Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support @deprecated, source, and references in enum items #1227

Closed
floydtree opened this issue Oct 29, 2024 · 1 comment
Closed

Support @deprecated, source, and references in enum items #1227

floydtree opened this issue Oct 29, 2024 · 1 comment
Assignees
@rickmode @rmouritzen-splunk
Labels
enhancement New feature or request non_breaking Non Breaking, backwards compatible changes

Comments

@floydtree
Copy link
Contributor

floydtree commented Oct 29, 2024
edited by rmouritzen-splunk
Loading

Add support for @deprecated, source, and references in enum items.

@deprecated

Currently, the server doesn't support deprecation of individual enum items, for example -

        "activity_id": {
            "description": "The normalized identifier of the Data Security Finding activity.",
            "requirement": "required",
            "enum": {
                "1": {
                    "caption": "Create",
                    "description": "A new Data Security finding is created."
                },
                "2": {
                    "caption": "Update",
                    "description": "An existing Data Security finding is updated with more information."
                },
                "3": {
                    "caption": "Close",
                    "description": "An existing Data Security finding is closed, this can be due to any resolution (e.g., True Positive, False Positive, etc.)."
                },
                "4": {
                    "caption": "Suppressed",
                    "description": "An existing Data Security finding is suppressed due to inaccurate detection techniques or a known true negative."
                }
            }
        },

Consider a situation where we want to deprecate a specific item 4: Suppressed from the enum above. There's no method to do so. We can extend the general deprecation functionality (@deprecated tag) to allow deprecation to enums as well. To exemplify, the following metaschema attribute should deprecate the item in question -


       "4": {
                    "caption": "Suppressed",
                    "description": "An existing Data Security finding is suppressed due to inaccurate detection techniques or a known true negative.",
                    "@deprecated": {
                        "message": "Use the `status_id` attribute instead.",
                        "since": "1.4.0"
                    }
                }

fysa, this a real use-case we recently witnessed. Refer - https://github.com/ocsf/ocsf-schema/pull/1219/files#r1819023305

source

This will allow capture OS native values, similar to the usage of source with attributes.

references

This is needed to add Mitre D3fend references to specific enum values.
@rmouritzen-splunk rmouritzen-splunk self-assigned this Oct 29, 2024
@rmouritzen-splunk rmouritzen-splunk transferred this issue from ocsf/ocsf-server Oct 29, 2024
@rmouritzen-splunk rmouritzen-splunk added enhancement New feature or request non_breaking Non Breaking, backwards compatible changes labels Oct 29, 2024
@rmouritzen-splunk rmouritzen-splunk changed the title Allow deprecation of individual enum items Support @deprecation and references in enum values Oct 30, 2024
@rmouritzen-splunk rmouritzen-splunk changed the title Support @deprecation and references in enum values Support @deprecation and references in enum items Oct 30, 2024
@rmouritzen-splunk rmouritzen-splunk changed the title Support @deprecation and references in enum items Support @deprecated and references in enum items Oct 30, 2024
@rmouritzen-splunk rmouritzen-splunk changed the title Support @deprecated and references in enum items Support @deprecated, source, and references in enum items Oct 30, 2024
rmouritzen-splunk added a commit to rmouritzen-splunk/ocsf-schema that referenced this issue Oct 31, 2024
@rmouritzen-splunk
Issue ocsf#1227: add support for @deprecated and references in enum i…
781981e 
…tems
This was referenced Oct 31, 2024
Merged
Merged
@rmouritzen-splunk
Copy link
Contributor

rmouritzen-splunk commented Oct 31, 2024
edited
Loading

@query-jeremy : FYI
There is no required change to ocsf/ocsf-validator, however if/when we use the deep type definition in ocsf_validator/types.py we'll want to change the enum value definition from this:

class OcsfEnumMember(TypedDict):
    caption: str
    description: NotRequired[str]
    notes: NotRequired[str]

to this:

OcsfEnumMember = TypedDict(
    "OcsfEnumMember",
    {
        "@deprecated": NotRequired[OcsfDeprecationInfo],
        "caption": str,
        "description": NotRequired[str],
        "source": NotRequired[str],
        "references": NotRequired[OcsfReferences],
    },
)

and move the definition of OcsfEnumMember and OcsfEnum down below OcsfDeprecationInfo and OcsfReferences.

I'll created a PR for this, but there's no rush in approving and publishing. ocsf/ocsf-validator#35

@rmouritzen-splunk rmouritzen-splunk mentioned this issue Oct 31, 2024
Merged
floydtree added a commit that referenced this issue Nov 1, 2024
@rmouritzen-splunk @floydtree
Issue #1227: Support @deprecated, source, and references in enu…
84448bf 
…m items (#1237)

#### Related Issue: 
Issue #1227

#### Description of changes:
Added support for `@deprecated`, `source`, and `references` in enum
items.

---------

Co-authored-by: Rajas <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rickmode rickmode

@rmouritzen-splunk rmouritzen-splunk

Labels
enhancement New feature or request non_breaking Non Breaking, backwards compatible changes
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rickmode @floydtree @rmouritzen-splunk