Merge pull request #8 from splunk-soar-connectors/next

Merging next to main for release 2.0.25

.github/workflows/generate-doc.yml

@@ -0,0 +1,20 @@
+name: Generate Readme Doc
+on:
+  workflow_dispatch:
+  push:
+    paths:
+      - '*.json'
+      - 'readme.html'
+      - 'manual_readme_content.md'
+    tags-ignore:
+      - '**'
+    branches-ignore:
+      - next
+      - main
+jobs:
+  generate-doc:
+    runs-on: ubuntu-latest
+    steps:
+     - uses: 'phantomcyber/dev-cicd-tools/github-actions/generate-doc@main'
+       with:
+         GITHUB_TOKEN: ${{ secrets.SOAR_APPS_TOKEN }}

.github/workflows/linting.yml

@@ -1,7 +1,7 @@
 name: Linting
 on: [push, pull_request]
 jobs:
-  lint: 
+  lint:
     # Run per push for internal contributers. This isn't possible for forked pull requests,
     # so we'll need to run on PR events for external contributers.
     # String comparison below is case insensitive.

.github/workflows/review-release.yml

@@ -0,0 +1,22 @@
+name: Review Release
+concurrency:
+  group: app-release
+  cancel-in-progress: true
+permissions:
+  contents: read
+  id-token: write
+  statuses: write
+on:
+  workflow_dispatch:
+    inputs:
+      task_token:
+        description: 'StepFunction task token'
+        required: true
+
+jobs:
+  review:
+    uses: 'phantomcyber/dev-cicd-tools/.github/workflows/review-release.yml@main'
+    with:
+      task_token: ${{ inputs.task_token }}
+    secrets:
+      resume_release_role_arn: ${{ secrets.RESUME_RELEASE_ROLE_ARN }}

.github/workflows/start-release.yml

@@ -1,9 +1,13 @@
 name: Start Release
-on: workflow_dispatch
+on:
+  workflow_dispatch:
+  push:
+    tags:
+      - '*-beta*'
 jobs:
   start-release:
     runs-on: ubuntu-latest
     steps:
      - uses: 'phantomcyber/dev-cicd-tools/github-actions/start-release@main'
        with:
-         GITHUB_TOKEN: ${{ secrets.SOAR_APPS_TOKEN }}
+         GITHUB_TOKEN: ${{ secrets.SOAR_APPS_TOKEN }}

.pre-commit-config.yaml

@@ -1,11 +1,11 @@
 repos:
 -   repo: https://github.com/phantomcyber/dev-cicd-tools
-    rev: v1.5
+    rev: v1.18
     hooks:
     -   id: org-hook
     -   id: package-app-dependencies
 -   repo: https://github.com/Yelp/detect-secrets
-    rev: v1.1.0
+    rev: v1.5.0
     hooks:
     -   id: detect-secrets
         args: ['--no-verify', '--exclude-files', '^dns.json$']

LICENSE

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2016-2022 Splunk Inc.
+   Copyright (c) 2016-2024 Splunk Inc.
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.
@@ -198,4 +198,4 @@
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
-   limitations under the License.
+   limitations under the License.

NOTICE

@@ -1,22 +1,10 @@
 Splunk SOAR DNS
-Copyright (c) 2016-2022 Splunk Inc.
+Copyright (c) 2016-2024 Splunk Inc.
 
 Third-party Software Attributions:
 
-Library: beautifulsoup4
-Version: 4.9.1
-License: MIT
-Copyright 2004-2017 Leonard Richardson
-Copyright 2004-2019 Leonard Richardson
-Copyright 2018 Isaac Muse
-
 Library: dnspython
 Version: 1.16.0
 License: ISC
 Copyright 2001-2017 Nominum, Inc
 Copyright Dnspython Contributors
-
-Library: requests
-Version: 2.25.0
-License: Apache 2.0
-Kenneth Reitz

README.md

@@ -2,16 +2,16 @@
 # DNS
 
 Publisher: Splunk  
-Connector Version: 2\.0\.23  
+Connector Version: 2.0.25  
 Product Vendor: Generic  
 Product Name: DNS  
-Product Version Supported (regex): "\.\*"  
-Minimum Product Version: 5\.0\.0  
+Product Version Supported (regex): ".\*"  
+Minimum Product Version: 5.1.0  
 
