-
Notifications
You must be signed in to change notification settings - Fork 121
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[DEPLOY] v0.8.11 - FileVantage Service Class and endpoints (#492)
* Bump version -> 0.8.11 * Update wordlist.txt * Update CHANGELOG.md * Update README.md * Add FileVantage endpoints * Add FileVantage unit testing * Add FileVantage Service Class * Update wordlist.txt
- Loading branch information
Showing
10 changed files
with
283 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,104 @@ | ||
"""Internal API endpoint constant library. | ||
_______ __ _______ __ __ __ | ||
| _ .----.-----.--.--.--.--| | _ | |_.----|__| |--.-----. | ||
|. 1___| _| _ | | | | _ | 1___| _| _| | <| -__| | ||
|. |___|__| |_____|________|_____|____ |____|__| |__|__|__|_____| | ||
|: 1 | |: 1 | | ||
|::.. . | CROWDSTRIKE FALCON |::.. . | FalconPy | ||
`-------' `-------' | ||
OAuth2 API - Customer SDK | ||
This is free and unencumbered software released into the public domain. | ||
Anyone is free to copy, modify, publish, use, compile, sell, or | ||
distribute this software, either in source code form or as a compiled | ||
binary, for any purpose, commercial or non-commercial, and by any | ||
means. | ||
In jurisdictions that recognize copyright laws, the author or authors | ||
of this software dedicate any and all copyright interest in the | ||
software to the public domain. We make this dedication for the benefit | ||
of the public at large and to the detriment of our heirs and | ||
successors. We intend this dedication to be an overt act of | ||
relinquishment in perpetuity of all present and future rights to this | ||
software under copyright law. | ||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, | ||
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF | ||
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. | ||
IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR | ||
OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, | ||
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR | ||
OTHER DEALINGS IN THE SOFTWARE. | ||
For more information, please refer to <https://unlicense.org> | ||
""" | ||
|
||
_filevantage_endpoints = [ | ||
[ | ||
"getChanges", | ||
"GET", | ||
"/filevantage/entities/changes/v2", | ||
"Retrieve information on changes", | ||
"filevantage", | ||
[ | ||
{ | ||
"type": "array", | ||
"items": { | ||
"type": "string" | ||
}, | ||
"collectionFormat": "multi", | ||
"description": "Comma separated values of change ids", | ||
"name": "ids", | ||
"in": "query", | ||
"required": True | ||
} | ||
] | ||
], | ||
[ | ||
"queryChanges", | ||
"GET", | ||
"/filevantage/queries/changes/v2", | ||
"Returns one or more change IDs", | ||
"filevantage", | ||
[ | ||
{ | ||
"minimum": 0, | ||
"type": "integer", | ||
"description": "The first change index to return in the response. " | ||
"If not provided it will default to '0'. " | ||
"Use with the `limit` parameter to manage pagination of results.", | ||
"name": "offset", | ||
"in": "query" | ||
}, | ||
{ | ||
"type": "integer", | ||
"description": "The maximum number of changes to return in the response " | ||
"(default: 100; max: 500). " | ||
"Use with the `offset` parameter to manage pagination of results", | ||
"name": "limit", | ||
"in": "query" | ||
}, | ||
{ | ||
"type": "string", | ||
"description": "Sort changes using options like:\n\n" | ||
"- `action_timestamp` (timestamp of the change occurrence) \n\n " | ||
"Sort either `asc` (ascending) or `desc` (descending). " | ||
"For example: `action_timestamp|asc`.\n" | ||
"The full list of allowed sorting options can be reviewed in our API documentation.", | ||
"name": "sort", | ||
"in": "query" | ||
}, | ||
{ | ||
"type": "string", | ||
"description": "Filter changes using a query in Falcon Query Language (FQL). \n\n" | ||
"Common filter options include:\n\n - `host.host_name`\n - `action_timestamp`\n\n " | ||
"The full list of allowed filter parameters can be reviewed in our API documentation.", | ||
"name": "filter", | ||
"in": "query" | ||
} | ||
] | ||
] | ||
] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -35,7 +35,7 @@ | |
For more information, please refer to <https://unlicense.org> | ||
""" | ||
_VERSION = '0.8.10' | ||
_VERSION = '0.8.11' | ||
_MAINTAINER = 'Joshua Hiller' | ||
_AUTHOR = 'CrowdStrike' | ||
_AUTHOR_EMAIL = '[email protected]' | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,125 @@ | ||
"""CrowdStrike FileVantage API Interface Class. | ||
_______ __ _______ __ __ __ | ||
| _ .----.-----.--.--.--.--| | _ | |_.----|__| |--.-----. | ||
|. 1___| _| _ | | | | _ | 1___| _| _| | <| -__| | ||
|. |___|__| |_____|________|_____|____ |____|__| |__|__|__|_____| | ||
|: 1 | |: 1 | | ||
|::.. . | CROWDSTRIKE FALCON |::.. . | FalconPy | ||
`-------' `-------' | ||
OAuth2 API - Customer SDK | ||
This is free and unencumbered software released into the public domain. | ||
Anyone is free to copy, modify, publish, use, compile, sell, or | ||
distribute this software, either in source code form or as a compiled | ||
binary, for any purpose, commercial or non-commercial, and by any | ||
means. | ||
In jurisdictions that recognize copyright laws, the author or authors | ||
of this software dedicate any and all copyright interest in the | ||
software to the public domain. We make this dedication for the benefit | ||
