diff --git a/CHANGELOG.md b/CHANGELOG.md index d2d7d774c..7bc98df1d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,36 @@ +# Version 0.8.5 +## Issues resolved ++ Fixed: Issue when passing comma-delimited strings or boolean values as keywords to the body payload handler for `indicator_object`. Closes #447. + - `_payload/_ioc.py` + - `tests/test_ioc.py` ++ Fixed: Issue when passing comma-delimited string for the `groups` keyword to the body payload handler for `ioa_exclusion_payload`. Closes #448. + - `_payload/_ioa.py` + - `tests/test_ioa_exclusions.py` ++ Fixed: Issue when passing comma-delimited string for the `ids` keyword to the body payload handler for `update_detects_payload`. Resolved boolean handling of `show_in_ui` keyword. Closes #449. + - `_payload/_detects.py` + - `tests/test_detects.py` ++ Fixed: Issue when passing comma-delimited string for `user_tags` keyword to the body payload handler for `submit`. Closes #450. + - `_payload/_falconx.py` + - `tests/test_falconx_sandbox.py` ++ Fixed: Issue when passing comma-delimited string for `role_ids` keyword to the body payload handler for Flight Control POST / PATCH operations. Closed #451. + - `_payload/_mssp.py` + - `tests/test_mssp.py` ++ Fixed: Issue when passing comma-delimited strings or boolean False to certain keywords within the `command_payload` body payload handler. Closes #452. + - `_payload/_real_time_response.py` + - `tests/test_real_time_response.py` ++ Fixed: Issue when passing comma-delimited strings to MalQuery Service Class body payload handlers. Closes #453. + - `_payload/_malquery.py` + - `tests/test_malquery.py` ++ Fixed: Issue with passing comma-delimited string for `recipients` within body payload handler for `update_action` method within Recon Service Class. Closes #454. + - `_payload/_recon.py` + - `tests/test_recon.py` ++ Fixed: Issue with passing comma-delimited strings for `rule_ids` and `rule_versions` keywords within FirewallManagement Service Class body payload handlers. Closes #455. + - `_payload/firewall.py` + - `tests/test_firewall_management.py` ++ Fixed: Issue with passing comma-delimited string for the `groups` keyword within the generic exclusion body payload handler. Closes #456. + - `_payload/_generic.py` + - `tests/test_ml_exclusions.py` + # Version 0.8.4 ## Issues resolved + Fixed: TypeError when using a valid credential in the wrong cloud environment. (GOV -> US1 only). Closes #433. diff --git a/src/falconpy/_payload/_detects.py b/src/falconpy/_payload/_detects.py index 0a5a22bbc..4ded29609 100644 --- a/src/falconpy/_payload/_detects.py +++ b/src/falconpy/_payload/_detects.py @@ -38,14 +38,30 @@ def update_detects_payload(current_payload: dict, passed_keywords: dict) -> dict: - """Update the provided payload with any viable parameters provided as keywords.""" - if passed_keywords.get("assigned_to_uuid", None): - current_payload["assigned_to_uuid"] = passed_keywords.get("assigned_to_uuid", None) - if passed_keywords.get("show_in_ui", None): + """Update the provided payload with any viable parameters provided as keywords. + + { + "assigned_to_uuid": "string", + "comment": "string", + "ids": [ + "string" + ], + "show_in_ui": true, + "status": "string" + } + """ + keys = ["assigned_to_uuid", "comment", "status"] + for key in keys: + if passed_keywords.get(key, None): + current_payload[key] = passed_keywords.get(key, None) + + if passed_keywords.get("show_in_ui", None) is not None: current_payload["show_in_ui"] = passed_keywords.get("show_in_ui", None) - if passed_keywords.get("status", None): - current_payload["status"] = passed_keywords.get("status", None) - if passed_keywords.get("comment", None): - current_payload["comment"] = passed_keywords.get("comment", None) + + passed_list = passed_keywords.get("ids", None) + if passed_list: + if isinstance(passed_list, str): + passed_list = passed_list.split(",") + current_payload["ids"] = passed_list return