refactor; lint

dandye · dandye · commit 7e897d546699 · 2025-03-11T17:14:03.000-04:00
diff --git a/detect/v1alpha/bulk_update_alerts.py b/detect/v1alpha/bulk_update_alerts.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 
-# Copyright 2025 Google LLC
+# Copyright 2024 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -14,48 +14,56 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-# pylint: disable=line-too-long
-r"""Executable and reusable v1alpha API sample for bulk updating alerts.
+r"""Executable and reusable sample for bulk updating alerts.
 
+The file provided to the --alert_ids_file parameter should have one alert
+ ID per line like so:
+```
+de_ad9d2771-a567-49ee-6452-1b2db13c1d33
+de_3c2e2556-aba1-a253-7518-b4ddb666cc32
+```
 Usage:
-  python -m detect.v1alpha.bulk_update_alerts \
-    --project_id=<PROJECT_ID> \
+  python -m alerts.v1alpha.bulk_update_alerts \
+    --project_id=<PROJECT_ID>   \
     --project_instance=<PROJECT_INSTANCE> \
-    --region=<REGION> \
     --alert_ids_file=<PATH_TO_FILE> \
-    --status=CLOSED \
-    --reason=REASON_MAINTENANCE
-
-  # The alert_ids_file should contain one alert ID per line:
-  # de_ad9d2771-a567-49ee-6452-1b2db13c1d33
-  # de_3c2e2556-aba1-a253-7518-b4ddb666cc32
+    --confidence_score=<CONFIDENCE_SCORE> \
+    --priority=<PRIORITY> \
+    --reason=<REASON> \
+    --reputation=<REPUTATION> \
+    --priority=<PRIORITY> \
+    --status=<STATUS> \
+    --verdict=<VERDICT> \
+    --risk_score=<RISK_SCORE> \
+    --disregarded=<DISREGARDED> \
+    --severity=<SEVERITY> \
+    --comment=<COMMENT> \
+    --root_cause=<ROOT_CAUSE> \
+    --severity_display=<SEVERITY_DISPLAY>
 
+# pylint: disable=line-too-long
 API reference:
-https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/projects.locations.instances.legacy/legacyUpdateAlert
-https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/Noun#Priority
-https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/Noun#Reason
-https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/Noun#Reputation
-https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/Noun#Status
-https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/Noun#Verdict
+  https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/projects.locations.instances.legacy/legacyUpdateAlert
+  https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/Noun#Priority
+  https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/Noun#Reason
+  https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/Noun#Reputation
+  https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/Noun#Priority
+  https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/Noun#Status
+  https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/Noun#Verdict
 """
 # pylint: enable=line-too-long
 
-import argparse
 import json
 
 from common import chronicle_auth
-from common import project_id
-from common import project_instance
-from common import regions
-from google.auth.transport import requests
 
 from . import update_alert
 
+
 CHRONICLE_API_BASE_URL = "https://chronicle.googleapis.com"
 SCOPES = [
     "https://www.googleapis.com/auth/cloud-platform",
 ]
-
 DEFAULT_FEEDBACK = {
     "comment": "automated cleanup",
     "reason": "REASON_MAINTENANCE",
@@ -65,15 +73,13 @@
     "verdict": "VERDICT_UNSPECIFIED",
 }
 
+
 if __name__ == "__main__":
   parser = update_alert.get_update_parser()
-  # local
-  parser.add_argument("--alert_ids_file",
-                      type=str,
-                      required=True,
-                      help="Path to file containing one alert ID per line")
-
-  # Set default values from DEFAULT_FEEDBACK
+  parser.add_argument(
+      "--alert_ids_file", type=str, required=True,
+      help="File with one alert ID per line."
+  )
   parser.set_defaults(
       comment=DEFAULT_FEEDBACK["comment"],
       reason=DEFAULT_FEEDBACK["reason"],
@@ -82,18 +88,18 @@
       status=DEFAULT_FEEDBACK["status"],
       verdict=DEFAULT_FEEDBACK["verdict"],
   )
-
   args = parser.parse_args()
 
-  # Validate required arguments
+  # raise error if required args are not present
   update_alert.check_args(parser, args)
 
-  auth_session = chronicle_auth.initialize_http_session(args.credentials_file,
-                                                        SCOPES)
-
-  with open(args.alert_ids_file) as alert_file:
-    for alert_id in alert_file:
-      result = update_alert.update_alert(
+  auth_session = chronicle_auth.initialize_http_session(
+      args.credentials_file,
+      SCOPES,
+  )
+  with open(args.alert_ids_file) as fh:
+    for alert_id in fh:
+      a_list = update_alert.update_alert(
           auth_session,
           args.project_id,
           args.project_instance,
@@ -111,4 +117,4 @@
           args.comment,
           args.root_cause,
       )
-      print(json.dumps(result, indent=2))
+      print(json.dumps(a_list, indent=2))
diff --git a/iocs/v1alpha/get_ioc.py b/iocs/v1alpha/get_ioc.py
@@ -28,35 +28,35 @@ def get_ioc(
     proj_region: str,
     ioc_value: str,
     ioc_type: str,
-) -> dict:
+  ) -> Mapping[str, Any]:
   """Get a single IoC by its value from Chronicle.
 
-    Args:
-        http_session: Authorized session for HTTP requests.
-        proj_id: GCP project id or number to which the target instance belongs.
-        proj_instance: Customer ID (uuid with dashes) for the instance.
-        proj_region: region in which the target project is located.
-        ioc_value: Value of the IoC to retrieve.
-        ioc_type: Type of IoC being requested. One of:
-            IOC_TYPE_UNSPECIFIED
-            DOMAIN
-            IP
-            FILE_HASH
-            URL
-            USER_EMAIL
-            MUTEX
-            FILE_HASH_MD5
-            FILE_HASH_SHA1
-            FILE_HASH_SHA256
-            IOC_TYPE_RESOURCE
+  Args:
+      http_session: Authorized session for HTTP requests.
+      proj_id: GCP project id or number to which the target instance belongs.
+      proj_instance: Customer ID (uuid with dashes) for the instance.
+      proj_region: region in which the target project is located.
+      ioc_value: Value of the IoC to retrieve.
+      ioc_type: Type of IoC being requested. One of:
+          IOC_TYPE_UNSPECIFIED
+          DOMAIN
+          IP
+          FILE_HASH
+          URL
+          USER_EMAIL
+          MUTEX
+          FILE_HASH_MD5
+          FILE_HASH_SHA1
+          FILE_HASH_SHA256
+          IOC_TYPE_RESOURCE
 
-    Returns:
-        Dict containing the requested IoC.
+  Returns:
+      Mapping containing the requested IoC.
 
-    Raises:
-        requests.exceptions.HTTPError: HTTP request resulted in an error
-            (response.status_code >= 400).
-    """
+  Raises:
+      requests.exceptions.HTTPError: HTTP request resulted in an error
+          (response.status_code >= 400).
+  """
   base_url_with_region = regions.url_always_prepend_region(
       CHRONICLE_API_BASE_URL, proj_region)
   instance = f"projects/{proj_id}/locations/{proj_region}/instances/{proj_instance}"
