class MODateField(MOBaseField): type = jsl.StringField(enum=['date'], required=True, description='Data type identifier') pattern = jsl.StringField( enum=all_iso, description="subset of ISO 8601 allowed formats date format")
class DatabaseConnection(jsl.Document): class Options(object): definition_id = 'database_settings' database = jsl.StringField() username = jsl.StringField() password = jsl.StringField()
class CodeRepository(jsl.Document): class Options(object): definition_id = "metadata_code_repository" description = "Code repository description" type = jsl.StringField(required=_type_field_required) url = jsl.StringField(required=True)
class StackAnalysisResponse(JSLSchemaBase): """Class with the schema definition based on JSL domain specific language.""" class Options: """A container for options.""" description = "Stack analysis" definition_id = "stack_analysis" with jsl.Scope(lambda v: v < ROLE_v2_0_1) as before_v2_0_1: before_v2_0_1.status = jsl.StringField( enum=["FINISHED", "FAILED", "INPROGRESS"], required=True) with jsl.Scope(lambda v: v >= ROLE_v2_0_1) as since_v2_0_1: since_v2_0_1.status = jsl.StringField(enum=["success"], required=True) submitted_at = jsl.DateTimeField(required=True) started_at = jsl.DateTimeField(required=True) finished_at = jsl.DateTimeField(required=True) request_id = jsl.StringField(required=True) with jsl.Scope(lambda v: v < ROLE_v2_1_0) as removed_in_v2_1_0: removed_in_v2_1_0.analyses_result = jsl.ArrayField(jsl.StringField(), required=True) with jsl.Scope(lambda v: v == ROLE_v1_0_0 or v == ROLE_v1_1_0 or v == ROLE_v1_2_0) as upto_v1_2_0: upto_v1_2_0.result = jsl.DocumentField(StackAnalysisResult, required=True) with jsl.Scope(lambda v: v >= ROLE_v2_0_0) as added_in_v2_0_0: added_in_v2_0_0.result = jsl.ArrayField(jsl.DocumentField( StackAnalysisReport, as_ref=True), required=True)
class BinwalkDetail(jsl.Document): class Options(object): definition_id = "binwalk_details" description = "Details of Binwalk run on one file" path = jsl.StringField(required=True) output = jsl.ArrayField(jsl.StringField(), required=True)
class RawPostgresqlDatabase(jsl.Document): class Options(object): definition_id = 'postgresql_database' system_user_id = jsl.StringField(default='postgres') user = jsl.DocumentField(PostgresqlUser) config_path = jsl.StringField(pattern=ABSOLUTE_PATH_PATTERN, required=True)
class AugeasLensResult(jsl.Document): class Options(object): definition_id = 'AugeasLensResult' name = jsl.StringField(required=True) absolute_path = jsl.StringField(required=True) properties = jsl.ArrayField(jsl.DocumentField(AugeasLensProperties))
class FilterQuery(jsl.Document): match = jsl.DictField({ 'event.action': jsl.DictField(properties={ 'query': jsl.StringField(), 'type': jsl.StringField() }) })
class ChangeDefinition(jsl.Document): class Options(object): definition_id = "changes" description = "Breakdown of changed lines per given file" lines = jsl.ArrayField(jsl.StringField(), required=True) file = jsl.StringField(required=True)
class ApiSchema79(ApiSchema78): """Schema for siem rule in API format.""" STACK_VERSION = "7.9" RULE_TYPES = ApiSchema78.RULE_TYPES + [THRESHOLD] author = jsl.ArrayField(jsl.StringField(default="Elastic"), required=True, min_items=1) building_block_type = jsl.StringField(required=False) exceptions_list = jsl.ArrayField(required=False) license = jsl.StringField(required=True, default="Elastic License") risk_score_mapping = jsl.ArrayField(jsl.DocumentField(RiskScoreMapping), required=False, min_items=1) rule_name_override = jsl.StringField(required=False) severity_mapping = jsl.ArrayField(jsl.DocumentField(SeverityMapping), required=False, min_items=1) timestamp_override = jsl.StringField(required=False) type = jsl.StringField(enum=RULE_TYPES, required=True) # there might be a bug in jsl that requires us to redefine these here query_scope = ApiSchema78.query_scope saved_id_scope = ApiSchema78.saved_id_scope ml_scope = ApiSchema78.ml_scope with jsl.Scope(THRESHOLD) as threshold_scope: threshold_scope.index = jsl.ArrayField(jsl.StringField(), required=False) # this is not required per the API but we will enforce it here threshold_scope.language = jsl.StringField(enum=['kuery', 'lucene'], required=True, default='kuery') threshold_scope.query = jsl.StringField(required=True) threshold_scope.type = jsl.StringField(enum=[THRESHOLD], required=True, default=THRESHOLD) threshold_scope.threshold = jsl.DocumentField(ThresholdMapping, required=True) with jsl.Scope(jsl.DEFAULT_ROLE) as default_scope: default_scope.type = type
class ObjectSchema(CRUDSchema): id = jsl.IntField(required=False) uuid = jsl.StringField(required=False) body = jsl.StringField(required=True, default='') created_flag = jsl.BooleanField(required=False, default=False) updated_flag = jsl.BooleanField(required=False, default=False)
class Service(jsl.Document): class Options(object): definition_id = 'service' exe = jsl.StringField() command_line = jsl.StringField() env = jsl.DictField()
class InputStack(jsl.Document): class Options: description = "Input stack for generating recommendations" definition_id = "input_stack" appstack_id = jsl.StringField(required=True) uri = jsl.StringField(required=True)
class ComponentMetadataEngines(jsl.Document): class Options: description = "Version of engine/interpreter/package manager" definition_id = "component_metadata_engines" name = jsl.StringField() version = jsl.StringField()
class Host(LeappSchemaBase): class Options(object): definition_id = 'host' hostname = jsl.StringField() ip_addresses = jsl.ArrayField(jsl.IPv4Field) # TODO: IPv6 alias = jsl.StringField()
class hReview(Microformat): type = type_of('h-review') properties = jsl.DictField( required=True, properties={ 'name': string_array, 'item': jsl.ArrayField( jsl.OneOfField([ jsl.StringField(), jsl.DocumentField(hCard, as_ref=True), jsl.DocumentField(hItem, as_ref=True), jsl.DocumentField(hProduct, as_ref=True), jsl.DocumentField(hEvent, as_ref=True), jsl.DocumentField(hAdr, as_ref=True), jsl.DocumentField(hGeo, as_ref=True), ])), 'author': jsl.ArrayField( jsl.OneOfField( [jsl.StringField(), jsl.DocumentField(hCard, as_ref=True)])), 'published': datetime_array, 'rating': jsl.ArrayField(jsl.StringField()), 'category': string_array, 'url': uri_array, 'content': content_array, }, )
class Popularity(jsl.Document): class Options: description = "Stack popularity" definition_id = "stack_popularity" average_forks = jsl.StringField(required=True) average_stars = jsl.StringField(required=True) low_popularity_components = jsl.NumberField(required=True)
class StackAnalysisReport(jsl.Document): """Class with the schema definition based on JSL domain specific language.""" class Options: """A container for options.""" description = "Stack analysis report with aggregated data" definition_id = "stack_analysis_report" with jsl.Scope(lambda v: v >= ROLE_v2_0_0) as v2_0_0: v2_0_0.manifest_name = jsl.StringField(required=True) v2_0_0.ecosystem = jsl.StringField(required=True) v2_0_0.cvss = jsl.NumberField(required=True) v2_0_0.popularity = jsl.DocumentField(Popularity, as_ref=True, Required=True) v2_0_0.usage = jsl.DocumentField(Usage, as_ref=True, Required=True) with