v0.4.1 - action_name, missing methods, CSPM class (#67)

* v0.4.1 - action_name, missing methods, CSPM class * Updated return type decorator on byte result ops * v4.0.1 README.md updates * v4.0.1 README.md updates * v4.0.1 README.md updates * v4.0.1 README.md updates * UpdatedDetectsByIdsV2 validator fix, minor changes
CrowdStrike · Mar 11, 2021 · 1d825a8 · 1d825a8
1 parent 9e879ff
commit 1d825a8
Show file tree

Hide file tree

Showing 24 changed files with 765 additions and 240 deletions.
diff --git a/README.md b/README.md
@@ -12,17 +12,17 @@ This SDK provides two distinct methods for interacting with CrowdStrike's Falcon
 ## Quick Install / Uninstall
 Stable releases of FalconPy are available on PyPI:
 ```shell
-$ python -m pip install crowdstrike-falconpy
+$ python3 -m pip install crowdstrike-falconpy
 ```
 
 If you'd like to try the *absolute bleeding edge*, an automated GitHub action releases a test package with every merged pull request. To install the testing version:
 ```shell
-$ python -m pip install -i https://test.pypi.org/simple crowdstrike-falconpy
+$ python3 -m pip install -i https://test.pypi.org/simple crowdstrike-falconpy
 ```
 
 To uninstall/remove FalconPy:
 ```shell
-$ python -m pip uninstall crowdstrike-falconpy
+$ python3 -m pip uninstall crowdstrike-falconpy
 ```
 
 # Service classes
@@ -34,8 +34,8 @@ $ python -m pip uninstall crowdstrike-falconpy
 | [CrowdStrike Custom Indicators of Compromose (IOCs) APIs](https://falcon.crowdstrike.com/support/documentation/88/custom-ioc-apis) | [./src/falconpy/iocs.py](./src/falconpy/iocs.py) |
 | [CrowdStrike Detections APIs](https://falcon.crowdstrike.com/support/documentation/85/detection-and-prevention-policies-apis) | [./src/falconpy/detects.py](./src/falconpy/detects.py) |
 | [CrowdStrike Event Streams API](https://falcon.crowdstrike.com/support/documentation/89/event-streams-apis)| [./src/falconpy/event_streams.py](./src/falconpy/event_streams.py) |
-| [CrowdStrike Falcon Horizon APIs](https://falcon.crowdstrike.com/support/documentation/137/falcon-horizon-apis) | *Coming Soon* |
-| [CrowdStrike Falon X APIs](https://falcon.crowdstrike.com/support/documentation/92/falcon-x-apis) | *Coming Soon* |
+| [CrowdStrike Falcon Horizon APIs](https://falcon.crowdstrike.com/support/documentation/137/falcon-horizon-apis) | [./src/falconpy/cspm_registration.py](./src/falconpy/cspm_registration.py) |
+| [CrowdStrike Falcon X APIs](https://falcon.crowdstrike.com/support/documentation/92/falcon-x-apis) | *Coming Soon* |
 | [CrowdStrike Firewall Management API](https://falcon.crowdstrike.com/support/documentation/107/falcon-firewall-management-apis) | [./src/falconpy/firewall_management.py](./src/falconpy/firewall_management.py) |
 | [CrowdStrike Firewall Policy Management](https://falcon.crowdstrike.com/support/documentation/107/falcon-firewall-management-apis) | [./src/falconpy/firewall_policies.py](./src/falconpy/firewall_policies.py) |
 | [CrowdStrike Host Groups API](https://falcon.crowdstrike.com/support/documentation/84/host-and-host-group-management-apis) | [./src/falconpy/host_group.py](./src/falconpy/host_group.py) |

diff --git a/src/falconpy/README.MD b/src/falconpy/README.MD
@@ -3,6 +3,7 @@ These classes are part of the falconpy project, a python interface handler to th
 
 ### Currently implemented:
 + `cloud_connect_aws.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/cloud-connect-aws
++ `cspm-registration.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/cspm-registration
 + `detects.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/detects
 + `device_control_policies.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/device-control-policies
 + `event_streams.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/event-streams
@@ -24,7 +25,6 @@ These classes are part of the falconpy project, a python interface handler to th
 
 ### Planned
 + `d4c-registration.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/d4c-registration
-+ `cspm-registration.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/cspm-registration
 + `installation-tokens.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/installation-tokens
 + `custom-ioa.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/custom-ioa
 + `malquery.py` https://assets.falcon.crowdstrike.com/support/api/swagger.html#/malquery

