class GithubMetrics(jsl.Document):
class Options:
description = "GitHub Metrics"
definition_id = "github_metrics"
month = jsl.DocumentField(Month, as_ref=True, required=True)
year = jsl.DocumentField(Year, as_ref=True, required=True)
class TermDocument(jsl.Document):
term = jsl.OneOfField([
jsl.DocumentField(Conjunction, as_ref=True),
jsl.DocumentField(Disjunction, as_ref=True),
jsl.DocumentField(Literal, as_ref=True)
],
required=True)
class CortexExpSchemaJSLBase(jsl.Document):
"""class defining json schema for a database record. See top of file"""
timestamp = jsl.StringField(format="date-time", required=True)
monkey = jsl.StringField(enum=monkeylist, required=True)
session_number = jsl.IntField(minimum=1, maximum=999, required=True)
code_repo = jsl.DocumentField(schemautil.GitRepoRef, required=True)
experiment_name = jsl.StringField(
required=True, pattern=schemautil.StringPatterns.relativePathPattern)
timing_file_name = jsl.StringField(
pattern=schemautil.StringPatterns.strictFilenameLowerPattern('tm'),
required=True)
condition_file_name = jsl.StringField(
pattern=schemautil.StringPatterns.strictFilenameLowerPattern('cnd'),
required=True)
item_file_name = jsl.StringField(
pattern=schemautil.StringPatterns.strictFilenameLowerPattern('itm'),
required=True)
parameter_file_name = jsl.StringField(
pattern=schemautil.StringPatterns.strictFilenameLowerPattern('par'),
required=True)
set_file_name = jsl.StringField(
pattern=schemautil.StringPatterns.strictFilenameLowerPattern('set'),
required=True)
recorded_files = jsl.DocumentField(
schemautil.filetransfer.FileTransferSiteAndFileListRemote,
required=True)
additional_parameters = jsl.DictField(required=True)
notes = jsl.StringField(required=True)
class CVEDetail(jsl.Document):
class Options(object):
definition_id = "cvecheck_details"
description = "Detail of one CVE"
with removed_in(ROLE_v3_0_0) as removed_in_v3_0_0:
# access/impact are now part of vector string in cvss dict
removed_in_v3_0_0.access = jsl.DocumentField(CVEAccess,
as_ref=True,
required=True)
removed_in_v3_0_0.impact = jsl.DocumentField(CVEImpact,
as_ref=True,
required=True)
removed_in_v3_0_0.cvss = jsl.NumberField(
required=True) # cvss is now dict
removed_in_v3_0_0.summary = jsl.StringField(
required=True) # renamed to description
with added_in(ROLE_v3_0_0) as added_in_v3_0_0:
added_in_v3_0_0.cvss = jsl.DocumentField(CVSS,
as_ref=True,
required=True)
added_in_v3_0_0.description = jsl.StringField(required=True)
added_in_v3_0_0.severity = jsl.StringField(required=True)
with added_in(ROLE_v3_0_1) as added_in_v3_0_1:
added_in_v3_0_1.attribution = jsl.StringField(required=False)
id = jsl.StringField(required=True)
references = jsl.ArrayField(jsl.UriField(), required=True)
# Present if defined for the particular CVE
cwe = jsl.StringField(required=False)
class Disjunction(jsl.Document):
terms = jsl.ArrayField(jsl.OneOfField([
jsl.DocumentField("Conjunction", as_ref=True),
jsl.DocumentField("Disjunction", as_ref=True),
jsl.DocumentField("Literal", as_ref=True)
], required=True), required=True)
type = jsl.StringField(pattern="^disjunction$")
class StackAnalysisResponse(JSLSchemaBase):
"""Class with the schema definition based on JSL domain specific language."""
class Options:
"""A container for options."""
