From 473fd9dd2deabab72071811a9c71a337a1bdb6e7 Mon Sep 17 00:00:00 2001 From: pyth0n1c <87383215+pyth0n1c@users.noreply.github.com> Date: Fri, 6 Sep 2024 10:35:17 -0700 Subject: [PATCH 1/4] fix some whitespace issues when formatting a string field for a conf file --- contentctl/output/conf_writer.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/contentctl/output/conf_writer.py b/contentctl/output/conf_writer.py index 2c8e82f7..b103a291 100644 --- a/contentctl/output/conf_writer.py +++ b/contentctl/output/conf_writer.py @@ -34,7 +34,10 @@ def escapeNewlines(obj:Any): # Failing to do so will result in an improperly formatted conf files that # cannot be parsed if isinstance(obj,str): - return obj.replace(f"\n"," \\\n") + # Remove leading and trailing characters. Conf parsers may erroneously + # Parse fields if they have leading or trailing newlines/whitespace and we + # probably don't want that anyway as it doesn't look good in output + return obj.strip().replace(f"\n"," \\\n") else: return obj From 148c12794b62f3d811b73e9106b53bc390670d2a Mon Sep 17 00:00:00 2001 From: pyth0n1c <87383215+pyth0n1c@users.noreply.github.com> Date: Fri, 6 Sep 2024 10:45:05 -0700 Subject: [PATCH 2/4] Update comment/docstring on function --- .../detection_abstract.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/contentctl/objects/abstract_security_content_objects/detection_abstract.py b/contentctl/objects/abstract_security_content_objects/detection_abstract.py index 075fb7a2..34904a9f 100644 --- a/contentctl/objects/abstract_security_content_objects/detection_abstract.py +++ b/contentctl/objects/abstract_security_content_objects/detection_abstract.py @@ -74,6 +74,8 @@ class Detection_Abstract(SecurityContentObject): data_source_objects: list[DataSource] = [] + + @field_validator("search", mode="before") @classmethod def validate_presence_of_filter_macro(cls, value:str, info:ValidationInfo)->str: @@ -83,15 +85,13 @@ def validate_presence_of_filter_macro(cls, value:str, info:ValidationInfo)->str: Args: - value (Union[str, dict[str,Any]]): The search. It can either be a string (and should be - SPL or a dict, in which case it is Sigma-formatted. + value (str): The SPL search. It must be an SPL-formatted string. info (ValidationInfo): The validation info can contain a number of different objects. Today it only contains the director. Returns: - Union[str, dict[str,Any]]: The search, either in sigma or SPL format. - """ - + str: The search, as an SPL formatted string. + """ # Otherwise, the search is SPL. From 2a2eeae84451ece3be27fb033cdb994956bc0ee2 Mon Sep 17 00:00:00 2001 From: pyth0n1c <87383215+pyth0n1c@users.noreply.github.com> Date: Fri, 13 Sep 2024 13:54:39 -0700 Subject: [PATCH 3/4] Remove extra line in python class --- .../abstract_security_content_objects/detection_abstract.py | 1 - 1 file changed, 1 deletion(-) diff --git a/contentctl/objects/abstract_security_content_objects/detection_abstract.py b/contentctl/objects/abstract_security_content_objects/detection_abstract.py index 34904a9f..6e3a990e 100644 --- a/contentctl/objects/abstract_security_content_objects/detection_abstract.py +++ b/contentctl/objects/abstract_security_content_objects/detection_abstract.py @@ -75,7 +75,6 @@ class Detection_Abstract(SecurityContentObject): data_source_objects: list[DataSource] = [] - @field_validator("search", mode="before") @classmethod def validate_presence_of_filter_macro(cls, value:str, info:ValidationInfo)->str: From b60eeb4b2971023fc06dedecc650c97a3bc928f2 Mon Sep 17 00:00:00 2001 From: pyth0n1c <87383215+pyth0n1c@users.noreply.github.com> Date: Fri, 13 Sep 2024 13:55:53 -0700 Subject: [PATCH 4/4] remove extra line --- .../abstract_security_content_objects/detection_abstract.py | 1 - 1 file changed, 1 deletion(-) diff --git a/contentctl/objects/abstract_security_content_objects/detection_abstract.py b/contentctl/objects/abstract_security_content_objects/detection_abstract.py index 6e3a990e..02d2756f 100644 --- a/contentctl/objects/abstract_security_content_objects/detection_abstract.py +++ b/contentctl/objects/abstract_security_content_objects/detection_abstract.py @@ -74,7 +74,6 @@ class Detection_Abstract(SecurityContentObject): data_source_objects: list[DataSource] = [] - @field_validator("search", mode="before") @classmethod def validate_presence_of_filter_macro(cls, value:str, info:ValidationInfo)->str: