chore(py-ocsf): update class attributes and oscf version (#42)

prowler-cloud · Apr 24, 2024 · a72b4e5 · a72b4e5
1 parent 2fc4f3f
commit a72b4e5
Show file tree

Hide file tree

Showing 6 changed files with 17 additions and 6 deletions.
diff --git a/examples/detection_finding.py b/examples/detection_finding.py
@@ -146,7 +146,9 @@
         version="1.0",
     ),
     cloud=Cloud(
-        account=Account(name="Account 1", type="Account", type_id="3", uid="123"),
+        account=Account(
+            name="Account 1", type="Account", type_id="3", uid="123", labels=["Label 1"]
+        ),
         zone="Zone 1",
         org=Organization(name="Organization 1", ou_id="123", ou_name="OU 1", uid="123"),
         project_uid="123",
@@ -319,6 +321,7 @@
     risk_level="Risk Level",
     risk_level_id=123,
     risk_score=123,
+    risk_details="Risk Details",
     timezone_offset=123,
     type_id=123,
     type_name="Type Name",

diff --git a/py_ocsf_models/__init__.py b/py_ocsf_models/__init__.py
@@ -1 +1 @@
-OCSF_VERSION = "1.1.0"
+OCSF_VERSION = "1.2.0"
diff --git a/py_ocsf_models/events/base_event.py b/py_ocsf_models/events/base_event.py
@@ -7,8 +7,6 @@
 from py_ocsf_models.objects.metadata import Metadata
 from py_ocsf_models.objects.observable import Observable
 
-OCSF_VERSION = "1.1.0"
-
 
 class SeverityID(IntEnum):
     """

diff --git a/py_ocsf_models/events/findings/detection_finding.py b/py_ocsf_models/events/findings/detection_finding.py
@@ -134,6 +134,7 @@ class DetectionFinding(Finding, BaseModel):
     - Risk Level (risk_level) [Optional]: The risk level, normalized to the caption of the risk_level_id value. In the case of 'Other', it is defined by the event source.
     - Risk Level ID (risk_level_id) [Optional]: The normalized risk level id.
     - Risk Score (risk_score) [Optional]: The risk score as reported by the event source.
+    - Risk Details (risk_details) [Optional]: Additional details about the risk.
     - Timezone Offset (timezone_offset) [Optional]: Difference in minutes from UTC.
     - Type ID (type_uid): The event/finding type ID. It identifies the event's semantics and structure. The value is calculated by the logging system as: class_uid * 100 + activity_id.
     - Type Name (type_name) [Optional]: The event/finding type name, as defined by the type_uid.
@@ -168,6 +169,7 @@ class DetectionFinding(Finding, BaseModel):
     risk_level: Optional[str]
     risk_level_id: Optional[RiskLevelID]
     risk_score: Optional[int]
+    risk_details: Optional[str]
     status_id: Optional[StatusID]  # type: ignore
     timezone_offset: Optional[int]
     type_uid: TypeID

diff --git a/py_ocsf_models/objects/account.py b/py_ocsf_models/objects/account.py
@@ -28,10 +28,12 @@ class Account(BaseModel):
     - Type (type) [Optional]: The account type, normalized to the caption of 'account_type_id'. In the case of 'Other', it is defined by the event source.
     - Type ID (type_id) [Recommended]: The normalized account type identifier.
     - Unique ID (uid) [Recommended]: The unique identifier of the account (e.g. AWS Account ID).
+    - Labels (labels) [Optional]: The labels associated with the account.
 
     """
 
     name: str
     type: Optional[str]
     type_id: TypeID
     uid: str
+    labels: Optional[list[str]]
diff --git a/tests/detection_finding_test.py b/tests/detection_finding_test.py
@@ -34,7 +34,7 @@
 from py_ocsf_models.objects.resource_details import ResourceDetails
 from py_ocsf_models.objects.vulnerability_details import VulnerabilityDetails
 
-PROWLER_VERSION = "4.0.0"
+PROWLER_VERSION = "4.1.0"
 PROWLER_PRODUCT = "Prowler"
 
 
@@ -165,7 +165,11 @@ def test_detection_finding(self):
             ),
             cloud=Cloud(
                 account=Account(
-                    name="Account 1", type="Account", type_id="3", uid="123"
+                    name="Account 1",
+                    type="Account",
+                    type_id="3",
+                    uid="123",
+                    labels=["label 1"],
                 ),
                 zone="Zone 1",
                 org=Organization(
@@ -341,6 +345,7 @@ def test_detection_finding(self):
             risk_level="Risk Level",
             risk_level_id=1,
             risk_score=123,
+            risk_details="Risk Details",
             timezone_offset=123,
             type_uid=DetectionFindingTypeID.Create,
             type_name=DetectionFindingTypeID.Create.name,
@@ -490,6 +495,7 @@ def test_detection_finding(self):
         assert detection_finding.cloud.org.name == "Organization 1"
         assert detection_finding.cloud.provider == "Provider 1"
         assert detection_finding.cloud.region == "Region 1"
+        assert detection_finding.cloud.account.labels == ["label 1"]
 
         # Assert ContainerProfile and nested objects
         container = detection_finding.container