From a4a981ed6bd546e53b0e4f596514e9789f46ada3 Mon Sep 17 00:00:00 2001 From: pierrerondel Date: Thu, 15 Jan 2026 15:50:22 +0100 Subject: [PATCH 1/6] Update fortinet_transformer.py include jmespath --- transformers/vendors/fortinet_transformer.py | 28 ++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/transformers/vendors/fortinet_transformer.py b/transformers/vendors/fortinet_transformer.py index 48804404..cd17d34c 100644 --- a/transformers/vendors/fortinet_transformer.py +++ b/transformers/vendors/fortinet_transformer.py @@ -5,6 +5,8 @@ to convert between Fortinet-specific and universal data models. """ +import jmespath + from transformers.action_mapper import ActionMapper from transformers.base_transformer import BaseTransformer from transformers.category_mapper import CategoryMapper @@ -52,3 +54,29 @@ CategoryMapper({value: key for key, value in FORTINET_CATEGORY_MAP.items()}), MetadataEnricher("fortinet"), ] + +JMESPATH_FLATTEN_URLS = """ +*[?modify_type!='Deleted'].*.data_urls.*.{ + pattern: url, + action: `allow`, + category_id: 'Uncategorized', + list_name: @.name, + list_id: @.object_id, + type: @.data_type +} +""" + +def flatten_fortinet_jmespath(url_lists: dict) -> list[dict]: + """ + Flatten Fortinet JSON using JMESPath. + + Args: + url_lists: Nested Fortinet JSON URL list. + + Returns: + Flat list of URL entries suitable for transformer input. + """ + result = jmespath.search(JMESPATH_FLATTEN_URLS, url_lists) + # jmespath returns a nested list, flatten if needed + flat_result = [item for sublist in result for item in sublist] if result else [] + return flat_result From f309f522788dc4a8501f1b090ff7463d22d9549c Mon Sep 17 00:00:00 2001 From: pierrerondel Date: Thu, 15 Jan 2026 15:52:00 +0100 Subject: [PATCH 2/6] Update netskope_transformer.py --- transformers/vendors/netskope_transformer.py | 29 +++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/transformers/vendors/netskope_transformer.py b/transformers/vendors/netskope_transformer.py index c4e2e13a..5617a533 100644 --- a/transformers/vendors/netskope_transformer.py +++ b/transformers/vendors/netskope_transformer.py @@ -3,7 +3,7 @@ This module defines transformers and mappings required to convert Netskope URL list configurations to and from the universal data model. """ - +import jmespath import re from typing import Any from typing import Dict @@ -17,6 +17,33 @@ from transformers.pattern_normalizer import PatternNormalizer from transformers.type_mapper import TypeMapper +JMESPATH_NETSKOPE = """ +values(@)[?modify_type!='Deleted'].{ + list_name: name, + list_id: object_id, + type: data_type, + urls: values(data_urls) +} +""" + +def flatten_netskope_jmespath(url_lists: dict) -> list[dict]: + extracted = jmespath.search(JMESPATH_NETSKOPE, url_lists) or [] + flat = [] + + for lst in extracted: + for entry in lst.get("urls", []): + url = entry.get("url") + if not url: + continue + flat.append({ + "pattern": url, + "action": "allow", + "category_id": "Uncategorized", + "list_name": lst["list_name"], + "list_id": str(lst["list_id"]), + "type": lst["type"] + }) + return flat class NetskopePatternNormalizer(BaseTransformer): """Normalize Netskope URL patterns for vendor compatibility. From 270c46678cda8468495b0dd2a4878a08d12f164c Mon Sep 17 00:00:00 2001 From: pierrerondel Date: Thu, 15 Jan 2026 15:57:40 +0100 Subject: [PATCH 3/6] Update netskope_transformer.py --- transformers/vendors/netskope_transformer.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/transformers/vendors/netskope_transformer.py b/transformers/vendors/netskope_transformer.py index 5617a533..8ea3d70d 100644 --- a/transformers/vendors/netskope_transformer.py +++ b/transformers/vendors/netskope_transformer.py @@ -27,6 +27,9 @@ """ def flatten_netskope_jmespath(url_lists: dict) -> list[dict]: + """Flatten the structure using jmespath. + + """ extracted = jmespath.search(JMESPATH_NETSKOPE, url_lists) or [] flat = [] From 9473506a03f025861e94007e5a7c37f0061acbbd Mon Sep 17 00:00:00 2001 From: pierrerondel Date: Thu, 15 Jan 2026 17:35:01 +0100 Subject: [PATCH 4/6] Update netskope_transformer.py --- transformers/vendors/netskope_transformer.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/transformers/vendors/netskope_transformer.py b/transformers/vendors/netskope_transformer.py index 8ea3d70d..df948609 100644 --- a/transformers/vendors/netskope_transformer.py +++ b/transformers/vendors/netskope_transformer.py @@ -27,9 +27,8 @@ """ def flatten_netskope_jmespath(url_lists: dict) -> list[dict]: - """Flatten the structure using jmespath. - - """ + """Flatten the structure using jmespath.""" + extracted = jmespath.search(JMESPATH_NETSKOPE, url_lists) or [] flat = [] From a8ff7535c80de05e9f52f8f93971fdab89723af0 Mon Sep 17 00:00:00 2001 From: pierrerondel Date: Thu, 15 Jan 2026 17:40:36 +0100 Subject: [PATCH 5/6] Update netskope_transformer.py --- transformers/vendors/netskope_transformer.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/transformers/vendors/netskope_transformer.py b/transformers/vendors/netskope_transformer.py index df948609..c939c3a1 100644 --- a/transformers/vendors/netskope_transformer.py +++ b/transformers/vendors/netskope_transformer.py @@ -27,8 +27,7 @@ """ def flatten_netskope_jmespath(url_lists: dict) -> list[dict]: - """Flatten the structure using jmespath.""" - + """Flatten the structure using jmespath.""" extracted = jmespath.search(JMESPATH_NETSKOPE, url_lists) or [] flat = [] @@ -49,7 +48,7 @@ def flatten_netskope_jmespath(url_lists: dict) -> list[dict]: class NetskopePatternNormalizer(BaseTransformer): """Normalize Netskope URL patterns for vendor compatibility. - + This transformer converts universal URL patterns into Netskope- compatible formats: From 91b047da00bcb2462c4fce63355cf952349a9272 Mon Sep 17 00:00:00 2001 From: pierrerondel Date: Thu, 15 Jan 2026 17:43:40 +0100 Subject: [PATCH 6/6] Update netskope_transformer.py --- transformers/vendors/netskope_transformer.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/transformers/vendors/netskope_transformer.py b/transformers/vendors/netskope_transformer.py index c939c3a1..ba3088e3 100644 --- a/transformers/vendors/netskope_transformer.py +++ b/transformers/vendors/netskope_transformer.py @@ -3,13 +3,14 @@ This module defines transformers and mappings required to convert Netskope URL list configurations to and from the universal data model. """ -import jmespath import re from typing import Any from typing import Dict from typing import List from typing import Optional +import jmespath + from transformers.action_mapper import ActionMapper from transformers.base_transformer import BaseTransformer from transformers.category_mapper import CategoryMapper