Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Version 1.4.3 - Context Authentication, new operations and arguments #1147

Merged
merged 18 commits into from
Apr 16, 2024
Merged

Version 1.4.3 - Context Authentication, new operations and arguments #1147

merged 18 commits into from
Apr 16, 2024

Conversation

jshcodes
Copy link
Member

@jshcodes jshcodes commented Apr 12, 2024
edited

FalconPy v1.4.3

This update performs the following:

  • Adds a new authentication mechanism, Context Authentication.
  • Adds tracking of authentication method used via the auth_type property within the FalconInterface object.
  • Adds one new operation to the CSPM Registration and D4C Registration service collections.
  • Adds new arguments to 6 operations within the FileVantage and Kubernetes Protection service collections.
  • Resolves [ BUG ] Crowdstrike API returning 406 when uploading a Fusion Workflow #1145.
  • Performs minor refactoring and linting to reduce code complexity.
  • Performs minor updates within the endpoint module.
  • Enhancement
  • Bug fixes
  • Updated unit tests

Unit test coverage

====================== 387 passed, 1 skipped in 549.81s (0:09:09) ======================
Name                                                                   Stmts   Miss  Cover
------------------------------------------------------------------------------------------
src/falconpy/__init__.py                                                  92      0   100%
src/falconpy/_api_request/__init__.py                                      7      0   100%
src/falconpy/_api_request/_request.py                                    109      0   100%
src/falconpy/_api_request/_request_behavior.py                            55      0   100%
src/falconpy/_api_request/_request_connection.py                           8      0   100%
src/falconpy/_api_request/_request_meta.py                                26      0   100%
src/falconpy/_api_request/_request_payloads.py                             8      0   100%
src/falconpy/_api_request/_request_validator.py                            6      0   100%
src/falconpy/_auth_object/__init__.py                                      6      0   100%
src/falconpy/_auth_object/_base_falcon_auth.py                            13      0   100%
src/falconpy/_auth_object/_bearer_token.py                                63      0   100%
src/falconpy/_auth_object/_falcon_interface.py                           256      0   100%
src/falconpy/_auth_object/_interface_config.py                            40      0   100%
src/falconpy/_auth_object/_uber_interface.py                              42      0   100%
src/falconpy/_constant/__init__.py                                        11      0   100%
src/falconpy/_endpoint/__init__.py                                       172      0   100%
src/falconpy/_endpoint/_alerts.py                                          1      0   100%
src/falconpy/_endpoint/_cloud_connect_aws.py                               1      0   100%
src/falconpy/_endpoint/_cloud_snapshots.py                                 1      0   100%
src/falconpy/_endpoint/_configuration_assessment.py                        1      0   100%
src/falconpy/_endpoint/_configuration_assessment_evaluation_logic.py       1      0   100%
src/falconpy/_endpoint/_container_alerts.py                                1      0   100%
src/falconpy/_endpoint/_container_detections.py                            1      0   100%
src/falconpy/_endpoint/_container_images.py                                1      0   100%
src/falconpy/_endpoint/_container_packages.py                              1      0   100%
src/falconpy/_endpoint/_container_vulnerabilities.py                       1      0   100%
src/falconpy/_endpoint/_cspm_registration.py                               1      0   100%
src/falconpy/_endpoint/_custom_ioa.py                                      1      0   100%
src/falconpy/_endpoint/_custom_storage.py                                  1      0   100%
src/falconpy/_endpoint/_d4c_registration.py                                1      0   100%
src/falconpy/_endpoint/_detects.py                                         1      0   100%
src/falconpy/_endpoint/_device_control_policies.py                         1      0   100%
src/falconpy/_endpoint/_discover.py                                        1      0   100%
src/falconpy/_endpoint/_drift_indicators.py                                1      0   100%
src/falconpy/_endpoint/_event_streams.py                                   1      0   100%
src/falconpy/_endpoint/_falcon_complete_dashboard.py                       1      0   100%
src/falconpy/_endpoint/_falcon_container.py                                1      0   100%
src/falconpy/_endpoint/_falconx_sandbox.py                                 1      0   100%
src/falconpy/_endpoint/_fdr.py                                             1      0   100%
src/falconpy/_endpoint/_filevantage.py                                     1      0   100%
src/falconpy/_endpoint/_firewall_management.py                             1      0   100%
src/falconpy/_endpoint/_firewall_policies.py                               1      0   100%
src/falconpy/_endpoint/_foundry_logscale.py                                1      0   100%
src/falconpy/_endpoint/_host_group.py                                      1      0   100%
src/falconpy/_endpoint/_hosts.py                                           1      0   100%
src/falconpy/_endpoint/_identity_protection.py                             1      0   100%