jsl.Scope(lambda v: v >= ROLE_v2_0_2) as v2_0_2: v2_0_2.recommendation = jsl.DocumentField(Recommendation, as_ref=True) with jsl.Scope(lambda v: v >= ROLE_v2_0_3) as added_in_v2_0_3: added_in_v2_0_3.metadata = jsl.DocumentField(Metadata, as_ref=True, required=True) analyzed_components = jsl.NumberField(required=True) total_security_issues = jsl.NumberField(required=True) total_licenses = jsl.NumberField(required=True) components_with_security_issues = jsl.ArrayField(jsl.StringField(), required=True) distinct_licenses = jsl.ArrayField(jsl.StringField(), required=True) components = jsl.ArrayField(jsl.DocumentField(ComponentInfo, as_ref=True), required=True)
class GithubDetail(jsl.Document): """JSL schema for Github worker results details.""" class Options(object): """JSL schema for Github worker results details.""" definition_id = "github_extracted_details" description = "Details of Github inspection" # we don't mandate any of these fields, because they may not be present forks_count = jsl.IntField() last_year_commits = jsl.DocumentField(GithubLastYearCommits, as_ref=True) open_issues_count = jsl.IntField() stargazers_count = jsl.IntField() subscribers_count = jsl.IntField() with removed_in(ROLE_v2_0_0) as until_v2_0_0: until_v2_0_0.updated_issues = jsl.DocumentField(GithubUpdatedIssues, as_ref=True) until_v2_0_0.updated_pull_requests = jsl.DocumentField( GithubUpdatedPullRequests, as_ref=True) with added_in(ROLE_v1_0_2) as since_v1_0_2: since_v1_0_2.contributors_count = jsl.IntField() with jsl.Scope(ROLE_v1_0_3) as v1_0_3: v1_0_3.topics = jsl.ArrayField(jsl.StringField(), required=True) with added_in(ROLE_v1_0_4) as since_v1_0_4: since_v1_0_4.topics = jsl.ArrayField(jsl.StringField()) with added_in(ROLE_v2_0_1) as since_v2_0_1: since_v2_0_1.license = jsl.DictField() with added_in(ROLE_v2_0_2) as since_v2_0_2: since_v2_0_2.updated_on = jsl.StringField(required=True)
class Diagnostics(jsl.Document): class Options(object): definition_id = 'diagnostics' severity = jsl.StringField(enum=['log', 'debug', 'fatal'], required=True) message = jsl.StringField(required=True) data = jsl.DictField()
class SeverityMapping(jsl.Document): """Severity mapping.""" field = jsl.StringField(required=True) operator = jsl.StringField(required=False, enum=OPERATORS) value = jsl.StringField(required=False) severity = jsl.StringField(required=False)
class MappingCount(jsl.Document): """Mapping count schema.""" count = jsl.IntField(minimum=0, required=True) rta_name = jsl.StringField(pattern=r'[a-zA-Z-_]+', required=True) rule_name = jsl.StringField(required=True) sources = jsl.ArrayField(jsl.StringField(), min_items=1)
class CVEDetail(jsl.Document): class Options(object): definition_id = "cvecheck_details" description = "Detail of one CVE" with removed_in(ROLE_v3_0_0) as removed_in_v3_0_0: # access/impact are now part of vector string in cvss dict removed_in_v3_0_0.access = jsl.DocumentField(CVEAccess, as_ref=True, required=True) removed_in_v3_0_0.impact = jsl.DocumentField(CVEImpact, as_ref=True, required=True) removed_in_v3_0_0.cvss = jsl.NumberField( required=True) # cvss is now dict removed_in_v3_0_0.summary = jsl.StringField( required=True) # renamed to description with added_in(ROLE_v3_0_0) as added_in_v3_0_0: added_in_v3_0_0.cvss = jsl.DocumentField(CVSS, as_ref=True, required=True) added_in_v3_0_0.description = jsl.StringField(required=True) added_in_v3_0_0.severity = jsl.StringField(required=True) id = jsl.StringField(required=True) references = jsl.ArrayField(jsl.UriField(), required=True) # Present if defined for the particular CVE cwe = jsl.StringField(required=False)
