Flashpoint Release 2.1.5 #42926

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open

crestdatasystems wants to merge 1 commit into demisto:contrib/crestdatasystems_Flashpoint-Release-215 from crestdatasystems:Flashpoint-Release-215

+103 −26

Packs/Flashpoint/Integrations/Ignite/Ignite.py

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -1,13 +1,12 @@
  
    """Ignite Main File."""

    from copy import deepcopy

    import ipaddress

    import requests

    import urllib3

    import re

    from copy import deepcopy

    import demistomock as demisto

    import requests

    import urllib3

    from CommonServerPython import *  # noqa # pylint: disable=unused-wildcard-import

    from CommonServerUserPython import *  # noqa

    @@ -323,15 +322,17 @@ def http_request(self, method, url_suffix, params=None, json_data=None):
  
            return resp_json

        def get_indicator(self, indicator_value: str, indicator_type: str):

        def get_indicator(self, indicator_value: str, indicator_type: str, exact_match: bool = False):

            """

            Get an indicator by its type and value.

            :param indicator_type: The indicator type.

            :param indicator_value: The indicator value.

            :param exact_match: Whether to perform an exact match. If true, the indicator value is enclosed in quotes.

            :return: The indicator response.

            """

            indicator_value = f'"{indicator_value}"' if exact_match else indicator_value

            params = {"ioc_types": indicator_type, "ioc_value": indicator_value, "embed": "all"}

            return self.http_request("GET", URL_SUFFIX["LIST_INDICATORS"], params=params)

    @@ -1696,7 +1697,7 @@ def filename_lookup_command(client: Client, filename: str) -> CommandResults:
  
        )

    def ip_lookup_command(client: Client, ip: str) -> CommandResults:

    def ip_lookup_command(client: Client, ip: str, exact_match: bool = False) -> CommandResults:

        """

        Lookup a particular ip-address.

    @@ -1705,6 +1706,7 @@ def ip_lookup_command(client: Client, ip: str) -> CommandResults:
  
        : param client: object of client class

        : param ip: ip-address

        : param exact_match: Whether to perform an exact match. If true, the indicator value is enclosed in quotes.

        : return: command output

        """

        if not is_ip_valid(ip, True):

    @@ -1714,9 +1716,9 @@ def ip_lookup_command(client: Client, ip: str) -> CommandResults:
  
            return CommandResults(readable_output=f"Skipping internal IP: {ip}")

        if is_ipv6_valid(ip):

            response = client.get_indicator(ip, "ipv6")

            response = client.get_indicator(ip, "ipv6", exact_match)

        else:

            response = client.get_indicator(ip, "ipv4")

            response = client.get_indicator(ip, "ipv4", exact_match)

        items = response.get("items", [])

        if items:

    @@ -2116,16 +2118,16 @@ def indicator_get_command(client: Client, args: dict) -> CommandResults:
  
        )

    def url_lookup_command(client: Client, url: str) -> CommandResults:

    def url_lookup_command(client: Client, url: str, exact_match: bool = False) -> CommandResults:

        """

        Lookup a particular url.

        :param client: object of client class

        :param url: url as indicator

        :param exact_match: Whether to perform an exact match. If true, the indicator value is enclosed in quotes.

        :return: command output

        """

        response = client.get_indicator(url, "url")

        response = client.get_indicator(url, "url", exact_match)

        items = response.get("items", [])

        if items:

    @@ -2236,16 +2238,17 @@ def url_lookup_command(client: Client, url: str) -> CommandResults:
  
        return command_results

    def domain_lookup_command(client: Client, domain: str) -> CommandResults:

    def domain_lookup_command(client: Client, domain: str, exact_match: bool = False) -> CommandResults:

        """

        Lookup a particular domain.

        :param client: object of client class

        :param domain: domain

        :param exact_match: Whether to perform an exact match. If true, the indicator value is enclosed in quotes.