 This app implements investigative actions that return DNS Records for the object queried
 
-[comment]: # " File: readme.md"
-[comment]: # "  Copyright (c) 2016-2022 Splunk Inc."
+[comment]: # " File: README.md"
+[comment]: # "  Copyright (c) 2016-2024 Splunk Inc."
 [comment]: # ""
 [comment]: # "Licensed under the Apache License, Version 2.0 (the 'License');"
 [comment]: # "you may not use this file except in compliance with the License."
@@ -34,8 +34,8 @@ The below configuration variables are required for this Connector to operate.  T
 
 VARIABLE | REQUIRED | TYPE | DESCRIPTION
 -------- | -------- | ---- | -----------
-**dns\_server** |  optional  | string | IP of the DNS server for lookups
-**host\_name** |  optional  | string | Hostname to be used in test connectivity
+**dns_server** |  optional  | string | IP of the DNS server for lookups
+**host_name** |  optional  | string | Hostname to be used in test connectivity
 
 ### Supported Actions  
 [test connectivity](#action-test-connectivity) - Validate the asset configuration for connectivity  
@@ -60,7 +60,7 @@ Query DNS records for a Domain or Host Name
 Type: **investigate**  
 Read only: **True**
 
-A list of record <b>types</b> to be resolved is supplied, one of which the user may choose as the value for the <b>type</b> parameter, these are\:<br><ul><li>A</li><li>AAAA</li><li>CNAME</li><li>HINFO</li><li>ISDN</li><li>MX</li><li>NS</li><li>SOA</li><li>TXT</li></ul>When taking a lookup domain action from a Playbook, the author can look up arbitrary DNS record types by supplying the desired record type as a string for the <b>type</b> parameter\.
+A list of record <b>types</b> to be resolved is supplied, one of which the user may choose as the value for the <b>type</b> parameter, these are:<br><ul><li>A</li><li>AAAA</li><li>CNAME</li><li>HINFO</li><li>ISDN</li><li>MX</li><li>NS</li><li>SOA</li><li>TXT</li></ul>When taking a lookup domain action from a Playbook, the author can look up arbitrary DNS record types by supplying the desired record type as a string for the <b>type</b> parameter.
 
 #### Action Parameters
 PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
@@ -69,45 +69,47 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
 **type** |  optional  | DNS Record Type | string | 
 
 #### Action Output
-DATA PATH | TYPE | CONTAINS
---------- | ---- | --------
-action\_result\.status | string | 
-action\_result\.parameter\.domain | string |  `host name`  `domain` 
-action\_result\.parameter\.type | string | 
-action\_result\.data\.\*\.record\_info\_objects\.\*\.record\_info | string |  `ip` 
-action\_result\.data\.\*\.record\_infos | string |  `ip` 
-action\_result\.summary\.cannonical\_name | string | 
-action\_result\.summary\.canonical\_name | string | 
-action\_result\.summary\.hostname | string |  `host name`  `domain` 
-action\_result\.summary\.record\_info | string |  `ip` 
-action\_result\.summary\.total\_record\_infos | numeric | 
-action\_result\.message | string | 
-summary\.total\_objects | numeric | 
-summary\.total\_objects\_successful | numeric |   
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string |  |   success  failed 
+action_result.parameter.domain | string |  `host name`  `domain`  |   test.com 
+action_result.parameter.type | string |  |  
+action_result.data.\*.record_info_objects.\*.record_info | string |  `ip`  |   122.122.122.122 
+action_result.data.\*.record_infos | string |  `ip`  |   122.122.122.122 
+action_result.summary.cannonical_name | string |  |   phantomtest.com.  test.com. 
+action_result.summary.canonical_name | string |  |  
+action_result.summary.hostname | string |  `host name`  `domain`  |   ffobaaar.com 
+action_result.summary.record_info | string |  `ip`  |   122.122.122.122 
+action_result.summary.total_record_infos | numeric |  |   1  6 
+action_result.message | string |  |   None of DNS query names exist: ['ffobaaar.com.', 'ffobaaar.com.localdomain.']  Record info: 54.239.25.192, Total record infos: 6, Cannonical name: amazon.com. 
+summary.total_objects | numeric |  |   1 
+summary.total_objects_successful | numeric |  |   1   
 
