[DEPLOY] v0.5.4 Update - Service Class updates (#215)

* Bump version -> 0.5.4 * Added create-lambda-layer.sh utility script * Added identity_protection _endpoint lists * Linting * Added initial IDP Service Class * Update README.md * Add util/README.md * Fixed typo * Update README.md * Fixed typo * Added package metadata - docs_url, keywords * Add classifiers * Refactor cloud_connect_aws.py. Closes #209. * Fixed OOO issue with body validation. Linting. * Refactored to the new pattern. Closes #210. * Initial unit test for IDP service class * Fixed periodic 500 flakiness with RegenerateAPIKey * Refactored ZTA to the new pattern. Closes #211. * Comment cleanup and linting. * Linting * Exclude coverage reports * Renamed linting.yml -> flake8.yml * Added pylint workflow * Add developer note * Refactored. Tested w SecHub integ. Closes #212. * Added pylint to the developer lint utility script * Update README.md * Update README.md * Added pylint to developer requirements * Update CONTRIBUTING.md - added pylint detail * Fixed typo * Comment cleanup and linting. * Refactored to the new pattern. Closes #213. * Refactored to the new pattern. Closes #214. * Update vulnerability query filter * Update wordlist.txt Co-authored-by: Shane Shellenbarger <soggysec@gmail.com>
CrowdStrike · Jul 30, 2021 · f5b2c27 · f5b2c27
1 parent 183d39f
commit f5b2c27
Show file tree

Hide file tree

Showing 30 changed files with 782 additions and 386 deletions.
diff --git a/.github/wordlist.txt b/.github/wordlist.txt
@@ -361,6 +361,7 @@ ip
 ipv
 ipython
 json
+kubernetes
 linux
 listAvailableStreamsOAuth
 malquery
@@ -373,6 +374,7 @@ netwitness
 notificationsnnnone
 oauth
 oauth2
+overwatch
 performDeviceControlPoliciesAction
 performFirewallPoliciesAction
 performGroupAction
@@ -383,6 +385,7 @@ platformsMixin
 powershell
 pre
 py
+pylint
 pytest
 queryCIDGroupMembers
 queryCIDGroups

diff --git a/.github/workflows/linting.yml → .github/workflows/flake8.yml b/.github/workflows/linting.yml → .github/workflows/flake8.yml
diff --git a/.github/workflows/pylint.yml b/.github/workflows/pylint.yml
@@ -0,0 +1,44 @@
+name: Pylint
+on:
+  push:
+    paths:
+      - '**.py'
+    branches:
+      - main
+      - 'ver_*'
+  pull_request:
+    paths:
+      - '**.py'
+    branches: 
+      - main
+      - 'ver_*'
+
+jobs:
+  analyze:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v2
+      with:
+        python-version: ${{ matrix.python-version }}
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        python -m pip install pylint
+        pip install -r requirements.txt
+    - name: Lint package source with pylint
+      run: |
+        # NOTE! NOTE! NOTE! NOTE! NOTE! NOTE! NOTE! NOTE! NOTE! NOTE! NOTE! NOTE! NOTE!
+        # -----------------------------------------------------------------------------
+        # PYLINT WORKFLOWS WILL BEGIN STOPPING BUILDS AFTER THE                       |
+        # LAST SERVICE CLASSES HAVE BEEN REFACTORED - 07.28.21 / jshcodes@CrowdStrike |
+        # Review https://github.com/CrowdStrike/falconpy/projects/1 for more detail.  |
+        # -----------------------------------------------------------------------------
+        # 
+        # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
+        pylint src/falconpy --max-line-length=127 --disable=R0801 --exit-zero
+    - name: Lint samples with pylint
+      run: |
+        # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
+        pylint samples --max-line-length=127 --disable=R0801 --exit-zero
diff --git a/.gitignore b/.gitignore
@@ -13,4 +13,5 @@ dist
 sensor_downloads/
 __pycache__/
 .env
-.coverage
+.coverage
+htmlcov/
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -141,15 +141,18 @@ To read more about bandit, you can visit [their documentation website](https://b
 
 ### Linting
 All submitted code must meet minimum linting requirements. 
-+ We use `flake8` for linting. 
-+ All code that is included within the installation package must pass linting when the Pull Request checks have completed.
++ We use `flake8` and `pylint` for linting. 
++ All code that is included within the installation package must pass linting workflows when the Pull Request checks have completed.
     - You will be asked to correct linting errors before your Pull Request will be approved.
 + Unit tests do not need to meet this requirement, but try to keep linting errors to a minimum.
++ Samples are checked for linting, but failures will not stop builds at this time.
 + Refer to the `lint.sh` script within the util folder to review our standard linting parameters.
 > You can quickly check the linting for all code within the src folder by executing the command `util/lint.sh` from the root of the project directory.
 
