fix: type hinting fixes and additional code checks (#4790)

* first pass * Adding a dedicated code checking workflow * Type fixes * linting config and python version bump * Type hints * Drop incorrect config option * More fixes * Style fixes * CI adjustments * Pyproject fixes * CI & pyproject fixes * Proper version bump * Tests formatting * Resolve cirtular dependency * Test fixes * Make sure the tests are formatted correctly * Check tweaks * Bumping python version in CI images * Pin marshmallow do 3.x because 4.x is not supported * License fix * Convert path to str * Making myself a codeowner * Missing kwargs param * Adding a missing kwargs to `set_score` * Update .github/CODEOWNERS Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com> * Dropping unnecessary raise * Dropping skipped test * Drop unnecessary var * Drop unused commented-out func * Disable typehinting for the whole func * Update linting command * Invalid type hist on the input param * Incorrect field type * Incorrect value used fix * Stricter values check * Simpler function call * Type condition fix * TOML formatter fix * Simpligy output conditions * Formatting * Use proper types instead of aliases * MITRE attack fixes * Using pathlib.Path for an argument * Use proper method to update a set from a dict * First round of `ruff` fixes * More fixes * More fixes * Hack against cyclic dependency * Ignore `PLC0415` * Remove unused markers * Cleanup * Fixing the incorrect condition * Update .github/CODEOWNERS Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com> * Set explicit default values for optional fields * Update the guidelines * Adding None Defaults --------- Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com> Co-authored-by: eric-forte-elastic <eric.forte@elastic.co>
2025-07-01 15:20:55 +02:00
parent 10d95baa2b
commit 1fb60d6475
71 changed files with 7664 additions and 6210 deletions
@@ -1,14 +1,16 @@
 # detection-rules code owners
 # POC: Elastic Security Intelligence and Analytics Team

-tests/**/*.py     @mikaayenson @eric-forte-elastic @terrancedejesus
-detection_rules/  @mikaayenson @eric-forte-elastic @terrancedejesus
-tests/            @mikaayenson @eric-forte-elastic @terrancedejesus
-lib/              @mikaayenson @eric-forte-elastic @terrancedejesus
-hunting/          @mikaayenson @eric-forte-elastic @terrancedejesus
+tests/**/*.py     @mikaayenson @eric-forte-elastic @traut
+detection_rules/  @mikaayenson @eric-forte-elastic @traut
+tests/            @mikaayenson @eric-forte-elastic @traut
+lib/              @mikaayenson @eric-forte-elastic @traut
+hunting/**/*.py          @mikaayenson @eric-forte-elastic @traut

 # skip rta-mapping to avoid the spam
-detection_rules/etc/packages.yaml @mikaayenson @eric-forte-elastic @terrancedejesus
-detection_rules/etc/*.json        @mikaayenson @eric-forte-elastic @terrancedejesus
-detection_rules/etc/*.json        @mikaayenson @eric-forte-elastic @terrancedejesus
-detection_rules/etc/*/*           @mikaayenson @eric-forte-elastic @terrancedejesus
+detection_rules/etc/packages.yaml @mikaayenson @eric-forte-elastic @traut
+detection_rules/etc/*.json        @mikaayenson @eric-forte-elastic @traut
+detection_rules/etc/*/*           @mikaayenson @eric-forte-elastic @traut
+
+# exclude files from code owners
+detection_rules/etc/non-ecs-schema.json
@@ -11,11 +11,7 @@ These guidelines serve as a reminder set of considerations when addressing a bug
 ### Code Standards and Practices

 - [ ] Code follows established design patterns within the repo and avoids duplication.
- [ ] Code changes do not introduce new warnings or errors.
- [ ] Variables and functions are well-named and descriptive.
- [ ] Any unnecessary / commented-out code is removed.
 - [ ] Ensure that the code is modular and reusable where applicable.
- [ ] Check for proper exception handling and messaging.

 ### Testing

@@ -25,11 +21,9 @@ These guidelines serve as a reminder set of considerations when addressing a bug
 - [ ] Validate that any rules affected by the bug are correctly updated.
 - [ ] Ensure that performance is not negatively impacted by the changes.
 - [ ] Verify that any release artifacts are properly generated and tested.
+- [ ] Conducted system testing, including fleet, import, and create APIs (e.g., run `make test-cli`, `make test-remote-cli`, `make test-hunting-cli`)

 ### Additional Checks

- [ ] Ensure that the bug fix does not break existing functionality.
- [ ] Review the bug fix with a peer or team member for additional insights.
 - [ ] Verify that the bug fix works across all relevant environments (e.g., different OS versions).
- [ ] Confirm that all dependencies are up-to-date and compatible with the changes.
 - [ ] Confirm that the proper version label is applied to the PR `patch`, `minor`, `major`.
@@ -11,11 +11,7 @@ These guidelines serve as a reminder set of considerations when addressing addin
 ### Code Standards and Practices

 - [ ] Code follows established design patterns within the repo and avoids duplication.
- [ ] Code changes do not introduce new warnings or errors.
- [ ] Variables and functions are well-named and descriptive.
- [ ] Any unnecessary / commented-out code is removed.
 - [ ] Ensure that the code is modular and reusable where applicable.
- [ ] Check for proper exception handling and messaging.

