From 6f839b72f6e2afb6133f0894577354afedbafeec Mon Sep 17 00:00:00 2001 From: Conor <93926445+cmcnally-r7@users.noreply.github.com> Date: Tue, 3 Dec 2024 11:09:40 +0000 Subject: [PATCH] GreyNoise 2.0.0 fixes (#2982) * Fix SCA, PluginValidator, update unit test imports * Remove forgotten breakpoint --- plugins/greynoise/help.md | 4 ++-- .../greynoise/icon_greynoise/actions/quick_lookup/action.py | 2 +- .../greynoise/icon_greynoise/actions/similar_lookup/action.py | 2 ++ .../icon_greynoise/actions/timeline_lookup/action.py | 2 ++ plugins/greynoise/unit_test/test_community_lookup.py | 2 +- plugins/greynoise/unit_test/test_context_lookup.py | 2 +- plugins/greynoise/unit_test/test_get_tag_details.py | 2 +- plugins/greynoise/unit_test/test_gnql_query.py | 2 +- plugins/greynoise/unit_test/test_quick_lookup.py | 2 +- plugins/greynoise/unit_test/test_riot_lookup.py | 2 +- plugins/greynoise/unit_test/test_similar_lookup.py | 2 +- plugins/greynoise/unit_test/test_timeline_lookup.py | 2 +- plugins/greynoise/unit_test/test_vulnerability_lookup.py | 2 +- 13 files changed, 16 insertions(+), 12 deletions(-) diff --git a/plugins/greynoise/help.md b/plugins/greynoise/help.md index 5e3e205fff..2dafc6955e 100644 --- a/plugins/greynoise/help.md +++ b/plugins/greynoise/help.md @@ -287,7 +287,7 @@ Example input: | :--- | :--- | :--- | :--- | :--- | |complete|boolean|False|Indicates if all pages of the query have been returned by the API|True| |count|integer|False|Total count of IPs returned Query|10| -|data|[]data|False|GreyNoise Data Object, Contains IP Object for each IP returned by the query|[{"actor": "Acme, Inc", "bot": false, "classification": "malicious", "cve": ["CVE-1111-1111", "CVE-2222-2222"], "first_seen": "2024-01-01", "ip": "1.2.3.4", "last_seen": "2024-01-01", "metadata": {"asn": "AS12345", "category": "isp", "city": "Reno", "country": "Brazil", "country_code": "BZ", "destination_countries": ["Brazil", "Spain"], "destination_country_codes": ["BZ", "ES"], "organization": "Acme Inc.", "os": "Windows XP", "rdns": "scanner.example.io", "region": "Arizona", "sensor_count": 5, "sensor_hits": 5, "source_country": "Brazil", "source_country_code": "BE", "tor": false}, "raw_data": {"hassh": [{"fingerprint": "abcdefg1234567", "port": 22}], "ja3": [{"fingerprint": "abcdefg1234567", "port": 22}], "scan": [{"port": 22, "protocol": "TCP"}], "web": {"paths": ["/", "/robots.txt"], "useragents": ["user-agent"]}}, "seen": true, "spoofable": false, "tags": "Tag 1, Tag2", "vpn": false, "vpn_service": "My VPN"}]| +|data|[]data|False|GreyNoise Data Object, Contains IP Object for each IP returned by the query|[{"actor": "Acme, Inc", "bot": False, "classification": "malicious", "cve": ["CVE-1111-1111", "CVE-2222-2222"], "first_seen": "2024-01-01", "ip": "1.2.3.4", "last_seen": "2024-01-01", "metadata": {"asn": "AS12345", "category": "isp", "city": "Reno", "country": "Brazil", "country_code": "BZ", "destination_countries": ["Brazil", "Spain"], "destination_country_codes": ["BZ", "ES"], "organization": "Acme Inc.", "os": "Windows XP", "rdns": "scanner.example.io", "region": "Arizona", "sensor_count": 5, "sensor_hits": 5, "source_country": "Brazil", "source_country_code": "BE", "tor": False}, "raw_data": {"hassh": [{"fingerprint": "abcdefg1234567", "port": 22}], "ja3": [{"fingerprint": "abcdefg1234567", "port": 22}], "scan": [{"port": 22, "protocol": "TCP"}], "web": {"paths": ["/", "/robots.txt"], "useragents": ["user-agent"]}}, "seen": True, "spoofable": False, "tags": "Tag 1, Tag2", "vpn": False, "vpn_service": "My VPN"}]| |message|string|False|GreyNoise Query Message, indicates if there were issues with the query|ok| |query|string|False|GreyNoise Query Sent to API|sample query| @@ -551,7 +551,7 @@ Example input: |Name|Type|Required|Description|Example| | :--- | :--- | :--- | :--- | :--- | -|activity|[]timeline_activity|False|IP Timeline Activity Events|[{"asn": "AS12345", "category": "isp", "city": "Seattle", "classification": "benign", "country": "Spain", "country_code": "ES", "destinations": [{"country": "Brazil", "country_code": "BE"}], "hassh_fingerprints": ["asdfa1412", "asasdf2125"], "http_web_paths": ["robots.txt"], "http_user_agents": ["Hello