[Bug] Importing rules from directory uses wrong type

[eric-forte-elastic]

Pull Request

Issue link(s):

Resolves #5427

Summary - What I changed

Small PR to set the click return type of Path to explicitly be a Pathlib object. In the currently used version of Click, this returns a string instead of a Pathlib object so this needs to be explicitly set. With this change, the command behaves as expected.

Prior to this PR the following error would result from the command python -m detection_rules import-rules-to-repo -d rules_exports/ -s custom_rules/rules --required-only

❯ python -m detection_rules import-rules-to-repo -d rules_exports/ -s custom_rules/rules --required-only
Loaded config file: /tmp/detection-rules/.detection-rules-cfg.json

█▀▀▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄   ▄      █▀▀▄ ▄  ▄ ▄   ▄▄▄ ▄▄▄
█  █ █▄▄  █  █▄▄ █    █   █  █ █ █▀▄ █      █▄▄▀ █  █ █   █▄▄ █▄▄
█▄▄▀ █▄▄  █  █▄▄ █▄▄  █  ▄█▄ █▄█ █ ▀▄█      █ ▀▄ █▄▄█ █▄▄ █▄▄ ▄▄█

Traceback (most recent call last):
  File "<frozen runpy>", line 198, in _run_module_as_main
  File "<frozen runpy>", line 88, in _run_code
  File "/tmp/detection-rules/detection_rules/__main__.py", line 31, in <module>
    main()
  File "/tmp/detection-rules/detection_rules/__main__.py", line 28, in main
    root(prog_name="detection_rules")
  File "/tmp/detection-rules/env/detection-rules-build/lib/python3.12/site-packages/click/core.py", line 1485, in __call__
    return self.main(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/tmp/detection-rules/env/detection-rules-build/lib/python3.12/site-packages/click/core.py", line 1406, in main
    rv = self.invoke(ctx)
         ^^^^^^^^^^^^^^^^
  File "/tmp/detection-rules/env/detection-rules-build/lib/python3.12/site-packages/click/core.py", line 1873, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/tmp/detection-rules/env/detection-rules-build/lib/python3.12/site-packages/click/core.py", line 1269, in invoke
    return ctx.invoke(self.callback, **ctx.params)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/tmp/detection-rules/env/detection-rules-build/lib/python3.12/site-packages/click/core.py", line 824, in invoke
    return callback(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/tmp/detection-rules/detection_rules/main.py", line 194, in import_rules_into_repo
    rule_files = list(directory.glob("**/*.*"))
                      ^^^^^^^^^^^^^^
AttributeError: 'str' object has no attribute 'glob'

How To Test

Run the following command:
python -m detection_rules import-rules-to-repo -d rules_exports/ -s custom_rules/rules --required-only

and see the following

❯ python -m detection_rules import-rules-to-repo -d rules_exports/ -s custom_rules/rules --required-only
Loaded config file: /tmp/detection-rules/.detection-rules-cfg.json

█▀▀▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄   ▄      █▀▀▄ ▄  ▄ ▄   ▄▄▄ ▄▄▄
█  █ █▄▄  █  █▄▄ █    █   █  █ █ █▀▄ █      █▄▄▀ █  █ █   █▄▄ █▄▄
█▄▄▀ █▄▄  █  █▄▄ █▄▄  █  ▄█▄ █▄█ █ ▀▄█      █ ▀▄ █▄▄█ █▄▄ █▄▄ ▄▄█

[+] Building rule for custom_rules/rules/potential_cve_2025_32463_nsswitch_file_creation.toml
[+] Building rule for custom_rules/rules/potential_cve_2025_32463_nsswitch_file_creation_kql.toml
[+] Building rule for custom_rules/rules/my_test_rule.toml
3 results exported
3 rules converted
0 exceptions exported
0 actions connectors exported

Example ndjsons for use in testing.

rules_export.ndjson.txt
rules_export_2.ndjson.txt

Checklist

• Added a label for the type of pr: bug, enhancement, schema, maintenance, Rule: New, Rule: Deprecation, Rule: Tuning, Hunt: New, or Hunt: Tuning so guidelines can be generated
• Added the meta:rapid-merge label if planning to merge within 24 hours
• Secret and sensitive material has been managed correctly
• Automated testing was updated or added to match the most common scenarios
• Documentation and comments were added for features that require explanation

Contributor checklist

• Have you signed the contributor license agreement?
• Have you followed the contributor guidelines?

[github-actions]

Bug - Guidelines

These guidelines serve as a reminder set of considerations when addressing a bug in the code.

Documentation and Context

• Provide detailed documentation (description, screenshots, reproducing the bug, etc.) of the bug if not already documented in an issue.
• Include additional context or details about the problem.
• Ensure the fix includes necessary updates to the release documentation and versioning.

Code Standards and Practices

• Code follows established design patterns within the repo and avoids duplication.
• Ensure that the code is modular and reusable where applicable.

Testing

• New unit tests have been added to cover the bug fix or edge cases.
• Existing unit tests have been updated to reflect the changes.
• Provide evidence of testing and detecting the bug fix (e.g., test logs, screenshots).
• Validate that any rules affected by the bug are correctly updated.
• Ensure that performance is not negatively impacted by the changes.
• Verify that any release artifacts are properly generated and tested.
• Conducted system testing, including fleet, import, and create APIs (e.g., run make test-cli, make test-remote-cli, make test-hunting-cli)

Additional Checks

• Verify that the bug fix works across all relevant environments (e.g., different OS versions).
• Confirm that the proper version label is applied to the PR patch, minor, major.