current_payload diff --git a/src/falconpy/_payload/_falconx.py b/src/falconpy/_payload/_falconx.py index c0cf1b785..5661c823e 100644 --- a/src/falconpy/_payload/_falconx.py +++ b/src/falconpy/_payload/_falconx.py @@ -82,8 +82,12 @@ def falconx_payload(passed_keywords: dict) -> dict: if passed_keywords.get("send_email_notifications", None) is not None: email_notify = passed_keywords.get("send_email_notifications", None) returned_payload["send_email_notifications"] = email_notify - if passed_keywords.get("user_tags", None): - returned_payload["user_tags"] = passed_keywords.get("user_tags", None) + + passed_tags = passed_keywords.get("user_tags", None) + if passed_tags: + if isinstance(passed_tags, str): + passed_tags = passed_tags.split(",") + returned_payload["user_tags"] = passed_tags if sandbox: returned_payload["sandbox"] = sandbox diff --git a/src/falconpy/_payload/_firewall.py b/src/falconpy/_payload/_firewall.py index 52ce9bcfc..218a82fa9 100644 --- a/src/falconpy/_payload/_firewall.py +++ b/src/falconpy/_payload/_firewall.py @@ -94,8 +94,11 @@ def firewall_container_payload(passed_keywords: dict) -> dict: returned_payload["is_default_policy"] = passed_keywords.get("is_default_policy", None) if passed_keywords.get("test_mode", None) is not None: returned_payload["test_mode"] = passed_keywords.get("test_mode", None) - if passed_keywords.get("rule_group_ids", None): - returned_payload["rule_group_ids"] = passed_keywords.get("rule_group_ids", None) + rg_list = passed_keywords.get("rule_group_ids", None) + if rg_list: + if isinstance(rg_list, str): + rg_list = rg_list.split(",") + returned_payload["rule_group_ids"] = rg_list return returned_payload @@ -213,10 +216,16 @@ def firewall_rule_group_update_payload(passed_keywords: dict) -> dict: for key in keys: if passed_keywords.get(key, None): returned_payload[key] = passed_keywords.get(key, None) - if passed_keywords.get("rule_ids", None): - returned_payload["rule_ids"] = passed_keywords.get("rule_ids", None) - if passed_keywords.get("rule_versions", None): - returned_payload["rule_versions"] = passed_keywords.get("rule_versions", None) + id_list = passed_keywords.get("rule_ids", None) + if id_list: + if isinstance(id_list, str): + id_list = id_list.split(",") + returned_payload["rule_ids"] = id_list + ver_list = passed_keywords.get("rule_versions", None) + if ver_list: + if isinstance(ver_list, str): + ver_list = ver_list.split(",") + returned_payload["rule_versions"] = ver_list diffs = passed_keywords.get("diff_operations", None) if diffs: if isinstance(diffs, list): diff --git a/src/falconpy/_payload/_generic.py b/src/falconpy/_payload/_generic.py index 0a13b13da..e18378fdb 100644 --- a/src/falconpy/_payload/_generic.py +++ b/src/falconpy/_payload/_generic.py @@ -138,8 +138,8 @@ def aggregate_payload(submitted_keywords: dict) -> dict: # pylint: disable=R091 if submitted_keywords.get("ranges", None): returned_payload["ranges"] = submitted_keywords.get("ranges", None) - if submitted_keywords.get("size", None): - returned_payload["size"] = submitted_keywords.get("size", None) + if submitted_keywords.get("size", -1) >= 0: + returned_payload["size"] = submitted_keywords.get("size", 0) if submitted_keywords.get("sort", None): returned_payload["sort"] = submitted_keywords.get("sort", None) @@ -170,8 +170,11 @@ def exclusion_payload(passed_keywords: dict) -> dict: returned_payload = {} if passed_keywords.get("comment", None): returned_payload["comment"] = passed_keywords.get("comment", None) - if passed_keywords.get("groups", None): - returned_payload["groups"] = passed_keywords.get("groups", None) + group_list = passed_keywords.get("groups", None) + if group_list: + if isinstance(group_list, str): + group_list = group_list.split(",") + returned_payload["groups"] = group_list if passed_keywords.get("value", None): returned_payload["value"] = passed_keywords.get("value", None) diff --git a/src/falconpy/_payload/_ioa.py