Update dependencies (#1032)

Author: tomchop

core/common/utils.py

@@ -14,9 +14,9 @@
 
 if hasattr(yeti_config, "tldextract"):
     if yeti_config.tldextract.extra_suffixes:
-        tld_extract_dict[
-            "extra_suffixes"
-        ] = yeti_config.tldextract.extra_suffixes.split(",")
+        tld_extract_dict["extra_suffixes"] = (
+            yeti_config.tldextract.extra_suffixes.split(",")
+        )
     if yeti_config.tldextract.suffix_list_urls:
         tld_extract_dict["suffix_list_urls"] = yeti_config.tldextract.suffix_list_urls
 

core/database_arango.py

@@ -1,4 +1,5 @@
 """Class implementing a YetiConnector interface for ArangoDB."""
+
 import datetime
 import json
 import logging

core/schemas/observables/certificate.py

@@ -22,9 +22,9 @@ class Certificate(observable.Observable):
         fingerprint: the certificate fingerprint.
     """
 
-    type: Literal[
+    type: Literal[observable.ObservableType.certificate] = (
         observable.ObservableType.certificate
-    ] = observable.ObservableType.certificate
+    )
     last_seen: datetime.datetime = Field(default_factory=now)
     first_seen: datetime.datetime = Field(default_factory=now)
     issuer: str | None = None

core/schemas/observables/command_line.py

@@ -4,9 +4,9 @@
 
 
 class CommandLine(observable.Observable):
-    type: Literal[
+    type: Literal[observable.ObservableType.command_line] = (
         observable.ObservableType.command_line
-    ] = observable.ObservableType.command_line
+    )
 
 
 observable.TYPE_MAPPING[observable.ObservableType.command_line] = CommandLine

core/schemas/observables/docker_image.py

@@ -4,9 +4,9 @@
 
 
 class DockerImage(observable.Observable):
-    type: Literal[
+    type: Literal[observable.ObservableType.docker_image] = (
         observable.ObservableType.docker_image
-    ] = observable.ObservableType.docker_image
+    )
 
 
 observable.TYPE_MAPPING[observable.ObservableType.docker_image] = DockerImage

core/schemas/observables/hostname.py

@@ -4,9 +4,9 @@
 
 
 class Hostname(observable.Observable):
-    type: Literal[
+    type: Literal[observable.ObservableType.hostname] = (
         observable.ObservableType.hostname
-    ] = observable.ObservableType.hostname
+    )
 
 
 observable.TYPE_MAPPING[observable.ObservableType.hostname] = Hostname

core/schemas/observables/mac_address.py

@@ -4,9 +4,9 @@
 
 
 class MacAddress(observable.Observable):
-    type: Literal[
+    type: Literal[observable.ObservableType.mac_address] = (
         observable.ObservableType.mac_address
-    ] = observable.ObservableType.mac_address
+    )
 
 
 observable.TYPE_MAPPING[observable.ObservableType.mac_address] = MacAddress

core/schemas/observables/named_pipe.py

@@ -4,9 +4,9 @@
 
 
 class NamedPipe(observable.Observable):
-    type: Literal[
+    type: Literal[observable.ObservableType.named_pipe] = (
         observable.ObservableType.named_pipe
-    ] = observable.ObservableType.named_pipe
+    )
 
 
 observable.TYPE_MAPPING[observable.ObservableType.named_pipe] = NamedPipe

core/schemas/observables/registry_key.py

@@ -26,9 +26,9 @@ class RegistryKey(observable.Observable):
         path_file: The filesystem path to the file that contains the registry key value.
     """
 
-    type: Literal[
+    type: Literal[observable.ObservableType.registry_key] = (
         observable.ObservableType.registry_key
-    ] = observable.ObservableType.registry_key
+    )
     key: str
     data: bytes
     hive: RegistryHive

core/schemas/observables/user_account.py

@@ -14,9 +14,9 @@ class UserAccount(observable.Observable):
     Value should to be in the form <ACCOUNT_TYPE>:<ACCOUNT_LOGIN>.
     """
 
