pre-commit fixes

.github/workflows/splunkbase-release.yml

@@ -63,7 +63,7 @@ jobs:
           pwd
           AUTH=$(awk '/id/{printf $1}' login.xml | cut -d'>' -f2 | cut -d'<' -f1)
           echo ::set-output name=SPLUNKBASE_SESSION_ID::"$AUTH"
-          
+
       - name: Publish to Splunkbase
         shell: bash
         run: |
@@ -75,6 +75,3 @@ jobs:
           echo ${{ steps.vars.outputs.SPLUNKBASE_SPLUNK_VERSION }}
           echo ${{ steps.vars.outputs.SPLUNKBASE_SPLUNK_CIM_VERSION }}
           curl -u ${{ secrets.SPLUNKBASE_USER }}:${{ secrets.SPLUNKBASE_PASSWORD }} --request POST https://splunkbase.splunk.com/api/v1/app/${{ steps.vars.outputs.SPLUNKBASE_ID }}/new_release/ -F "files[]=@/home/runner/work/TA-pinsafe/TA-pinsafe/dist/TA-pinsafe.tgz" -F "filename=TA-pinsafe.tgz" -F "cim_versions=${{ steps.vars.outputs.SPLUNKBASE_SPLUNK_CIM_VERSION }}" -F "splunk_versions=${{ steps.vars.outputs.SPLUNKBASE_SPLUNK_VERSION }}" -F "visibility=true"
-
-        
-      

.gitignore

@@ -6,6 +6,7 @@ addon_builder.conf
 # MacOS Files
 .DS_Store
 
-# Other 
+# Other
 .vscode
 build/
+sample_data/

.pre-commit-config.yaml

@@ -0,0 +1,14 @@
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+repos:
+-   repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v3.2.0
+    hooks:
+    -   id: trailing-whitespace
+    -   id: end-of-file-fixer
+    -   id: check-yaml
+    -   id: check-added-large-files
+    -   id: check-json
+        types: [text]
+        files: \.(json|manifest)$
+    -   id: check-xml

.splunkbase

@@ -1,3 +1,3 @@
 SPLUNKBASE_ID=4112
 SPLUNKBASE_SPLUNK_VERSION=8.1,8.2
-SPLUNKBASE_SPLUNK_CIM_VERSION=4.x
+SPLUNKBASE_SPLUNK_CIM_VERSION=4.x

docs/Makefile

@@ -16,4 +16,4 @@ help:
 # Catch-all target: route all unknown targets to Sphinx using the new
 # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
 %: Makefile
-	@$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
+	@$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)

docs/source/installation.rst

@@ -12,17 +12,17 @@ Install the Swivel PINsafe Add-on for Splunk
 
 Distributed deployments
 -----------------------
-Reference the tables below to determine where and how to install this add-on in a distributed deployment of Splunk Enterprise or any deployment for which you are using forwarders to get your data in. Depending on your environment, your preferences, and the requirements of the add-on, you may need to install the add-on in multiple places. 
+Reference the tables below to determine where and how to install this add-on in a distributed deployment of Splunk Enterprise or any deployment for which you are using forwarders to get your data in. Depending on your environment, your preferences, and the requirements of the add-on, you may need to install the add-on in multiple places.
 
 Where to install this add-on
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Unless otherwise noted, all supported add-ons can be safely installed to all tiers of a distributed Splunk platform deployment. See `Where to install Splunk add-ons`_ in Splunk Add-ons for more information.
 
-This table provides a reference for installing this specific add-on to a distributed deployment of Splunk Enterprise. 
+This table provides a reference for installing this specific add-on to a distributed deployment of Splunk Enterprise.
 
