Esempio n. 1
0
class InputsPage(DocumentWithoutAddProp):
    title = StringField(required=True, max_length=60)
    description = StringField(max_length=200)
    table = DocumentField(InputsTable, as_ref=True, required=True)
    services = ArrayField(DictField(
        properties={
            "name": StringField(required=True, pattern="^[0-9a-zA-Z][0-9a-zA-Z_-]*$", max_length=50),
            "title": StringField(required=True, max_length=100),
            "entity": ArrayField(DocumentField(InputsEntity, as_ref=True), required=True),
            "options": DocumentField(Hooks, as_ref=True),
            "groups": ArrayField(DictField(
                properties={
                    "options": DictField(
                        properties={
                            "isExpandable": BooleanField(),
                            "expand": BooleanField()
                        }
                    ),
                    "label": StringField(required=True, max_length=100),
                    "field": ArrayField(StringField(required=True, pattern="^\w+$"))
                }
            ), required=False),
            "style": StringField(required=False, enum=["page", "dialog"]),
            "hook": DictField(required=False),
            "conf": StringField(required=False, max_length=100),
            "restHandlerName": StringField(required=False, max_length=100)
        }
    ), required=True)
    menu = DictField(required=False)
Esempio n. 2
0
class Alerts(DocumentWithoutAddProp):
    name = StringField(required=True,
                       pattern="^[a-zA-Z0-9_]+$",
                       max_length=100)
    label = StringField(required=True, max_length=100)
    description = StringField(required=True)
    activeResponse = DictField(properties={
        "task":
        ArrayField(StringField(required=True), required=True, min_items=1),
        "supportsAdhoc":
        BooleanField(required=True),
        "subject":
        ArrayField(StringField(required=True), required=True, min_items=1),
        "category":
        ArrayField(StringField(required=True), required=True, min_items=1),
        "technology":
        ArrayField(DocumentField(Technology, as_ref=True),
                   required=True,
                   min_items=1),
        "drilldownUri":
        StringField(required=False),
        "sourcetype":
        StringField(required=False, pattern="^[a-zA-Z0-9:-_]+$", max_length=50)
    },
                               required=False)
    entity = ArrayField(DocumentField(AlertEntity, as_ref=True))
Esempio n. 3
0
def test_array_field():
    s_f = StringField()
    n_f = NumberField()
    field = ArrayField(Var({
        'role_1': s_f,
        'role_2': n_f,
    }))
    schema = field.get_schema(role='role_1')
    assert schema['items'] == s_f.get_schema()

    schema = field.get_schema(role='role_2')
    assert schema['items'] == n_f.get_schema()

    schema = field.get_schema()
    assert 'items' not in schema

    _ = lambda value: Var({'role_1': value})
    field = ArrayField(s_f,
                       min_items=_(1),
                       max_items=_(2),
                       unique_items=_(True),
                       additional_items=_(True))
    assert field.get_schema() == {
        'type': 'array',
        'items': s_f.get_schema(),
    }
    assert field.get_schema(role='role_1') == {
        'type': 'array',
        'items': s_f.get_schema(),
        'minItems': 1,
        'maxItems': 2,
        'uniqueItems': True,
        'additionalItems': True,
    }
Esempio n. 4
0
class BaseNormalization(Document):
    """Base class for a normalization configuration."""

    domain_name = None

    class TimestampInfo(Document):
        field = StringField(required=True)
        format = StringField(required=True)

    class Fields(Document):
        scope = StringField()
        mapping = DictField()

    name = StringField(required=True)
    filter_query = BooleanField(default=False)
    os_types = ArrayField(StringField(), required=False)
    domain = StringField(required=True)
    strict = BooleanField(required=True)
    timestamp = DocumentField(TimestampInfo(), required=True)
    fields = DocumentField(Fields(), required=True)

    events = DictField(additional_properties=DictField(
        {
            'enum':
            DictField(additional_properties=DictField(
                additional_properties=StringField())),
            'mapping':
            DictField(),
            'filter':
            StringField(required=True)
        },
        required=True))
Esempio n. 5
0
def test_array_field():
    s_f = StringField()
    n_f = NumberField()
    field = ArrayField(Var({
        'role_1': s_f,
        'role_2': n_f,
    }))
    schema = field.get_schema(role='role_1')
    assert schema['items'] == s_f.get_schema()

