feat: add falcon_vulnerabilities datasource (#255)

.mockery.yaml

@@ -58,6 +58,7 @@ packages:
       Client:
       CspmRegistrationClient:
       DetectsClient:
+      SpotVulnerabilitiesClient:
   github.com/blackstork-io/fabric/plugin/resolver:
     config:
       inpackage: true

docs/plugins/crowdstrike/data-sources/falcon_detection_details.md

@@ -86,8 +86,8 @@ data falcon_detection_details {
 
   # limit the number of queried items
   #
-  # Required integer.
-  # For example:
-  size = 42
+  # Optional integer.
+  # Default value:
+  limit = 10
 }
 ```

docs/plugins/crowdstrike/data-sources/falcon_vulnerabilities.md

@@ -0,0 +1,99 @@
+---
+title: "`falcon_vulnerabilities` data source"
+plugin:
+  name: blackstork/crowdstrike
+  description: "The `falcon_vulnerabilities` data source fetches environment vulnerabilities from Falcon Spotlight API"
+  tags: []
+  version: "v0.4.2"
+  source_github: "https://github.com/blackstork-io/fabric/tree/main/internal/crowdstrike/"
+resource:
+  type: data-source
+type: docs
+---
+
+{{< breadcrumbs 2 >}}
+
+{{< plugin-resource-header "blackstork/crowdstrike" "crowdstrike" "v0.4.2" "falcon_vulnerabilities" "data source" >}}
+
+## Description
+The `falcon_vulnerabilities` data source fetches environment vulnerabilities from Falcon Spotlight API.
+
+## Installation
+
+To use `falcon_vulnerabilities` data source, you must install the plugin `blackstork/crowdstrike`.
+
+To install the plugin, add the full plugin name to the `plugin_versions` map in the Fabric global configuration block (see [Global configuration]({{< ref "configs.md#global-configuration" >}}) for more details), as shown below:
+
+```hcl
+fabric {
+  plugin_versions = {
+    "blackstork/crowdstrike" = ">= v0.4.2"
+  }
+}
+```
+
+Note the version constraint set for the plugin.
+
+## Configuration
+
+The data source supports the following configuration arguments:
+
+```hcl
+config data falcon_vulnerabilities {
+  # Client ID for accessing CrowdStrike Falcon Platform
+  #
+  # Required string.
+  # Must be non-empty
+  # For example:
+  client_id = "some string"
+
+  # Client Secret for accessing CrowdStrike Falcon Platform
+  #
+  # Required string.
+  # Must be non-empty
+  # For example:
+  client_secret = "some string"
+
+  # Member CID for MSSP
+  #
+  # Optional string.
+  # Default value:
+  member_cid = null
+
+  # Falcon cloud abbreviation
+  #
+  # Optional string.
+  # Must be one of: "autodiscover", "us-1", "us-2", "eu-1", "us-gov-1", "gov1"
+  # For example:
+  # client_cloud = "us-1"
+  # 
+  # Default value:
+  client_cloud = null
+}
+```
+
+## Usage
+
+The data source supports the following execution arguments:
+
+```hcl
+data falcon_vulnerabilities {
+  # limit the number of queried items
+  #
+  # Optional integer.
+  # Default value:
+  limit = 10
+
+  # Vulnerability search expression using Falcon Query Language (FQL)
+  #
+  # Optional string.
+  # Default value:
+  filter = null
+
+  # Vulnerability sort expression using Falcon Query Language (FQL)
+  #
+  # Optional string.
+  # Default value:
+  sort = null
+}
+```

docs/plugins/plugins.json

@@ -162,7 +162,22 @@
         ],
         "arguments": [
           "filter",
-          "size"
+          "limit"
+        ]
+      },
+      {
+        "name": "falcon_vulnerabilities",
+        "type": "data-source",
+        "config_params": [
+          "client_cloud",
+          "client_id",
+          "client_secret",
+          "member_cid"
+        ],
+        "arguments": [
+          "filter",
+          "limit",
+          "sort"
         ]
       }
     ]

examples/templates/crowdstrike/data_falcon_vulnerabilities.fabric

@@ -0,0 +1,37 @@
+fabric {
+    plugin_versions = {
+        "blackstork/crowdstrike" = ">= 0.4 < 1.0 || 0.4.0-rev0"
+    }
+}
+
+document "vulnerabilities" {