 .. list-table::
    :header-rows: 1
-   
+
    * - Splunk platform component
      - Supported
      - Required
@@ -51,7 +51,7 @@ This table provides a quick reference for the compatibility of this add-on with
 
 .. list-table::
    :header-rows: 1
-   
+
    * - Distributed deployment feature
      - Supported
      - Comments
@@ -60,16 +60,16 @@ This table provides a quick reference for the compatibility of this add-on with
      - You can install this add-on on a search head cluster for all search-time functionality.
    * - Indexer Clusters
      - Yes
-     - 
+     -
    * - Deployment Server
      - Yes
      - Supported for deploying via Deployment server
-     
+
 
 Installation walkthroughs
 -------------------------
 The Splunk Add-Ons manual includes an `Installing add-ons`_ guide that helps you successfully install any add-on to your Splunk platform.
-For a walkthrough of the installation procedure, follow the link that matches your deployment scenario: 
+For a walkthrough of the installation procedure, follow the link that matches your deployment scenario:
 
 - `Single-instance Splunk Enterprise`_
 - `Distributed Splunk Enterprise`_
@@ -84,4 +84,4 @@ For a walkthrough of the installation procedure, follow the link that matches yo
 
 .. _Single-instance Splunk Enterprise: http://docs.splunk.com/Documentation/AddOns/released/Overview/Singleserverinstall
 .. _Distributed Splunk Enterprise: http://docs.splunk.com/Documentation/AddOns/released/Overview/Distributedinstall
-.. _Splunk Cloud: http://docs.splunk.com/Documentation/AddOns/released/Overview/SplunkCloudinstall
+.. _Splunk Cloud: http://docs.splunk.com/Documentation/AddOns/released/Overview/SplunkCloudinstall

docs/source/support.rst

@@ -8,4 +8,4 @@ Bugs & Support Issues
 You can file bug reports on our `GitHub issue tracker`_, and they will be addressed as soon as possible.
 **Support is a volunteer effort**, and there is no guaranteed response time.
 
-.. _Github Issue Tracker: https://github.com/diogofgm/TA-pinsafe/issues
+.. _Github Issue Tracker: https://github.com/diogofgm/TA-pinsafe/issues

package/README

@@ -1,12 +1,12 @@
 # Swivel PINsafe Add-on for Splunk
 
 ## System requirements
-- Swivel PINsafe 
+- Swivel PINsafe
 - Splunk 7.0 or newer
 
 ## Installation
-Install the add-on on: 
-Search Heads - The add-on contains search time extractions 
+Install the add-on on:
+Search Heads - The add-on contains search time extractions
 Indexers - Needed for index time operations in case the syslog flow is targetting this instances
 Heavy Forwaders - Needed for index time operations in case the syslog flow is targetting this instances
 
@@ -35,4 +35,3 @@ You can file bug reports on our [GitHub issue tracker](https://github.com/diogof
 