        :return: command output

        """

        response = client.get_indicator(domain, "domain")

        response = client.get_indicator(domain, "domain", exact_match)

        items = response.get("items", [])

        if items:

    @@ -2350,16 +2353,17 @@ def domain_lookup_command(client: Client, domain: str) -> CommandResults:
  
        return CommandResults(indicator=domain_ioc, readable_output=human_readable, raw_response=response)

    def file_lookup_command(client: Client, file: str) -> CommandResults:

    def file_lookup_command(client: Client, file: str, exact_match: bool = False) -> CommandResults:

        """

        Lookup a particular file hash.

        :param client: object of client class

        :param file: file as indicator

        :param exact_match: Whether to perform an exact match. If true, the indicator value is enclosed in quotes.

        :return: command output

        """

        response = client.get_indicator(file, "file")

        response = client.get_indicator(file, "file", exact_match)

        items = response.get("items", [])

        if items:

    @@ -2977,11 +2981,15 @@ def main():
  
                    raise ValueError(MESSAGES["MISSING_REQUIRED_ARGS"].format(command))

                indicator_list = argToList(args.get(command))

                indicator_list = [indicator.strip() for indicator in indicator_list if indicator.strip()]

                exact_match = argToBoolean(args.get("exact_match", False))

                results = []

                if not indicator_list:

                    raise ValueError(MESSAGES["MISSING_REQUIRED_ARGS"].format(command))

                for indicator in indicator_list:

                    results.append(REPUTATION_COMMAND_TO_FUNCTION[command](client, indicator))

                    arguments = (client, indicator)

                    if exact_match:

                        arguments += (exact_match,)  # type: ignore

                    results.append(REPUTATION_COMMAND_TO_FUNCTION[command](*arguments))

                return_results(results)

            elif COMMAND_TO_FUNCTION.get(command):

Packs/Flashpoint/Integrations/Ignite/Ignite.yml

-Original file line number
+Diff line change
@@ Expand Up / @@ -928,6 +928,14 @@ script: @@
           default: true
           description: A comma-separated list of IP addresses.
           isArray: true
+        - name: exact_match
+          required: false
+          defaultValue: "False"
+          description: Whether to perform an exact match on the IP address value.
+          auto: PREDEFINED
+          predefined:
+          - "True"
+          - "False"
         outputs:
         - contextPath: DBotScore.Indicator
           description: The indicator that was tested.
@@ Expand Down Expand Up / @@ -2587,6 +2595,14 @@ script: @@
           default: true
           description: A comma-separated list of URLs.
           isArray: true
+        - name: exact_match
+          required: false
+          defaultValue: "False"
+          description: Whether to perform an exact match on the URL value.
+          auto: PREDEFINED
+          predefined:
+          - "True"
+          - "False"
         outputs:
         - contextPath: DBotScore.Indicator
           description: The indicator that was tested.
@@ Expand Down Expand Up / @@ -2791,6 +2807,14 @@ script: @@
           default: true
           description: A comma-separated list of domains.
           isArray: true
+        - name: exact_match
+          required: false
+          defaultValue: "False"
+          description: Whether to perform an exact match on the domain value.
+          auto: PREDEFINED
+          predefined:
+          - "True"
+          - "False"
         outputs:
         - contextPath: DBotScore.Indicator
           description: The indicator that was tested.
@@ Expand Down Expand Up / @@ -2995,6 +3019,14 @@ script: @@
           default: true
           description: List of files.
           isArray: true
+        - name: exact_match
+          required: false
+          defaultValue: "False"
+          description: Whether to perform an exact match on the file hash value.
+          auto: PREDEFINED
+          predefined:
+          - "True"
+          - "False"
         outputs:
         - contextPath: DBotScore.Indicator
           description: The indicator that was tested.
@@ Expand Down Expand Up / @@ -3215,7 +3247,7 @@ script: @@
         description: Looks up the "File" type indicator details. The reputation of the file is decided from the indicator score if it is found in the Ignite IOC database.
       script: ''
       type: python
-      dockerimage: demisto/python3:3.12.11.4508456
+      dockerimage: demisto/python3:3.12.12.6947692
       isfetch: true
       runonce: false
       subtype: python3
@@ Expand Down @@

