Casing (#28)

Author: Juliya Smith

CHANGELOG.md

@@ -10,6 +10,15 @@ how a consumer would use the library (e.g. adding unit tests, updating documenta
 
 ## Unreleased
 
+### Changes
+
+- `securitydata` renamed to `security-data`.
+- From `security-data` related subcommands (such as `print`):
+    - `--c42username` flag renamed to `--c42-username`.
+    - `--filename` flag renamed to `--file-name`.
+    - `--filepath` flag renamed to `--file-path`.
+    - `--processOwner` flag renamed to `--process-owner`
+
 ### Added
 
 - `code42 profile create` command.

README.md

@@ -1,7 +1,7 @@
 # The Code42 CLI
 
 Use the `code42` command to interact with your Code42 environment.
-`code42 securitydata` is a CLI tool for extracting AED events.
+`code42 security-data` is a CLI tool for extracting AED events.
 Additionally, you can choose to only get events that Code42 previously did not observe since you last recorded a checkpoint
 (provided you do not change your query).
 
@@ -45,7 +45,7 @@ You can add multiple profiles with different names and the change the default pr
 code42 profile use MY_SECOND_PROFILE
 ```
 
-When the `--profile` flag is available on other commands, such as those in `securitydata`, it will use that profile instead of the default one.
+When the `--profile` flag is available on other commands, such as those in `security-data`, it will use that profile instead of the default one.
 
 To see all your profiles, do:
 
@@ -61,72 +61,72 @@ Using the CLI, you can query for events and send them to three possible destinat
 To print events to stdout, do:
 
 ```bash
-code42 securitydata print -b 2020-02-02
+code42 security-data print -b 2020-02-02
 ```
 
 Note that `-b` or `--begin` is usually required.
 To specify a time, do:
 
 ```bash
-code42 securitydata print -b 2020-02-02 12:51
+code42 security-data print -b 2020-02-02 12:51
 ```
 
 Begin date will be ignored if provided on subsequent queries using `-i`.
 
 Use different format with `-f`:
 
 ```bash
-code42 securitydata print -b 2020-02-02 -f CEF
+code42 security-data print -b 2020-02-02 -f CEF
 ```
 
 The available formats are CEF, JSON, and RAW-JSON.
 
 To write events to a file, do:
 
 ```bash
-code42 securitydata write-to filename.txt -b 2020-02-02
+code42 security-data write-to filename.txt -b 2020-02-02
 ```
 
 To send events to a server, do:
 
 ```bash
-code42 securitydata send-to syslog.company.com -p TCP -b 2020-02-02
+code42 security-data send-to syslog.company.com -p TCP -b 2020-02-02
 ```
 
 To only get events that Code42 previously did not observe since you last recorded a checkpoint, use the `-i` flag.
 
 ```bash
-code42 securitydata send-to syslog.company.com -i
+code42 security-data send-to syslog.company.com -i
 ```
 
 This is only guaranteed if you did not change your query.
 
 To send events to a server using a specific profile, do:
 
 ```bash
-code42 securitydata send-to --profile PROFILE_FOR_RECURRING_JOB syslog.company.com -b 2020-02-02 -f CEF -i
+code42 security-data send-to --profile PROFILE_FOR_RECURRING_JOB syslog.company.com -b 2020-02-02 -f CEF -i
 ```
 
 You can also use wildcard for queries, but note, if they are not in quotes, you may get unexpected behavior.
 
