splunk-soar-sdk 2.3.6__py3-none-any.whl → 3.0.0__py3-none-any.whl

soar_sdk/models/container.py

@@ -1,5 +1,5 @@
-from pydantic import BaseModel
-from typing import Optional, Any, Union
+from pydantic import BaseModel, ConfigDict
+from typing import Any
 
 
 class Container(BaseModel):
@@ -8,40 +8,37 @@ class Container(BaseModel):
     This class allows users to specify container properties when yielding from an on_poll function.
     """
 
-    class Config:
-        """Pydantic config."""
-
-        extra = "forbid"
+    model_config = ConfigDict(extra="forbid")
 
     name: str
-    label: Optional[str] = None
-    description: Optional[str] = None
-    source_data_identifier: Optional[str] = None
-    severity: Optional[str] = None
-    status: Optional[str] = None
-    tags: Optional[Union[list[str], str]] = None
-    owner_id: Optional[Union[int, str]] = None
-    sensitivity: Optional[str] = None
-    artifacts: Optional[list[dict[str, Any]]] = None
-    asset_id: Optional[int] = None
-    close_time: Optional[str] = None
-    custom_fields: Optional[dict[str, Any]] = None
-    data: Optional[dict[str, Any]] = None
-    due_time: Optional[str] = None
-    end_time: Optional[str] = None
-    ingest_app_id: Optional[int] = None
-    kill_chain: Optional[str] = None
-    role_id: Optional[Union[int, str]] = None
+    label: str | None = None
+    description: str | None = None
+    source_data_identifier: str | None = None
+    severity: str | None = None
+    status: str | None = None
+    tags: list[str] | str | None = None
+    owner_id: int | str | None = None
+    sensitivity: str | None = None
+    artifacts: list[dict[str, Any]] | None = None
+    asset_id: int | None = None
+    close_time: str | None = None
+    custom_fields: dict[str, Any] | None = None
+    data: dict[str, Any] | None = None
+    due_time: str | None = None
+    end_time: str | None = None
+    ingest_app_id: int | None = None
+    kill_chain: str | None = None
+    role_id: int | str | None = None
     run_automation: bool = False
-    start_time: Optional[str] = None
-    open_time: Optional[str] = None
-    tenant_id: Optional[Union[int, str]] = None
-    container_type: Optional[str] = None
-    template_id: Optional[int] = None
-    authorized_users: Optional[list[int]] = None
-    artifact_count: Optional[int] = None
-    container_id: Optional[str] = None
+    start_time: str | None = None
+    open_time: str | None = None
+    tenant_id: int | str | None = None
+    container_type: str | None = None
+    template_id: int | None = None
+    authorized_users: list[int] | None = None
+    artifact_count: int | None = None
+    container_id: str | None = None
 
     def to_dict(self) -> dict[str, Any]:
         """Convert the container to a dictionary (needed for save_container)."""
-        return self.dict(exclude_none=True)
+        return self.model_dump(exclude_none=True)

soar_sdk/models/vault_attachment.py

@@ -1,4 +1,4 @@
-from typing import IO, Optional, Union
+from typing import IO
 from pydantic import BaseModel
 
 
@@ -11,15 +11,15 @@ class VaultAttachment(BaseModel):
     """
 
     id: int
-    created_via: Optional[str] = None
+    created_via: str | None = None
     container: str
-    task: Optional[str] = None
+    task: str | None = None
     create_time: str
     name: str
     user: str
     vault_document: int
-    mime_type: Optional[str] = None
-    es_attachment_id: Optional[str] = None
+    mime_type: str | None = None
+    es_attachment_id: str | None = None
     hash: str
     vault_id: str
     size: int
@@ -29,7 +29,7 @@ class VaultAttachment(BaseModel):
     container_id: int
     contains: list[str] = []
 
-    def open(self, mode: str = "r") -> Union[IO[str], IO[bytes]]:
+    def open(self, mode: str = "r") -> IO[str] | IO[bytes]:
         """Open the vault attachment file.
 