b/src/falconpy/_payload/_ioa.py index 72b4406ce..fd28e2343 100644 --- a/src/falconpy/_payload/_ioa.py +++ b/src/falconpy/_payload/_ioa.py @@ -55,26 +55,20 @@ def ioa_exclusion_payload(passed_keywords: dict) -> dict: } """ returned_payload = {} - if passed_keywords.get("comment", None): - returned_payload["comment"] = passed_keywords.get("comment", None) - if passed_keywords.get("groups", None): - returned_payload["groups"] = passed_keywords.get("groups", None) - if passed_keywords.get("cl_regex", None): - returned_payload["cl_regex"] = passed_keywords.get("cl_regex", None) - if passed_keywords.get("description", None): - returned_payload["description"] = passed_keywords.get("description", None) - if passed_keywords.get("detection_json", None): - returned_payload["detection_json"] = passed_keywords.get("detection_json", None) - if passed_keywords.get("groups", None): - returned_payload["groups"] = passed_keywords.get("groups", None) - if passed_keywords.get("ifn_regex", None): - returned_payload["ifn_regex"] = passed_keywords.get("ifn_regex", None) - if passed_keywords.get("name", None): - returned_payload["name"] = passed_keywords.get("name", None) - if passed_keywords.get("pattern_id", None): - returned_payload["pattern_id"] = passed_keywords.get("pattern_id", None) - if passed_keywords.get("pattern_name", None): - returned_payload["pattern_name"] = passed_keywords.get("pattern_name", None) + + keys = [ + "cl_regex", "comment", "description", "detection_json", + "ifn_regex", "name", "pattern_id", "pattern_name" + ] + for key in keys: + if passed_keywords.get(key, None): + returned_payload[key] = passed_keywords.get(key, None) + + passed_list = passed_keywords.get("groups", None) + if passed_list: + if isinstance(passed_list, str): + passed_list = passed_list.split(",") + returned_payload["groups"] = passed_list return returned_payload diff --git a/src/falconpy/_payload/_ioc.py b/src/falconpy/_payload/_ioc.py index a14e27d20..e230995c4 100644 --- a/src/falconpy/_payload/_ioc.py +++ b/src/falconpy/_payload/_ioc.py @@ -37,7 +37,7 @@ """ -def indicator_object(passed_keywords: dict) -> dict: # pylint: disable=R0912 # noqa: C901 +def indicator_object(passed_keywords: dict) -> dict: """Create a properly formatted single indicator payload. { @@ -64,41 +64,30 @@ def indicator_object(passed_keywords: dict) -> dict: # pylint: disable=R0912 # "value": "string" } """ - # flake8 / pylint both complain about complexity due to the number of if statements. - # Ignoring the complaint as this is just running through the potential passed keywords. returned_payload = {} - if passed_keywords.get("action", None): - returned_payload["action"] = passed_keywords.get("action", None) - if passed_keywords.get("applied_globally", None): + keys = [ + "action", "description", "expiration", "metadata", "id", + "mobile_action", "severity", "source", "type", "value" + ] + for key in keys: + if passed_keywords.get(key, None): + returned_payload[key] = passed_keywords.get(key, None) + + if not passed_keywords.get("applied_globally", None) is None: returned_payload["applied_globally"] = passed_keywords.get("applied_globally", None) - if passed_keywords.get("description", None): - returned_payload["description"] = passed_keywords.get("description", None) - if passed_keywords.get("expiration", None): - returned_payload["expiration"] = passed_keywords.get("expiration", None) - if passed_keywords.get("host_groups", None): - returned_payload["host_groups"] = passed_keywords.get("host_groups", None) - if passed_keywords.get("metadata", None): - returned_payload["metadata"] = passed_keywords.get("metadata", None) + + list_keys = ["host_groups", "platforms", "tags"] + for list_key in list_keys: + passed_list = passed_keywords.get(list_key, None) + if passed_list: + if isinstance(passed_list, str): + passed_list = passed_list.split(",") + returned_payload[list_key] = passed_list + if