diff --git a/src/falconpy/_endpoint.py b/src/falconpy/_endpoint.py
@@ -57,11 +57,11 @@
     ["DeleteCSPMAwsAccount", "DELETE", "/cloud-connect-cspm-aws/entities/account/v1?ids={}"],
     ["GetCSPMAwsConsoleSetupURLs", "GET", "/cloud-connect-cspm-aws/entities/console-setup-urls/v1"],
     ["GetCSPMAwsAccountScriptsAttachment", "GET", "/cloud-connect-cspm-aws/entities/user-scripts-download/v1"],
-    ["GetCSPMAzureAccount", "GET", "/cloud-connect-cspm-azure/entities/account/v1?ids={}"],
-    ["CreateCSPMAzureAccount", "POST", "/cloud-connect-cspm-azure/entities/account/v1"],
+    ["GetCSPMAzureAccount2", "GET", "/cloud-connect-cspm-azure/entities/account/v1?ids={}"],
+    ["CreateCSPMAzureAccount2", "POST", "/cloud-connect-cspm-azure/entities/account/v1"],
     ["DeleteCSPMAzureAccount", "DELETE", "/cloud-connect-cspm-azure/entities/account/v1?ids={}"],
-    ["UpdateCSPMAzureAccountClientID", "PATCH", "/cloud-connect-cspm-azure/entities/client-id/v1"],
-    ["GetCSPMAzureUserScriptsAttachment", "GET", "/cloud-connect-cspm-azure/entities/user-scripts-download/v1"],
+    ["UpdateCSPMAzureAccountClientID2", "PATCH", "/cloud-connect-cspm-azure/entities/client-id/v1"],
+    ["GetCSPMAzureUserScriptsAttachment2", "GET", "/cloud-connect-cspm-azure/entities/user-scripts-download/v1"],
     ["GetCSPMCGPAccount", "GET", "/cloud-connect-gcp/entities/account/v1?ids={}"],
     ["CreateCSPMGCPAccount", "POST", "/cloud-connect-gcp/entities/account/v1"],
     ["GetCSPMGCPUserScriptsAttachment", "GET", "/cloud-connect-gcp/entities/user-scripts-download/v1"],
@@ -73,6 +73,7 @@
     ["queryCombinedGroupMembers", "GET", "/devices/combined/host-group-members/v1"],
     ["queryCombinedHostGroups", "GET", "/devices/combined/host-groups/v1"],
     ["PerformActionV2", "POST", "/devices/entities/devices-actions/v2"],
+    ["UpdateDeviceTags", "PATCH", "/devices/entities/devices/tags/v1"],
     ["GetDeviceDetails", "GET", "/devices/entities/devices/v1?ids={}"],
     ["performGroupAction", "POST", "/devices/entities/host-group-actions/v1"],
     ["getHostGroups", "GET", "/devices/entities/host-groups/v1?ids={}"],

diff --git a/src/falconpy/_util.py b/src/falconpy/_util.py
@@ -188,3 +188,7 @@ def perform_request(method: str = "", endpoint: str = "", headers: dict = None,
         returned = Result()(405, {}, {"errors": [{"message": "Invalid API service method."}], "resources": ""})
 
     return returned
+
+
+def generate_error_result(message: str = "An error has occurred. Check your payloads and try again.", code: int = 500) -> dict:
+    return Result()(status_code=code, headers={}, body={"errors": [{"message": f"{message}"}], "resources": ""})
diff --git a/src/falconpy/_version.py b/src/falconpy/_version.py
@@ -36,7 +36,7 @@
 
 For more information, please refer to <https://unlicense.org>
 """
-_version = '0.4.0'
+_version = '0.4.1'
 _maintainer = 'Joshua Hiller'
 _author = 'CrowdStrike'
 _author_email = '[email protected]'

diff --git a/src/falconpy/api_complete.py b/src/falconpy/api_complete.py
@@ -109,7 +109,7 @@ def deauthenticate(self: object) -> bool:
     # NOTE: Not specifying datatypes for "ids" and "partition" parameters
     #       to allow developers to pass str / lists / integers as necessary
     def command(self: object, action: str = "", parameters: dict = {}, body: dict = {}, data: dict = {},
-                headers: dict = {}, ids=None, partition=None, override: str = None,
+                headers: dict = {}, ids=None, partition=None, override: str = None, action_name: str = None,
                 files: list = [], file_name: str = None, content_type: str = None):  # May return dict or object datatypes
         """ Checks token expiration, renewing when necessary, then performs the request. """
         if self.token_expired():
@@ -120,13 +120,18 @@ def command(self: object, action: str = "", parameters: dict = {}, body: dict =
             CMD = [a for a in self.commands if a[0] == action]
         if CMD:
             FULL_URL = self.base_url+"{}".format(CMD[0][2])
+            # Consider calculating ? vs & character replacement
             if ids:
                 ID_LIST = str(parse_id_list(ids)).replace(",", "&ids=")
                 FULL_URL = FULL_URL.format(ID_LIST)
+            if action_name:
+                delim = "&" if "?" in FULL_URL else "?"
+                FULL_URL = f"{FULL_URL}{delim}action_name={str(action_name)}"  # TODO: Additional action_name restrictions?
             if partition:
                 FULL_URL = FULL_URL.format(str(partition))
             if file_name:
-                FULL_URL = "{}?file_name={}".format(FULL_URL, str(file_name))
+                delim = "&" if "?" in FULL_URL else "?"
+                FULL_URL = f"{FULL_URL}{delim}file_name={str(action_name)}"
             HEADERS = self.headers()
             for item in headers:
                 HEADERS[item] = headers[item]