 ### Testing

@@ -25,11 +21,9 @@ These guidelines serve as a reminder set of considerations when addressing addin
 - [ ] Validate that any rules affected by the enhancement are correctly updated.
 - [ ] Ensure that performance is not negatively impacted by the changes.
 - [ ] Verify that any release artifacts are properly generated and tested.
+- [ ] Conducted system testing, including fleet, import, and create APIs (e.g., run `make test-cli`, `make test-remote-cli`, `make test-hunting-cli`)

 ### Additional Checks

- [ ] Ensure that the enhancement does not break existing functionality.
- [ ] Review the enhancement with a peer or team member for additional insights.
 - [ ] Verify that the enhancement works across all relevant environments (e.g., different OS versions).
- [ ] Confirm that all dependencies are up-to-date and compatible with the changes.
 - [ ] Confirm that the proper version label is applied to the PR `patch`, `minor`, `major`.
@@ -11,11 +11,7 @@ These guidelines serve as a reminder set of considerations when addressing addin
 ### Code Standards and Practices

 - [ ] Code follows established design patterns within the repo and avoids duplication.
- [ ] Code changes do not introduce new warnings or errors.
- [ ] Variables and functions are well-named and descriptive.
- [ ] Any unnecessary / commented-out code is removed.
 - [ ] Ensure that the code is modular and reusable where applicable.
- [ ] Check for proper exception handling and messaging.

 ### Testing

@@ -25,23 +21,21 @@ These guidelines serve as a reminder set of considerations when addressing addin
 - [ ] Validate that any rules affected by the enhancement are correctly updated.
 - [ ] Ensure that performance is not negatively impacted by the changes.
 - [ ] Verify that any release artifacts are properly generated and tested.
+- [ ] Conducted system testing, including fleet, import, and create APIs (e.g., run `make test-cli`, `make test-remote-cli`, `make test-hunting-cli`)

 ### Additional Schema Related Checks

- [ ] Ensure that the enhancement does not break existing functionality. (e.g., run `make test-cli`)
- [ ] Review the enhancement with a peer or team member for additional insights.
 - [ ] Verify that the enhancement works across all relevant environments (e.g., different OS versions).
- [ ] Confirm that all dependencies are up-to-date and compatible with the changes.
 - [ ] Link to the relevant Kibana PR or issue provided
- [ ] Exported detection rule(s) from Kibana to showcase the feature(s)
- [ ] Converted the exported ndjson file(s) to toml in the detection-rules repo
- [ ] Re-exported the toml rule(s) to ndjson and re-imported into Kibana
+- [ ] Test export/import flow:
+  - [ ] Exported detection rule(s) from Kibana to showcase the feature(s)
+  - [ ] Converted the exported ndjson file(s) to toml in the detection-rules repo
+  - [ ] Re-exported the toml rule(s) to ndjson and re-imported into Kibana
 - [ ] Updated necessary unit tests to accommodate the feature
+- [ ] Incorporated a comprehensive test rule in unit tests for full schema coverage
 - [ ] Applied min_compat restrictions to limit the feature to a specified minimum stack version
 - [ ] Executed all unit tests locally with a test toml rule to confirm passing
 - [ ] Included Kibana PR implementer as an optional reviewer for insights on the feature
 - [ ] Implemented requisite downgrade functionality
 - [ ] Cross-referenced the feature with product documentation for consistency
- [ ] Incorporated a comprehensive test rule in unit tests for full schema coverage
- [ ] Conducted system testing, including fleet, import, and create APIs (e.g., run `make test-remote-cli`)
 - [ ] Confirm that the proper version label is applied to the PR `patch`, `minor`, `major`.
@@ -0,0 +1,47 @@
+name: Code checks
+
+on:
+  push:
+    branches: [ "main", "7.*", "8.*", "9.*" ]
+  pull_request:
+    branches: [ "*" ]
+    paths:
+      - 'detection_rules/**/*.py'
+      - 'hunting/**/*.py'
+
+jobs:
+  code-checks:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 1
+
+    - name: Set up Python 3.13
+      uses: actions/setup-python@v5
+      with:
+        python-version: '3.13'
+
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip cache purge
+        pip install .[dev]
+
+    - name: Linting check
+      run: |
+        ruff check --exit-non-zero-on-fix
+
+    - name: Formatting check
+      run: |
+        ruff format --check
+
+    - name: Pyright check
+      run: |
+        pyright
+
+    - name: Python License Check
+      run: |
+        python -m detection_rules dev license-check
@@ -20,10 +20,10 @@ jobs:
      run: |
        git fetch origin main:refs/remotes/origin/main

-    - name: Set up Python 3.12
+    - name: Set up Python 3.13
      uses: actions/setup-python@v5
      with:
-        python-version: '3.12'
+        python-version: '3.13'

    - name: Install dependencies
      run: |
@@ -31,14 +31,6 @@ jobs:
        pip cache purge
        pip install .[dev]

-    - name: Python Lint
-      run: |
-        python -m flake8 tests detection_rules --ignore D203,N815 --max-line-length 120
-
-    - name: Python License Check
-      run: |
-        python -m detection_rules dev license-check
-
    - name: Unit tests
      env:
        # only run the test test_rule_change_has_updated_date on pull request events to main