate_action(new_action):
+    if error := action_service.validate_action(new_action):
         return error
 
     try:
@@ -192,7 +147,7 @@ def update_action(id: str, user: User, **_) -> Response:
         "action_id": existing_action["action_id"],
     }
 
-    if error := validate_action(updated_action):
+    if error := action_service.validate_action(updated_action):
         return error
 
     try:

{howler_api-2.10.0.dev167 → howler_api-2.10.0.dev176}/howler/api/v1/tool.py

@@ -22,8 +22,6 @@ SUB_API = "tools"
 tool_api = make_subapi_blueprint(SUB_API, api_version=1)
 tool_api._doc = "Manage the tools"
 
-FIELDS = Hit.flat_fields()
-
 logger = get_logger(__file__)
 
 hit_helper = OdmHelper(Hit)
@@ -78,6 +76,7 @@ def create_one_or_many_hits(tool_name: str, user: User, **kwargs):  # noqa: C901
         return bad_request(err="Invalid: 'hits' field is missing or invalid.")
     warnings = []
     # Validate field_map targets
+    hit_fields = Hit.flat_fields()
     for targets in field_map.values():
         for target in targets:
             # This is checking to see if the target matches one of two cases:
@@ -85,7 +84,7 @@ def create_one_or_many_hits(tool_name: str, user: User, **kwargs):  # noqa: C901
             # Compound fields - hit.obj of type dict (should also match)
             # This allows significantly easier creation of hits, since you don't need to deconstruct every dict into
             # individual fields
-            if target not in FIELDS and not any(f for f in FIELDS.keys() if get_parent_key(f) == target):
+            if target not in hit_fields and not any(f for f in hit_fields.keys() if get_parent_key(f) == target):
                 warning = f"Invalid target field in the map: {target}"
                 if ignore_extra_values:
                     warnings.append(warning)
@@ -114,11 +113,11 @@ def create_one_or_many_hits(tool_name: str, user: User, **kwargs):  # noqa: C901
                 for target in targets:
                     _val = val
                     try:
-                        field_data: Optional[_Field] = FIELDS[target]
+                        field_data: Optional[_Field] = hit_fields[target]
                     except KeyError:
-                        logger.debug(f"`{target}` not in FIELDS")
+                        logger.debug(f"`{target}` not in hit fields")
                         field_data = next(
-                            (v for k, v in FIELDS.items() if get_parent_key(k) == target),
+                            (v for k, v in hit_fields.items() if get_parent_key(k) == target),
                             None,
                         )
 

{howler_api-2.10.0.dev167 → howler_api-2.10.0.dev176}/howler/common/logging/audit.py

@@ -4,12 +4,7 @@ import sys
 
 from flask import request
 
-from howler.common.logging.format import (
-    HWL_AUDIT_FORMAT,
-    HWL_DATE_FORMAT,
-    HWL_ISO_DATE_FORMAT,
-    HWL_LOG_FORMAT,
-)
+from howler.common.logging.format import HWL_AUDIT_FORMAT, HWL_DATE_FORMAT, HWL_ISO_DATE_FORMAT, HWL_LOG_FORMAT
 from howler.config import DEBUG, config
 
 AUDIT = config.ui.audit
@@ -94,10 +89,15 @@ def audit(args, kwargs, logged_in_uname, user, func, impersonator=None):
     except Exception:
         json_blob = {}
 
+    try:
+        req_args = ["%s='%s'" % (k, v) for k, v in request.args.items() if k in AUDIT_KW_TARGET]
+    except RuntimeError:
+        req_args = []
+
     params_list = (
         list(args)
         + ["%s='%s'" % (k, v) for k, v in kwargs.items() if k in AUDIT_KW_TARGET]
-        + ["%s='%s'" % (k, v) for k, v in request.args.items() if k in AUDIT_KW_TARGET]
+        + req_args
         + ["%s='%s'" % (k, v) for k, v in json_blob.items() if k in AUDIT_KW_TARGET]
     )
 

{howler_api-2.10.0.dev167 → howler_api-2.10.0.dev176}/howler/services/action_service.py