class LicenseScanDetails(jsl.Document): class Options(object): definition_id = "license_scan_details" additional_properties = True with removed_in(ROLE_v3_0_0) as removed_in_v3_0_0: removed_in_v3_0_0.files = jsl.ArrayField( jsl.DocumentField(FileDetails, as_ref=True)) removed_in_v3_0_0.license_stats = jsl.ArrayField( jsl.DocumentField(LicenseDetailsPre30, as_ref=True)) removed_in_v3_0_0.oslc_stats = jsl.DocumentField(OSLCStats, as_ref=True) with added_in(ROLE_v3_0_0) as added_in_v3_0_0: added_in_v3_0_0.files_count = jsl.IntField(required=True) added_in_v3_0_0.licenses = jsl.DictField(pattern_properties=jsl.Var({ 'role': { '*': jsl.DocumentField(LicenseDetails, as_ref=True, required=True), } }), required=True) added_in_v3_0_0.scancode_notice = jsl.StringField(required=True) added_in_v3_0_0.scancode_version = jsl.StringField(required=True)
class ApacheGenerator(jsl.Document): class Options(object): definition_id = 'ApacheGenerator' image = jsl.StringField(required=False) uri = jsl.StringField(required=False) port = jsl.StringField(required=False)
class ParameterHelpLink(jsl.Document): link_text = jsl.StringField(required=True, default="Learn More") link_url_type = jsl.StringField(enum=["internal", "external"], required=True, default="external") link_url = jsl.OneOfField([jsl.UriField(required=True)], required=True) link_tip = jsl.StringField(required=False)
class ComponentAnalysis(JSLSchemaBaseWithRelease): class Options(object): definition_id = "component_analysis" description = "Software component analysis" ecosystem = jsl.StringField( description="Language ecosystem providing the component", required=True) package = jsl.StringField(description="Component name", required=True) version = jsl.StringField(description="Component version", required=True) latest_version = jsl.OneOfField( [jsl.StringField(), jsl.NullField()], description= "Latest version available of this component (null if unknown)", required=True) started_at = jsl.DateTimeField( description="Date/time component analysis was started", required=True) finished_at = jsl.DateTimeField( description="Date/time component analysis was finished", required=True) access_count = jsl.NumberField( description="Number of times this component has been queried", required=True) dependents_count = jsl.Var({ lambda v: v >= ROLE_v1_1_0: jsl.NumberField(description="Number of dependent GitHub projects", required=True) }) analyses = jsl.DocumentField(AnalysisSet, as_ref=True, required=True) package_info = jsl.DictField( description="Additional information related to the package", additional_properties=True, required=False)
class JSLWithSchemaAttribute(jsl.Document): name = jsl.StringField(required=True, description='Name of the schema', pattern=r'^[a-zA-Z0-9_]+$') version = jsl.StringField(required=True, description='Version of the schema', pattern=r'^[0-9]+-[0-9]+-[0-9]+$') url = jsl.UriField(required=False, description='Full URL of the schema')
class LibrariesIoResult(JSLSchemaBaseWithRelease): class Options(object): definition_id = "libraries_io" description = "Result of LibrariesIoTask" details = jsl.DocumentField(LibrariesIoDetails, as_ref=True, required=True) status = jsl.StringField(enum=["success"], required=True) summary = jsl.ArrayField(jsl.StringField(), required=True)
class AugeasLensProperties(jsl.Document): class Options(object): definition_id = 'AugeasLensProperties' name = jsl.StringField(required=True) value = jsl.OneOfField([jsl.StringField(), jsl.NullField()]) properties = jsl.ArrayField( jsl.DocumentField(jsl.RECURSIVE_REFERENCE_CONSTANT))