         Args:

soar_sdk/models/view.py

@@ -1,5 +1,5 @@
-from typing import Any, Optional, Union
-from pydantic import BaseModel
+from typing import Any
+from pydantic import BaseModel, ConfigDict
 from soar_sdk.action_results import ActionResult
 
 
@@ -10,17 +10,14 @@ class ViewContext(BaseModel):
     container: int
     app: int
     no_connection: bool
-    google_maps_key: Union[bool, str]
-    dark_title_logo: Optional[str] = None
-    title_logo: Optional[str] = None
-    app_name: Optional[str] = None
-    results: Optional[list[dict[str, Any]]] = None
-    html_content: Optional[str] = None
-
-    class Config:
-        """Pydantic config."""
-
-        extra = "allow"
+    google_maps_key: bool | str
+    dark_title_logo: str | None = None
+    title_logo: str | None = None
+    app_name: str | None = None
+    results: list[dict[str, Any]] | None = None
+    html_content: str | None = None
+
+    model_config = ConfigDict(extra="allow")
 
 
 class ResultSummary(BaseModel):

soar_sdk/params.py

@@ -1,11 +1,14 @@
-from typing import Optional, Union, Any, ClassVar
-from typing_extensions import NotRequired, TypedDict
+from typing import Any, ClassVar
+from typing_extensions import TypedDict
+from typing import NotRequired
 
-from pydantic.fields import Field, Undefined
+from pydantic import Field
+from pydantic_core import PydanticUndefined
 from pydantic.main import BaseModel
 
 from soar_sdk.compat import remove_when_soar_newer_than
 from soar_sdk.meta.datatypes import as_datatype
+from soar_sdk.field_utils import parse_json_schema_extra
 
 remove_when_soar_newer_than(
     "7.0.0", "NotRequired from typing_extensions is in typing in Python 3.11+"
@@ -13,16 +16,16 @@ remove_when_soar_newer_than(
 
 
 def Param(
-    description: Optional[str] = None,
+    description: str | None = None,
     required: bool = True,
     primary: bool = False,
-    default: Optional[Any] = None,  # noqa: ANN401
-    value_list: Optional[list] = None,
-    cef_types: Optional[list] = None,
+    default: Any | None = None,  # noqa: ANN401
+    value_list: list | None = None,
+    cef_types: list | None = None,
     allow_list: bool = False,
     sensitive: bool = False,
-    alias: Optional[str] = None,
-    column_name: Optional[str] = None,
+    alias: str | None = None,
+    column_name: str | None = None,
 ) -> Any:  # noqa: ANN401
     """Representation of a single complex action parameter.
 
@@ -53,20 +56,30 @@ def Param(
     :param column_name: Optional name for the parameter when displayed in an output table.
     :return: returns the FieldInfo object as pydantic.Field
     """
-    if value_list is None:
-        value_list = []
+    json_schema_extra: dict[str, Any] = {}
+    if required is not None:
+        json_schema_extra["required"] = required
+    if primary is not None:
+        json_schema_extra["primary"] = primary
+    if value_list:
+        json_schema_extra["value_list"] = value_list
+    if cef_types is not None:
+        json_schema_extra["cef_types"] = cef_types
+    if allow_list is not None:
+        json_schema_extra["allow_list"] = allow_list
+    if sensitive is not None:
+        json_schema_extra["sensitive"] = sensitive
+    if column_name is not None:
+        json_schema_extra["column_name"] = column_name
+
+    # Use ... for required fields
+    field_default: Any = ... if default is None and required else default
 
     return Field(
-        default=default,
+        default=field_default,
         description=description,
-        required=required,
-        primary=primary,
-        value_list=value_list,
-        cef_types=cef_types,
-        allow_list=allow_list,
-        sensitive=sensitive,
         alias=alias,
-        column_name=column_name,
+        json_schema_extra=json_schema_extra if json_schema_extra else None,
     )
 
 
@@ -82,7 +95,7 @@ class InputFieldSpecification(TypedDict):
     primary: bool
     value_list: NotRequired[list[str]]
     allow_list: bool
-    default: NotRequired[Union[str, int, float, bool]]
+    default: NotRequired[str | int | float | bool]
     column_name: NotRequired[str]
     column_order: NotRequired[int]
 
