Change search typing checks which

pyth0n1c · pyth0n1c · commit ab10a289642d · 2024-08-21T12:01:38.000-07:00
are no longer required
diff --git a/contentctl/objects/abstract_security_content_objects/detection_abstract.py b/contentctl/objects/abstract_security_content_objects/detection_abstract.py
@@ -58,7 +58,7 @@ class Detection_Abstract(SecurityContentObject):
 
     @field_validator("search", mode="before")
     @classmethod
-    def validate_presence_of_filter_macro(cls, value:Union[str, dict[str,Any]], info:ValidationInfo)->Union[str, dict[str,Any]]:
+    def validate_presence_of_filter_macro(cls, value:str, info:ValidationInfo)->str:
         """
         Validates that, if required to be present, the filter macro is present with the proper name.
         The filter macro MUST be derived from the name of the detection
@@ -73,9 +73,6 @@ def validate_presence_of_filter_macro(cls, value:Union[str, dict[str,Any]], info
             Union[str, dict[str,Any]]: The search, either in sigma or SPL format.
         """        
         
-        if isinstance(value,dict):
-            #If the search is a dict, then it is in Sigma format so return it
-            return value
         
         # Otherwise, the search is SPL.
         
@@ -143,10 +140,8 @@ def datamodel(self)->List[DataModel]:
     @computed_field
     @property
     def source(self)->str:
-        if self.file_path is not None:
-            return self.file_path.absolute().parent.name
-        else:
-            raise ValueError(f"Cannot get 'source' for detection {self.name} - 'file_path' was None.")
+        return self.file_path.absolute().parent.name
+        
 
     deployment: Deployment = Field({})
     
@@ -424,12 +419,11 @@ def model_post_init(self, ctx:dict[str,Any]):
     def getDetectionLookups(cls, v:list[str], info:ValidationInfo)->list[Lookup]:
         director:DirectorOutputDto = info.context.get("output_dto",None)
         
-        search:Union[str,dict] = info.data.get("search",None)
-        if not isinstance(search,str):
-            #The search was sigma formatted (or failed other validation and was None), so we will not validate macros in it
-            return []
+        search:Union[str,None] = info.data.get("search",None)
+        if search is None:
+            raise ValueError("Search was None - is this file missing the search field?")
         
-        lookups= Lookup.get_lookups(search, director)
+        lookups = Lookup.get_lookups(search, director)
         return lookups
 
     @field_validator('baselines',mode="before")
@@ -458,10 +452,9 @@ def mapDetectionNamesToBaselineObjects(cls, v:list[str], info:ValidationInfo)->L
     def getDetectionMacros(cls, v:list[str], info:ValidationInfo)->list[Macro]:
         director:DirectorOutputDto = info.context.get("output_dto",None)
         
-        search:Union[str,dict] = info.data.get("search",None)
-        if not isinstance(search,str):
-            #The search was sigma formatted (or failed other validation and was None), so we will not validate macros in it
-            return []
+        search:Union[str,None] = info.data.get("search",None)
+        if search is None:
+            raise ValueError("Search was None - is this file missing the search field?")
         
         search_name:Union[str,Any] = info.data.get("name",None)
         assert isinstance(search_name,str), f"Expected 'search_name' to be a string, instead it was [{type(search_name)}]"