    schema = field.get_schema(role='role_2')
    assert schema['items'] == n_f.get_schema()

    schema = field.get_schema()
    assert 'items' not in schema

    _ = lambda value: Var({'role_1': value})
    field = ArrayField(s_f, min_items=_(1), max_items=_(2), unique_items=_(True), additional_items=_(True))
    assert field.get_schema() == {
        'type': 'array',
        'items': s_f.get_schema(),
    }
    assert field.get_schema(role='role_1') == {
        'type': 'array',
        'items': s_f.get_schema(),
        'minItems': 1,
        'maxItems': 2,
        'uniqueItems': True,
        'additionalItems': True,
    }
Esempio n. 6
0
class Domain(Document):
    """Meta schema for defining a query domain."""
    class EventInfo(Document):
        enum = DictField(
            additional_properties=ArrayField(StringField(eql_name)))
        fields = ArrayField(StringField(eql_name))

    name = StringField(required=True)
    fields = ArrayField(StringField(), required=True)
    events = DictField(additional_properties=DocumentField(EventInfo()))
Esempio n. 7
0
class TabContent(DocumentWithoutAddProp):
    entity = ArrayField(DocumentField(ConfigurationEntity, as_ref=True), required=True)
    name = StringField(required=True, pattern="^[\/\w]+$", max_length=250)
    title = StringField(required=True, max_length=50)
    options = DocumentField(Hooks, as_ref=True)
    table = DocumentField(ConfigurationTable, as_ref=True)
    conf = StringField(required=False, max_length=100)
    restHandlerName = StringField(required=False, max_length=100)
    # Provisioning tab level hook on configuration page
    hook = DocumentField(Hooks, as_ref=True)
Esempio n. 8
0
class Table(DocumentWithoutAddProp):
    moreInfo = ArrayField(DictField(
        properties={
            "field": StringField(required=True, pattern="^\w+$"),
            "label": StringField(required=True, max_length=30),
            "mapping": DictField(required=False)
        }
    ))
    # Header field names needs to be display on UI
    header = ArrayField(DictField(
        properties={
            "field": StringField(required=True, pattern="^\w+$"),
            "label": StringField(required=True, max_length=30),
            "mapping": DictField(required=False),
            "customCell": DictField(required=False)
        }
    ), required=True)
    # custom Row implementation if required for special cases
    customRow = DictField(required=False)
Esempio n. 9
0
    class User(Document):
        class Options(object):
            roles_to_propagate = not_(PARTIAL_RESPONSE_ROLE)

        with Scope(DB_ROLE) as db:
            db._id = StringField(required=True)
            db.version = StringField(required=True)
        with Scope(lambda r: r.startswith(RESPONSE_ROLE) or r == REQUEST_ROLE) as response:
            response.id = StringField(required=when_not(PARTIAL_RESPONSE_ROLE))
        with Scope(not_(REQUEST_ROLE)) as not_request:
            not_request.messages = ArrayField(DocumentField(Message), required=when_not(PARTIAL_RESPONSE_ROLE))
Esempio n. 10
0
def test_array_field():
    field = ArrayField(Var({
        'role_1': a,
        'role_2': b,
    }), additional_items=Var({
        'role_3': c,
        'role_4': d,
    }))
    assert set(field.iter_all_fields()) == set([a, b, c, d])

    field = ArrayField(Var({
        'role_1': (a, b),
        'role_2': c
    }), additional_items=d)
    assert set(field.iter_all_fields()) == set([a, b, c, d])

    field = ArrayField(a, additional_items=b)
    assert set(field.iter_all_fields()) == set([a, b])

    field = ArrayField()
    assert set(field.iter_all_fields()) == set([])
Esempio n. 11
0
class AnalyticMetadata(Document):
    """Base class for all analytics. Can be extended for cloud."""