-    type: Literal[
+    type: Literal[observable.ObservableType.user_account] = (
         observable.ObservableType.user_account
-    ] = observable.ObservableType.user_account
+    )
     user_id: str | None = None
     credential: str | None = None
     account_login: str | None = None

core/schemas/observables/user_agent.py

@@ -4,9 +4,9 @@
 
 
 class UserAgent(observable.Observable):
-    type: Literal[
+    type: Literal[observable.ObservableType.user_agent] = (
         observable.ObservableType.user_agent
-    ] = observable.ObservableType.user_agent
+    )
 
 
 observable.TYPE_MAPPING[observable.ObservableType.user_agent] = UserAgent

plugins/feeds/public/abuseipdb.py

@@ -9,9 +9,9 @@
 
 
 class AbuseIPDB(task.FeedTask):
-    _SOURCE: ClassVar[
-        "str"
-    ] = "https://api.abuseipdb.com/api/v2/blacklist?&key=%s&plaintext&limit=10000"
+    _SOURCE: ClassVar["str"] = (
+        "https://api.abuseipdb.com/api/v2/blacklist?&key=%s&plaintext&limit=10000"
+    )
     _defaults = {
         "frequency": timedelta(hours=5),
         "name": "AbuseIPDB",

plugins/feeds/public/azorult-tracker.py

@@ -1,4 +1,5 @@
 """Azorult Tracker feeds"""
+
 import logging
 from datetime import datetime, timedelta
 from typing import ClassVar

plugins/feeds/public/cisa_kev.py

@@ -41,12 +41,12 @@ class CisaKEV(task.FeedTask):
         "source": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
     }
 
-    CISA_SOURCE: ClassVar[
-        "str"
-    ] = "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"
-    NVD_SOURCE: ClassVar[
-        "str"
-    ] = "https://services.nvd.nist.gov/rest/json/cves/2.0?hasKev"
+    CISA_SOURCE: ClassVar["str"] = (
+        "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"
+    )
+    NVD_SOURCE: ClassVar["str"] = (
+        "https://services.nvd.nist.gov/rest/json/cves/2.0?hasKev"
+    )
 
     def run(self):
         response = self._make_request(self.CISA_SOURCE, sort=False)

plugins/feeds/public/cisco_umbrella_top_domains.py

@@ -14,9 +14,9 @@ class CiscoUmbrellaTopDomains(task.FeedTask):
         "name": "CloudflareTopDomains",
         "description": "Import Cloudflare top domains",
     }
-    _SOURCE: ClassVar[
-        "str"
-    ] = "http://s3-us-west-1.amazonaws.com/umbrella-static/top-1m.csv.zip"
+    _SOURCE: ClassVar["str"] = (
+        "http://s3-us-west-1.amazonaws.com/umbrella-static/top-1m.csv.zip"
+    )
 
     def run(self):
         top_domains = yeti_config.get("umbrella", "top_domains", 10000)

plugins/feeds/public/cruzit.py

@@ -8,9 +8,9 @@
 
 
 class Cruzit(task.FeedTask):
-    _SOURCE: ClassVar[
-        "str"
-    ] = "https://iplists.firehol.org/files/cruzit_web_attacks.ipset"
+    _SOURCE: ClassVar["str"] = (
+        "https://iplists.firehol.org/files/cruzit_web_attacks.ipset"
+    )
 
     _defaults = {
         "frequency": timedelta(hours=1),

plugins/feeds/public/dataplane_dnsversion.py

@@ -1,6 +1,7 @@
 """
-    Feed DNS Version IPs with ASN
+Feed DNS Version IPs with ASN
 """
+
 import logging
 from datetime import timedelta
 from typing import ClassVar

plugins/feeds/public/dataplane_proto41.py

@@ -1,6 +1,7 @@
 """
-       Feed DataplaneProto41: IPs from DataplaneProto41
+Feed DataplaneProto41: IPs from DataplaneProto41
 """
+
 from datetime import timedelta
 from typing import ClassVar
 

plugins/feeds/public/dataplane_sipinvite.py

@@ -1,6 +1,7 @@
 """
-       Feed of SIP INVITE attacks from Dataplane IPs and their Autonomous Systems
+Feed of SIP INVITE attacks from Dataplane IPs and their Autonomous Systems
 """
+
 from datetime import timedelta
 from typing import ClassVar
 

plugins/feeds/public/dataplane_sipquery.py

@@ -1,6 +1,7 @@
 """
-       Feed of SIPs from Dataplane with IPs and ASNs
+Feed of SIPs from Dataplane with IPs and ASNs
 """
+
 from datetime import timedelta
 from typing import ClassVar
 

