diff --git a/detection_rules/mixins.py b/detection_rules/mixins.py index fbaa3d3fa..fc696daf2 100644 --- a/detection_rules/mixins.py +++ b/detection_rules/mixins.py @@ -10,7 +10,7 @@ import marshmallow_dataclass import marshmallow_dataclass.union_field import marshmallow_jsonschema import marshmallow_union -from marshmallow import Schema +from marshmallow import Schema, fields from .utils import cached @@ -117,6 +117,13 @@ class PatchedJSONSchema(marshmallow_jsonschema.JSONSchema): # Patch marshmallow-jsonschema to support marshmallow-dataclass[union] def _get_schema_for_field(self, obj, field): """Patch marshmallow_jsonschema.base.JSONSchema to support marshmallow-dataclass[union].""" + if isinstance(field, fields.Raw) and field.allow_none and not field.validate: + # raw fields shouldn't be type string but type any. bug in marshmallow_dataclass:__init__.py: + # if typ is Any: + # metadata.setdefault("allow_none", True) + # return marshmallow.fields.Raw(**metadata) + return {"type": ["string", "number", "object", "array", "boolean", "null"]} + if isinstance(field, marshmallow_dataclass.union_field.Union): # convert to marshmallow_union.Union field = marshmallow_union.Union([subfield for _, subfield in field.union_fields], diff --git a/detection_rules/rule.py b/detection_rules/rule.py index 4380702e0..37439489f 100644 --- a/detection_rules/rule.py +++ b/detection_rules/rule.py @@ -42,7 +42,7 @@ class RuleMeta(MarshmallowDataclassMixin): related_endpoint_rules: Optional[List[str]] # Extended information as an arbitrary dictionary - extended: Optional[dict] + extended: Optional[Dict[str, Any]] def get_validation_stack_versions(self) -> Dict[str, dict]: """Get a dict of beats and ecs versions per stack release.""" @@ -157,7 +157,7 @@ class BaseRuleData(MarshmallowDataclassMixin): interval: Optional[definitions.Interval] max_signals: Optional[definitions.MaxSignals] - meta: Optional[dict] + meta: Optional[Dict[str, Any]] name: str note: Optional[definitions.Markdown] # can we remove this comment? diff --git a/etc/api_schemas/master/master.base.json b/etc/api_schemas/master/master.base.json index 2d1b94493..edf996886 100644 --- a/etc/api_schemas/master/master.base.json +++ b/etc/api_schemas/master/master.base.json @@ -4,7 +4,13 @@ "properties": { "actions": { "items": { - "type": "string" + "type": [ + "string", + "number", + "object", + "array", + "boolean" + ] }, "type": "array" }, @@ -25,7 +31,13 @@ }, "exceptions_list": { "items": { - "type": "string" + "type": [ + "string", + "number", + "object", + "array", + "boolean" + ] }, "type": "array" }, @@ -38,7 +50,13 @@ "filters": { "items": { "additionalProperties": { - "type": "string" + "type": [ + "string", + "number", + "object", + "array", + "boolean" + ] }, "type": "object" }, @@ -63,7 +81,13 @@ }, "meta": { "additionalProperties": { - "type": "string" + "type": [ + "string", + "number", + "object", + "array", + "boolean" + ] }, "type": "object" }, diff --git a/etc/api_schemas/master/master.eql.json b/etc/api_schemas/master/master.eql.json index 3000f75db..508abfda9 100644 --- a/etc/api_schemas/master/master.eql.json +++ b/etc/api_schemas/master/master.eql.json @@ -4,7 +4,13 @@ "properties": { "actions": { "items": { - "type": "string" + "type": [ + "string", + "number", + "object", + "array", + "boolean" + ] }, "type": "array" }, @@ -25,7 +31,13 @@ }, "exceptions_list": { "items": { - "type": "string" + "type": [ + "string", + "number", + "object", + "array", + "boolean" + ] }, "type": "array" }, @@ -38,7 +50,13 @@ "filters": { "items": { "additionalProperties": { - "type": "string" + "type": [ + "string", + "number", + "object", + "array", + "boolean" + ] }, "type": "object" }, @@ -75,7 +93,13 @@ }, "meta": { "additionalProperties": { - "type": "string" + "type": [ + "string", + "number", + "object", + "array", + "boolean" + ] }, "type": "object" }, diff --git a/etc/api_schemas/master/master.machine_learning.json