 More information about flake8 can be found [here](https://flake8.pycqa.org/en/latest/).
 
+More information about pylint can be found [here](https://www.pylint.org/).
+
 ### Breaking changes
 In an effort to maintain backwards compatibility, we thoroughly unit test every Pull Request for all versions of Python we support. These unit tests are intended to catch general programmatic errors, possible vulnerabilities (via bandit) and _potential breaking changes_. 
 
@@ -158,7 +161,7 @@ In an effort to maintain backwards compatibility, we thoroughly unit test every
 Please fully document changes to unit tests within your Pull Request. If you did not specify "Breaking Change" on the punch list in the description, and the change is identified as possibly breaking, this may delay or prevent approval of your PR.
 
 ### Branch targeting
-_Please do not target the `main` branch with your Pull Request unless directed to do so by a maintainer_. Instead, target your PR at the most recent development branch. 
+_Please do not target the `main` branch with your Pull Request unless it is the only branch or you are directed to do so by a maintainer_. Instead, target your PR at the most recent development branch. 
 
 We use [SemVer](https://semver.org/) as our versioning scheme. (Example branch name: _ver_0.4.3_) 
 

diff --git a/README.md b/README.md
@@ -40,28 +40,31 @@ python3 -m pip uninstall crowdstrike-falconpy
 | OAuth2-Based API<br>*(CrowdStrike documentation, requires CrowdStrike customer login)* | Code Location |
 |:-|:-|
 | CrowdStrike Device Control API | [device_control_policies.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/device_control_policies.py) |
-| CrowdStrike Falcon Sandbox API | [falconx_sandbox.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/falconx_sandbox.py) |
 | CrowdStrike Sensor Policy Management API | [sensor_update_policy.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/sensor_update_policy.py) |
 | CrowdStrike Custom Indicators of Attack (IOAs) APIs | [custom_ioa.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/custom_ioa.py) <br/> [ioa_exclusions.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/ioa_exclusions.py)|
-| [CrowdStrike Custom Indicators of Compromise (IOCs) API](https://falcon.crowdstrike.com/support/documentation/88/custom-ioc-apis) | [iocs.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/iocs.py) |
+| [CrowdStrike Custom Indicators of Compromise (IOCs) API](https://falcon.crowdstrike.com/support/documentation/88/custom-ioc-apis) | [ioc.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/ioc.py) <BR/> [iocs.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/iocs.py) [Deprecated] |
 | [CrowdStrike Detections API](https://falcon.crowdstrike.com/support/documentation/85/detection-and-prevention-policies-apis) | [detects.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/detects.py) |
 | [CrowdStrike Event Streams API](https://falcon.crowdstrike.com/support/documentation/89/event-streams-apis)| [event_streams.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/event_streams.py) |
 | [CrowdStrike Falcon Horizon API](https://falcon.crowdstrike.com/support/documentation/137/falcon-horizon-apis) | [cspm_registration.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/cspm_registration.py) |
-| [CrowdStrike Falcon X APIs](https://falcon.crowdstrike.com/support/documentation/92/falcon-x-apis) | [sample_uploads.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/sample_uploads.py) <br/> [quick_scan.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/quick_scan.py)|
+| [CrowdStrike Falcon X APIs](https://falcon.crowdstrike.com/support/documentation/92/falcon-x-apis) | [sample_uploads.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/sample_uploads.py) <br/> [falconx_sandbox.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/falconx_sandbox.py) <BR/> [quick_scan.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/quick_scan.py)|
 | [CrowdStrike Firewall Management API](https://falcon.crowdstrike.com/support/documentation/107/falcon-firewall-management-apis) | [firewall_management.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/firewall_management.py) |