plugins/feeds/public/dataplane_sipregistr.py

@@ -1,6 +1,7 @@
 """
-       Feed of SIP registr with IPs and ASNs
+Feed of SIP registr with IPs and ASNs
 """
+
 import logging
 from datetime import timedelta
 from typing import ClassVar

plugins/feeds/public/dataplane_smtpdata.py

@@ -1,6 +1,7 @@
 """
-       Feeds SMTP data from Dataplane with IPs and ASNs
+Feeds SMTP data from Dataplane with IPs and ASNs
 """
+
 from datetime import timedelta
 from typing import ClassVar
 

plugins/feeds/public/dataplane_smtpgreet.py

@@ -1,6 +1,7 @@
 """
-    Feed of SMTP greetings from dataplane with IPs and ASN
+Feed of SMTP greetings from dataplane with IPs and ASN
 """
+
 from datetime import timedelta
 from typing import ClassVar
 

plugins/feeds/public/dataplane_sshclient.py

@@ -1,6 +1,7 @@
 """
-    Feed of ssh client bruteforce of Dataplane with IPs and ASNs
+Feed of ssh client bruteforce of Dataplane with IPs and ASNs
 """
+
 from datetime import timedelta
 from typing import ClassVar
 

plugins/feeds/public/dataplane_sshpwauth.py

@@ -1,6 +1,7 @@
 """
-       Feed of Dataplane SSH bruteforce IPs and ASNs
+Feed of Dataplane SSH bruteforce IPs and ASNs
 """
+
 from datetime import timedelta
 from typing import ClassVar
 

plugins/feeds/public/dataplane_telnetlogin.py

@@ -1,6 +1,7 @@
 """
-       Feed of Dataplane SSH bruteforce IPs and ASNs
+Feed of Dataplane SSH bruteforce IPs and ASNs
 """
+
 from datetime import timedelta
 from typing import ClassVar
 

plugins/feeds/public/dataplane_vnc.py

@@ -1,6 +1,7 @@
 """
-    Feed of Dataplane SSH bruteforce IPs and ASNs
+Feed of Dataplane SSH bruteforce IPs and ASNs
 """
+
 from datetime import timedelta
 from typing import ClassVar
 

plugins/feeds/public/miningpoolstats.py

@@ -19,9 +19,9 @@ class MiningPoolStats(task.FeedTask):
     }
 
     _SOURCE: ClassVar["str"] = "https://miningpoolstats.stream"
-    _USER_AGENT: ClassVar[
-        "str"
-    ] = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
+    _USER_AGENT: ClassVar["str"] = (
+        "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
+    )
 
     def run(self):
         self._session = requests.Session()

plugins/feeds/public/phishing_database.py

@@ -18,9 +18,9 @@ class PhishingDatabase(task.FeedTask):
         "description": "PhishingDatabase is a community feed of phishing URLs which are updated every 24 hours.",
     }
 
-    _SOURCE: ClassVar[
-        "str"
-    ] = "https://phishing.army/download/phishing_army_blocklist_extended.txt"
+    _SOURCE: ClassVar["str"] = (
+        "https://phishing.army/download/phishing_army_blocklist_extended.txt"
+    )
 
     def run(self):
         response = self._make_request(self._SOURCE)

plugins/feeds/public/rulezskbruteforceblocker.py

@@ -16,9 +16,9 @@ class RulezSKBruteforceBlocker(task.FeedTask):
         "description": "This feed contains daily list of IPs from rules.sk",
     }
 
-    _SOURCE: ClassVar[
-        "str"
-    ] = "http://danger.rulez.sk/projects/bruteforceblocker/blist.php"
+    _SOURCE: ClassVar["str"] = (
+        "http://danger.rulez.sk/projects/bruteforceblocker/blist.php"
+    )
 
     def run(self):
         r = self._make_request(self._SOURCE, headers={"User-Agent": "yeti-project"})

plugins/feeds/public/threatview_c2.py

@@ -13,9 +13,9 @@ class ThreatviewC2(task.FeedTask):
         "description": "This feed contains Cobalt Strike C2 IPs and Hostnames",
     }
 
-    _SOURCE: ClassVar[
-        "str"
-    ] = "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_IP_feed.txt"
+    _SOURCE: ClassVar["str"] = (
+        "https://threatview.io/Downloads/High-Confidence-CobaltstrikeC2_IP_feed.txt"
+    )
 
     def run(self):
         response = self._make_request(self._SOURCE, sort=False)