Packs/Flashpoint/Integrations/Ignite/Ignite_test.py

-Original file line number
+Diff line change
@@ Expand Up @@
     @patch("demistomock.results")
-    def test_domain_lookup_command_success(mock_return, requests_mock, mocker):
+    @pytest.mark.parametrize("exact_match", [True, False])
+    def test_domain_lookup_command_success(mock_return, requests_mock, mocker, exact_match):
         """
         Test case for successful execution of domain look up command through main function
         when it returns reputation about given domain indicator.
@@ Expand All @@
         requests_mock.get(url, json=domain_lookup_reputation, status_code=200)
         params = {**BASIC_PARAMS, "integrationReliability": "B - Usually reliable"}
-        args = {"domain": "dummy_domain.com"}
+        domain_value = "dummy_domain.com"
+        args = {"domain": domain_value, "exact_match": exact_match}
         mocker.patch.object(demisto, "params", return_value=params)
         mocker.patch.object(demisto, "command", return_value="domain")
         mocker.patch.object(demisto, "args", return_value=args)
         main()
+        last_request = requests_mock.last_request
+        domain_value = f'"{domain_value}"' if exact_match else domain_value
+        assert last_request.qs["ioc_value"] == [domain_value]
         assert hr_output_for_domain_lookup_reputation == mock_return.call_args.args[0].get("HumanReadable")
         assert domain_lookup_reputation_context == mock_return.call_args.args[0].get("EntryContext")
         assert domain_lookup_reputation == mock_return.call_args.args[0].get("Contents")
@@ Expand Down Expand Up @@
     @patch("demistomock.results")
-    def test_ip_lookup_command_success(mock_return, requests_mock, mocker):
+    @pytest.mark.parametrize("exact_match", [True, False])
+    def test_ip_lookup_command_success(mock_return, requests_mock, mocker, exact_match):
         """
         Test case for successful execution of ip look up command through main function
         when it returns reputation about given ip indicator.
@@ Expand All @@
         url = f'{MOCK_URL}{URL_SUFFIX["LIST_INDICATORS"]}'
         requests_mock.get(url, json=ip_lookup_reputation, status_code=200)
         params = {**BASIC_PARAMS, "integrationReliability": "B - Usually reliable"}
-        args = {"ip": "0.0.0.1"}
+        ip_value = "0.0.0.1"
+        args = {"ip": ip_value, "exact_match": exact_match}
         mocker.patch.object(demisto, "params", return_value=params)
         mocker.patch.object(demisto, "command", return_value="ip")
         mocker.patch.object(demisto, "args", return_value=args)
         mocker.patch("Ignite.is_ip_address_internal", return_value=False)
         main()
+        last_request = requests_mock.last_request
+        ip_value = f'"{ip_value}"' if exact_match else ip_value
+        assert last_request.qs["ioc_value"] == [ip_value]
         assert hr_output_for_ip_lookup_reputation == mock_return.call_args.args[0].get("HumanReadable")
         assert ip_lookup_reputation_context == mock_return.call_args.args[0].get("EntryContext")
         assert ip_lookup_reputation == mock_return.call_args.args[0].get("Contents")
@@ Expand Down Expand Up @@
     @patch("demistomock.results")
-    def test_url_lookup_command_success(mock_return, requests_mock, mocker):
+    @pytest.mark.parametrize("exact_match", [True, False])
+    def test_url_lookup_command_success(mock_return, requests_mock, mocker, exact_match):
         """
         Test case for successful execution of url lookup command through main function
         when it returns reputation about given url.
@@ Expand All @@
         requests_mock.get(f'{MOCK_URL}{URL_SUFFIX["LIST_INDICATORS"]}', json=url_reputation, status_code=200)
         params = {**BASIC_PARAMS, "integrationReliability": "B - Usually reliable"}
-        args = {"url": "http://dummy.com"}
+        url_value = "http://dummy.com"
+        args = {"url": url_value, "exact_match": exact_match}
         mocker.patch.object(demisto, "params", return_value=params)
         mocker.patch.object(demisto, "command", return_value="url")
         mocker.patch.object(demisto, "args", return_value=args)
         main()
+        last_request = requests_mock.last_request
+        url_value = f'"{url_value}"' if exact_match else url_value
+        assert last_request.qs["ioc_value"] == [url_value]
         assert url_reputation_hr == mock_return.call_args.args[0].get("HumanReadable")
         assert url_reputation_context == mock_return.call_args.args[0].get("EntryContext")
         assert url_reputation == mock_return.call_args.args[0].get("Contents")
@@ Expand Down Expand Up @@
     @patch("demistomock.results")
-    def test_file_lookup_command_success(mock_return, requests_mock, mocker):
+    @pytest.mark.parametrize("exact_match", [True, False])
+    def test_file_lookup_command_success(mock_return, requests_mock, mocker, exact_match):
         """
         Test case for successful execution of file command through main function
         when it returns reputation about given file.
@@ Expand All @@
         url = f'{MOCK_URL}{URL_SUFFIX["LIST_INDICATORS"]}'
         requests_mock.get(url, json=file_reputation, status_code=200)
         params = {**BASIC_PARAMS, "integrationReliability": "B - Usually reliable"}
-        args = {"file": "00000000000000000000000000000001"}
+        file_value = "00000000000000000000000000000001"
+        args = {"file": file_value, "exact_match": exact_match}
         mocker.patch.object(demisto, "params", return_value=params)
         mocker.patch.object(demisto, "command", return_value="file")
         mocker.patch.object(demisto, "args", return_value=args)
         main()
+        last_request = requests_mock.last_request
+        file_value = f'"{file_value}"' if exact_match else file_value
+        assert last_request.qs["ioc_value"] == [file_value]
         assert file_reputation_hr == mock_return.call_args.args[0].get("HumanReadable")
         assert file_reputation_context == mock_return.call_args.args[0].get("EntryContext")
         assert file_reputation == mock_return.call_args.args[0].get("Contents")
@@ Expand Down @@