passed_keywords.get("filename", None): returned_payload["metadata"] = { "filename": passed_keywords.get("filename", None) } - if passed_keywords.get("mobile_action", None): - returned_payload["mobile_action"] = passed_keywords.get("mobile_action", None) - if passed_keywords.get("platforms", None): - returned_payload["platforms"] = passed_keywords.get("platforms", None) - if passed_keywords.get("severity", None): - returned_payload["severity"] = passed_keywords.get("severity", None) - if passed_keywords.get("source", None): - returned_payload["source"] = passed_keywords.get("source", None) - if passed_keywords.get("tags", None): - returned_payload["tags"] = passed_keywords.get("tags", None) - if passed_keywords.get("type", None): - returned_payload["type"] = passed_keywords.get("type", None) - if passed_keywords.get("value", None): - returned_payload["value"] = passed_keywords.get("value", None) - if passed_keywords.get("id", None): - returned_payload["id"] = passed_keywords.get("id", None) return returned_payload diff --git a/src/falconpy/_payload/_malquery.py b/src/falconpy/_payload/_malquery.py index 8186567b2..140fa3074 100644 --- a/src/falconpy/_payload/_malquery.py +++ b/src/falconpy/_payload/_malquery.py @@ -57,10 +57,12 @@ def malquery_fuzzy_payload(passed_keywords: dict) -> dict: """ returned_payload = {} filters = passed_keywords.get("filter_meta", None) - limit = passed_keywords.get("limit", None) + limit = passed_keywords.get("limit", 0) if filters or limit: returned_payload["options"] = {} if filters: + if isinstance(filters, str): + filters = filters.split(",") returned_payload["options"]["filter_meta"] = filters if limit: returned_payload["options"]["limit"] = limit @@ -76,7 +78,7 @@ def handle_malquery_search_params(passed_params: dict) -> dict: returned_base = {} filters = passed_params.get("filter_filetypes", None) filter_meta = passed_params.get("filter_meta", None) - limit = passed_params.get("limit", None) + limit = passed_params.get("limit", 0) max_date = passed_params.get("max_date", None) max_size = passed_params.get("max_size", None) min_date = passed_params.get("min_date", None) @@ -84,8 +86,12 @@ def handle_malquery_search_params(passed_params: dict) -> dict: if any([filters, filter_meta, limit, max_date, max_size, min_date, min_size]): returned_base["options"] = {} if filters: + if isinstance(filters, str): + filters = filters.split(",") returned_base["options"]["filter_filetypes"] = filters if filter_meta: + if isinstance(filter_meta, str): + filter_meta = filter_meta.split(",") returned_base["options"]["filter_meta"] = filter_meta if limit: returned_base["options"]["limit"] = limit diff --git a/src/falconpy/_payload/_mssp.py b/src/falconpy/_payload/_mssp.py index 3e318dde1..7a925286c 100644 --- a/src/falconpy/_payload/_mssp.py +++ b/src/falconpy/_payload/_mssp.py @@ -60,12 +60,18 @@ def mssp_payload(passed_keywords: dict) -> dict: resources_item = {} keys = [ "cid", "cid_group_id", "description", "name", "id", - "user_group_id", "role_ids", "user_uuids" + "user_group_id", "user_uuids" ] for key in keys: if passed_keywords.get(key, None): resources_item[key] = passed_keywords.get(key, None) + passed_role_ids = passed_keywords.get("role_ids", None) + if passed_role_ids: + if isinstance(passed_role_ids, str): + passed_role_ids = passed_role_ids.split(",") + resources_item["role_ids"] = passed_role_ids + if resources_item: returned_payload["resources"] = [resources_item] diff --git a/src/falconpy/_payload/_real_time_response.py b/src/falconpy/_payload/_real_time_response.py index 041c36ff2..cee1ede47 100644 --- a/src/falconpy/_payload/_real_time_response.py +++ b/src/falconpy/_payload/_real_time_response.py @@ -67,36 +67,30 @@ def command_payload(passed_keywords: dict) -> dict: # pylint: disable=R0912 # # flake8 / pylint both complain about complexity due to the number of if statements. # Ignoring the complaint as this is just running through the potential