 | [CrowdStrike Firewall Policy Management API](https://falcon.crowdstrike.com/support/documentation/107/falcon-firewall-management-apis) | [firewall_policies.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/firewall_policies.py) |
-| [CrowdStrike Falcon Flight Control APIs](https://falcon.crowdstrike.com/support/documentation/154/flight-control-apis) | [mssp.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/mssp.py) |
+| CrowdStrike Falcon Complete Dashboard API | [falcon_complete_dashboard.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/falcon_complete_dashboard.py) |
+| [CrowdStrike Falcon Flight Control API](https://falcon.crowdstrike.com/support/documentation/154/flight-control-apis) | [mssp.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/mssp.py) |
 | [CrowdStrike Host Groups API](https://falcon.crowdstrike.com/support/documentation/84/host-and-host-group-management-apis) | [host_group.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/host_group.py) |
 | [CrowdStrike Hosts API](https://falcon.crowdstrike.com/support/documentation/84/host-and-host-group-management-apis) | [hosts.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/hosts.py) |
 | [CrowdStrike Incident and Detection Monitoring API](https://falcon.crowdstrike.com/support/documentation/86/detections-monitoring-apis) | [incidents.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/incidents.py) |
 | [CrowdStrike Installation Tokens API](https://falcon.crowdstrike.com/support/documentation/120/Installation-token-APIs) | [installation_tokens.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/installation_tokens.py) | 
 | [CrowdStrike Intel API](https://falcon.crowdstrike.com/support/documentation/72/intel-apis) | [intel.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/intel.py) | 
+| CrowdStrike Kubernetes Protection API | [kubernetes_protection.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/kubernetes_protection.py) | 
 | [CrowdStrike MalQuery API](https://falcon.crowdstrike.com/support/documentation/113/malquery-apis) | [malquery.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/malquery.py) |
 | CrowdStrike ML Exclusions APIs | [ml_exclusions.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/ml_exclusions.py) |
 | [CrowdStrike OAuth2 Auth Token API](https://falcon.crowdstrike.com/support/documentation/93/oauth2-auth-token-apis) | [oauth2.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/oauth2.py) |
+| CrowdStrike Overwatch Dashboard API | [overwatch_dashboard.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/overwatch_dashboard.py) | 
 | [CrowdStrike Prevention Policy API](https://falcon.crowdstrike.com/support/documentation/85/detection-and-prevention-policies-apis) | [prevention_policy.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/prevention_policy.py) |
 | [CrowdStrike Real Time Response (RTR) API](https://falcon.crowdstrike.com/support/documentation/90/real-time-response-apis) | [real_time_response.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/real_time_response.py) |
 | [CrowdStrike Realtime Response (RTR) Administration API](https://falcon.crowdstrike.com/support/documentation/90/real-time-response-apis) | [real_time_response_admin.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/real_time_response_admin.py) |
+| CrowdStrike Realtime Response (RTR) Policies API | [response_policies.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/response_policies.py) |
 | [CrowdStrike Sensor Download API](https://falcon.crowdstrike.com/support/documentation/109/sensor-download-apis) | [sensor_download.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/sensor_download.py) |
 | CrowdStrike Sensor Visibility Exclusions API | [sensor_visibility_exclusions.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/sensor_visibility_exclusions.py) |
 | [CrowdStrike Spotlight API](https://falcon.crowdstrike.com/support/documentation/98/spotlight-apis) | [spotlight_vulnerabilities.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/spotlight_vulnerabilities.py) |

