Merge pull request #4 from CrowdStrike/response-policies-scaffolding

Adds response policies scaffolding

caracara_filters/dialects/__init__.py

@@ -9,6 +9,7 @@
     'DIALECTS',
     'HOSTS_FILTERS',
     'PREVENTION_POLICIES_FILTERS',
+    'RESPONSE_POLICIES_FILTERS',
     'RTR_FILTERS',
     'USERS_FILTERS',
     'default_filter',
@@ -20,13 +21,15 @@
 from caracara_filters.dialects._merge import rebase_filters_on_default
 from caracara_filters.dialects.hosts import HOSTS_FILTERS
 from caracara_filters.dialects.prevention_policies import PREVENTION_POLICIES_FILTERS
+from caracara_filters.dialects.response_policies import RESPONSE_POLICIES_FILTERS
 from caracara_filters.dialects.rtr import RTR_FILTERS
 from caracara_filters.dialects.users import USERS_FILTERS
 
 DIALECTS = {
     "base": BASE_FILTERS,
     "hosts": HOSTS_FILTERS,
     "prevention_policies": PREVENTION_POLICIES_FILTERS,
+    "response_policies": RESPONSE_POLICIES_FILTERS,
     "rtr": RTR_FILTERS,
     "users": USERS_FILTERS,
 }

caracara_filters/dialects/response_policies.py

@@ -0,0 +1,11 @@
+"""Caracara Filters: Response Policies Dialect.
+
+This module contains filters that are specific to the Response Policies API.
+This code may be merged into a more generic policies dialect, depending on the overlaps
+in data structures.
+"""
+from caracara_filters.dialects._base import default_filter
+from caracara_filters.dialects._base import rebase_filters_on_default
+
+RESPONSE_POLICIES_FILTERS = {}
+rebase_filters_on_default(default_filter, RESPONSE_POLICIES_FILTERS)

tests/test_response_policies_filters.py

@@ -0,0 +1,8 @@
+from caracara_filters import FQLGenerator
+
+
+def test_response_policies_platform():
+    fql_generator = FQLGenerator(dialect='response_policies')
+    fql_generator.create_new_filter("platform_name", "Linux")
+    fql = fql_generator.get_fql()
+    assert fql == "platform_name: 'Linux'"