    id = StringField(pattern=UUID_PATTERN, required=True)
    categories = ArrayField(StringField(enum=['detect', 'hunt', 'enrich']),
                            required=True)
    contributors = ArrayField(StringField(), required=True)
    confidence = StringField(enum=['low', 'medium', 'high'], required=True)
    created_date = StringField(required=True)
    description = StringField(required=True)
    name = StringField(required=True)
    notes = StringField(required=False)
    os = ArrayField(StringField(enum=OS_NAMES), required=True)
    references = ArrayField(StringField(), required=False)
    tactics = ArrayField(StringField(enum=TACTICS), required=False)
    tags = ArrayField(StringField(), required=False)
    techniques = ArrayField(StringField(), required=False)
    updated_date = StringField(required=True)
Esempio n. 12
0
class AlertEntity(DocumentWithoutAddProp):
    field = StringField(required=True, pattern="^\w+$")
    label = StringField(required=True, max_length=30)
    type = StringField(required=True,
                       enum=["text", "singleSelect", "checkbox", "radio", "singleSelectSplunkSearch"])
    help = StringField(max_length=200)
    defaultValue = OneOfField([
        NumberField(),
        StringField(max_length=250),
        BooleanField()
    ])
    required = BooleanField()
    search = StringField(max_length=200)
    valueField = StringField(max_length=200)
    labelField = StringField(max_length=200)
    options = DictField(
        properties={
            "items": ArrayField(DocumentField(ValueLabelPair, as_ref=True))
        }
    )
Esempio n. 13
0
def test_array_field():
    field = ArrayField(Var({
        'role_1': a,
        'role_2': b,
        'role_none': None,
    }), additional_items=Var({
        'role_3': c,
        'role_4': d,
        'role_1': e,
        'role_none': None,
    }))
    assert set(field.iter_fields()) == set([a, b, c, d, e])
    assert set(field.resolve_and_iter_fields('role_1')) == set([a, e])
    assert set(field.resolve_and_iter_fields('role_3')) == set([c])
    assert set(field.resolve_and_iter_fields('role_none')) == set([])

    field = ArrayField(Var({
        'role_1': (a, b),
        'role_2': c
    }), additional_items=d)
    assert set(field.iter_fields()) == set([a, b, c, d])

    field = ArrayField((Var({'role_1': a, 'role_2': b, 'role_none': None}), c))
    assert set(field.iter_fields()) == set([a, b, c])
    assert set(field.resolve_and_iter_fields('role_1')) == set([a, c])
    assert set(field.resolve_and_iter_fields('role_none')) == set([c])

    field = ArrayField(a, additional_items=b)
    assert set(field.iter_fields()) == set([a, b])
    assert set(field.resolve_and_iter_fields('some_role')) == set([a, b])

    field = ArrayField()
    assert set(field.iter_fields()) == set([])
Esempio n. 14
0
def test_array_field():
    field = ArrayField(Var({
        'role_1': a,
        'role_2': b,
        'role_none': None,
    }), additional_items=Var({
        'role_3': c,
        'role_4': d,
        'role_1': e,
        'role_none': None,
    }))
    assert set(field.iter_all_fields()) == set([a, b, c, d, e])
    assert set(field.iter_fields('role_1')) == set([a, e])
    assert set(field.iter_fields('role_3')) == set([c])
    assert set(field.iter_fields('role_none')) == set([])

    field = ArrayField(Var({
        'role_1': (a, b),
        'role_2': c
    }), additional_items=d)
    assert set(field.iter_all_fields()) == set([a, b, c, d])

    field = ArrayField((Var({'role_1': a, 'role_2': b, 'role_none': None}), c))
    assert set(field.iter_all_fields()) == set([a, b, c])
    assert set(field.iter_fields('role_1')) == set([a, c])
    assert set(field.iter_fields('role_none')) == set([c])

    field = ArrayField(a, additional_items=b)
    assert set(field.iter_all_fields()) == set([a, b])
    assert set(field.iter_fields('some_role')) == set([a, b])