passed keywords. returned_payload = {} - if passed_keywords.get("base_command", None): - returned_payload["base_command"] = passed_keywords.get("base_command", None) - if passed_keywords.get("batch_id", None): - returned_payload["batch_id"] = passed_keywords.get("batch_id", None) - if passed_keywords.get("command_string", None): - returned_payload["command_string"] = passed_keywords.get("command_string", None) - if passed_keywords.get("optional_hosts", None): - returned_payload["optional_hosts"] = passed_keywords.get("optional_hosts", None) - if passed_keywords.get("persist_all", None): - returned_payload["persist_all"] = passed_keywords.get("persist_all", None) - if passed_keywords.get("file_path", None): - returned_payload["file_path"] = passed_keywords.get("file_path", None) - if passed_keywords.get("existing_batch_id", None): - returned_payload["existing_batch_id"] = passed_keywords.get("existing_batch_id", None) - if passed_keywords.get("host_ids", None): - returned_payload["host_ids"] = passed_keywords.get("host_ids", None) - if passed_keywords.get("queue_offline", None): - returned_payload["queue_offline"] = passed_keywords.get("queue_offline", None) - if passed_keywords.get("hosts_to_remove", None): - returned_payload["hosts_to_remove"] = passed_keywords.get("hosts_to_remove", None) - if passed_keywords.get("device_id", None): - returned_payload["device_id"] = passed_keywords.get("device_id", None) + + keys = [ + "base_command", "batch_id", "command_string", "file_path", + "existing_batch_id", "device_id", "session_id", "origin" + ] + for key in keys: + if passed_keywords.get(key, None): + returned_payload[key] = passed_keywords.get(key, None) + + bool_keys = ["persist_all", "queue_offline", "persist"] + for boolean in bool_keys: + if passed_keywords.get(boolean, None) is not None: + returned_payload[key] = passed_keywords.get(boolean, None) + if passed_keywords.get("id", -1) > -1: returned_payload["id"] = passed_keywords.get("id", None) - if passed_keywords.get("persist", None): - returned_payload["persist"] = passed_keywords.get("persist", None) - if passed_keywords.get("session_id", None): - returned_payload["session_id"] = passed_keywords.get("session_id", None) - if passed_keywords.get("origin", None): - returned_payload["origin"] = passed_keywords.get("origin", None) + + list_keys = ["optional_hosts", "host_ids", "hosts_to_remove"] + for list_key in list_keys: + passed_list = passed_keywords.get(list_key, None) + if passed_list: + if isinstance(passed_list, str): + passed_list = passed_list.split(",") + returned_payload[list_key] = passed_list return returned_payload @@ -115,19 +109,12 @@ def data_payload(passed_keywords: dict) -> dict: } """ returned_payload = {} - if passed_keywords.get("id", None): - returned_payload["id"] = passed_keywords.get("id", None) - if passed_keywords.get("description", None): - returned_payload["description"] = passed_keywords.get("description", None) - if passed_keywords.get("name", None): - returned_payload["name"] = passed_keywords.get("name", None) - if passed_keywords.get("comments_for_audit_log", None): - returned_payload["comments_for_audit_log"] = passed_keywords.get("comments_for_audit_log", None) - if passed_keywords.get("content", None): - returned_payload["content"] = passed_keywords.get("content", None) - if passed_keywords.get("platform", None): - returned_payload["platform"] = passed_keywords.get("platform", None) - if passed_keywords.get("permission_type", None): - returned_payload["permission_type"] = passed_keywords.get("permission_type", None) + keys = [ + "id", "description", "name", "comments_for_audit_log", + "content", "platform", "permission_type" + ] + for key in keys: + if passed_keywords.get(key, None): + returned_payload[key] = passed_keywords.get(key, None) return returned_payload diff --git a/src/falconpy/_payload/_recon.py b/src/falconpy/_payload/_recon.py index 8a8995f69..4796e31ff 