+  meta {
+    name = "example_document"
+  }
+
+  data falcon_vulnerabilities "vulnerabilities" {
+    config {
+        client_id = ""
+        client_secret = ""
+        client_cloud = "eu-1"
+    }
+    size = 100
+  }
+
+  title = "List of Falcon vulnerabilities"
+
+  content table {
+        rows = query_jq(".data.falcon_vulnerabilities.vulnerabilities")
+        columns = [
+            {
+                "header" = "Id"
+                "value"  = "{{.row.value.id}}"
+            },
+            {
+                "header" = "Status"
+                "value"  = "{{.row.value.status}}"
+            }
+        ]
+  }
+
+}

internal/crowdstrike/data_falcon_vulnerabilities.go

@@ -0,0 +1,94 @@
+package crowdstrike
+
+import (
+	"context"
+
+	"github.com/crowdstrike/gofalcon/falcon"
+	"github.com/crowdstrike/gofalcon/falcon/client/spotlight_vulnerabilities"
+	"github.com/hashicorp/hcl/v2"
+	"github.com/zclconf/go-cty/cty"
+
+	"github.com/blackstork-io/fabric/pkg/diagnostics"
+	"github.com/blackstork-io/fabric/plugin"
+	"github.com/blackstork-io/fabric/plugin/dataspec"
+	"github.com/blackstork-io/fabric/plugin/dataspec/constraint"
+	"github.com/blackstork-io/fabric/plugin/plugindata"
+)
+
+func makeFalconVulnerabilitiesDataSource(loader ClientLoaderFn) *plugin.DataSource {
+	return &plugin.DataSource{
+		Doc:      "The `falcon_vulnerabilities` data source fetches environment vulnerabilities from Falcon Spotlight API.",
+		DataFunc: fetchFalconVulnerabilitiesData(loader),
+		Config:   makeDataSourceConfig(),
+		Args: &dataspec.RootSpec{
+			Attrs: []*dataspec.AttrSpec{
+				{
+					Name:        "limit",
+					Type:        cty.Number,
+					Constraints: constraint.Integer,
+					DefaultVal:  cty.NumberIntVal(10),
+					Doc:         "limit the number of queried items",
+				},
+				{
+					Name: "filter",
+					Type: cty.String,
+					Doc:  "Vulnerability search expression using Falcon Query Language (FQL)",
+				},
+				{
+					Name: "sort",
+					Type: cty.String,
+					Doc:  "Vulnerability sort expression using Falcon Query Language (FQL)",
+				},
+			},
+		},
+	}
+}
+
+func fetchFalconVulnerabilitiesData(loader ClientLoaderFn) plugin.RetrieveDataFunc {
+	return func(ctx context.Context, params *plugin.RetrieveDataParams) (plugindata.Data, diagnostics.Diag) {
+		cli, err := loader(makeApiConfig(ctx, params.Config))
+		if err != nil {
+			return nil, diagnostics.Diag{{
+				Severity: hcl.DiagError,
+				Summary:  "Unable to create falcon client",
+				Detail:   err.Error(),
+			}}
+		}
+		size, _ := params.Args.GetAttrVal("limit").AsBigFloat().Int64()
+		apiParams := spotlight_vulnerabilities.NewCombinedQueryVulnerabilitiesParams().WithDefaults()
+		apiParams.SetLimit(&size)
+		apiParams.SetContext(ctx)
+		if filter := params.Args.GetAttrVal("filter"); !filter.IsNull() {
+			apiParams.SetFilter(filter.AsString())
+		}
+		if sort := params.Args.GetAttrVal("sort"); !sort.IsNull() {
+			sortStr := sort.AsString()
+			apiParams.SetSort(&sortStr)
+		}
+		response, err := cli.SpotlightVulnerabilities().CombinedQueryVulnerabilities(apiParams)
+		if err != nil {
+			return nil, diagnostics.Diag{{
+				Severity: hcl.DiagError,
+				Summary:  "Failed to fetch Falcon Spotlight vulnerabilities",
+				Detail:   err.Error(),
+			}}
+		}
+		if err = falcon.AssertNoError(response.GetPayload().Errors); err != nil {
+			return nil, diagnostics.Diag{{
+				Severity: hcl.DiagError,
+				Summary:  "Failed to fetch Falcon Spotlight vulnerabilities",
+				Detail:   err.Error(),
+			}}
+		}
+		vulnerabilities := response.GetPayload().Resources
+		data, err := encodeResponse(vulnerabilities)
+		if err != nil {
+			return nil, diagnostics.Diag{{
+				Severity: hcl.DiagError,
+				Summary:  "Failed to parse response",
+				Detail:   err.Error(),
+			}}
+		}
+		return data, nil
+	}
+}