    field = ArrayField()
    assert set(field.iter_all_fields()) == set([])
Esempio n. 15
0
class NumberValidator(ValidatorBase):
    type = StringField(required=True, enum=["number"])
    range = ArrayField(NumberField(), required=True)
Esempio n. 16
0
class Entity(DocumentWithoutAddProp):
    field = StringField(required=True, pattern="^\w+$")
    label = StringField(required=True, max_length=30)
    type = StringField(required=True,
                       enum=["custom", "text", "singleSelect", "checkbox", "multipleSelect", "radio", "placeholder", "oauth", "helpLink"])
    help = StringField(max_length=200)
    tooltip = StringField(max_length=250)
    defaultValue = OneOfField([
        NumberField(),
        StringField(max_length=250),
        BooleanField()
    ])
    options = DictField(
        properties={
            "disableSearch": BooleanField(),
            "autoCompleteFields": OneOfField([
                ArrayField(DictField(
                    properties={
                        "label": StringField(required=True, max_length=150),
                        "children": ArrayField(DocumentField(ValueLabelPair, as_ref=True), required=True)
                    }
                )),
                ArrayField(DocumentField(ValueLabelPair, as_ref=True))
            ]),
            "endpointUrl": StringField(max_length=350),
            "denyList": StringField(max_length=350),
            "allowList": StringField(max_length=350),
            "delimiter": StringField(max_length=1),
            "items": ArrayField(DocumentField(ValueLabelPair, as_ref=True)),
            "referenceName": StringField(max_length=250),
            "enable": BooleanField(),
            "placeholder": StringField(max_length=250),
            "display": BooleanField(),
            "labelField": StringField(max_length=250),
            "src": StringField(max_length=250),
            "defaultValue": StringField(max_length=250),
            "disableonEdit": BooleanField(),
            "basic": ArrayField(DocumentField(OAuthFields, as_ref=True)),
            "oauth": ArrayField(DocumentField(OAuthFields, as_ref=True)),
            "auth_type": ArrayField(StringField(max_length=100)),
            "auth_label": StringField(max_length=250),
            "oauth_popup_width": NumberField(),
            "oauth_popup_height": NumberField(),
            "oauth_timeout": NumberField(),
            "auth_code_endpoint": StringField(max_length=350),
            "access_token_endpoint": StringField(max_length=350),
            "text": StringField(max_length=50),
            "link": StringField()
        }
    )
    required = BooleanField()
    encrypted = BooleanField()
    # List of inbuilt field validator
    validators = ArrayField(AnyOfField([
        DocumentField(StringValidator, as_ref=True),
        DocumentField(NumberValidator, as_ref=True),
        DocumentField(RegexValidator, as_ref=True),
        DocumentField(EmailValidator, as_ref=True),
        DocumentField(Ipv4Validator, as_ref=True),
        DocumentField(UrlValidator, as_ref=True),
        DocumentField(DateValidator, as_ref=True)
    ]))
Esempio n. 17
0
class ConfigurationPage(DocumentWithoutAddProp):
    title = StringField(required=True, max_length=60)
    description = StringField(max_length=200)
    tabs = ArrayField(DocumentField(TabContent, as_ref=True), required=True, min_items=1)
Esempio n. 18
0
class ConfigurationTable(Table):
    actions = ArrayField(StringField(enum=["edit", "delete", "clone"]), required=True)
Esempio n. 19
0
class InputsTable(Table):
    actions = ArrayField(StringField(enum=["edit", "delete", "clone", "enable"]), required=True)
Esempio n. 20
0
 class EventInfo(Document):
     enum = DictField(
         additional_properties=ArrayField(StringField(eql_name)))
     fields = ArrayField(StringField(eql_name))
Esempio n. 21
0
class Technology(DocumentWithoutAddProp):
    version = ArrayField(StringField(required=True, pattern="^\d+(?:\.\d+)*$"),required=True, min_items=1)
    product = StringField(required=True, max_length=100)
    vendor = StringField(required=True, max_length=100)
Esempio n. 22
0
def test_array_field():
    field = ArrayField(Var({
        'role_1': a,
        'role_2': b,
    }),
                       additional_items=Var({
                           'role_3': c,
                           'role_4': d,
                       }))
    assert set(field.iter_all_fields()) == set([a, b, c, d])

    field = ArrayField(Var({
        'role_1': (a, b),
        'role_2': c
    }),
                       additional_items=d)
    assert set(field.iter_all_fields()) == set([a, b, c, d])

    field = ArrayField(a, additional_items=b)
    assert set(field.iter_all_fields()) == set([a, b])

    field = ArrayField()
    assert set(field.iter_all_fields()) == set([])
Esempio n. 23
0
class UCCConfig(DocumentWithoutAddProp):
    meta = DocumentField(Meta, as_ref=True, required=True)
    pages = DocumentField(Pages, as_ref=True, required=True)
    alerts = ArrayField(DocumentField(Alerts, as_ref=True), required=False, min_items=1)