in detection_rules/devtools.py [0:0]
def prune_staging_area(target_stack_version: str, dry_run: bool, exception_list: str):
"""Prune the git staging area to remove changes to incompatible rules."""
exceptions = {
"detection_rules/etc/packages.yaml",
}
exceptions.update(exception_list.split(","))
target_stack_version = Version.parse(target_stack_version, optional_minor_and_patch=True)
# load a structured summary of the diff from git
git_output = subprocess.check_output(["git", "diff", "--name-status", "HEAD"])
changes = [GitChangeEntry.from_line(line) for line in git_output.decode("utf-8").splitlines()]
# track which changes need to be reverted because of incompatibilities
reversions: List[GitChangeEntry] = []
for change in changes:
if str(change.path) in exceptions:
# Don't backport any changes to files matching the list of exceptions
reversions.append(change)
continue
# it's a change to a rule file, load it and check the version
for rules_dir in RULES_CONFIG.rule_dirs:
if str(change.path.absolute()).startswith(str(rules_dir)) and change.path.suffix == ".toml":
# bypass TOML validation in case there were schema changes
dict_contents = RuleCollection.deserialize_toml_string(change.read())
min_stack_version: Optional[str] = dict_contents.get("metadata", {}).get("min_stack_version")
if min_stack_version is not None and \
(target_stack_version < Version.parse(min_stack_version, optional_minor_and_patch=True)):
# rule is incompatible, add to the list of reversions to make later
reversions.append(change)
break
if len(reversions) == 0:
click.echo("No files restored from staging area")
return
click.echo(f"Restoring {len(reversions)} changes from the staging area...")
for change in reversions:
change.revert(dry_run=dry_run)