description = "Stack analysis"
definition_id = "stack_analysis"
with jsl.Scope(lambda v: v < ROLE_v2_0_1) as before_v2_0_1:
before_v2_0_1.status = jsl.StringField(
enum=["FINISHED", "FAILED", "INPROGRESS"], required=True)
with jsl.Scope(lambda v: v >= ROLE_v2_0_1) as since_v2_0_1:
since_v2_0_1.status = jsl.StringField(enum=["success"], required=True)
submitted_at = jsl.DateTimeField(required=True)
started_at = jsl.DateTimeField(required=True)
finished_at = jsl.DateTimeField(required=True)
request_id = jsl.StringField(required=True)
with jsl.Scope(lambda v: v < ROLE_v2_1_0) as removed_in_v2_1_0:
removed_in_v2_1_0.analyses_result = jsl.ArrayField(jsl.StringField(),
required=True)
with jsl.Scope(lambda v: v == ROLE_v1_0_0 or v == ROLE_v1_1_0 or v ==
ROLE_v1_2_0) as upto_v1_2_0:
upto_v1_2_0.result = jsl.DocumentField(StackAnalysisResult,
required=True)
with jsl.Scope(lambda v: v >= ROLE_v2_0_0) as added_in_v2_0_0:
added_in_v2_0_0.result = jsl.ArrayField(jsl.DocumentField(
StackAnalysisReport, as_ref=True),
required=True)
def toml_schema(cls):
"""Create a custom TOML schema class that includes this API schema."""
attrs = {
"metadata": jsl.DocumentField(TomlMetadata, required=True),
"rule": jsl.DocumentField(cls, required=True)
}
return type("Versioned" + cls.__name__, (GenericSchema, ), attrs)
class Threat(jsl.Document):
"""Threat framework mapping such as MITRE ATT&CK."""
framework = jsl.StringField(default='MITRE ATT&CK', required=True)
tactic = jsl.DocumentField(ThreatTactic, required=True)
technique = jsl.ArrayField(jsl.DocumentField(ThreatTechnique),
required=True)
class hEvent(Microformat):
type = type_of('h-event')
properties = jsl.DictField(
required=True,
properties={
'name':
string_array,
'summary':
string_array,
'start':
datetime_array,
'end':
datetime_array,
'duration':
string_array,
'description':
string_array,
'url':
uri_array,
'category':
string_array,
'location':
jsl.ArrayField(
jsl.OneOfField([
jsl.StringField(),
jsl.DocumentField(hGeo, as_ref=True),
jsl.DocumentField(hAdr, as_ref=True),
jsl.DocumentField(hCard, as_ref=True),
])),
},
)
class ToolchainResponses(jsl.Document):
class Options(object):
definition_id = "toolchain_responses"
# These fields are optional, as this spec currently covers error responses
# in addition to successful toolchain queries.
# They can change to being required once the "standard error schema" RFE
# is implemented: https://github.com/baytemp/worker/issues/109
redhat_anitya = jsl.DocumentField(
AnityaResponse,
description="Results from Red Hat's internal Anitya instance",
required=False,
as_ref=True
)
brew = jsl.ArrayField(jsl.DocumentField(
DownstreamPatchset,
description="Results from Brew, Red Hat's internal Koji instance",
required=False,
as_ref=True
))
# The Pulp CDN details field became an array in v2-1-0
_pulp_document_ref = jsl.DocumentField(
PulpCDNResponse,
description="Results from the Pulp CDN backing RPM delivery",
required=False,
as_ref=True
)
with removed_in(ROLE_v2_1_0) as before_v2_1:
before_v2_1.pulp_cdn = _pulp_document_ref
with added_in(ROLE_v2_1_0) as since_v2_1:
since_v2_1.pulp_cdn = jsl.ArrayField(_pulp_document_ref)
del _pulp_document_ref
class BotCfg(jsl.Document):
"""
bot-cfg.yml
"""
version = jsl.StringField()
global_ = jsl.DocumentField(Common, name="global")
dockerfile_linter = jsl.DocumentField(DockerfileLinter, name="dockerfile-linter")
class StackAnalysisReport(jsl.Document):
"""Class with the schema definition based on JSL domain specific language."""
class Options:
"""A container for options."""
description = "Stack analysis report with aggregated data"
definition_id = "stack_analysis_report"
with jsl.Scope(lambda v: v >= ROLE_v2_0_0) as v2_0_0:
v2_0_0.manifest_name = jsl.StringField(required=True)
v2_0_0.ecosystem = jsl.StringField(required=True)
v2_0_0.cvss = jsl.NumberField(required=True)
v2_0_0.popularity = jsl.DocumentField(Popularity,
as_ref=True,
Required=True)
v2_0_0.usage = jsl.DocumentField(Usage, as_ref=True, Required=True)
with jsl.Scope(lambda v: v >= ROLE_v2_0_2) as v2_0_2:
v2_0_2.recommendation = jsl.DocumentField(Recommendation, as_ref=True)
with jsl.Scope(lambda v: v >= ROLE_v2_0_3) as added_in_v2_0_3:
added_in_v2_0_3.metadata = jsl.DocumentField(Metadata,
as_ref=True,
required=True)
analyzed_components = jsl.NumberField(required=True)
total_security_issues = jsl.NumberField(required=True)
total_licenses = jsl.NumberField(required=True)
components_with_security_issues = jsl.ArrayField(jsl.StringField(),
required=True)
distinct_licenses = jsl.ArrayField(jsl.StringField(), required=True)
components = jsl.ArrayField(jsl.DocumentField(ComponentInfo, as_ref=True),
required=True)
class DatabaseMigration(jsl.Document):
class Options(object):
definition_id = 'database_migration'
backend = jsl.StringField(enum=['postgresql', 'mysql'])
connection = jsl.DocumentField(DatabaseConnection)
endpoint = jsl.DocumentField(Endpoint)
class TodoSchema(jsl.Document):
"""
A Todo schema
Attributes:
id (int):
A unique id for the todo.