src/falconpy/_endpoint/_image_assessment_policies.py                       1      0   100%
src/falconpy/_endpoint/_incidents.py                                       1      0   100%
src/falconpy/_endpoint/_installation_tokens.py                             1      0   100%
src/falconpy/_endpoint/_intel.py                                           1      0   100%
src/falconpy/_endpoint/_ioa_exclusions.py                                  1      0   100%
src/falconpy/_endpoint/_ioc.py                                             1      0   100%
src/falconpy/_endpoint/_iocs.py                                            1      0   100%
src/falconpy/_endpoint/_kubernetes_protection.py                           1      0   100%
src/falconpy/_endpoint/_malquery.py                                        1      0   100%
src/falconpy/_endpoint/_message_center.py                                  1      0   100%
src/falconpy/_endpoint/_ml_exclusions.py                                   1      0   100%
src/falconpy/_endpoint/_mobile_enrollment.py                               1      0   100%
src/falconpy/_endpoint/_mssp.py                                            1      0   100%
src/falconpy/_endpoint/_oauth2.py                                          1      0   100%
src/falconpy/_endpoint/_ods.py                                             1      0   100%
src/falconpy/_endpoint/_overwatch_dashboard.py                             1      0   100%
src/falconpy/_endpoint/_prevention_policies.py                             1      0   100%
src/falconpy/_endpoint/_quarantine.py                                      1      0   100%
src/falconpy/_endpoint/_quick_scan.py                                      1      0   100%
src/falconpy/_endpoint/_real_time_response.py                              1      0   100%
src/falconpy/_endpoint/_real_time_response_admin.py                        1      0   100%
src/falconpy/_endpoint/_real_time_response_audit.py                        1      0   100%
src/falconpy/_endpoint/_recon.py                                           1      0   100%
src/falconpy/_endpoint/_report_executions.py                               1      0   100%
src/falconpy/_endpoint/_response_policies.py                               1      0   100%
src/falconpy/_endpoint/_sample_uploads.py                                  1      0   100%
src/falconpy/_endpoint/_scheduled_reports.py                               1      0   100%
src/falconpy/_endpoint/_sensor_download.py                                 1      0   100%
src/falconpy/_endpoint/_sensor_update_policies.py                          1      0   100%
src/falconpy/_endpoint/_sensor_visibility_exclusions.py                    1      0   100%
src/falconpy/_endpoint/_spotlight_evaluation_logic.py                      1      0   100%
src/falconpy/_endpoint/_spotlight_vulnerabilities.py                       1      0   100%
src/falconpy/_endpoint/_tailored_intelligence.py                           1      0   100%
src/falconpy/_endpoint/_unidentified_containers.py                         1      0   100%
src/falconpy/_endpoint/_user_management.py                                 1      0   100%
src/falconpy/_endpoint/_workflows.py                                       1      0   100%
src/falconpy/_endpoint/_zero_trust_assessment.py                           1      0   100%
src/falconpy/_endpoint/deprecated/__init__.py                             35      0   100%
src/falconpy/_endpoint/deprecated/_custom_ioa.py                           1      0   100%
src/falconpy/_endpoint/deprecated/_d4c_registration.py                     1      0   100%
src/falconpy/_endpoint/deprecated/_discover.py                             1      0   100%
src/falconpy/_endpoint/deprecated/_fdr.py                                  1      0   100%
src/falconpy/_endpoint/deprecated/_firewall_management.py                  1      0   100%
src/falconpy/_endpoint/deprecated/_hosts.py                                1      0   100%
src/falconpy/_endpoint/deprecated/_identity_protection.py                  1      0   100%
src/falconpy/_endpoint/deprecated/_installation_tokens.py                  1      0   100%
src/falconpy/_endpoint/deprecated/_ioc.py                                  1      0   100%
src/falconpy/_endpoint/deprecated/_iocs.py                                 1      0   100%
src/falconpy/_endpoint/deprecated/_mapping.py                              2      0   100%
src/falconpy/_endpoint/deprecated/_ods.py                                  1      0   100%
src/falconpy/_endpoint/deprecated/_real_time_response.py                   1      0   100%
src/falconpy/_endpoint/deprecated/_real_time_response_admin.py             1      0   100%
src/falconpy/_endpoint/deprecated/_report_executions.py                    1      0   100%
src/falconpy/_endpoint/deprecated/_scheduled_reports.py                    1      0   100%
src/falconpy/_endpoint/deprecated/_zero_trust_assessment.py                1      0   100%
src/falconpy/_enum/__init__.py                                             4      0   100%
src/falconpy/_enum/_base_url.py                                            7      0   100%
src/falconpy/_enum/_container_base_url.py                                  6      0   100%
src/falconpy/_enum/_token_fail_reason.py                                   4      0   100%
src/falconpy/_error/__init__.py                                            3      0   100%
src/falconpy/_error/_exceptions.py                                        68      0   100%
src/falconpy/_error/_warnings.py                                          73      0   100%