b/etc/api_schemas/master/master.machine_learning.json index c8683bfc9..21258afc6 100644 --- a/etc/api_schemas/master/master.machine_learning.json +++ b/etc/api_schemas/master/master.machine_learning.json @@ -4,7 +4,13 @@ "properties": { "actions": { "items": { - "type": "string" + "type": [ + "string", + "number", + "object", + "array", + "boolean" + ] }, "type": "array" }, @@ -29,7 +35,13 @@ }, "exceptions_list": { "items": { - "type": "string" + "type": [ + "string", + "number", + "object", + "array", + "boolean" + ] }, "type": "array" }, @@ -42,7 +54,13 @@ "filters": { "items": { "additionalProperties": { - "type": "string" + "type": [ + "string", + "number", + "object", + "array", + "boolean" + ] }, "type": "object" }, @@ -80,7 +98,13 @@ }, "meta": { "additionalProperties": { - "type": "string" + "type": [ + "string", + "number", + "object", + "array", + "boolean" + ] }, "type": "object" }, diff --git a/etc/api_schemas/master/master.query.json b/etc/api_schemas/master/master.query.json index 3d1c02922..278867840 100644 --- a/etc/api_schemas/master/master.query.json +++ b/etc/api_schemas/master/master.query.json @@ -4,7 +4,13 @@ "properties": { "actions": { "items": { - "type": "string" + "type": [ + "string", + "number", + "object", + "array", + "boolean" + ] }, "type": "array" }, @@ -25,7 +31,13 @@ }, "exceptions_list": { "items": { - "type": "string" + "type": [ + "string", + "number", + "object", + "array", + "boolean" + ] }, "type": "array" }, @@ -38,7 +50,13 @@ "filters": { "items": { "additionalProperties": { - "type": "string" + "type": [ + "string", + "number", + "object", + "array", + "boolean" + ] }, "type": "object" }, @@ -77,7 +95,13 @@ }, "meta": { "additionalProperties": { - "type": "string" + "type": [ + "string", + "number", + "object", + "array", + "boolean" + ] }, "type": "object" }, diff --git a/etc/api_schemas/master/master.threat_match.json b/etc/api_schemas/master/master.threat_match.json index 222c75782..3cfd48f6c 100644 --- a/etc/api_schemas/master/master.threat_match.json +++ b/etc/api_schemas/master/master.threat_match.json @@ -4,7 +4,13 @@ "properties": { "actions": { "items": { - "type": "string" + "type": [ + "string", + "number", + "object", + "array", + "boolean" + ] }, "type": "array" }, @@ -31,7 +37,13 @@ }, "exceptions_list": { "items": { - "type": "string" + "type": [ + "string", + "number", + "object", + "array", + "boolean" + ] }, "type": "array" }, @@ -44,7 +56,13 @@ "filters": { "items": { "additionalProperties": { - "type": "string" + "type": [ + "string", + "number", + "object", + "array", + "boolean" + ] }, "type": "object" }, @@ -89,7 +107,13 @@ }, "meta": { "additionalProperties": { - "type": "string" + "type": [ + "string", + "number", + "object", + "array", + "boolean" + ] }, "type": "object" }, @@ -285,7 +309,13 @@ "threat_filters": { "items": { "additionalProperties": { - "type": "string" + "type": [ + "string", + "number", + "object", + "array", + "boolean" + ] }, "type": "object" }, diff --git a/etc/api_schemas/master/master.threshold.json b/etc/api_schemas/master/master.threshold.json index aeb982b19..a53dad8cb 100644 --- a/etc/api_schemas/master/master.threshold.json +++ b/etc/api_schemas/master/master.threshold.json @@ -4,7 +4,13 @@ "properties": { "actions": { "items": { - "type": "string" + "type": [ + "string", + "number", + "object", + "array", + "boolean" + ] }, "type": "array" }, @@ -25,7 +31,13 @@ }, "exceptions_list": { "items": { - "type": "string" + "type": [ + "string", + "number", + "object", + "array", + "boolean" + ] }, "type": "array" }, @@ -38,7 +50,13 @@ "filters": { "items": { "additionalProperties": { - "type": "string" + "type": [ + "string", + "number", + "object", + "array", + "boolean" + ] }, "type": "object" }, @@ -77,7 +95,13 @@ }, "meta": { "additionalProperties": { - "type": "string" + "type": [ + "string", + "number", + "object", + "array", + "boolean" + ] }, "type": "object" },