of the public at large and to the detriment of our heirs and | ||
successors. We intend this dedication to be an overt act of | ||
relinquishment in perpetuity of all present and future rights to this | ||
software under copyright law. | ||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, | ||
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF | ||
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. | ||
IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR | ||
OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, | ||
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR | ||
OTHER DEALINGS IN THE SOFTWARE. | ||
For more information, please refer to <https://unlicense.org> | ||
""" | ||
from ._util import process_service_request, force_default, handle_single_argument | ||
from ._service_class import ServiceClass | ||
from ._endpoint._filevantage import _filevantage_endpoints as Endpoints | ||
|
||
|
||
class FileVantage(ServiceClass): | ||
"""The only requirement to instantiate an instance of this class is one of the following. | ||
- a valid client_id and client_secret provided as keywords. | ||
- a credential dictionary with client_id and client_secret containing valid API credentials | ||
{ | ||
"client_id": "CLIENT_ID_HERE", | ||
"client_secret": "CLIENT_SECRET_HERE" | ||
} | ||
- a previously-authenticated instance of the authentication service class (oauth2.py) | ||
- a valid token provided by the authentication service class (oauth2.py) | ||
""" | ||
|
||
@force_default(defaults=["parameters"], default_types=["dict"]) | ||
def get_changes(self: object, *args, parameters: dict = None, **kwargs) -> dict: | ||
"""Retrieve information on changes. | ||
Keyword arguments: | ||
ids -- Change IDs to retrieve. String or list of strings. | ||
parameters - full parameters payload, not required if ids is provided as a keyword. | ||
Arguments: When not specified, the first argument to this method is assumed to be 'ids'. | ||
All others are ignored. | ||
Returns: dict object containing API response. | ||
HTTP Method: GET | ||
Swagger URL | ||
https://assets.falcon.crowdstrike.com/support/api/swagger.html#/filevantage/getChanges | ||
""" | ||
return process_service_request( | ||
calling_object=self, | ||
endpoints=Endpoints, | ||
operation_id="getChanges", | ||
keywords=kwargs, | ||
params=handle_single_argument(args, parameters, "ids") | ||
) | ||
|
||
@force_default(defaults=["parameters"], default_types=["dict"]) | ||
def query_changes(self: object, parameters: dict = None, **kwargs) -> dict: | ||
"""Search for changes within your environment. Returns one or more change IDs. | ||
Keyword arguments: | ||
filter -- The filter expression that should be used to limit the results. FQL syntax. | ||
Available filters | ||
action_timestamp ingestion_timestamp | ||
host.name | ||
limit -- The maximum number of records to return. [Integer, 1-500, Default: 100] | ||
offset -- The integer offset to start retrieving records from. | ||
parameters - full parameters payload, not required if using other keywords. | ||
sort -- The property to sort by. FQL syntax (e.g. status.desc or hostname.asc). | ||
Available sort fields | ||
action_timestamp ingestion_timestamp | ||
This method only supports keywords for providing arguments. | ||
Returns: dict object containing API response. | ||
HTTP Method: GET | ||
Swagger URL | ||
https://assets.falcon.crowdstrike.com/support/api/swagger.html#/filevantage/queryChanges | ||
""" | ||
return process_service_request( | ||
calling_object=self, | ||
endpoints=Endpoints, | ||
operation_id="queryChanges", | ||
keywords=kwargs, | ||
params=parameters | ||
) | ||
|
||
# This method name aligns to the operation ID in the API but | ||
# does not conform to snake_case / PEP8 and is defined here | ||
# for backwards compatibility / ease of use purposes | ||
getChanges = get_changes | ||
queryChanges = query_changes | ||
|
||
|
||
# The legacy name for this class does not conform to PascalCase / PEP8 | ||
# It is defined here for backwards compatibility purposes only. | ||
File_Vantage = FileVantage # pylint: disable=C0103 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
""" | ||
test_filevantage.py - This class tests the FileVantage service class | ||
""" | ||
import platform | ||
import os | ||
import sys | ||
import pytest | ||
# Authentication via the test_authorization.py | ||
from tests import test_authorization as Authorization | ||
|
||
# Import our sibling src folder into the path | ||
sys.path.append(os.path.abspath('src')) | ||
# Classes to test - manually imported from sibling folder | ||
from falconpy import FileVantage | ||
|
||
auth = Authorization.TestAuthorization() | ||
token = auth.getConfigExtended() | ||
falcon = FileVantage(access_token=token) | ||
AllowedResponses = [200, 202, 429] # Adding rate-limiting as an allowed response for now | ||
|
||
|
||
class TestFileVantage: | ||
""" | ||
FileVantage Service Class test harness | ||
""" | ||
def test_query_changes(self): | ||
"""Pytest harness hook""" | ||
assert bool(falcon.query_changes(limit=1)["status_code"] in AllowedResponses) is True | ||
|
||
def test_get_changes(self): | ||
"""Pytest harness hook""" | ||
# Also testing lazy loading of the ids parameter | ||
assert bool( | ||
falcon.get_changes("12345678")["status_code"] in AllowedResponses | ||
) is True |