100644 --- a/src/falconpy/_payload/_recon.py +++ b/src/falconpy/_payload/_recon.py @@ -134,8 +134,11 @@ def recon_action_update_payload(passed_keywords: dict) -> dict: returned_payload["frequency"] = passed_keywords.get("frequency", None) if passed_keywords.get("id", None): returned_payload["id"] = passed_keywords.get("id", None) - if passed_keywords.get("recipients", None): - returned_payload["recipients"] = passed_keywords.get("recipients", None) + recip_list = passed_keywords.get("recipients", None) + if recip_list: + if isinstance(recip_list, str): + recip_list = recip_list.split(",") + returned_payload["recipients"] = recip_list if passed_keywords.get("status", None): returned_payload["status"] = passed_keywords.get("status", None) diff --git a/src/falconpy/_version.py b/src/falconpy/_version.py index 1fe8a4fe9..5c2463432 100644 --- a/src/falconpy/_version.py +++ b/src/falconpy/_version.py @@ -35,7 +35,7 @@ For more information, please refer to """ -_VERSION = '0.8.4' +_VERSION = '0.8.5' _MAINTAINER = 'Joshua Hiller' _AUTHOR = 'CrowdStrike' _AUTHOR_EMAIL = 'falconpy@crowdstrike.com' diff --git a/tests/test_detects.py b/tests/test_detects.py index 5675c6ea0..d6d3dd6a8 100644 --- a/tests/test_detects.py +++ b/tests/test_detects.py @@ -35,7 +35,7 @@ def service_detects_test_all(self): "get_detect_summaries": falcon.get_detect_summaries(body={"ids": ["12345678"]}), "get_aggregate_detects": falcon.get_aggregate_detects(body={"resource": {"bad": True}}), "update_detects_by_id_2": falcon.update_detects_by_ids( - ids=falcon.query_detects(limit=1)["body"]["resources"], + ids=",".join(falcon.query_detects(limit=2)["body"]["resources"]), show_in_ui=True, assigned_to_uuid="12345678", status="ignored", comment="FalconPy unit testing" ), diff --git a/tests/test_falconx_sandbox.py b/tests/test_falconx_sandbox.py index 9b0ddc9ad..9f74b20c6 100644 --- a/tests/test_falconx_sandbox.py +++ b/tests/test_falconx_sandbox.py @@ -10,7 +10,7 @@ # Import our sibling src folder into the path sys.path.append(os.path.abspath('src')) # Classes to test - manually imported from sibling folder -from falconpy.falconx_sandbox import FalconXSandbox +from falconpy import FalconXSandbox auth = Authorization.TestAuthorization() token = auth.getConfigExtended() @@ -37,7 +37,7 @@ def falconx_generate_errors(self): enable_tor=False, environment_id=300, send_email_notifications=False, - user_tags=["apples"] + user_tags="apples,bananas" ), "query_reports": falcon.QueryReports(), "query_submissions": falcon.QuerySubmissions(), diff --git a/tests/test_firewall_management.py b/tests/test_firewall_management.py index acb1d98af..59ee0a7ba 100644 --- a/tests/test_firewall_management.py +++ b/tests/test_firewall_management.py @@ -57,7 +57,7 @@ def firewall_test_all_code_paths(self): enforce=False, is_default_policy=False, test_mode=True, - rule_group_ids=["123456789"] + rule_group_ids="12345,67890" ), "create_rule_group": self.set_rule_group_id(), "create_rule_group_fail_one": falcon.create_rule_group(rules={"whatever": "bro"}), @@ -66,8 +66,8 @@ def firewall_test_all_code_paths(self): "updat3_rule_group": falcon.update_rule_group(id="12345678", tracking="Whatever", diff_operations=[{"whatever": "brah"}], - rule_ids=["12345"], - rule_versions=[1, 2, 3] + rule_ids="12345,67890", + rule_versions="1,2,3" ), "update_rule_group": falcon.update_rule_group(id="12345678", name=rule_group_name, diff --git a/tests/test_ioa_exclusions.py b/tests/test_ioa_exclusions.py index 634bdff33..7e9f4cf68 100644 --- a/tests/test_ioa_exclusions.py +++ b/tests/test_ioa_exclusions.py @@ -44,7 +44,7 @@ def serviceIOAE_GenerateErrors(self): ), "update_exclusion": falcon.update_exclusions(body={}), "update_exclusion_also": falcon.update_exclusions(comment="Unit Testing", - groups=["12345678"], + groups="12345678,98765432", id="12345678", value="Bananas", cl_regex="bob", diff --git a/tests/test_ioc.py b/tests/test_ioc.py index 