Bump detectiq version to 0.1.39 and enhance module exports

- Updated version in `pyproject.toml` and `__init__.py` to 0.1.39.
- Removed unused import statements in `create_sigma_rule.py` and `pe_analyzer.py` for improved code clarity.
- Added `__all__` declarations in multiple `__init__.py` files to define public API for modules.

Author: sharrajesh

detectiq/__init__.py

@@ -1,3 +1,3 @@
 # Root package initialization
 VERSION = "0.1.0"
-__version__ = "0.1.38"
+__version__ = "0.1.39"

detectiq/core/llm/tools/sigma/create_sigma_rule.py

@@ -9,7 +9,6 @@
 from langchain.schema.output_parser import StrOutputParser
 from langchain.schema.runnable import RunnablePassthrough
 from langchain.schema.vectorstore import VectorStore
-from langchain.tools import BaseTool
 from langchain_core.callbacks import BaseCallbackManager, Callbacks
 from langchain_core.tools import BaseTool
 from pydantic import BaseModel, ConfigDict, field_validator
@@ -241,7 +240,7 @@ async def _arun(
                 if in_yaml:
                     # Stop if we hit explanatory text or empty lines after YAML
                     if (stripped_line and ":" not in stripped_line and not stripped_line.startswith("-")) or (
-                        not stripped_line and len(yaml_lines) > 0 and not any(l.strip() for l in yaml_lines[-3:])
+                        not stripped_line and len(yaml_lines) > 0 and not any(line.strip() for line in yaml_lines[-3:])
                     ):
                         break
                     yaml_lines.append(line)

detectiq/core/utils/snort/analyzers/__init__.py

@@ -4,3 +4,12 @@
 from .protocol import ProtocolAnalyzer
 from .threshold import ThresholdAnalyzer
 from .whitelist import WhitelistAnalyzer
+
+__all__ = [
+    "AnomalyAnalyzer",
+    "ContentAnalyzer",
+    "HTTPAnalyzer",
+    "ProtocolAnalyzer",
+    "ThresholdAnalyzer",
+    "WhitelistAnalyzer",
+]

detectiq/core/utils/yara/pe_analyzer.py

@@ -14,7 +14,6 @@
 if PEFILE_AVAILABLE:
     try:
         import pefile
-        from pefile import PE
     except ImportError:
         PEFILE_AVAILABLE = False
         logger.warning("pefile module found but failed to import")
@@ -218,8 +217,7 @@ def decode_rich_products(entries: List[Dict[str, Any]]) -> List[str]:
         0x0003: "Cvtomf510",
         0x0004: "Export0",
         0x0005: "Implib0",
-        0x0006: "Unknown",
-        # Add more product IDs as needed
+        0x0006: "Unknown",  # Add more product IDs as needed
     }
 
     products = []

detectiq/sigmaiq/__init__.py

@@ -1,2 +1,4 @@
 from .sigmaiq_backend_factory import SigmAIQBackend
 from .sigmaiq_pipeline_factory import SigmAIQPipeline, SigmAIQPipelineResolver
+
+__all__ = ["SigmAIQBackend", "SigmAIQPipeline", "SigmAIQPipelineResolver"]

detectiq/sigmaiq/backends/carbonblack/__init__.py

@@ -1 +1,3 @@
 from .carbonblack import SigmAIQCarbonBlackBackend
+
+__all__ = ["SigmAIQCarbonBlackBackend"]

detectiq/sigmaiq/backends/cortexxdr/__init__.py

@@ -1 +1,3 @@
 from .cortexxdr import SigmAIQCortexXDRBackend
+
+__all__ = ["SigmAIQCortexXDRBackend"]

detectiq/sigmaiq/backends/crowdstrike/__init__.py

@@ -2,3 +2,5 @@
     SigmAIQCrowdstrikeLogscaleBackend,
     SigmAIQCrowdstrikeSplunkBackend,
 )
+
+__all__ = ["SigmAIQCrowdstrikeLogscaleBackend", "SigmAIQCrowdstrikeSplunkBackend"]

detectiq/sigmaiq/backends/elasticsearch/__init__.py

@@ -1 +1,3 @@
 from .elasticsearch import SigmAIQElasticsearchBackend
+
+__all__ = ["SigmAIQElasticsearchBackend"]

detectiq/sigmaiq/backends/insightidr/__init__.py

@@ -1 +1,3 @@
 from .insightidr import SigmAIQInsightIDRBackend
+
+__all__ = ["SigmAIQInsightIDRBackend"]