@@ -1,7 +1,11 @@
 import json
-from typing import Optional
+import sys
+from typing import Any, Optional
+
+from flask import Response
 
 from howler import actions
+from howler.api import bad_request
 from howler.common.exceptions import HowlerValueError
 from howler.common.loader import datastore
 from howler.common.logging import get_logger
@@ -13,6 +17,41 @@ from howler.utils.str_utils import sanitize_lucene_query
 logger = get_logger(__file__)
 
 
+def validate_action(new_action: Any) -> Optional[Response]:  # noqa: C901
+    """Validate a new action"""
+    if not isinstance(new_action, dict):
+        return bad_request(err="Incorrect data structure!")
+
+    if "name" not in new_action:
+        return bad_request(err="You must specify a name.")
+    elif not new_action["name"]:
+        return bad_request(err="Name cannot be empty.")
+
+    if "query" not in new_action:
+        return bad_request(err="You must specify a query.")
+    elif not new_action["query"]:
+        return bad_request(err="Query cannot be empty.")
+
+    operations = new_action.get("operations", None)
+    if operations is None:
+        return bad_request(err="You must specify a list of operations.")
+
+    if not isinstance(operations, list):
+        return bad_request(err="'operations' must be a list of operations.")
+
+    if len(operations) < 1:
+        return bad_request(err="You must specify at least one operation.")
+
+    operation_ids = [o["operation_id"] for o in operations]
+    if len(operation_ids) != len(set(operation_ids)):
+        return bad_request(err="You must have a maximum of one operation of each type in the action.")
+
+    if set(new_action.get("triggers", [])) - set(VALID_TRIGGERS):
+        return bad_request(err="Invalid trigger provided.")
+
+    return None
+
+
 def bulk_execute_on_query(query: str, trigger: str = "create", user: Optional[User] = None):
     """Execute the operations specified in registered actions on the given query"""
     storage = datastore()
@@ -20,11 +59,19 @@ def bulk_execute_on_query(query: str, trigger: str = "create", user: Optional[Us
     if trigger not in VALID_TRIGGERS:
         raise HowlerValueError(f"{trigger} is not a valid trigger. It must be one of {','.join(VALID_TRIGGERS)}")
 
-    on_trigger_actions: list[Action] = storage.action.search(f"triggers:{sanitize_lucene_query(trigger)}")["items"]
+    on_trigger_actions: list[Action] = storage.action.search(f"triggers:{sanitize_lucene_query(trigger)}", rows=10000)[
+        "items"
+    ]
 
     for action in on_trigger_actions:
         intersected_query = f"({query}) AND ({action.query})"
 
+        if datastore().hit.search(intersected_query, rows=0)["total"] < 1:
+            if "pytest" in sys.modules:
+                logger.debug("Action %s does not apply to query %s", action.action_id, query)
+
+            continue
+
         logger.info("Running action %s on bulk query %s", action.action_id, query)
         for operation in action.operations:
             if operation.operation_id == "example_plugin":

{howler_api-2.10.0.dev167 → howler_api-2.10.0.dev176}/howler/services/hit_service.py

@@ -555,9 +555,9 @@ def transition_hit(
         trigger: Union[Literal["promote"], Literal["demote"]]
 
         if transition == HitStatusTransition.ASSESS:
-            new_assessment = AssessmentEscalationMap[kwargs["assessment"]]
+            new_escalation = AssessmentEscalationMap[kwargs["assessment"]]
 
-            if new_assessment == Escalation.EVIDENCE:
+            if new_escalation == Escalation.EVIDENCE:
                 trigger = "promote"
             else:
                 trigger = "demote"

{howler_api-2.10.0.dev167 → howler_api-2.10.0.dev176}/pyproject.toml

@@ -148,7 +148,7 @@ suppress-none-returning = true
 [tool.poetry]
 package-mode = true
 name = "howler-api"
-version = "2.10.0.dev167"
+version = "2.10.0.dev176"
 description = "Howler - API server"
 authors = [
     "Canadian Centre for Cyber Security <howler@cyber.gc.ca>",