description (str):
A text description of the todo.
items (array):
An array of sub-todos of this todo.
skip_if (array):
An array of conditions to skip this todo. If any of the
condition is true, the todo is skipped. Each condition is a
dictionary of attributes and predicates which get ANDed together.
remove_if (array):
An array of conditions to remove this todo. If any of the
condition is true, the todo is removed. Each condition is a
dictionary of attributes and predicates which get ANDed together.
"""
id = jsl.IntField(required=True)
description = jsl.StringField(required=True)
items = jsl.ArrayField(jsl.DocumentField('TodoSchema'))
skip_if = jsl.ArrayField(
jsl.DictField(
pattern_properties={'.*': jsl.DocumentField('PredicateSchema')}))
remove_if = jsl.ArrayField(
jsl.DictField(
pattern_properties={'.*': jsl.DocumentField('PredicateSchema')}))
class LicenseScanDetails(jsl.Document):
class Options(object):
definition_id = "license_scan_details"
additional_properties = True
with removed_in(ROLE_v3_0_0) as removed_in_v3_0_0:
removed_in_v3_0_0.files = jsl.ArrayField(
jsl.DocumentField(FileDetails, as_ref=True))
removed_in_v3_0_0.license_stats = jsl.ArrayField(
jsl.DocumentField(LicenseDetailsPre30, as_ref=True))
removed_in_v3_0_0.oslc_stats = jsl.DocumentField(OSLCStats,
as_ref=True)
with added_in(ROLE_v3_0_0) as added_in_v3_0_0:
added_in_v3_0_0.files_count = jsl.IntField(required=True)
added_in_v3_0_0.licenses = jsl.DictField(pattern_properties=jsl.Var({
'role': {
'*': jsl.DocumentField(LicenseDetails,
as_ref=True,
required=True),
}
}),
required=True)
added_in_v3_0_0.scancode_notice = jsl.StringField(required=True)
added_in_v3_0_0.scancode_version = jsl.StringField(required=True)
class BlackduckDetails(jsl.Document):
class Options:
description = "Blackduck information for a single component"
definition_id = "component_blackduck_info"
license = jsl.ArrayField(jsl.DocumentField(BlackduckLicenseDetails, as_ref=True))
security = jsl.ArrayField(jsl.DocumentField(BlackduckSecurityDetails, as_ref=True))
class Filters(jsl.Document):
"""Intermediate schema for handling DSL-like filters."""
class FilterMetadata(jsl.Document):
negate = jsl.BooleanField()
type = jsl.StringField()
key = jsl.StringField()
value = jsl.StringField()
disabled = jsl.BooleanField()
indexRefName = jsl.StringField()
alias = jsl.StringField() # null acceptable
params = jsl.DictField(properties={'query': jsl.StringField()})
class FilterQuery(jsl.Document):
match = jsl.DictField({
'event.action':
jsl.DictField(properties={
'query': jsl.StringField(),
'type': jsl.StringField()
})
})
class FilterState(jsl.Document):
store = jsl.StringField()
class FilterExists(jsl.Document):
field = jsl.StringField()
exists = jsl.DocumentField(FilterExists)
meta = jsl.DocumentField(FilterMetadata)
state = jsl.DocumentField(FilterState, name='$state')
query = jsl.DocumentField(FilterQuery)
class GithubDetail(jsl.Document):
"""JSL schema for Github worker results details."""
class Options(object):
"""JSL schema for Github worker results details."""
