def create_json_from_docs()

in prebuilt-rules-scripts/generate.py [0:0]

• 65 lines of code
• 21 McCabe index (conditional complexity)

def create_json_from_docs(package_version):
    """Create a json file of the exiting rule docs."""
    existing_rule_asciidocs = ROOT.joinpath('docs', 'detections', 'prebuilt-rules', 'rule-details')
    rule_asciidoc_files = existing_rule_asciidocs.glob("*.asciidoc")
    rule_dict = []

    name = ""
    description = ""
    false_pos = ""
    notes = ""

    is_desc = False
    is_false_pos = False
    is_notes = False

    for rule_asciidoc_file in rule_asciidoc_files:
        with open(rule_asciidoc_file, 'r') as f:
            text = f.readlines()
            for count, line in enumerate(text):
                if count == 1:
                    name = line.split("=== ")[1].replace("\n", "")
                    is_desc = True
                if is_desc:
                    description = description + line
                    if "*Rule type*" in text[count + 1]:
                        is_desc = False
                if "==== Potential false positives" in line:
                    is_false_pos = True
                    continue
                if is_false_pos:
                    false_pos = false_pos + line
                    if ("==== Rule query" in text[count]) or ("==== Investigation guide" in text[count]) or (
                            "==== Rule version history" in text[count]):
                        is_false_pos = False
                if "==== Investigation guide" in line:
                    is_notes = True
                    continue
                if is_notes:
                    notes = notes + line

            is_notes = False
            is_false_pos = False
            description = description.split("\n\n", 1)[1].replace("\n\n", "\n").rstrip()

            if "[[" in notes:
                notes = notes.split("[[")[0]
            if "\n==== Rule query\n" in notes:
                notes = notes.split("\n==== Rule query\n")[0]
            if "==== Rule query\n" in false_pos:
                false_pos = false_pos.split("\n\n==== Rule query\n")[0]
            if "==== Investigation guide\n" in false_pos:
                false_pos = false_pos.split("\n\n==== Investigation guide\n")[0]
            if "[[" in false_pos:
                false_pos = false_pos.split("[[")[0]

            rule_text = {"name": name, "description": description}

            if false_pos:
                rule_text['false_positives'] = [false_pos.lstrip()]
            if notes:
                notes_text = notes.rstrip()
                notes_text = notes_text[1:] if notes_text.startswith('\n') else notes_text
                rule_text['note'] = notes_text

            rule_dict.append(rule_text)
            name = ""
            description = ""
            false_pos = ""
            notes = ""

    rule_dict = sorted(rule_dict, key=_sort_by_name)
    diff_file = str(PREBUILT_RULES.joinpath('diff-files', 'gen-files', f'json-from-docs-{package_version}.json'))

    with open(diff_file, "w") as f:
        json.dump(rule_dict, f, indent=2)

    click.echo(f'saved file: {diff_file}')