@@ -103,9 +116,12 @@ class Params(BaseModel):
     def _to_json_schema(cls) -> dict[str, InputFieldSpecification]:
         params: dict[str, InputFieldSpecification] = {}
 
-        for field_order, (field_name, field) in enumerate(cls.__fields__.items()):
+        for field_order, (field_name, field) in enumerate(cls.model_fields.items()):
             field_type = field.annotation
 
+            if field_type is None:
+                raise TypeError(f"Parameter {field_name} has no type annotation")
+
             try:
                 type_name = as_datatype(field_type)
             except TypeError as e:
@@ -113,14 +129,16 @@ class Params(BaseModel):
                     f"Failed to serialize action parameter {field_name}: {e}"
                 ) from None
 
-            if field.field_info.extra.get("sensitive", False):
+            json_schema_extra = parse_json_schema_extra(field.json_schema_extra)
+
+            if json_schema_extra.get("sensitive", False):
                 if field_type is not str:
                     raise TypeError(
                         f"Sensitive parameter {field_name} must be type str, not {field_type.__name__}"
                     )
                 type_name = "password"
 
-            if not (description := field.field_info.description):
+            if not (description := field.description):
                 description = cls._default_field_description(field_name)
 
             params_field = InputFieldSpecification(
@@ -128,19 +146,19 @@ class Params(BaseModel):
                 name=field_name,
                 description=description,
                 data_type=type_name,
-                required=field.field_info.extra.get("required", True),
-                primary=field.field_info.extra.get("primary", False),
-                allow_list=field.field_info.extra.get("allow_list", False),
+                required=bool(json_schema_extra.get("required", True)),
+                primary=bool(json_schema_extra.get("primary", False)),
+                allow_list=bool(json_schema_extra.get("allow_list", False)),
             )
 
-            if cef_types := field.field_info.extra.get("cef_types"):
+            if cef_types := json_schema_extra.get("cef_types"):
                 params_field["contains"] = cef_types
-            if (default := field.field_info.default) and default != Undefined:
+            if (default := field.default) not in (PydanticUndefined, None):
                 params_field["default"] = default
-            if value_list := field.field_info.extra.get("value_list"):
+            if value_list := json_schema_extra.get("value_list"):
                 params_field["value_list"] = value_list
 
-            params[field.alias] = params_field
+            params[field.alias or field_name] = params_field
 
         return params
 
@@ -189,21 +207,21 @@ class MakeRequestParams(Params):
         "verify_ssl",
     }
 
-    def __init_subclass__(cls, **kwargs: dict[str, Any]) -> None:
+    def __init_subclass__(cls, **kwargs: Any) -> None:  # noqa: ANN401
         """Validate that subclasses only define allowed fields."""
         super().__init_subclass__(**kwargs)
-        cls._validate_make_request_fields()
 
-    @classmethod
-    def _validate_make_request_fields(cls) -> None:
-        """Ensure subclasses only define allowed MakeRequest fields."""
+    def model_post_init(self, __context: Any) -> None:  # noqa: ANN401
+        """Ensure model fields are validated after instance is created."""
+        super().model_post_init(__context)
         # Check if any fields are not in the allowed set
-        invalid_fields = set(cls.__fields__.keys()) - cls._ALLOWED_FIELDS
-
+        invalid_fields = (
+            set(self.__class__.model_fields.keys()) - self.__class__._ALLOWED_FIELDS
+        )
         if invalid_fields:
             raise TypeError(
-                f"MakeRequestParams subclass '{cls.__name__}' can only define these fields: "
-                f"{sorted(cls._ALLOWED_FIELDS)}. Invalid fields: {sorted(invalid_fields)}"
+                f"MakeRequestParams subclass '{self.__class__.__name__}' can only define these fields: "
+                f"{sorted(self.__class__._ALLOWED_FIELDS)}. Invalid fields: {sorted(invalid_fields)}"
             )
 
     http_method: str = Param(

soar_sdk/shims/phantom/action_result.py

@@ -5,12 +5,12 @@ try:
 except ImportError:
     _soar_is_available = False
 
-from typing import Any, Optional, Union, TYPE_CHECKING
+from typing import Any, TYPE_CHECKING
 
