tellaro-query-language 0.2.12__tar.gz → 0.2.14__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (58) hide show
  1. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/PKG-INFO +1 -1
  2. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/pyproject.toml +1 -1
  3. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/mutators/dns.py +11 -22
  4. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/LICENSE +0 -0
  5. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/README.md +0 -0
  6. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/__init__.py +0 -0
  7. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/analyzer.py +0 -0
  8. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/cache/__init__.py +0 -0
  9. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/cache/base.py +0 -0
  10. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/cache/memory.py +0 -0
  11. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/cache/redis.py +0 -0
  12. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/cli.py +0 -0
  13. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/core.py +0 -0
  14. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/core_components/README.md +0 -0
  15. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/core_components/__init__.py +0 -0
  16. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/core_components/file_operations.py +0 -0
  17. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/core_components/opensearch_operations.py +0 -0
  18. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/core_components/stats_operations.py +0 -0
  19. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/core_components/validation_operations.py +0 -0
  20. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/evaluator.py +0 -0
  21. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/evaluator_components/README.md +0 -0
  22. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/evaluator_components/__init__.py +0 -0
  23. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/evaluator_components/field_access.py +0 -0
  24. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/evaluator_components/special_expressions.py +0 -0
  25. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/evaluator_components/value_comparison.py +0 -0
  26. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/exceptions.py +0 -0
  27. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/field_type_inference.py +0 -0
  28. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/geoip_normalizer.py +0 -0
  29. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/mutator_analyzer.py +0 -0
  30. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/mutators/__init__.py +0 -0
  31. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/mutators/base.py +0 -0
  32. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/mutators/encoding.py +0 -0
  33. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/mutators/geo.py +0 -0
  34. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/mutators/list.py +0 -0
  35. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/mutators/network.py +0 -0
  36. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/mutators/security.py +0 -0
  37. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/mutators/string.py +0 -0
  38. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/opensearch.py +0 -0
  39. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/opensearch_components/README.md +0 -0
  40. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/opensearch_components/__init__.py +0 -0
  41. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/opensearch_components/field_mapping.py +0 -0
  42. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/opensearch_components/lucene_converter.py +0 -0
  43. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/opensearch_components/query_converter.py +0 -0
  44. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/opensearch_mappings.py +0 -0
  45. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/opensearch_stats.py +0 -0
  46. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/parser.py +0 -0
  47. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/parser_components/README.md +0 -0
  48. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/parser_components/__init__.py +0 -0
  49. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/parser_components/ast_builder.py +0 -0
  50. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/parser_components/error_analyzer.py +0 -0
  51. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/parser_components/field_extractor.py +0 -0
  52. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/parser_components/grammar.py +0 -0
  53. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/post_processor.py +0 -0
  54. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/scripts.py +0 -0
  55. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/stats_evaluator.py +0 -0
  56. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/stats_transformer.py +0 -0
  57. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/streaming_file_processor.py +0 -0
  58. {tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/validators.py +0 -0
{tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: tellaro-query-language
3
- Version: 0.2.12
3
+ Version: 0.2.14
4
4
  Summary: A flexible, human-friendly query language for searching and filtering structured data
5
5
  License: Proprietary
6
6
  License-File: LICENSE
{tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/pyproject.toml RENAMED
@@ -1,6 +1,6 @@
1
1
  [tool.poetry]
2
2
  name = "tellaro-query-language"
3
- version = "0.2.12"
3
+ version = "0.2.14"
4
4
  description = "A flexible, human-friendly query language for searching and filtering structured data"
5
5
  authors = ["Justin Henderson <justin@tellaro.io>"]
6
6
  license = "Proprietary"
{tellaro_query_language-0.2.12 → tellaro_query_language-0.2.14}/src/tql/mutators/dns.py RENAMED
@@ -294,28 +294,17 @@ class NSLookupMutator(BaseMutator):
294
294
  append_to_result(record, dns_field, results_array)
295
295
  # If no results, don't set any fields
296
296
 
297
- # For enrichment mutators, return data for comparison
298
- # The full enrichment data is stored via append_to_result above
299
- # Return value is used for field comparison (e.g., contains 'dns.google')
300
-
301
- if len(queries) == 1 and queries[0] in resolved_results:
302
- # Single query: return the first answer for comparison
303
- dns_data = resolved_results[queries[0]]
304
- answers = dns_data.get("answers", [])
305
- return answers[0] if answers else value # Return first answer or original value
306
- elif len(queries) > 1:
307
- # Multiple queries: return array of first answers
308
- first_answers = []
309
- for query in queries:
310
- if query in resolved_results:
311
- dns_data = resolved_results[query]
312
- answers = dns_data.get("answers", [])
313
- if answers:
314
- first_answers.append(answers[0])
315
- return first_answers if first_answers else value
316
- else:
317
- # No results: return original value
318
- return value
297
+ # For enrichment mutators, return the original value (not the DNS answer)
298
+ # This ensures the original field (e.g., destination.ip) is NOT overwritten
299
+ # The enrichment data (domain, dns) is already stored via append_to_result above
300
+ #
301
+ # IMPORTANT: We return the original value to prevent schema violations.
302
+ # For example, if destination.ip is typed as 'ip' in OpenSearch,
303
+ # returning a hostname like '170-114-14-33.zoom.us' would cause indexing errors.
304
+ #
305
+ # If the caller needs the resolved DNS name for comparison, they should
306
+ # access it via the domain field (e.g., destination.domain contains 'google')
307
+ return value
319
308
 
320
309
  def _format_dns_ecs( # noqa: C901
321
310
  self, query_value: str, records: List[Dict[str, Any]], query_types: List[str]