 ## action: 'lookup ip'
 Query Reverse DNS records for an IP
 
 Type: **investigate**  
 Read only: **True**
 
-The <b>lookup ip</b> action takes an IP address parameter\. The IP address \(IPv4 or IPv6\) will be looked up against the appropriate reverse lookup DNS records, and any associate hostname\(s\) will be returned\. Only <b>PTR</b> type lookups are returned\.
+The <b>lookup ip</b> action takes an IP address parameter. The IP address (IPv4 or IPv6) will be looked up against the appropriate reverse lookup DNS records, and any associate hostname(s) will be returned. Only <b>PTR</b> type lookups are returned.
 
 #### Action Parameters
 PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
 --------- | -------- | ----------- | ---- | --------
 **ip** |  required  | IP to resolve | string |  `ip` 
 
 #### Action Output
-DATA PATH | TYPE | CONTAINS
---------- | ---- | --------
-action\_result\.status | string | 
-action\_result\.parameter\.ip | string |  `ip` 
-action\_result\.data | string | 
-action\_result\.summary\.cannonical\_name | string | 
-action\_result\.summary\.canonical\_name | string | 
-action\_result\.summary\.hostname | string |  `host name`  `domain` 
-action\_result\.summary\.ip | string |  `ip` 
-action\_result\.message | string | 
-summary\.total\_objects | numeric | 
-summary\.total\_objects\_successful | numeric | 
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string |  |   success  failed 
+action_result.parameter.ip | string |  `ip`  |   122.122.122.122  123.123.123.123 
+action_result.data | string |  |  
+action_result.summary.cannonical_name | string |  |   122.122.122.122.in-addr.arpa. 
+action_result.summary.canonical_name | string |  |  
+action_result.summary.hostname | string |  `host name`  `domain`  |   ec2-52-91-186-198.compute-1.test.com. 
+action_result.summary.ip | string |  `ip`  |   122.122.122.122 
+action_result.message | string |  |   Ip: 122.122.122.122
+Hostname: ec2-52-91-186-198.compute-1.test.com.
+Cannonical name: 122.122.122.122.in-addr.arpa.  The DNS query name does not exist: 123.123.123.123.in-addr.arpa. 
+summary.total_objects | numeric |  |   1 
+summary.total_objects_successful | numeric |  |   1 

__init__.py

@@ -1,6 +1,6 @@
 # File: __init__.py
 #
-# Copyright (c) 2016-2022 Splunk Inc.
+# Copyright (c) 2016-2024 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

display_ip.html

@@ -10,7 +10,7 @@
 {% block widget_content %} <!-- Main Start Block -->
 
 <!-- File: display_ip.html
-  Copyright (c) 2016-2022 Splunk Inc.
+  Copyright (c) 2016-2024 Splunk Inc.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -111,7 +111,7 @@ <h3 class="wf-h3-style">Info</h3>
       {% if result.data.record_infos %}
       <table class="wf-table-horizontal">
         {% if result.param.type == 'A' or result.param.type == 'AAAA' %}
-          <tr><th>IP</th></tr>  
+          <tr><th>IP</th></tr>
         {% else %}
           <tr><th>Record Info</th></tr>
         {% endif %}
@@ -145,4 +145,3 @@ <h3 class="wf-h3-style">Info</h3>
 </div> <!-- Main Div -->
 