 ## Online documentation
 http://ta-pinsafe.readthedocs.org
-

package/app.manifest

@@ -1,55 +1,55 @@
 {
-  "schemaVersion": "2.0.0", 
+  "schemaVersion": "2.0.0",
   "info": {
-    "title": "Swivel Secure PINsafe Add-on for Splunk", 
+    "title": "Swivel Secure PINsafe Add-on for Splunk",
     "id": {
-      "group": null, 
-      "name": "TA-pinsafe", 
+      "group": null,
+      "name": "TA-pinsafe",
       "version": "1.2.0"
-    }, 
+    },
     "author": [
       {
-        "name": "Diogo Silva", 
-        "email": "diogo.silva@devbusters.com", 
+        "name": "Diogo Silva",
+        "email": "diogo.silva@devbusters.com",
         "company": "Devbusters"
       }
-    ], 
-    "releaseDate": null, 
-    "description": "Swivel Secure PINsafe Add-on for Splunk", 
+    ],
+    "releaseDate": null,
+    "description": "Swivel Secure PINsafe Add-on for Splunk",
     "classification": {
-      "intendedAudience": "IT", 
+      "intendedAudience": "IT",
       "categories": [
-        "Security, Fraud & Compliance", 
+        "Security, Fraud & Compliance",
         "IT Operations"
-      ], 
+      ],
       "developmentStatus": "Production/Stable"
-    }, 
-    "commonInformationModels": null, 
+    },
+    "commonInformationModels": null,
     "license": {
-      "name": "Apache License, Version 2.0", 
-      "text": "LICENSE", 
+      "name": "Apache License, Version 2.0",
+      "text": "LICENSE",
       "uri": "http://www.apache.org/licenses/LICENSE-2.0"
-    }, 
+    },
     "privacyPolicy": {
-      "name": null, 
-      "text": null, 
+      "name": null,
+      "text": null,
       "uri": null
-    }, 
+    },
     "releaseNotes": {
-      "name": "README", 
-      "text": "README", 
+      "name": "README",
+      "text": "README",
       "uri": "https://ta-pinsafe.readthedocs.io/en/latest/releasenotes.html"
     }
-  }, 
-  "dependencies": null, 
-  "tasks": null, 
-  "inputGroups": null, 
-  "incompatibleApps": null, 
-  "platformRequirements": null, 
+  },
+  "dependencies": null,
+  "tasks": null,
+  "inputGroups": null,
+  "incompatibleApps": null,
+  "platformRequirements": null,
   "supportedDeployments": [
     "*"
-  ], 
+  ],
   "targetWorkloads": [
     "*"
   ]
-}
+}

package/default/app.conf

@@ -1,7 +1,7 @@
 #
 # TA-pinsafe
 # app.conf
-# 
+#
 # Created:      2018-09-05
 # Last update:  2022-01-11
 #

package/default/eventtypes.conf

@@ -31,11 +31,11 @@ search = "User * created"
 search = "has been locked"
 
 #
-# The next eventtypes set the start and end of a user intereaction with pinsafe 
+# The next eventtypes set the start and end of a user intereaction with pinsafe
 # in order to validate the full transaction of events
 #
 [pinsafe_start]
 search = "Session started for user"
 
 [pinsafe_end]
-search = "Login successful for user"
+search = "Login successful for user"

package/default/inputs.conf

@@ -1,7 +1,7 @@
 #
 # TA-pinsafe
 # inputs.conf
-# 
+#
 # Created:      2018-08-01
 # Last update:  2019-08-07
 #
@@ -12,4 +12,4 @@
 # connection_host = ip
 # index = pinsafe
 # sourcetype = pinsafe
-# disabled = 0
+# disabled = 0

package/default/props.conf

@@ -1,7 +1,7 @@
 #
 # TA-pinsafe
 # props.conf
-# 
+#
 # Created:      2018-08-01
 # Last update:  2020-05-18
 #
@@ -123,4 +123,4 @@ LOOKUP-pinsafe_signatures = pinsafe_signatures vendor_signature OUTPUT signature
 # EVAL-src = coalesce(src_name,src_ip,src_host,src)
 # EVAL-app = lower(app)
 # EVAL-vendor = "swivel"
-# EVAL-product = "pinsafe"
+# EVAL-product = "pinsafe"

package/default/tags.conf

@@ -21,7 +21,7 @@ session = enabled
 start = enabled
 
 
-# Change 
+# Change
 [eventtype=pinsafe_create_user]
 change = enabled
 account = enabled
@@ -32,4 +32,4 @@ account = enabled
 
 [eventtype=pinsafe_account_lock]
 change = enabled
-account = enabled
+account = enabled

package/default/transforms.conf

@@ -136,4 +136,4 @@ REGEX = error: (?<error_message>.*)
 # ActiveMQ
 [pinsafe_message_sent]
 SOURCE_KEY = event_message
-REGEX = Message sent to user: (?<user>.*),\s
+REGEX = Message sent to user: (?<user>.*),\s

package/lookups/pinsafe_actions.csv

@@ -5,4 +5,4 @@
 "failed","failure"
 "moved","changed"
 "created","created"
-"resulted","deferred"
+"resulted","deferred"