definition_id = "github_extracted_details"
description = "Details of Github inspection"
# we don't mandate any of these fields, because they may not be present
forks_count = jsl.IntField()
last_year_commits = jsl.DocumentField(GithubLastYearCommits, as_ref=True)
open_issues_count = jsl.IntField()
stargazers_count = jsl.IntField()
subscribers_count = jsl.IntField()
with removed_in(ROLE_v2_0_0) as until_v2_0_0:
until_v2_0_0.updated_issues = jsl.DocumentField(GithubUpdatedIssues,
as_ref=True)
until_v2_0_0.updated_pull_requests = jsl.DocumentField(
GithubUpdatedPullRequests, as_ref=True)
with added_in(ROLE_v1_0_2) as since_v1_0_2:
since_v1_0_2.contributors_count = jsl.IntField()
with jsl.Scope(ROLE_v1_0_3) as v1_0_3:
v1_0_3.topics = jsl.ArrayField(jsl.StringField(), required=True)
with added_in(ROLE_v1_0_4) as since_v1_0_4:
since_v1_0_4.topics = jsl.ArrayField(jsl.StringField())
with added_in(ROLE_v2_0_1) as since_v2_0_1:
since_v2_0_1.license = jsl.DictField()
with added_in(ROLE_v2_0_2) as since_v2_0_2:
since_v2_0_2.updated_on = jsl.StringField(required=True)
class ComponentInfo(jsl.Document):
class Options:
description = "Information about a single component"
definition_id = "component_info"
blackduck_details = jsl.DocumentField(BlackduckDetails, as_ref=True, required=True)
cve_details = jsl.ArrayField(jsl.DocumentField(CVEDetail, as_ref=True), required=True)
ecosystem = jsl.StringField(required=True)
github_details = jsl.DocumentField(GithubDetails, as_ref=True, required=True)
id = jsl.StringField(required=True)
latest_version = jsl.OneOfField([jsl.StringField(), jsl.NullField()], required=True)
licenses = jsl.ArrayField(jsl.StringField(), required=True)
name = jsl.StringField(required=True)
package_dependents_count = jsl.NumberField(required=True)
version = jsl.StringField(required=True)
with jsl.Scope(lambda v: v >= ROLE_v1_1_0) as added_in_v1_1_0:
added_in_v1_1_0.dependents_count = jsl.NumberField(required=True)
with jsl.Scope(lambda v: v >= ROLE_v1_2_0) as added_in_v1_2_0:
added_in_v1_2_0.relative_usage = jsl.StringField(required=True)
with jsl.Scope(lambda v: v >= ROLE_v2_0_0) as added_in_v2_0_0:
added_in_v2_0_0.redhat_usage = jsl.DocumentField(RedHatUsage, as_ref=True, required=True)
with jsl.Scope(lambda v: v >= ROLE_v2_0_3) as added_in_v2_0_3:
added_in_v2_0_3.metadata = jsl.DocumentField(ComponentMetadata, as_ref=True, required=True)
class ApiSchema79(ApiSchema78):
"""Schema for siem rule in API format."""
STACK_VERSION = "7.9"
RULE_TYPES = ApiSchema78.RULE_TYPES + [THRESHOLD]
author = jsl.ArrayField(jsl.StringField(default="Elastic"), required=True, min_items=1)
building_block_type = jsl.StringField(required=False)
exceptions_list = jsl.ArrayField(required=False)
license = jsl.StringField(required=True, default="Elastic License")
risk_score_mapping = jsl.ArrayField(jsl.DocumentField(RiskScoreMapping), required=False, min_items=1)
rule_name_override = jsl.StringField(required=False)
severity_mapping = jsl.ArrayField(jsl.DocumentField(SeverityMapping), required=False, min_items=1)
timestamp_override = jsl.StringField(required=False)
type = jsl.StringField(enum=RULE_TYPES, required=True)
# there might be a bug in jsl that requires us to redefine these here
query_scope = ApiSchema78.query_scope
saved_id_scope = ApiSchema78.saved_id_scope
ml_scope = ApiSchema78.ml_scope
with jsl.Scope(THRESHOLD) as threshold_scope:
threshold_scope.index = jsl.ArrayField(jsl.StringField(), required=False)
# this is not required per the API but we will enforce it here
threshold_scope.language = jsl.StringField(enum=['kuery', 'lucene'], required=True, default='kuery')
threshold_scope.query = jsl.StringField(required=True)
threshold_scope.type = jsl.StringField(enum=[THRESHOLD], required=True, default=THRESHOLD)
threshold_scope.threshold = jsl.DocumentField(ThresholdMapping, required=True)
with jsl.Scope(jsl.DEFAULT_ROLE) as default_scope:
default_scope.type = type
class Filters(jsl.Document):
"""Schema for filters"""
exists = jsl.DocumentField(FilterExists)
meta = jsl.DocumentField(FilterMetadata)
state = jsl.DocumentField(FilterState, name='$state')
query = jsl.DocumentField(FilterQuery)
class Service(jsl.Document):
class Options(object):
definition_id = "service"
title = "Service Specification"
type = jsl.StringField(description="Type of chute service.",
enum=["light", "normal", "image"])
source = jsl.StringField(description="Source directory for this service.")