 {% endblock %} <!-- Main Start Block -->
-

dns.json

@@ -5,14 +5,14 @@
     "publisher": "Splunk",
     "package_name": "phantom_dns",
     "type": "information",
-    "license": "Copyright (c) 2016-2022 Splunk Inc.",
+    "license": "Copyright (c) 2016-2024 Splunk Inc.",
     "main_module": "dns_connector.py",
-    "app_version": "2.0.23",
-    "utctime_updated": "2022-01-07T04:07:45.000000Z",
+    "app_version": "2.0.25",
+    "utctime_updated": "2022-01-31T19:38:57.000000Z",
     "product_vendor": "Generic",
     "product_name": "DNS",
     "product_version_regex": ".*",
-    "min_phantom_version": "5.0.0",
+    "min_phantom_version": "5.1.0",
     "fips_compliant": true,
     "latest_tested_versions": [
         "N/A (Note: tested using Google Public DNS server 8.8.8.8 as of 11/2020)"
@@ -28,8 +28,8 @@
     "pip_dependencies": {
         "wheel": [
             {
-                "module": "dns",
-                "input_file": "dnspython/dnspython-1.16.0-py2.py3-none-any.whl"
+                "module": "dnspython",
+                "input_file": "wheels/shared/dnspython-1.16.0-py2.py3-none-any.whl"
             }
         ]
     },
@@ -328,4 +328,4 @@
             "versions": "EQ(*)"
         }
     ]
-}
+}

dns_connector.py

@@ -1,6 +1,6 @@
 # File: dns_connector.py
 #
-# Copyright (c) 2016-2022 Splunk Inc.
+# Copyright (c) 2016-2024 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -156,6 +156,8 @@ def _handle_forward_lookup(self, param):
         action_result = ActionResult(dict(param))
         self.add_action_result(action_result)
 
+        self.save_progress(EXECUTION_START_MESSAGE.format(self.ACTION_ID_FORWARD_LOOKUP))
+
         # get the server
         server = self._server
         host = param.get('domain')
@@ -205,6 +207,8 @@ def _handle_reverse_lookup(self, param):
         action_result = ActionResult(dict(param))
         self.add_action_result(action_result)
 
+        self.save_progress(EXECUTION_START_MESSAGE.format(self.ACTION_ID_REVERSE_LOOKUP))
+
         # get the server
         server = self._server
         host = param.get('ip')
@@ -269,12 +273,14 @@ def handle_action(self, param):
     argparser.add_argument('input_test_json', help='Input Test JSON file')
     argparser.add_argument('-u', '--username', help='username', required=False)
     argparser.add_argument('-p', '--password', help='password', required=False)
+    argparser.add_argument('-v', '--verify', action='store_true', help='verify', required=False, default=False)
 
     args = argparser.parse_args()
     session_id = None
 
     username = args.username
     password = args.password
+    verify = args.verify
 
     if (username is not None and password is None):
         # User specified a username but not a password, so ask
@@ -286,7 +292,7 @@ def handle_action(self, param):
         try:
             print("Accessing the Login page")
             login_url = BaseConnector._get_phantom_base_url() + 'login'
-            r = requests.get(login_url, verify=False)
+            r = requests.get(login_url, verify=verify, timeout=SAMPLEDNS_DEFAULT_REQUEST_TIMEOUT)
             csrftoken = r.cookies['csrftoken']
 
             data = dict()
@@ -299,11 +305,11 @@ def handle_action(self, param):
             headers['Referer'] = login_url
 
             print("Logging into Platform to get the session id")
-            r2 = requests.post(login_url, verify=False, data=data, headers=headers)
+            r2 = requests.post(login_url, verify=verify, data=data, headers=headers, timeout=SAMPLEDNS_DEFAULT_REQUEST_TIMEOUT)
             session_id = r2.cookies['sessionid']
         except Exception as e:
             print("Unable to get session id from the platfrom. Error: " + str(e))
-            exit(1)
+            sys.exit(1)
 
     with open(args.input_test_json) as f:
         in_json = f.read()
@@ -320,4 +326,4 @@ def handle_action(self, param):
         ret_val = connector._handle_action(json.dumps(in_json), None)
         print(json.dumps(json.loads(ret_val), indent=4))
 
-    exit(0)
+    sys.exit(0)

dns_consts.py

@@ -1,6 +1,6 @@
 # File: dns_consts.py
 #
-# Copyright (c) 2016-2022 Splunk Inc.
+# Copyright (c) 2016-2024 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -15,3 +15,7 @@
 SAMPLEDNS_ERR_QUERY = "Lookup query failed"
 SAMPLEDNS_SUCC_QUERY = "Host lookup successful"
 SAMPLEDNS_ERR_QUERY_RETURNED_NO_DATA = "Lookup did not return any information"
+
+EXECUTION_START_MESSAGE = "Executing {0} action"
+
+SAMPLEDNS_DEFAULT_REQUEST_TIMEOUT = 30  # in seconds