 ```bash
-code42 securitydata print --actor "*"
+code42 security-data print --actor "*"
 ```
 
 Each destination-type subcommand shares query parameters
 
 - `-t` (exposure types)
 - `-b` (begin date)
 - `-e` (end date)
-- `--c42username`
+- `--c42-username`
 - `--actor`
 - `--md5`
 - `--sha256`
 - `--source`
-- `--filename`
-- `--filepath`
-- `--processOwner`
-- `--tabURL`
+- `--file-name`
+- `--file-path`
+- `--process-owner`
+- `--tab-url`
 - `--include-non-exposure` (does not work with `-t`)
 - `--advanced-query` (raw JSON query)
 

add_high_risk_employee.csv

@@ -0,0 +1 @@
+user_id,risk_factors

src/code42cli/cmds/securitydata/enums.py

@@ -44,19 +44,21 @@ def __iter__(self):
 
 
 class SearchArguments(object):
+    """These string values should match `argparse` stored parameter names. For example, for the 
+    CLI argument `--c42-username`, the string should be `c42_username`."""
     ADVANCED_QUERY = u"advanced_query"
     BEGIN_DATE = u"begin"
     END_DATE = u"end"
     EXPOSURE_TYPES = u"type"
-    C42USERNAME = u"c42username"
+    C42_USERNAME = u"c42_username"
     ACTOR = u"actor"
     MD5 = u"md5"
     SHA256 = u"sha256"
     SOURCE = u"source"
-    FILENAME = u"filename"
-    FILEPATH = u"filepath"
-    PROCESS_OWNER = u"processOwner"
-    TAB_URL = u"tabURL"
+    FILE_NAME = u"file_name"
+    FILE_PATH = u"file_path"
+    PROCESS_OWNER = u"process_owner"
+    TAB_URL = u"tab_url"
     INCLUDE_NON_EXPOSURE_EVENTS = u"include_non_exposure"
 
     def __iter__(self):
@@ -66,13 +68,13 @@ def __iter__(self):
                 self.BEGIN_DATE,
                 self.END_DATE,
                 self.EXPOSURE_TYPES,
-                self.C42USERNAME,
+                self.C42_USERNAME,
                 self.ACTOR,
                 self.MD5,
                 self.SHA256,
                 self.SOURCE,
-                self.FILENAME,
-                self.FILEPATH,
+                self.FILE_NAME,
+                self.FILE_PATH,
                 self.PROCESS_OWNER,
                 self.TAB_URL,
                 self.INCLUDE_NON_EXPOSURE_EVENTS,

src/code42cli/cmds/securitydata/extraction.py

@@ -99,15 +99,15 @@ def _create_filters(args):
     filters = []
     event_timestamp_filter = _get_event_timestamp_filter(args.begin, args.end)
     not event_timestamp_filter or filters.append(event_timestamp_filter)
-    not args.c42username or filters.append(DeviceUsername.is_in(args.c42username))
+    not args.c42_username or filters.append(DeviceUsername.is_in(args.c42_username))
     not args.actor or filters.append(Actor.is_in(args.actor))
     not args.md5 or filters.append(MD5.is_in(args.md5))
     not args.sha256 or filters.append(SHA256.is_in(args.sha256))
     not args.source or filters.append(Source.is_in(args.source))
-    not args.filename or filters.append(FileName.is_in(args.filename))
-    not args.filepath or filters.append(FilePath.is_in(args.filepath))
-    not args.processOwner or filters.append(ProcessOwner.is_in(args.processOwner))
-    not args.tabURL or filters.append(TabURL.is_in(args.tabURL))
+    not args.file_name or filters.append(FileName.is_in(args.file_name))
+    not args.file_path or filters.append(FilePath.is_in(args.file_path))
+    not args.process_owner or filters.append(ProcessOwner.is_in(args.process_owner))
+    not args.tab_url or filters.append(TabURL.is_in(args.tab_url))
     _try_append_exposure_types_filter(filters, args.include_non_exposure, args.type)
     return filters
 
@@ -175,9 +175,9 @@ def _handle_result():
 
 
 def _try_append_exposure_types_filter(filters, include_non_exposure_events, exposure_types):
-    exposure_filter = _create_exposure_type_filter(include_non_exposure_events, exposure_types)
-    if exposure_filter:
-        filters.append(exposure_filter)
+    _exposure_filter = _create_exposure_type_filter(include_non_exposure_events, exposure_types)
+    if _exposure_filter:
+        filters.append(_exposure_filter)
 
 
 def _create_exposure_type_filter(include_non_exposure_events, exposure_types):

src/code42cli/cmds/securitydata/main.py