 if TYPE_CHECKING or not _soar_is_available:
 
     class ActionResult:  # type: ignore[no-redef]
-        def __init__(self, param: Optional[dict] = None) -> None:
+        def __init__(self, param: dict | None = None) -> None:
             self.status = False
             self.message = ""
             self.summary: dict[str, Any] = {}
@@ -24,9 +24,9 @@ if TYPE_CHECKING or not _soar_is_available:
 
         def set_status(
             self,
-            status_code: Union[bool, int],
+            status_code: bool | int,
             _status_message: str = "",
-            _exception: Optional[Exception] = None,
+            _exception: Exception | None = None,
         ) -> bool:
             self.status = bool(status_code)
             self.message = _status_message

soar_sdk/shims/phantom/base_connector.py

@@ -5,8 +5,11 @@ try:
 except ImportError:
     _soar_is_available = False
 
+from pathlib import Path
 from typing import TYPE_CHECKING
 
+from soar_sdk.compat import remove_when_soar_newer_than
+
 if TYPE_CHECKING or not _soar_is_available:
     import json
     import abc
@@ -16,7 +19,7 @@ if TYPE_CHECKING or not _soar_is_available:
     from soar_sdk.shims.phantom.action_result import ActionResult
     from soar_sdk.shims.phantom.connector_result import ConnectorResult
 
-    from typing import Union, Any, Optional
+    from typing import Any
     from contextlib import suppress
 
     class BaseConnector:  # type: ignore[no-redef]
@@ -68,14 +71,14 @@ if TYPE_CHECKING or not _soar_is_available:
         def error_print(
             self,
             _tag: str,
-            _dump_object: Union[str, list, dict, ActionResult, Exception] = "",
+            _dump_object: str | list | dict | ActionResult | Exception = "",
         ) -> None:
             print(_tag, _dump_object)
 
         def debug_print(
             self,
             _tag: str,
-            _dump_object: Union[str, list, dict, ActionResult, Exception] = "",
+            _dump_object: str | list | dict | ActionResult | Exception = "",
         ) -> None:
             print(_tag, _dump_object)
 
@@ -106,12 +109,12 @@ if TYPE_CHECKING or not _soar_is_available:
 
         def save_container(
             self, container: dict, fail_on_duplicate: bool = False
-        ) -> tuple[bool, str, Optional[int]]:
+        ) -> tuple[bool, str, int | None]:
             return True, "Container saved successfully", 1
 
         def save_artifacts(
             self, artifacts: list[dict]
-        ) -> tuple[bool, str, Union[Optional[int], list[int]]]:
+        ) -> tuple[bool, str, int | None | list[int]]:
             return True, "Artifacts saved successfully", [1]
 
         def get_config(self) -> dict:
@@ -132,5 +135,10 @@ if TYPE_CHECKING or not _soar_is_available:
         def initialize(self) -> bool:
             return True
 
+        def get_app_dir(self) -> str:
+            # Remove when 7.1.0 is the min supported broker version
+            remove_when_soar_newer_than("7.1.1")
+            return Path.cwd().as_posix()
+
 
 __all__ = ["BaseConnector"]

soar_sdk/shims/phantom/install_info.py

@@ -1,5 +1,9 @@
 try:
-    from phantom_common.install_info import get_verify_ssl_setting, get_product_version
+    from phantom_common.install_info import (
+        get_verify_ssl_setting,
+        get_product_version,
+        is_onprem_broker_install,
+    )
 
     _soar_is_available = True
 except ImportError:
@@ -17,6 +21,10 @@ if TYPE_CHECKING or not _soar_is_available:
         """Mock function to simulate the behavior of get_product_version."""
         return "6.4.1"
 
+    def is_onprem_broker_install() -> bool:
+        """Mock function to simulate the behavior of is_onprem_broker_install."""
+        return False
+
 
 def is_soar_available() -> bool:
     """
@@ -25,4 +33,9 @@ def is_soar_available() -> bool:
     return _soar_is_available
 
