Skip to content

Commit

Permalink
Merge pull request #301 from splunk/test_on_app_change
Browse files Browse the repository at this point in the history 
Testing on Datasource changes
  • Loading branch information
@pyth0n1c
pyth0n1c authored Nov 12, 2024
2 parents 3c733f1 + 3c9395c commit b8b5c2d
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 7 deletions.
23 changes: 17 additions & 6 deletions contentctl/actions/detection_testing/GitService.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
from contentctl.objects.macro import Macro
from contentctl.objects.lookup import Lookup
from contentctl.objects.detection import Detection
from contentctl.objects.data_source import DataSource
from contentctl.objects.security_content_object import SecurityContentObject
from contentctl.objects.config import test_common, All, Changes, Selected

Expand Down Expand Up @@ -67,9 +68,12 @@ def getChanges(self, target_branch:str)->List[Detection]:

#Make a filename to content map
filepath_to_content_map = { obj.file_path:obj for (_,obj) in self.director.name_to_content_map.items()}
updated_detections:set[Detection] = set()
updated_macros:set[Macro] = set()
updated_lookups:set[Lookup] = set()

updated_detections: set[Detection] = set()
updated_macros: set[Macro] = set()
updated_lookups: set[Lookup] = set()
updated_datasources: set[DataSource] = set()


for diff in all_diffs:
if type(diff) == pygit2.Patch:
Expand All @@ -90,6 +94,13 @@ def getChanges(self, target_branch:str)->List[Detection]:
updated_macros.add(macroObject)
else:
raise Exception(f"Error getting macro object for file {str(decoded_path)}")

elif decoded_path.is_relative_to(self.config.path/"data_sources") and decoded_path.suffix == ".yml":
datasourceObject = filepath_to_content_map.get(decoded_path, None)
if isinstance(datasourceObject, DataSource):
updated_datasources.add(datasourceObject)
else:
raise Exception(f"Error getting data source object for file {str(decoded_path)}")

elif decoded_path.is_relative_to(self.config.path/"lookups"):
# We need to convert this to a yml. This means we will catch
Expand All @@ -115,7 +126,6 @@ def getChanges(self, target_branch:str)->List[Detection]:
# Detected a changed .mlmodel file. However, since we do not have testing for these detections at
# this time, we will ignore this change.
updatedLookup = None


else:
raise Exception(f"Detected a changed file in the lookups/ directory '{str(decoded_path)}'.\n"
Expand All @@ -136,15 +146,16 @@ def getChanges(self, target_branch:str)->List[Detection]:

# If a detection has at least one dependency on changed content,
# then we must test it again
changed_macros_and_lookups:set[SecurityContentObject] = updated_macros.union(updated_lookups)

changed_macros_and_lookups_and_datasources:set[SecurityContentObject] = updated_macros.union(updated_lookups, updated_datasources)

for detection in self.director.detections:
if detection in updated_detections:
# we are already planning to test it, don't need
# to add it again
continue

for obj in changed_macros_and_lookups:
for obj in changed_macros_and_lookups_and_datasources:
if obj in detection.get_content_dependencies():
updated_detections.add(detection)
break
Expand Down
1 change: 1 addition & 0 deletions contentctl/objects/abstract_security_content_objects/detection_abstract.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -689,6 +689,7 @@ def get_content_dependencies(self) -> list[SecurityContentObject]:
objects: list[SecurityContentObject] = []
objects += self.macros
objects += self.lookups
objects += self.data_source_objects
return objects

@field_validator("deployment", mode="before")
Expand Down
2 changes: 1 addition & 1 deletion pyproject.toml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[tool.poetry]
name = "contentctl"
version = "4.4.4"
version = "4.4.5"

description = "Splunk Content Control Tool"
authors = ["STRT <research@splunk.com>"]
Expand Down

0 comments on commit b8b5c2d

Please sign in to comment.