diff --git a/setup.py b/setup.py
@@ -43,7 +43,8 @@
 from glob import glob
 from os.path import basename
 from os.path import splitext
-from src.falconpy import _version, _maintainer, _title, _description, _author, _author_email, _project_url
+from src.falconpy import _version, _maintainer, _title, _description, _author
+from src.falconpy import _author_email, _project_url, _docs_url, _keywords
 
 with open("README.md", "r") as fh:
     long_description = fh.read()
@@ -59,7 +60,10 @@
     author=_author,
     author_email=_author_email,
     maintainer=_maintainer,
+    maintainer_email=_author_email,
+    docs_url=_docs_url,
     description=_description,
+    keywords=_keywords,
     long_description=long_description,
     long_description_content_type="text/markdown",
     url=_project_url,
@@ -75,6 +79,7 @@
         "dev": [
             "flake8",
             "coverage",
+            "pylint",
             "pytest-cov",
             "pytest",
             "bandit",
@@ -87,13 +92,16 @@
         "Operating System :: POSIX",
         "Operating System :: MacOS",
         "Operating System :: Microsoft :: Windows",
+        "Operating System :: OS Independent",
         "Programming Language :: Python :: 3",
         "Programming Language :: Python :: 3.6",
         "Programming Language :: Python :: 3.7",
         "Programming Language :: Python :: 3.8",
         "Programming Language :: Python :: 3.9",
         "License :: OSI Approved :: The Unlicense (Unlicense)",
-        "Operating System :: OS Independent",
+        "Topic :: Software Development :: Libraries :: Python Modules",
+        "Topic :: System :: Systems Administration",
+        "Topic :: Utilities"
     ],
     python_requires='>=3.6',
 )
diff --git a/src/falconpy/README.md b/src/falconpy/README.md
@@ -11,24 +11,31 @@ This folder contains the FalconPy project, a Python 3 interface handler for the
 + `detects.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/detects
 + `device_control_policies.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/device-control-policies
 + `event_streams.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/event-streams
++ `falcon_complete_dashboard.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/falcon-complete-dashboard
 + `falconx_sandbox.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/falconx-sandbox
 + `firewall_management.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/firewall-management
 + `firewall_policies.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/firewall-policies
 + `host_group.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/host-group
 + `hosts.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/hosts
++ `identity_protection.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/identity-protection
 + `incidents.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/incidents
 + `installation_tokens.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/installation-tokens
 + `intel.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/intel
 + `ioa_exclusions.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/ioa-exclusions
++ `ioc.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/ioc
 + `iocs.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/iocs
++ `kubernetes_protection.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/kubernetes-protection
 + `malquery.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/malquery
 + `ml_exclusions.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/ml-exclusions
 + `mssp.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/mssp
 + `oauth2.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/oauth2
++ `overwatch_dashboard.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/overwatch-dashboard
 + `prevention_policy.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/prevention-policies
 + `quick_scan.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/quick-scan
 + `real_time_response_admin.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/real-time-response-admin
 + `real_time_response.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/real-time-response
++ `recon.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/recon
++ `response_policies.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/response-policies
 + `sample_uploads.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/sample-uploads
 + `sensor_download.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/sensor-download
 + `sensor_update_policy.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/sensor-update-policies

diff --git a/src/falconpy/__init__.py b/src/falconpy/__init__.py
@@ -18,7 +18,8 @@
                                                         |::.|     CrowdStrike Falcon      |::.|
                                                         `---' OAuth2 API SDK for Python 3 `---'
 """
-from ._version import _version, _maintainer, _author, _author_email, _credits, _description, _title, _project_url
+from ._version import _version, _maintainer, _author, _author_email
+from ._version import _credits, _description, _title, _project_url, _docs_url, _keywords
 
 __version__ = _version
 __maintainer__ = _maintainer
@@ -28,6 +29,8 @@
 __description__ = _description
 __title__ = _title
 __project_url__ = _project_url
+__docs_url__ = _docs_url
+__keywords__ = _keywords
 
 """
 This is free and unencumbered software released into the public domain.

diff --git a/src/falconpy/_endpoint/__init__.py b/src/falconpy/_endpoint/__init__.py
@@ -20,7 +20,7 @@
 """
 from .deprecated import _custom_ioa_deprecated
 from .deprecated import _firewall_management_deprecated
-# from .deprecated import _identity_detections_deprecated
+from .deprecated import _identity_protection_deprecated
 from .deprecated import _installation_tokens_deprecated
 from .deprecated import _ioc_deprecated
 from .deprecated import _iocs_deprecated
@@ -40,7 +40,7 @@
 from ._firewall_policies import _firewall_policies_endpoints
 from ._host_group import _host_group_endpoints
 from ._hosts import _hosts_endpoints
-# from ._identity_detections import _identity_detections_endpoints
+from ._identity_protection import _identity_protection_endpoints
 from ._incidents import _incidents_endpoints
 from ._installation_tokens import _installation_tokens_endpoints
 from ._intel import _intel_endpoints
@@ -81,7 +81,7 @@
 api_endpoints.extend(_firewall_policies_endpoints)
 api_endpoints.extend(_host_group_endpoints)
 api_endpoints.extend(_hosts_endpoints)
-# api_endpoints.extend(_identity_detections_endpoints)
+api_endpoints.extend(_identity_protection_endpoints)
 api_endpoints.extend(_incidents_endpoints)
 api_endpoints.extend(_installation_tokens_endpoints)
 api_endpoints.extend(_intel_endpoints)
@@ -112,7 +112,7 @@
 deprecated_endpoints = []
 deprecated_endpoints.extend(_custom_ioa_deprecated)
 deprecated_endpoints.extend(_firewall_management_deprecated)
-# deprecated_endpoints.extend(_identity_detections_deprecated)
+deprecated_endpoints.extend(_identity_protection_deprecated)
 deprecated_endpoints.extend(_installation_tokens_deprecated)
 deprecated_endpoints.extend(_ioc_deprecated)
 deprecated_endpoints.extend(_iocs_deprecated)