World"], "ja3_fingerprints": ["abasdfas", "abasdfasdf"], "organization": "Acme Inc", "protocols": [{"port": 22, "transport_protocol": "TCP", "app_protocol": "TCP"}], "rdns": "scanner.acme.io", "region": "Arizona", "spoofable": false, "tags": [{"tag_category": "activity", "tag_description": "This is a description of the tag.", "tag_intention": "malicious", "tag_name": "IoT Bot Tag"}], "timestampe": "2020-07-08T17:15:10Z", "tor": false, "vpn": false, "vpn_service": "VPN Name"}]| +|activity|[]timeline_activity|False|IP Timeline Activity Events|[{"asn": "AS12345", "category": "isp", "city": "Seattle", "classification": "benign", "country": "Spain", "country_code": "ES", "destinations": [{"country": "Brazil", "country_code": "BE"}], "hassh_fingerprints": ["asdfa1412", "asasdf2125"], "http_web_paths": ["robots.txt"], "http_user_agents": ["Hello World"], "ja3_fingerprints": ["abasdfas", "abasdfasdf"], "organization": "Acme Inc", "protocols": [{"port": 22, "transport_protocol": "TCP", "app_protocol": "TCP"}], "rdns": "scanner.acme.io", "region": "Arizona", "spoofable": False, "tags": [{"tag_category": "activity", "tag_description": "This is a description of the tag.", "tag_intention": "malicious", "tag_name": "IoT Bot Tag"}], "timestampe": "2020-07-08T17:15:10Z", "tor": False, "vpn": False, "vpn_service": "VPN Name"}]| |ip|string|False|Value that was Queried|1.2.3.4| |metadata|timeline_metadata|False|IP Timeline Metadata|{'end_time': '2020-07-08T17:15:10Z', 'ip': '1.2.3.4', 'limit': 5, 'next_cursor': 'asdf142qas3241asdf234sfa', 'start_time': '2020-07-08T17:15:10Z'}| diff --git a/plugins/greynoise/icon_greynoise/actions/quick_lookup/action.py b/plugins/greynoise/icon_greynoise/actions/quick_lookup/action.py index 6e91e3deb8..e8d99ef11f 100755 --- a/plugins/greynoise/icon_greynoise/actions/quick_lookup/action.py +++ b/plugins/greynoise/icon_greynoise/actions/quick_lookup/action.py @@ -37,5 +37,5 @@ def run(self, params={}): Output.CODE: resp_out.get("code"), Output.NOISE: resp_out.get("noise"), Output.RIOT: resp_out.get("riot"), - Output.CODE: resp_out.get("code"), + Output.CODE_MESSAGE: resp_out.get("code_message"), } diff --git a/plugins/greynoise/icon_greynoise/actions/similar_lookup/action.py b/plugins/greynoise/icon_greynoise/actions/similar_lookup/action.py index 4be5748f37..bf325eb70f 100644 --- a/plugins/greynoise/icon_greynoise/actions/similar_lookup/action.py +++ b/plugins/greynoise/icon_greynoise/actions/similar_lookup/action.py @@ -2,6 +2,8 @@ from .schema import SimilarLookupInput, SimilarLookupOutput, Input, Output, Component # Custom imports below +from insightconnect_plugin_runtime.exceptions import PluginException +from greynoise.exceptions import RequestFailure class SimilarLookup(insightconnect_plugin_runtime.Action): diff --git a/plugins/greynoise/icon_greynoise/actions/timeline_lookup/action.py b/plugins/greynoise/icon_greynoise/actions/timeline_lookup/action.py index 8fba5f969a..0688882944 100644 --- a/plugins/greynoise/icon_greynoise/actions/timeline_lookup/action.py +++ b/plugins/greynoise/icon_greynoise/actions/timeline_lookup/action.py @@ -2,6 +2,8 @@ from .schema import TimelineLookupInput, TimelineLookupOutput, Input, Output, Component # Custom imports below +from insightconnect_plugin_runtime.exceptions import PluginException +from greynoise.exceptions import RequestFailure class TimelineLookup(insightconnect_plugin_runtime.Action): diff --git a/plugins/greynoise/unit_test/test_community_lookup.py b/plugins/greynoise/unit_test/test_community_lookup.py index f039eea1a1..39856fccf1 100644 --- a/plugins/greynoise/unit_test/test_community_lookup.py +++ b/plugins/greynoise/unit_test/test_community_lookup.py @@ -3,7 +3,7 @@ from icon_greynoise.actions.community_lookup import CommunityLookup -from .util import MockConnection, mocked_requests_get +from unit_test.util import MockConnection, mocked_requests_get