Release 2.0.1 (#67)

* [CCTRI-2187] Add 404 error handling and warning to CTR_ENTITIES_LIMIT variable (#62)

* Unit tests fix

* [CCTRI-2187] Add 404 error handling and warning to CTR_ENTITIES_LIMIT variable

* Removed Free Trial Link

* Added Jenkinsfile

* Fix autotest (#63)

* [CCTRI-2739] Fix issues with adding module into organisation (#66)

* [CCTRI-2427] Add warning and 403 error handling (#65)

* Updated tips

* Changed module name in constants.py file

* [CCTRI-2670] - alpine & python version update (#64)

* [CCTRI-2670] - alpine & python version update

* install packages command update

* Release 2.0.1

Co-authored-by: ceilingduster <[email protected]>
Co-authored-by: YevhenLysen <[email protected]>
Co-authored-by: YevhenLysen <[email protected]>
Co-authored-by: Michelle Dougal <[email protected]>

Dockerfile

@@ -1,8 +1,10 @@
-FROM alpine:3.13
+FROM alpine:3.14
 LABEL maintainer="Ian Redden <[email protected]>"
 
 # install packages we need
-RUN apk update && apk add --no-cache musl-dev openssl-dev gcc python3 py3-configobj python3-dev supervisor git libffi-dev uwsgi-python3 uwsgi-http jq nano syslog-ng uwsgi-syslog py3-pip
+RUN apk update && apk add --no-cache musl-dev openssl-dev gcc py3-configobj \
+supervisor git libffi-dev uwsgi-python3 uwsgi-http jq syslog-ng uwsgi-syslog \
+py3-pip python3-dev
 
 # do the Python dependencies
 ADD code /app

Jenkinsfile

@@ -0,0 +1,3 @@
+@Library('softserve-jenkins-library@main') _
+
+startPipeline()

README.md

@@ -66,6 +66,8 @@ curl http://localhost:9090
 
 ## Implementation Details
 
+This application was developed and tested under Python version 3.9.
+
 ### Implemented Relay Endpoints
 
 - `POST /health`

code/api/utils.py

@@ -1,12 +1,13 @@
 import json
+from json import JSONDecodeError
 
 import jwt
 import requests
 from flask import request, current_app, jsonify, g
 from google.oauth2 import service_account
 from googleapiclient import _auth
 from jwt import InvalidSignatureError, DecodeError, InvalidAudienceError
-from requests.exceptions import ConnectionError, InvalidURL
+from requests.exceptions import ConnectionError, InvalidURL, HTTPError
 
 from api.errors import (
     AuthorizationError,
@@ -38,13 +39,16 @@ def set_ctr_entities_limit(payload):
 
 
 def get_public_key(jwks_host, token):
-    expected_errors = {
-        ConnectionError: WRONG_JWKS_HOST,
-        InvalidURL: WRONG_JWKS_HOST,
-    }
+    expected_errors = (
+        ConnectionError,
+        InvalidURL,
+        JSONDecodeError,
+        HTTPError,
+    )
 
     try:
         response = requests.get(f"https://{jwks_host}/.well-known/jwks")
+        response.raise_for_status()
         jwks = response.json()
 
         public_keys = {}
@@ -55,9 +59,8 @@ def get_public_key(jwks_host, token):
             )
         kid = jwt.get_unverified_header(token)['kid']
         return public_keys.get(kid)
-    except tuple(expected_errors) as error:
-        message = expected_errors[error.__class__]
-        raise AuthorizationError(message)
+    except expected_errors:
+        raise AuthorizationError(WRONG_JWKS_HOST)
 
 
 def get_auth_token() -> [str, Exception]:

code/container_settings.json

@@ -1,4 +1,4 @@
 {
-  "VERSION": "2.0.0",
+  "VERSION": "2.0.1",
   "NAME": "Google Chronicle"
 }

code/requirements.txt

@@ -1,10 +1,10 @@
 google-api-python-client==1.7.11
 google==2.0.3
-Flask==1.1.2
-marshmallow==3.11.1
+Flask==2.0.1
+marshmallow==3.12.1
 requests==2.25.1
 cryptography==3.3.2
-pyjwt[crypto]==2.0.1
-flake8==3.9.0
-coverage==5.2.1
-pytest==6.2.2
+pyjwt[crypto]==2.1.0
+flake8==3.9.2
+coverage==5.5
+pytest==6.2.4

code/tests/functional/tests/constants.py

@@ -1,4 +1,4 @@
-MODULE_NAME = 'Google Chronicle Conf Token'
+MODULE_NAME = 'Google Chronicle'
 PRODUCER = 'Chronicle'
 SOURCE_NAME = 'Chronicle IOC'
 CONFIDENCE = SEVERITY = ('Low', 'Medium', 'High', 'Info', 'Unknown', 'None')

code/tests/functional/tests/test_auth.py

@@ -1,6 +1,6 @@
-import os
 import pytest
 
+
 @pytest.mark.skip('Changed of functionality to get token')
 def test_relay_auth_positive(relay_api):
     """Perform testing for relay health endpoint to check
@@ -20,6 +20,7 @@ def test_relay_auth_positive(relay_api):
     assert response.status_code == 200
     assert response.json()['data'] == {'status': 'ok'}
 