8bf5f038c..51eda2a23 100644 --- a/tests/test_ioc.py +++ b/tests/test_ioc.py @@ -8,7 +8,7 @@ # Import our sibling src folder into the path sys.path.append(os.path.abspath('src')) # Classes to test - manually imported from sibling folder -from falconpy.ioc import IOC +from falconpy import IOC auth = Authorization.TestAuthorization() token = auth.getConfigExtended() @@ -34,7 +34,7 @@ def ioc_run_all_tests(self): "indicator_create_also": falcon.indicator_create_v1(body={}, type="ipv4", value="1.2.3.4", - platforms=["linux"], + platforms="linux,windows", applied_globally=True ), "indicator_delete": falcon.indicator_delete_v1(ids='12345678'), diff --git a/tests/test_malquery.py b/tests/test_malquery.py index 0935d60c6..614a7cab2 100644 --- a/tests/test_malquery.py +++ b/tests/test_malquery.py @@ -41,7 +41,7 @@ def mq_test_all_paths(self): } ] }), - "really_fuzzy": falcon.fuzzy_search(filter_meta="whatevs", + "really_fuzzy": falcon.fuzzy_search(filter_meta="whatevs,something_else", limit=1, patterns=[{"type": "file", "value": "test"}] ), @@ -51,8 +51,8 @@ def mq_test_all_paths(self): "get_samples": falcon.get_samples(ids="12345678"), "multi_download": falcon.samples_multidownload(ids="12345678"), "exact_search": falcon.exact_search(body={}), - "exact_search_too": falcon.exact_search(filter_filetypes=["xls"], - filter_meta="whatevers", + "exact_search_too": falcon.exact_search(filter_filetypes="xls,doc", + filter_meta="whatevers,something", limit=1, max_date="UTC_Date_Here", min_date="UTC Date Here", diff --git a/tests/test_ml_exclusions.py b/tests/test_ml_exclusions.py index 716d7d4af..67342c777 100644 --- a/tests/test_ml_exclusions.py +++ b/tests/test_ml_exclusions.py @@ -39,7 +39,7 @@ def serviceMLE_GenerateErrors(self): ), "update_exclusion": falcon.update_exclusions(body={}), "update_exclusion_also": falcon.update_exclusions(comment="Unit Testing", - groups=["12345678"], + groups="12345,67890", id="12345678", value="Bananas" ), diff --git a/tests/test_mssp.py b/tests/test_mssp.py index 7d4b1cbe5..6a749c43e 100644 --- a/tests/test_mssp.py +++ b/tests/test_mssp.py @@ -37,7 +37,9 @@ def serviceFlight_GenerateErrors(self): "addUserGroupMembers": falcon.add_user_group_members(body={}), "deleteUserGroupMembers": falcon.delete_user_group_members(body={}), "createUserGroups": falcon.create_user_groups(body={}), - "updateUserGroups": falcon.update_user_groups(user_group_id="12345678", name="UnitTesting"), + "updateUserGroups": falcon.update_user_groups(user_group_id="12345678", + name="UnitTesting", + role_ids="12345,67890"), "deleteUserGroups": falcon.delete_user_groups(user_group_ids='12345678'), "queryChildren": falcon.query_children(), "queryCIDGroupMembers": falcon.query_cid_group_members(), diff --git a/tests/test_real_time_response.py b/tests/test_real_time_response.py index 90283f091..649d0430b 100644 --- a/tests/test_real_time_response.py +++ b/tests/test_real_time_response.py @@ -109,7 +109,7 @@ def rtr_test_all_paths_with_errors(self): ["RTR_DeleteFile", falcon.delete_file(ids='12345678', parameters={})], ["RTR_ListQueuedSessions", falcon.list_queued_sessions(body={})], ["RTR_DeleteQueuedSession", falcon.delete_queued_session(parameters={})], - ["RTR_PulseSession", falcon.pulse_session(hosts_to_remove="BobJustBecause", + ["RTR_PulseSession", falcon.pulse_session(hosts_to_remove="BobJustBecause,AndLarry", origin="Somewheres", session_id="12345678" )], diff --git a/tests/test_recon.py b/tests/test_recon.py index 2f844c550..f007d490e 100644 --- a/tests/test_recon.py +++ b/tests/test_recon.py @@ -47,7 +47,7 @@ def service_recon_run_all_tests(self): "update_action_as_well": falcon.update_action(id="1234567", frequency="often", status="new", - recipients=["123456"] + recipients="123456,654321" ), "get_notifications_detailed_translated": falcon.get_notifications_detailed_translated(ids="1234567"), "get_notfications_detailed": falcon.get_notifications_detailed(ids="1234567"),