class TestCommunityLookup(TestCase): diff --git a/plugins/greynoise/unit_test/test_context_lookup.py b/plugins/greynoise/unit_test/test_context_lookup.py index 5611b72ee5..38917b44fc 100644 --- a/plugins/greynoise/unit_test/test_context_lookup.py +++ b/plugins/greynoise/unit_test/test_context_lookup.py @@ -3,7 +3,7 @@ from icon_greynoise.actions.context_lookup import ContextLookup -from .util import MockConnection, mocked_requests_get +from unit_test.util import MockConnection, mocked_requests_get class TestContextLookup(TestCase): diff --git a/plugins/greynoise/unit_test/test_get_tag_details.py b/plugins/greynoise/unit_test/test_get_tag_details.py index 34ab09a825..96f8e14221 100644 --- a/plugins/greynoise/unit_test/test_get_tag_details.py +++ b/plugins/greynoise/unit_test/test_get_tag_details.py @@ -3,7 +3,7 @@ from icon_greynoise.actions.get_tag_details import GetTagDetails -from .util import MockConnection, mocked_requests_get +from unit_test.util import MockConnection, mocked_requests_get class TestGetTagDetails(TestCase): diff --git a/plugins/greynoise/unit_test/test_gnql_query.py b/plugins/greynoise/unit_test/test_gnql_query.py index d10f826800..ebf34e2e1b 100644 --- a/plugins/greynoise/unit_test/test_gnql_query.py +++ b/plugins/greynoise/unit_test/test_gnql_query.py @@ -3,7 +3,7 @@ from icon_greynoise.actions.gnql_query import GnqlQuery -from .util import MockConnection, mocked_requests_get +from unit_test.util import MockConnection, mocked_requests_get class TestGnqlQuery(TestCase): diff --git a/plugins/greynoise/unit_test/test_quick_lookup.py b/plugins/greynoise/unit_test/test_quick_lookup.py index 494986a0ee..54c52e1b83 100644 --- a/plugins/greynoise/unit_test/test_quick_lookup.py +++ b/plugins/greynoise/unit_test/test_quick_lookup.py @@ -3,7 +3,7 @@ from icon_greynoise.actions.quick_lookup import QuickLookup -from .util import MockConnection, mocked_requests_get +from unit_test.util import MockConnection, mocked_requests_get class TestQuickLookup(TestCase): diff --git a/plugins/greynoise/unit_test/test_riot_lookup.py b/plugins/greynoise/unit_test/test_riot_lookup.py index 97d4a9582f..d1198c0534 100644 --- a/plugins/greynoise/unit_test/test_riot_lookup.py +++ b/plugins/greynoise/unit_test/test_riot_lookup.py @@ -3,7 +3,7 @@ from icon_greynoise.actions.riot_lookup import RiotLookup -from .util import MockConnection, mocked_requests_get +from unit_test.util import MockConnection, mocked_requests_get class TestRiotLookup(TestCase): diff --git a/plugins/greynoise/unit_test/test_similar_lookup.py b/plugins/greynoise/unit_test/test_similar_lookup.py index 16f054dec9..915ecd6ba9 100644 --- a/plugins/greynoise/unit_test/test_similar_lookup.py +++ b/plugins/greynoise/unit_test/test_similar_lookup.py @@ -3,7 +3,7 @@ from icon_greynoise.actions.similar_lookup import SimilarLookup -from .util import MockConnection, mocked_requests_get +from unit_test.util import MockConnection, mocked_requests_get class TestSimilarLookup(TestCase): diff --git a/plugins/greynoise/unit_test/test_timeline_lookup.py b/plugins/greynoise/unit_test/test_timeline_lookup.py index 12c197209e..6a0a24ce03 100644 --- a/plugins/greynoise/unit_test/test_timeline_lookup.py +++ b/plugins/greynoise/unit_test/test_timeline_lookup.py @@ -3,7 +3,7 @@ from icon_greynoise.actions.timeline_lookup import TimelineLookup -from .util import MockConnection, mocked_requests_get +from unit_test.util import MockConnection, mocked_requests_get class TestTimelineLookup(TestCase): diff --git a/plugins/greynoise/unit_test/test_vulnerability_lookup.py b/plugins/greynoise/unit_test/test_vulnerability_lookup.py index 6fc4b8a9d8..c6d14b0433 100644 --- a/plugins/greynoise/unit_test/test_vulnerability_lookup.py +++ b/plugins/greynoise/unit_test/test_vulnerability_lookup.py @@ -3,7 +3,7 @@ from icon_greynoise.actions.vulnerability_lookup import VulnerabilityLookup -from .util import MockConnection, mocked_requests_get +from unit_test.util import MockConnection, mocked_requests_get class TestVulnerabilityLookup(TestCase):