src/falconpy/_log/__init__.py                                              2      0   100%
src/falconpy/_log/_facility.py                                            34      0   100%
src/falconpy/_payload/__init__.py                                         30      0   100%
src/falconpy/_payload/_alerts.py                                          11      0   100%
src/falconpy/_payload/_cloud_connect_aws.py                               23      0   100%
src/falconpy/_payload/_cloud_snapshots.py                                 22      0   100%
src/falconpy/_payload/_container.py                                       66      0   100%
src/falconpy/_payload/_cspm_registration.py                               64      0   100%
src/falconpy/_payload/_d4c_registration.py                                38      0   100%
src/falconpy/_payload/_detects.py                                         15      0   100%
src/falconpy/_payload/_device_control_policy.py                           33      0   100%
src/falconpy/_payload/_falconx.py                                         25      0   100%
src/falconpy/_payload/_filevantage.py                                     34      0   100%
src/falconpy/_payload/_firewall.py                                       122      0   100%
src/falconpy/_payload/_foundry.py                                         16      0   100%
src/falconpy/_payload/_generic.py                                         66      0   100%
src/falconpy/_payload/_host_group.py                                      31      0   100%
src/falconpy/_payload/_incidents.py                                       15      0   100%
src/falconpy/_payload/_ioa.py                                             35      0   100%
src/falconpy/_payload/_ioc.py                                             52      0   100%
src/falconpy/_payload/_malquery.py                                        56      0   100%
src/falconpy/_payload/_message_center.py                                  22      0   100%
src/falconpy/_payload/_mssp.py                                            15      0   100%
src/falconpy/_payload/_ods.py                                             13      0   100%
src/falconpy/_payload/_prevention_policy.py                               19      0   100%
src/falconpy/_payload/_real_time_response.py                              27      0   100%
src/falconpy/_payload/_recon.py                                           84      0   100%
src/falconpy/_payload/_reports.py                                         19      0   100%
src/falconpy/_payload/_response_policy.py                                 19      0   100%
src/falconpy/_payload/_sample_uploads.py                                   9      0   100%
src/falconpy/_payload/_sensor_update_policy.py                            30      0   100%
src/falconpy/_payload/_workflows.py                                       42      0   100%
src/falconpy/_result/__base_resource.py                                   28      0   100%
src/falconpy/_result/__init__.py                                           9      0   100%
src/falconpy/_result/_base_dictionary.py                                  31      0   100%
src/falconpy/_result/_errors.py                                            2      0   100%
src/falconpy/_result/_expanded_result.py                                   7      0   100%
src/falconpy/_result/_headers.py                                          25      0   100%
src/falconpy/_result/_meta.py                                             30      0   100%
src/falconpy/_result/_resources.py                                        14      0   100%
src/falconpy/_result/_response_component.py                               24      0   100%
src/falconpy/_result/_result.py                                          220      0   100%
src/falconpy/_service_class/__init__.py                                    3      0   100%
src/falconpy/_service_class/_base_service_class.py                       118      0   100%
src/falconpy/_service_class/_service_class.py                            104      0   100%
src/falconpy/_util/__init__.py                                             5      0   100%
src/falconpy/_util/_auth.py                                               47      0   100%
src/falconpy/_util/_functions.py                                         394      0   100%
src/falconpy/_util/_service.py                                             3      0   100%
src/falconpy/_util/_uber.py                                               49      0   100%
src/falconpy/_version.py                                                  33      0   100%
src/falconpy/alerts.py                                                    62      0   100%
src/falconpy/api_complete/__init__.py                                      3      0   100%
src/falconpy/api_complete/_advanced.py                                    57      0   100%
src/falconpy/api_complete/_legacy.py                                     202      0   100%
src/falconpy/cloud_connect_aws.py                                         48      0   100%
src/falconpy/cloud_snapshots.py                                           33      0   100%
src/falconpy/configuration_assessment.py                                  13      0   100%
src/falconpy/configuration_assessment_evaluation_logic.py                  9      0   100%
src/falconpy/container_alerts.py                                          17      0   100%
src/falconpy/container_detections.py                                      33      0   100%