Packs/Flashpoint/Integrations/Ignite/README.md

-Original file line number
+Diff line change
@@ Expand Up @@
     | **Argument Name** | **Description** | **Required** |
     | --- | --- | --- |
     | ip | A comma-separated list of IP addresses. | Required |
+    | exact_match | Whether to perform an exact match on the IP address value. Possible values are: True, False. Default is False. | Optional |
     #### Context Output
@@ Expand Down Expand Up @@
     | **Argument Name** | **Description** | **Required** |
     | --- | --- | --- |
     | url | A comma-separated list of URLs. | Required |
+    | exact_match | Whether to perform an exact match on the URL value. Possible values are: True, False. Default is False. | Optional |
     #### Context Output
@@ Expand Down Expand Up @@
     | **Argument Name** | **Description** | **Required** |
     | --- | --- | --- |
     | domain | A comma-separated list of domains. | Required |
+    | exact_match | Whether to perform an exact match on the domain value. Possible values are: True, False. Default is False. | Optional |
     #### Context Output
@@ Expand Down Expand Up @@
     | **Argument Name** | **Description** | **Required** |
     | --- | --- | --- |
     | file | List of files. | Required |
+    | exact_match | Whether to perform an exact match on the file hash value. Possible values are: True, False. Default is False. | Optional |
     #### Context Output
@@ Expand Down @@

Packs/Flashpoint/ReleaseNotes/2_1_5.md

-Original file line number
+Diff line change
@@ -0,0 +1,7 @@
+    #### Integrations
+    ##### Flashpoint Ignite
+    - Added support for *exact_match* argument in the **domain**, **ip**, **url**, **file** commands.
+    - Updated the Docker image to: *demisto/python3:3.12.12.6947692*.

Packs/Flashpoint/pack_metadata.json

-Original file line number
+Diff line change
@@ Expand Up / @@ -2,7 +2,7 @@ @@
         "name": "Flashpoint",
         "description": "Use the Flashpoint integration to reduce business risk.",
         "support": "partner",
-        "currentVersion": "2.1.4",
+        "currentVersion": "2.1.5",
         "author": "Flashpoint",
         "url": "https://flashpoint.my.site.com/helpcenter/s/",
         "email": "support@flashpoint-intel.com",
@@ Expand Down @@

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Flashpoint Release 2.1.5 #42926

Diff view

Diff view

There are no files selected for viewing

Uh oh!

Flashpoint Release 2.1.5 #42926

Are you sure you want to change the base?

Flashpoint Release 2.1.5 #42926

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Uh oh!