+
 @pytest.mark.skip('Changed of functionality to get token')
 # @pytest.mark.parametrize(
 #     'wrong_token,message,code',

module_type.json.sample

@@ -3,12 +3,8 @@
     "default_name": "Google Chronicle",
     "short_description": "Chronicle is a cloud service, built as a specialized layer on top of core Google infrastructure, designed so that enterprises can privately retain, analyze and search the massive amounts of security and network telemetry they generate.",
     "description": "Chronicle is a cloud service, built as a specialized layer on top of core Google infrastructure, designed so that enterprises can privately retain, analyze and search the massive amounts of security and network telemetry they generate today. Chronicle normalizes, indexes, correlates, and analyzes the data - against itself and against third party and curated threat signals - to provide instant analysis and context regarding any risky activity.\n\n\n#### **Some of the platform's key functions:**\n\n\n- **Data Ingestion** Chronicle can ingest a variety of telemetry types through Chronicle Forwarder, an ingestion API, other cloud services like Amazon S3 Bucket and via integrations with 3rd party cloud APIs to facilitate ingestion of logs.\n\n\n- **Data Analysis** The analytical capabilities of Chronicle are delivered to security professionals as a simple, browser-based application. Many of these capabilities are also accessible programmatically via read APIs and can be triggered from other security tools.\n\n\n- **Security & Compliance** As a specialized, private layer built over core Google infrastructure, Chronicle inherits compute and storage capabilities as well the security design and capabilities of that infrastructure.",
-    "tips": "When configuring this integration, you must first gather some information from your some information from your Google Chronicle account.\n\n1. Your Customer Experience Engineer (CEE) will provide you with a [Google Developer Service Account Credential](https://developers.google.com/identity/protocols/oauth2#serviceaccount) to enable the Google API client to communicate with the Chronicle API.\n\n2. Complete the **Add New Google Chronicle Module** form:\n    - **Module Name** - Leave the default name or enter a name that is meaningful to you.\n    - Enter the **Credentials Type**, **Project ID**, **Private Key ID**, **Private Key**, **Client ID**, **Client Email**, **Auth URI**, **Token URI**, **Auth Provider X509 Cert URL**, **Client X509 Cert URL** from your Google Chronicle API credentials.\n    - **Entities Limit** - Enter the limit that restricts the maximum number of CTIM entities of each type returned in a single response per each requested observable. Must be a positive integer. Defaults to 100 (if unset or incorrect).\n\n3. Click **Save** to complete the Google Chronicle module configuration.",
+    "tips": "When configuring Google Chronicle integration, you must first gather some information from your Google Chronicle account and then add the Google Chronicle integration module in SecureX.\n\n1. Your Customer Experience Engineer (CEE) will provide you with a Google Developer service account credentials to enable the Google API client for communicating with the Chronicle API. For more information, see [Google Developer Service Account Credential](https://developers.google.com/identity/protocols/oauth2#serviceaccount). \n\n2. In SecureX, complete the **Add New Google Chronicle Integration Module** form:\n    - **Integration Module Name** - Leave the default name or enter a name that is meaningful to you.\n    - **Credentials Type**, **Project ID**, **Private Key ID**, **Private Key**, **Client ID**, **Client Email**, **Auth URI**, **Token URI**, **Auth Provider X509 Cert URL**, and **Client X509 Cert URL** - Enter the information from your Google Chronicle API credentials.\n    - **Entities Limit** - Specify the maximum number of sightings and indicators in a single response, per requested observable (must be a positive value). We recommend that you enter a limit in the range of 50 to 1000. The default is 100 entities.\n\n3. Click **Save** to complete the Google Chronicle integration module configuration.",
     "external_references": [
-        {
-            "label": "Free Trial",
-            "link": "https://go.chronicle.security/contact"
-        },
         {
             "label": "Whitepaper",
             "link": "https://go.chronicle.security/whitepaper-chronicle"
@@ -93,7 +89,7 @@
             "key": "custom_CTR_ENTITIES_LIMIT",
             "type": "integer",
             "label": "Entities Limit",
-            "tooltip": "Restricts the maximum number of `Sightings` and `Indicators`",
+            "tooltip": "Restricts the maximum number of `Sightings` and `Indicators`. Please note that the number over 100 might lead to data inconsistency",
             "required": false,
             "group": "Integration module configuration"
         }

scripts/uwsgi.ini

@@ -12,3 +12,4 @@ uid = uwsgi
 log-x-forwarded-for = true
 log-format = %(addr) - %(user) [%(ltime)] "%(method) %(uri) %(proto)" %(status) %(size) "%(referer)" "%(uagent)"
 log-master = true
+buffer-size=5000