src/falconpy/container_images.py                                          45      0   100%
src/falconpy/container_packages.py                                        25      0   100%
src/falconpy/container_vulnerabilities.py                                 45      0   100%
src/falconpy/cspm_registration.py                                        212      0   100%
src/falconpy/custom_ioa.py                                                86      0   100%
src/falconpy/custom_storage.py                                            68      0   100%
src/falconpy/d4c_registration.py                                         120      0   100%
src/falconpy/detects.py                                                   32      0   100%
src/falconpy/device_control_policies.py                                   78      0   100%
src/falconpy/discover.py                                                  38      0   100%
src/falconpy/drift_indicators.py                                          25      0   100%
src/falconpy/event_streams.py                                             20      0   100%
src/falconpy/falcon_complete_dashboard.py                                111      0   100%
src/falconpy/falcon_container.py                                          57      0   100%
src/falconpy/falconx_sandbox.py                                           86      0   100%
src/falconpy/fdr.py                                                       23      0   100%
src/falconpy/filevantage.py                                              127      0   100%
src/falconpy/firewall_management.py                                      139      0   100%
src/falconpy/firewall_policies.py                                         71      0   100%
src/falconpy/foundry_logscale.py                                          62      0   100%
src/falconpy/host_group.py                                                61      0   100%
src/falconpy/hosts.py                                                    113      0   100%
src/falconpy/identity_protection.py                                       34      0   100%
src/falconpy/image_assessment_policies.py                                 63      0   100%
src/falconpy/incidents.py                                                 41      0   100%
src/falconpy/installation_tokens.py                                       43      0   100%
src/falconpy/intel.py                                                    105      0   100%
src/falconpy/ioa_exclusions.py                                            33      0   100%
src/falconpy/ioc.py                                                       94      0   100%
src/falconpy/iocs.py                                                      40      0   100%
src/falconpy/kubernetes_protection.py                                    254      0   100%
src/falconpy/malquery.py                                                  50      0   100%
src/falconpy/message_center.py                                            81      0   100%
src/falconpy/ml_exclusions.py                                             35      0   100%
src/falconpy/mobile_enrollment.py                                         18      0   100%
src/falconpy/mssp.py                                                     174      0   100%
src/falconpy/oauth2.py                                                    30      0   100%
src/falconpy/ods.py                                                       73      0   100%
src/falconpy/overwatch_dashboard.py                                       31      0   100%
src/falconpy/prevention_policy.py                                         62      0   100%
src/falconpy/quarantine.py                                                46      0   100%
src/falconpy/quick_scan.py                                                27      0   100%
src/falconpy/real_time_response.py                                       127      0   100%
src/falconpy/real_time_response_admin.py                                  83      0   100%
src/falconpy/real_time_response_audit.py                                  10      0   100%
src/falconpy/recon.py                                                    128      0   100%
src/falconpy/report_executions.py                                         24      0   100%
src/falconpy/response_policies.py                                         61      0   100%
src/falconpy/sample_uploads.py                                            79      0   100%
src/falconpy/scheduled_reports.py                                         20      0   100%
src/falconpy/sensor_download.py                                           55      0   100%
src/falconpy/sensor_update_policy.py                                     110      0   100%
src/falconpy/sensor_visibility_exclusions.py                              33      0   100%
src/falconpy/spotlight_evaluation_logic.py                                23      0   100%
src/falconpy/spotlight_vulnerabilities.py                                 31      0   100%
src/falconpy/tailored_intelligence.py                                     41      0   100%
src/falconpy/unidentified_containers.py                                   17      0   100%
src/falconpy/user_management.py                                          139      0   100%
src/falconpy/workflows.py                                                 91      0   100%
src/falconpy/zero_trust_assessment.py                                     23      0   100%
------------------------------------------------------------------------------------------
TOTAL                                                                   7984      0   100%

