From ed61eefb48b5de5fc1a8035643134555f04cfcec Mon Sep 17 00:00:00 2001 From: Mark Kasaboski Date: Wed, 23 Oct 2024 11:15:54 -0400 Subject: [PATCH 1/2] Fixes ruff linting errors --- flare_splunk_integration/bin/flare.py | 21 ++++++++++---------- flare_splunk_integration/bin/input.py | 28 ++++++++++++++++++--------- 2 files changed, 30 insertions(+), 19 deletions(-) diff --git a/flare_splunk_integration/bin/flare.py b/flare_splunk_integration/bin/flare.py index ed40dc8..0fc3719 100644 --- a/flare_splunk_integration/bin/flare.py +++ b/flare_splunk_integration/bin/flare.py @@ -8,30 +8,31 @@ from urllib.error import HTTPError from vendor.flareio import FlareApiClient -APP_NAME = 'flare_splunk_integration' +APP_NAME = "flare_splunk_integration" -class FlareAPI(AuthBase): +class FlareAPI(AuthBase): def __init__(self, *, app): # Should be able to use app.service.storage_passwords.get(), # but I can't seem to get that to work. list() works. - server_key : Optional[str] = None - tenant_id : Optional[str] = None + server_key: Optional[str] = None + tenant_id: Optional[str] = None for item in app.service.storage_passwords.list(): - if item.content.username == 'serverkey': + if item.content.username == "serverkey": server_key = item.clear_password - if item.content.username == 'tenantid': + if item.content.username == "tenantid": tenant_id = item.clear_password self.flare_endpoints = app.service.confs["flare"]["endpoints"] self.api_key = server_key self.tenant_id = tenant_id - self.flare_client = FlareApiClient(api_key=self.api_key, - tenant_id=self.tenant_id) + self.flare_client = FlareApiClient( + api_key=self.api_key, tenant_id=self.tenant_id + ) def retrieve_feed(self, *, from_: Optional[str] = None) -> dict[str, Any]: - url=self.flare_endpoints["me_feed_endpoint"] + url = self.flare_endpoints["me_feed_endpoint"] response = self.flare_client.post( url=url, json={"lite": "true", "from": from_}, @@ -55,4 +56,4 @@ def retrieve_feed(self, *, from_: Optional[str] = None) -> dict[str, Any]: fp=None, ) - return response.json() \ No newline at end of file + return response.json() diff --git a/flare_splunk_integration/bin/input.py b/flare_splunk_integration/bin/input.py index 3b46891..e83118d 100644 --- a/flare_splunk_integration/bin/input.py +++ b/flare_splunk_integration/bin/input.py @@ -3,7 +3,7 @@ import os from typing import Optional -sys.path.insert(0, os.path.join(os.path.dirname(__file__), 'vendor')) +sys.path.insert(0, os.path.join(os.path.dirname(__file__), "vendor")) import vendor.splunklib.client as client from flare import FlareAPI @@ -14,6 +14,7 @@ REALM = APP_NAME + "_realm" KV_COLLECTION_NAME = "feednext" + def main(): try: # Example using a token @@ -21,7 +22,7 @@ def main(): host=HOST, port=SPLUNK_PORT, app=APP_NAME, - token=sys.stdin.readline().strip() + token=sys.stdin.readline().strip(), ) except Exception as e: print(str(e), file=sys.stderr) @@ -35,11 +36,12 @@ def main(): set_from_value(app=app, next=event_feed["next"]) if event_feed["items"]: - for item in event_feed['items']: + for item in event_feed["items"]: print(json.dumps(item)) + def get_from_value(app: client.Application) -> Optional[str]: - from_ : Optional[str] = None + from_: Optional[str] = None if KV_COLLECTION_NAME in app.service.kvstore: data = app.service.kvstore[KV_COLLECTION_NAME].data.query() if len(data) > 1: @@ -49,16 +51,24 @@ def get_from_value(app: client.Application) -> Optional[str]: return from_ + def set_from_value(app: client.Application, next: Optional[str]): if KV_COLLECTION_NAME not in app.service.kvstore: # Create the collection - app.service.kvstore.create(name=KV_COLLECTION_NAME, fields={"_key": "string", "value": "string"}) + app.service.kvstore.create( + name=KV_COLLECTION_NAME, fields={"_key": "string", "value": "string"} + ) # Insert - app.service.kvstore[KV_COLLECTION_NAME].data.insert(json.dumps({"_key": "next", "value": next})) + app.service.kvstore[KV_COLLECTION_NAME].data.insert( + json.dumps({"_key": "next", "value": next}) + ) elif not next: app.service.kvstore[KV_COLLECTION_NAME].data.delete(id="next") else: - app.service.kvstore[KV_COLLECTION_NAME].data.update(id="next", data=json.dumps({"value": next})) + app.service.kvstore[KV_COLLECTION_NAME].data.update( + id="next", data=json.dumps({"value": next}) + ) + -if __name__ == '__main__': - main() \ No newline at end of file +if __name__ == "__main__": + main() From e0d505478ce8fbaff2046d6c1252e319a02b3a75 Mon Sep 17 00:00:00 2001 From: Mark Kasaboski Date: Wed, 23 Oct 2024 13:04:08 -0400 Subject: [PATCH 2/2] Addresses splunk-appinspect errors --- .github/workflows/pipeline.yml | 1 + Makefile | 25 +++++++++++++++++++---- flare_splunk_integration/README | 14 +++++++++++++ flare_splunk_integration/default/app.conf | 3 +++ 4 files changed, 39 insertions(+), 4 deletions(-) create mode 100644 flare_splunk_integration/README diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index fae7c8b..ce3eb66 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -17,6 +17,7 @@ jobs: - name: Install Application Dependencies run: | make build + make venv-tools # SEE https://github.com/actions/upload-artifact?tab=readme-ov-file#permission-loss - name: Tar files (only way to preserve perms) diff --git a/Makefile b/Makefile index af8e7cb..851a0ae 100644 --- a/Makefile +++ b/Makefile @@ -8,10 +8,10 @@ venv: requirements.txt venv/bin/pip install --upgrade pip venv/bin/pip install --target flare_splunk_integration/bin/vendor -r requirements.txt @find flare_splunk_integration/bin/vendor -type d -name "*.dist-info" -exec rm -r {} + + @find flare_splunk_integration/bin/vendor -type d -name "__pycache__" -exec rm -r {} + @rm -rf flare_splunk_integration/bin/vendor/bin @rm -rf flare_splunk_integration/bin/vendor/packaging @rm -rf flare_splunk_integration/bin/vendor/*-stubs - @rm -rf flare_splunk_integration/bin/vendor/__pycache__ venv-tools: requirements.tools.txt venv rm -rf venv-tools @@ -21,7 +21,7 @@ venv-tools: requirements.tools.txt venv .PHONY: clean clean: - @echo "Removing venv and venv-tools. Don't forget to deactivate..." + @echo "Removing venv and venv-tools." @rm -rf venv @rm -rf venv-tools @rm -rf flare_splunk_integration/bin/vendor @@ -34,15 +34,32 @@ package: @package @echo "Done." +# A manual review from the Splunk team will be required to know if we need to fix any of these tag warnings. .PHONY: validate validate: venv-tools @echo "Running Splunk AppInspect..." @echo "If you get an error about \"libmagic\", run \"brew install libmagic\"" - venv-tools/bin/splunk-appinspect inspect --ci "flare_splunk_integration" + @venv-tools/bin/splunk-appinspect inspect --ci "flare_splunk_integration" || \ + if test "$$?" -eq "102" || "$$?" -eq "103" ; then \ + exit 0 ; \ + else \ + exit 1 ; \ + fi + +# This is helpful for identifying tags that are emitting warnings +TAGS = advanced_xml alert_actions_conf ast bias cloud csv custom_search_commands custom_search_commands_v2 custom_visualizations custom_workflow_actions deprecated_feature developer_guidance django_bindings future java jquery manual markdown migration_victoria modular_inputs offensive packaging_standards private_app private_classic private_victoria pura python3_version removed_feature restmap_config savedsearches security spec splunk_5_0 splunk_6_0 splunk_6_1 splunk_6_2 splunk_6_3 splunk_6_4 splunk_6_5 splunk_6_6 splunk_7_0 splunk_7_1 splunk_7_2 splunk_7_3 splunk_8_0 splunk_9_0 splunk_appinspect web_conf windows +.PHONY: inspect-tags +inspect-tags: + @for TAG in $(TAGS); do \ + echo "Tag: $$TAG" ; \ + venv-tools/bin/splunk-appinspect inspect --ci --included-tags $$TAG "flare_splunk_integration" ; \ + done .PHONY: test test: venv-tools - venv-tools/bin/pytest -vv + @if test -d "./tests" ; \ + then venv-tools/bin/pytest ./**/*.py -vv ; \ + fi .PHONY: format format: venv-tools diff --git a/flare_splunk_integration/README b/flare_splunk_integration/README new file mode 100644 index 0000000..d730665 --- /dev/null +++ b/flare_splunk_integration/README @@ -0,0 +1,14 @@ +# Flare Splunk Integration + +This application requires an **API key** and your **tenant ID** from https://app.flare.io. + +1. Log into your account at https://app.flare.io/#/login. +2. Once logged in go to your Profile page, look for the "API Keys" section and create an API key. +3. Copy your API key using the provided copy icon. +4. Paste your API key in the Flare Splunk Integration configuration screen in the API Key field. +5. Again, back on the Profile page of your account, you will see a Tenants section. +6. Copy your tenant ID and paste it in the Tenant ID field on the configuration screen. + +# Binary File Declaration +bin/vendor/charset_normalizer/md__mypyc.cpython-39-x86_64-linux-gnu.so +bin/vendor/charset_normalizer/md.cpython-39-x86_64-linux-gnu.so \ No newline at end of file diff --git a/flare_splunk_integration/default/app.conf b/flare_splunk_integration/default/app.conf index 90a55c1..08f0847 100644 --- a/flare_splunk_integration/default/app.conf +++ b/flare_splunk_integration/default/app.conf @@ -15,3 +15,6 @@ supported_themes = light, dark author = Flare Systems description = version = 1.0.0 + +[triggers] +reload.flare = simple \ No newline at end of file