class _AuthDBValidatorsSimplifiedDataSpec(BaseDataSpec):
org_id = UnicodeField()
extra_id = UnicodeField()
extra_id_type = UnicodeField()
entity_type = UnicodeField()
location_type = UnicodeField()
user_login = UnicodeField()
component_login = UnicodeField()
asn = Field()
cc = UnicodeField()
category = UnicodeField()
email = UnicodeField()
fqdn = UnicodeField()
ip_network = UnicodeField()
source = UnicodeField()
time = Field()
time_hour_minute = Field()
url = UnicodeField()
registration_request_email = UnicodeField()
class DataSpec(BaseDataSpec):
"""
The basic, ready-to-use, data specification class.
Typically, you will want to create a subclass of it (note that, by
default, all fields are *disabled as query parameters*, so you may
want to *enable* some of them). For example::
class MyDataSpec(DataSpec):
# enable `source` as a query parameter
source = Ext(in_params='optional')
# enable the `time.min` and `time.until` query parameters
# (leaving `time.max` still disabled)
time = Ext(
extra_params=Ext(
min=Ext(in_params='optional'),
until=Ext(in_params='optional'),
),
)
# enable `fqdn` and `fqdn.sub` as query parameters
# and add a new query parameter: `fqdn.prefix`
fqdn = Ext(
in_params='optional',
extra_params=Ext(
sub=Ext(in_params='optional'),
prefix=DomainNameSubstringField(in_params='optional'),
),
)
# completely disable the `modified` field
modified = None
# add a new field
weekday = UnicodeEnumField(
in_params='optional',
in_result='optional',
enum_values=(
'Monday', 'Tuesday', 'Wednesday', 'Thursday',
'Friday', 'Saturday', 'Sunday'),
),
)
.. seealso::
Compare this class with :class:`AllSearchableDataSpec`.
"""
#
# Fields that are always *required in results*
id = UnicodeLimitedField(
in_result='required',
max_length=64,
)
source = SourceField(in_result='required', )
restriction = UnicodeEnumField(
in_result='required',
enum_values=RESTRICTION_ENUMS,
)
confidence = UnicodeEnumField(
in_result='required',
enum_values=CONFIDENCE_ENUMS,
)
category = UnicodeEnumField(
in_result='required',
enum_values=CATEGORY_ENUMS,
)
time = DateTimeField(
in_params=None, # <- should be None even in subclasses
in_result='required',
extra_params=dict(
min=DateTimeField( # `time.min`
single_param=True, ),
max=DateTimeField( # `time.max`
single_param=True, ),
until=DateTimeField( # `time.until`
single_param=True, ),
),
)
#
# Fields related to `address`
# an `address` is a list of dicts -- each containing either
# `ip` or `ipv6` (but not both) and optionally some or all of:
# `asn`, `cc`, `dir`, `rdns`
address = ExtendedAddressField(
in_params=None, # <- should be None even in subclasses
in_result='optional',
)
# query params related to the components of `address` items
ip = IPv4Field(
in_result=None, # <- should be None even in subclasses
extra_params=dict(
net=IPv4NetField(), # `ip.net`
),
)
ipv6 = IPv6Field(
in_result=None, # <- should be None even in subclasses
extra_params=dict(
net=IPv6NetField(), # `ipv6.net`
),
)
asn = ASNField(
in_result=None, # <- should be None even in subclasses
)
cc = CCField(
in_result=None, # <- should be None even in subclasses
)
#
# Fields related only to black list events
active = Field(
in_params=None, # <- should be None even in subclasses
in_result=None, # <- typically will be None even in subclasses
extra_params=dict(
min=DateTimeField( # `active.min`
single_param=True, ),
max=DateTimeField( # `active.max`
single_param=True, ),
until=DateTimeField( # `active.until`
single_param=True, ),
),
)
expires = DateTimeField(
in_params=None, # <- should be None even in subclasses
in_result='optional',
)
replaces = UnicodeLimitedField(
in_result='optional',
max_length=64,
)
status = UnicodeEnumField(
in_result='optional',
enum_values=STATUS_ENUMS,
)
#
# Fields related only to aggregated (high frequency) events
count = IntegerField(
in_params=None, # <- should be None even in subclasses
in_result='optional',
min_value=0,
max_value=(2**15 - 1),
)
until = DateTimeField(
in_params=None, # <- should be None even in subclasses
in_result='optional',
)
#
# Other fields
action = UnicodeLimitedField(
in_result='optional',
max_length=32,
)
adip = AnonymizedIPv4Field(in_result='optional', )
dip = IPv4Field(in_result='optional', )
dport = PortField(in_result='optional', )
email = EmailSimplifiedField(in_result='optional', )
fqdn = DomainNameField(
in_result='optional',
extra_params=dict(
sub=DomainNameSubstringField(), # `fqdn.sub`
),
)
iban = IBANSimplifiedField(in_result='optional', )
injects = ListOfDictsField(
in_params=None, # <- should be None even in subclasses
in_result='optional',
)
md5 = MD5Field(in_result='optional', )
modified = DateTimeField(
in_params=None, # <- should be None even in subclasses
in_result='optional',
extra_params=dict(
min=DateTimeField( # `modified.min`
single_param=True, ),
max=DateTimeField( # `modified.max`
single_param=True, ),
until=DateTimeField( # `modified.until`
single_param=True, ),
),
)
name = UnicodeLimitedField(
in_result='optional',
max_length=255,
)
origin = UnicodeEnumField(
in_result='optional',
enum_values=ORIGIN_ENUMS,
)
phone = UnicodeLimitedField(
in_result='optional',
max_length=20,
)
proto = UnicodeEnumField(
in_result='optional',
enum_values=PROTO_ENUMS,
)
registrar = UnicodeLimitedField(
in_result='optional',
max_length=100,
)
sha1 = SHA1Field(in_result='optional', )
sha256 = SHA256Field(in_result='optional', )
sport = PortField(in_result='optional', )
target = UnicodeLimitedField(
in_result='optional',
max_length=100,
)
url = URLField(
in_result='optional',
extra_params=dict(
sub=URLSubstringField(), # `url.sub`
),
)
url_pattern = UnicodeLimitedField(
in_result='optional',
max_length=255,
disallow_empty=True,
)
username = UnicodeLimitedField(
in_result='optional',
max_length=64,
)
x509fp_sha1 = SHA1Field(in_result='optional', )