Bandit analysis

[main]	INFO	running on Python 3.11.8
Working... ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 0:00:02
Run started:2024-04-12 06:05:20.373906

Test results:
	No issues identified.

Code scanned:
	Total lines of code: 66789
	Total lines skipped (#nosec): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 0
		Medium: 0
		High: 0
	Total issues (by confidence):
		Undefined: 0
		Low: 0
		Medium: 0
		High: 0
Files skipped (0):

Added features and functionality

  • Added: Context Authentication (supports Foundry execution environments).

    FalconInterface object refactored to support new authentication mechanism, track mechanism used, add additional comments, and reduce overall complexity.

    • _auth_object/_falcon_interface.py

    ServiceClass object updated to detect Object Authentication and track mechanism used.

    • _service_class/_service_class.py

    New helper method defined to abstract Direct and Credential authentication creation of the _creds dictionary attribute.

    • _util/__init__.py
    • _util/_auth.py

    Class instantiation logging updated to detail authentication mechanism used. Linting and cleanup.

    • _util/_functions.py

    Unit testing expanded to complete code coverage.

    • tests/test_authentications.py
    • tests/test_result_object.py
    • tests/test_zero_trust_assessment.py

  • Added: Added UpdateCSPMGCPServiceAccountsExt operation to the CSPM Registration service collection.

    • _endpoint/_cspm_registration.py
    • cspm_registration.py

    Unit testing expanded to complete code coverage.

    • tests/test_cspm_registration.py

  • Added: Added UpdateD4CGCPServiceAccountsExt operation to the D4C Registration service collection.

    • _endpoint/_d4c_registration.py
    • d4c_registration.py

    Unit testing expanded to complete code coverage.

    • tests/test_d4c_registration.py

  • Added: Added content_files, content_registry_values, enable_content_capture and enable_hash_capture arguments to the createRules and updateRules operations within the FileVantage service collection.

    • _endpoint/_filevantage.py
    • _payload/_filevantage.py
    • filevantage.py

  • Added: Added iar_coverage as an allowed filter argument to the ReadClustersByKubernetesVersionCount, ReadClustersByStatusCount, ReadClusterCount, and ReadClusterCombined operations within the Kubernetes Protection service collection.

    • _endpoint/_kubernetes_protection.py
    • kubernetes_protection.py

Issues resolved

  • Fixed: 406 error when uploading Fusion workflows via the WorkflowDefinitionsImport operation. Closes [ BUG ] Crowdstrike API returning 406 when uploading a Fusion Workflow #1145.