image = jsl.StringField(
description=
"Image specification for services that pull a Docker image.", )
command = jsl.AnyOfField(
[jsl.StringField(),
jsl.ArrayField(items=jsl.StringField())])
dns = jsl.ArrayField(
description="List of DNS servers to be used within the container.",
items=jsl.StringField())
environment = jsl.DictField(description="Environment variables.")
interfaces = jsl.DictField(
pattern_properties={
"\w{1,16}":
jsl.DocumentField(Interface, as_ref=True, title="ChuteInterface")
},
description="Network interfaces to be connected.")
requests = jsl.DocumentField(
ChuteRequests,
description="Extra features and privileges requested for the service.")
class DependencySnapshotResult(JSLSchemaBaseWithRelease):
class Options(object):
definition_id = 'dependency_snapshot'
description = 'Result of Dependency Snapshot worker'
status = jsl.StringField(enum=['success', 'error'], required=True)
details = jsl.DocumentField(DependencySnapshotDetail, as_ref=True, required=True)
summary = jsl.DocumentField(DependencySnapshotSummary, as_ref=True, required=True)
class LibrariesIoDetails(jsl.Document):
class Options(object):
definition_id = "libraries_io_details"
dependent_repositories = jsl.DocumentField(DependentRepositories,
as_ref=True)
dependents = jsl.DocumentField(Dependents, as_ref=True)
releases = jsl.DocumentField(Releases, as_ref=True)
class SuccessfulLicenseScan(JSLSchemaBaseWithRelease):
class Options(object):
definition_id = "successful_license_scan"
description = "Successful automated software copyright license scan"
status = jsl.StringField(enum=["success"], required=True)
summary = jsl.DocumentField(LicenseScanSummary, as_ref=True, required=True)
details = jsl.DocumentField(LicenseScanDetails, as_ref=True, required=True)
class CodeMetricsResult(JSLSchemaBaseWithRelease):
class Options(object):
definition_id = "crypto_algorithms_result"
description = "Result of CodeMetrics worker"
status = jsl.StringField(enum=["success", "error"], required=True)
details = jsl.DocumentField(CodeMetricsDetails, as_ref=True, required=True)
summary = jsl.DocumentField(CodeMetricsSummary, as_ref=True, required=True)
class DjangoMigration(OwnedObject):
class Options(object):
definition_id = 'django_migration'
database = jsl.DocumentField(DatabaseMigration)
cache = jsl.DocumentField(Endpoint)
config_files = jsl.ArrayField(
jsl.StringField(pattern=ABSOLUTE_PATH_PATTERN))
app_root = jsl.StringField(pattern=ABSOLUTE_PATH_PATTERN)
class ActorDefinition(jsl.Document):
inputs = jsl.ArrayField(jsl.DocumentField(ChannelSpec, as_ref=True))
output = jsl.OneOfField([
jsl.DocumentField(ChannelSpec, as_ref=True),
jsl.ArrayField(jsl.DocumentField(ChannelSpec, as_ref=True))
])
description = jsl.StringField()
extends = jsl.DocumentField(ExtendsDefinition, as_ref=True)
executor = None # This needs to be defined on runtime and needs to be a jsl.OneOfField
class LicenseScanDetails(jsl.Document):
class Options(object):
definition_id = "license_scan_details"
additional_properties = True
files = jsl.ArrayField(jsl.DocumentField(FileDetails, as_ref=True))
license_stats = jsl.ArrayField(
jsl.DocumentField(LicenseDetails, as_ref=True))
oslc_stats = jsl.DocumentField(OSLCStats, as_ref=True)
class CryptoCheckResult(JSLSchemaBaseWithRelease):
class Options(object):
definition_id = "crypto_algorithms_result"
description = "Result of OSCryptoChecker worker"
status = jsl.StringField(enum=["success", "error"], required=True)
details = jsl.ArrayField(jsl.DocumentField(CryptoAlgoDetail, as_ref=True),
required=True)
summary = jsl.DocumentField(CryptoCheckSummary, as_ref=True, required=True)