 
-__all__ = ["get_product_version", "get_verify_ssl_setting", "is_soar_available"]
+__all__ = [
+    "get_product_version",
+    "get_verify_ssl_setting",
+    "is_onprem_broker_install",
+    "is_soar_available",
+]

soar_sdk/shims/phantom/ph_ipc.py

@@ -5,7 +5,7 @@ try:
 except ImportError:
     _soar_is_available = False
 
-from typing import TYPE_CHECKING, Optional
+from typing import TYPE_CHECKING
 
 if TYPE_CHECKING or not _soar_is_available:
     from soar_sdk.shims.phantom.install_info import get_product_version
@@ -34,12 +34,12 @@ if TYPE_CHECKING or not _soar_is_available:
 
             @staticmethod
             def sendstatus(
-                handle: Optional[int], status: int, message: str, flag: bool
+                handle: int | None, status: int, message: str, flag: bool
             ) -> None:
                 print(message)
 
             @staticmethod
-            def debugprint(handle: Optional[int], message: str, level: int) -> None:
+            def debugprint(handle: int | None, message: str, level: int) -> None:
                 print(message)
 
             @staticmethod

soar_sdk/shims/phantom/vault.py

@@ -1,9 +1,10 @@
-from typing import TYPE_CHECKING, Any, Optional, Union
+from typing import TYPE_CHECKING, Any
 
 if TYPE_CHECKING:
     from soar_sdk.abstract import SOARClient
 from abc import abstractmethod
 from soar_sdk.exceptions import SoarAPIError
+from datetime import UTC
 
 
 class VaultBase:
@@ -19,9 +20,9 @@ class VaultBase:
     def create_attachment(
         self,
         container_id: int,
-        file_content: Union[str, bytes],
+        file_content: str | bytes,
         file_name: str,
-        metadata: Optional[dict[str, str]] = None,
+        metadata: dict[str, str] | None = None,
     ) -> str:
         """Creates a vault attachment from file content. This differs from add_attachment because it doesn't require the file to exist locally."""
         pass
@@ -32,7 +33,7 @@ class VaultBase:
         container_id: int,
         file_location: str,
         file_name: str,
-        metadata: Optional[dict[str, str]] = None,
+        metadata: dict[str, str] | None = None,
     ) -> str:
         """Add an attachment to vault. This requires the file to exist locally."""
         pass
@@ -40,9 +41,9 @@ class VaultBase:
     @abstractmethod
     def get_attachment(
         self,
-        vault_id: Optional[str] = None,
-        file_name: Optional[str] = None,
-        container_id: Optional[int] = None,
+        vault_id: str | None = None,
+        file_name: str | None = None,
+        container_id: int | None = None,
         download_file: bool = True,
     ) -> list[dict[str, Any]]:
         """Returns vault attachments based on the provided query parameters."""
@@ -51,9 +52,9 @@ class VaultBase:
     @abstractmethod
     def delete_attachment(
         self,
-        vault_id: Optional[str] = None,
-        file_name: Optional[str] = None,
-        container_id: Optional[int] = None,
+        vault_id: str | None = None,
+        file_name: str | None = None,
+        container_id: int | None = None,
         remove_all: bool = False,
     ) -> list[str]:
         """Deletes vault attachments based on the provided query parameters."""
@@ -79,9 +80,9 @@ if _soar_is_available:
         def create_attachment(
             self,
             container_id: int,
-            file_content: Union[str, bytes],
+            file_content: str | bytes,
             file_name: str,
-            metadata: Optional[dict[str, str]] = None,
+            metadata: dict[str, str] | None = None,
         ) -> str:
             resp_json = Vault.create_attachment(
                 file_content, container_id, file_name, metadata
@@ -96,7 +97,7 @@ if _soar_is_available:
             container_id: int,
             file_location: str,
             file_name: str,
-            metadata: Optional[dict[str, str]] = None,
+            metadata: dict[str, str] | None = None,
         ) -> str:
             resp_json = vault_add(container_id, file_location, file_name, metadata)
             if not resp_json.get("succeeded"):
@@ -106,9 +107,9 @@ if _soar_is_available:
 