    • workflows.py

    Unit testing expanded to complete code coverage.

    • tests/test_workflows.py
    • tests/test.yml

    Thanks go out to @RoemIko for identifying and reporting this issue! 🙇

  • Fixed: Added missing force_default decorator to the GetCSPMAwsConsoleSetupURLs and GetCSPMAwsAccountScriptsAttachment operations within the CSPM Registration Service Class.

    • cspm_registration.py

Other

  • Updated: Updated sort argument description for the ReadCombinedImagesExport operation (Container Images service collection) within the endpoint module.

    • _endpoint/_container_images.py

  • Updated: Updated filter argument description for the GetConfigurationDetectionIDsV2 operation (CSPM Registration service collection) within the endpoint module.

    • _endpoint/_cspm_registration.py

  • Updated: Updated enum for the QueryActivityByCaseID operation (Message Center service collection) within the endpoint module.

    • _endpoint/_message_center.py

  • Updated: Minor unit testing adjustments to handle updated API responses.

    • tests/test_container_detections.py
    • tests/test_container_packages.py
    • tests/test_container_vulnerabilities.py
    • tests/test_drift_indicators.py
    • tests/test_unidentified_containers.py

@jshcodes jshcodes added Horizon Horizon issues and questions authentication Issues or questions regarding authentication Foundry Issues or questions regarding Falcon Foundry Fusion Falcon Fusion issues and questions kubernetes Kubernetes Protection issues and questions container Falcon Container questions or issues message center Message Center issues and questions. FileVantage FileVantage issues or questions unit testing Pull requests that include unit testing updates package Pull requests that update the core package labels Apr 12, 2024
@jshcodes jshcodes self-assigned this Apr 12, 2024
@jshcodes
Add context authentication and comments, track auth mechanism, remove…
fa777fb 
… complexity, linting.
@jshcodes
Track authentication mechanism, linting.
d9b2340
@jshcodes
Add authentication mechanism to class startup logging. Typing and lin…
a328864 
…ting.
@jshcodes
Unit test cleanup
bd40155
@jshcodes
Expand unit testing to complete code coverage
a7f6ff4
@jshcodes
Bump version -> 1.4.3
7216c7c
@jshcodes
Fix workflow import multipart handling. Closes #1145.
b6e2608
@jshcodes
Update sort argument description for ReadCombinedImagesExport operation
0abd682
@jshcodes
Add missing force_default decorators
dd8eb4a
@jshcodes
Add UpdateCSPMGCPServiceAccountsExt operation
a6a9e19
@jshcodes
Add UpdateD4CGCPServiceAccountsExt operation
89abc88
@jshcodes
Add arguments to createRules and updateRules operations
f3cd65a
@jshcodes
Update enum for QueryActivityByCaseID
0b824b6
@jshcodes
Add iar_coverage filter to ReadCluster operations
4fafc53
@jshcodes
Adjust unit testing to address updated API responses
7163395
@jshcodes
Update CHANGELOG.md
999eb4d
@jshcodes jshcodes merged commit 7c782e4 into main Apr 16, 2024
25 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jlangdev jlangdev jlangdev approved these changes

@crowdstrikedcs crowdstrikedcs crowdstrikedcs approved these changes

@chriscannon chriscannon Awaiting requested review from chriscannon

@johns31459 johns31459 Awaiting requested review from johns31459

Assignees

@jshcodes jshcodes

Labels
authentication Issues or questions regarding authentication container Falcon Container questions or issues FileVantage FileVantage issues or questions Foundry Issues or questions regarding Falcon Foundry Fusion Falcon Fusion issues and questions Horizon Horizon issues and questions kubernetes Kubernetes Protection issues and questions message center Message Center issues and questions. package Pull requests that update the core package unit testing Pull requests that include unit testing updates
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[ BUG ] Crowdstrike API returning 406 when uploading a Fusion Workflow
3 participants
@jshcodes @jlangdev @crowdstrikedcs