@@ -6,8 +6,8 @@
 
 
 def load_subcommands():
-    """Sets up the `securitydata` subcommand with all of its subcommands."""
-    usage_prefix = u"code42 securitydata"
+    """Sets up the `security-data` subcommand with all of its subcommands."""
+    usage_prefix = u"code42 security-data"
 
     print_func = Command(
         u"print",
@@ -48,7 +48,7 @@ def load_subcommands():
 
 def clear_checkpoint(sdk, profile):
     """Removes the stored checkpoint that keeps track of the last event you got.
-        To use, run `code42 securitydata clear-checkpoint`.
+        To use, run `code42 security-data clear-checkpoint`.
         This affects `incremental` mode by causing it to behave like it has never been run before.
     """
     FileEventCursorStore(profile.name).replace_stored_insertion_timestamp(None)
@@ -121,8 +121,8 @@ def _load_search_args(arg_collection):
             help=u"Limits events to those with given exposure types. "
             u"Available choices={0}".format(list(enums.ExposureType())),
         ),
-        enums.SearchArguments.C42USERNAME: ArgConfig(
-            u"--{}".format(enums.SearchArguments.C42USERNAME),
+        enums.SearchArguments.C42_USERNAME: ArgConfig(
+            u"--{}".format(enums.SearchArguments.C42_USERNAME),
             nargs=u"+",
             help=u"Limits events to endpoint events for these users.",
         ),
@@ -147,13 +147,13 @@ def _load_search_args(arg_collection):
             nargs=u"+",
             help=u"Limits events to only those from one of these sources. Example=Gmail.",
         ),
-        enums.SearchArguments.FILENAME: ArgConfig(
-            u"--{}".format(enums.SearchArguments.FILENAME),
+        enums.SearchArguments.FILE_NAME: ArgConfig(
+            u"--{}".format(enums.SearchArguments.FILE_NAME),
             nargs=u"+",
             help=u"Limits events to file events where the file has one of these names.",
         ),
-        enums.SearchArguments.FILEPATH: ArgConfig(
-            u"--{}".format(enums.SearchArguments.FILEPATH),
+        enums.SearchArguments.FILE_PATH: ArgConfig(
+            u"--{}".format(enums.SearchArguments.FILE_PATH),
             nargs=u"+",
             help=u"Limits events to file events where the file is located at one of these paths.",
         ),

src/code42cli/commands.py

@@ -16,11 +16,11 @@ class Command(object):
     commands to make it available for use.
 
     Args:
-        name (str): The name of the command. For example, in
+        name (str or unicode): The name of the command. For example, in
             `code42 profile show`, "show" is the name, while "profile"
             is the name of the parent command.
 
-        description (str): Descriptive text to be displayed when using -h.
+        description (str or unicode): Descriptive text to be displayed when using -h.
 
         usage (str, optional): A usage example to be displayed when using -h.
         handler (function, optional): The function to be exectued when the command is run.

src/code42cli/main.py

@@ -31,7 +31,7 @@ def _load_top_commands():
             u"profile", u"For managing Code42 settings.", subcommand_loader=profile.load_subcommands
         ),
         Command(
-            u"securitydata",
+            u"security-data",
             u"Tools for getting security related data, such as file events.",
             subcommand_loader=secmain.load_subcommands,
         ),

tests/cmds/securitydata/conftest.py

@@ -56,7 +56,7 @@ def sqlite_connection(mocker):
     "600",
     "-e",
     "2020-02-02",
-    "--c42username",
+    "--c42-username",
     "test.testerson",
     "--actor",
     "test.testerson",
@@ -66,13 +66,13 @@ def sqlite_connection(mocker):
     "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08",
     "--source",
     "Gmail",
-    "--filename",
+    "--file-name",
     "file.txt",
-    "--filepath",
+    "--file-path",
     "/path/to/file.txt",
-    "--processOwner",
+    "--process-owner",
     "test.testerson",
-    "--tabURL",
+    "--tab-url",
     "https://example.com",
     "--include-non-exposure",
 ]