         def get_attachment(
             self,
-            vault_id: Optional[str] = None,
-            file_name: Optional[str] = None,
-            container_id: Optional[int] = None,
+            vault_id: str | None = None,
+            file_name: str | None = None,
+            container_id: int | None = None,
             download_file: bool = True,
         ) -> list[dict[str, Any]]:
             success, _, attachment = vault_info(
@@ -120,9 +121,9 @@ if _soar_is_available:
 
         def delete_attachment(
             self,
-            vault_id: Optional[str] = None,
-            file_name: Optional[str] = None,
-            container_id: Optional[int] = None,
+            vault_id: str | None = None,
+            file_name: str | None = None,
+            container_id: int | None = None,
             remove_all: bool = False,
         ) -> list[str]:
             success, message, deleted_file_names = vault_delete(
@@ -143,7 +144,7 @@ else:
     from pathlib import Path
     import secrets
     import random
-    from datetime import datetime, timezone
+    from datetime import datetime
     import hashlib
     from soar_sdk.logging import getLogger
     from soar_sdk.models.vault_attachment import VaultAttachment
@@ -162,9 +163,9 @@ else:
         def create_attachment(
             self,
             container_id: int,
-            file_content: Union[str, bytes],
+            file_content: str | bytes,
             file_name: str,
-            metadata: Optional[dict[str, str]] = None,
+            metadata: dict[str, str] | None = None,
         ) -> str:
             if is_client_authenticated(self.soar_client.client):
                 data = {
@@ -203,7 +204,7 @@ else:
                     container_id=container_id,
                     container="test_container",
                     created_via="upload",
-                    create_time=datetime.now(timezone.utc).isoformat(),
+                    create_time=datetime.now(UTC).isoformat(),
                     user="Phantom User",
                     vault_document=doc_id,
                     vault_id=vault_id,
@@ -224,7 +225,7 @@ else:
             container_id: int,
             file_location: str,
             file_name: str,
-            metadata: Optional[dict[str, str]] = None,
+            metadata: dict[str, str] | None = None,
         ) -> str:
             metadata = metadata or {}
 
@@ -265,7 +266,7 @@ else:
                     container_id=container_id,
                     container="test_container",
                     created_via="upload",
-                    create_time=datetime.now(timezone.utc).isoformat(),
+                    create_time=datetime.now(UTC).isoformat(),
                     user="Phantom User",
                     vault_document=doc_id,
                     vault_id=vault_id,
@@ -283,9 +284,9 @@ else:
 
         def get_attachment(
             self,
-            vault_id: Optional[str] = None,
-            file_name: Optional[str] = None,
-            container_id: Optional[int] = None,
+            vault_id: str | None = None,
+            file_name: str | None = None,
+            container_id: int | None = None,
             download_file: bool = True,
         ) -> list[dict[str, Any]]:
             if not any([vault_id, file_name, container_id]):
@@ -295,7 +296,7 @@ else:
 
             results = []
             if is_client_authenticated(self.soar_client.client):
-                query_params: dict[str, Union[str, int]] = {"pretty": ""}
+                query_params: dict[str, str | int] = {"pretty": ""}
                 if vault_id:
                     query_params["_filter_vault_document__hash"] = (
                         f'"{vault_id.lower()}"'
@@ -319,22 +320,22 @@ else:
                 if vault_id:
                     res = self.__storage.get(vault_id)
                     if res:
-                        results.append(res.dict())
+                        results.append(res.model_dump())
 
                 if any((container_id, file_name)):
                     for _, res in self.__storage.items():
                         if (
                             file_name and file_name in res.file_path
                         ) or container_id == res.container_id:
-                            results.append(res.dict())
+                            results.append(res.model_dump())
 
             return results
 
         def delete_attachment(
             self,
-            vault_id: Optional[str] = None,
-            file_name: Optional[str] = None,
-            container_id: Optional[int] = None,
+            vault_id: str | None = None,
+            file_name: str | None = None,
+            container_id: int | None = None,
             remove_all: bool = False,
         ) -> list[str]:
             vault_enteries = self.get_attachment(vault_id, file_name, container_id)