Align CVE argument (#27573)

* algin cve argument in Prisma Cloud Compute * align cve argument in VulnDB * release notes * update docker * release notes
demisto · Jul 2, 2023 · f160261 · f160261
1 parent e16bd7d
commit f160261
Showing 12 changed files with 102 additions and 15 deletions.
diff --git a/...e/Integrations/PaloAltoNetworks_PrismaCloudCompute/PaloAltoNetworks_PrismaCloudCompute.py b/...e/Integrations/PaloAltoNetworks_PrismaCloudCompute/PaloAltoNetworks_PrismaCloudCompute.py
@@ -1215,7 +1215,11 @@ def get_cves(client: PrismaCloudComputeClient, args: dict) -> List[CommandResult
     Returns:
         CommandResults: command-results object.
     """
-    cve_ids = argToList(arg=args.get("cve_id", []))
+    cve_ids = argToList(arg=args.get("cve", [])) or argToList(arg=args.get("cve_id", []))
+
+    if not cve_ids:
+        raise DemistoException("You must provide a value to the `cve` argument")
+
     all_cves_information, results, unique_cve_ids = [], [], set()
 
     for _id in cve_ids:

diff --git a/.../Integrations/PaloAltoNetworks_PrismaCloudCompute/PaloAltoNetworks_PrismaCloudCompute.yml b/.../Integrations/PaloAltoNetworks_PrismaCloudCompute/PaloAltoNetworks_PrismaCloudCompute.yml
@@ -832,10 +832,16 @@ script:
     deprecated: false
     arguments:
     - name: cve_id
-      description: A comma-separated list of CVEs, for example, cve_id=cve-2016-223,cve-2020-3546.
-      required: true
+      description: Deprecated. Use the `cve` argument instead.
+      required: false
+      isArray: true
+      defaultValue: ""
+    - name: cve
+      description: A comma-separated list of CVEs, for example, cve=cve-2016-223,cve-2020-3546.
+      required: false
       isArray: true
       defaultValue: ""
+      default: true
     outputs:
     - contextPath: CVE.ID
       description: "The ID of the CVE, for example: CVE-2015-1653."

diff --git a/...egrations/PaloAltoNetworks_PrismaCloudCompute/PaloAltoNetworks_PrismaCloudCompute_test.py b/...egrations/PaloAltoNetworks_PrismaCloudCompute/PaloAltoNetworks_PrismaCloudCompute_test.py
@@ -1021,6 +1021,63 @@ def test_date_string_conversion_is_failing():
             }
         ]
     ),
+    (
+        {"cve": "cve_id_value"},
+        get_cves,
+        "/cves",
+        [
+            {
+                "cve": "cve1",
+                "distro": "distro",
+                "distro_release": "distro_release",
+                "type": "type",
+                "package": "package",
+                "severity": "unimportant",
+                "status": "fixed in 2.22-15",
+                "cvss": 5,
+                "rules": [
+                    "<2.22-15"
+                ],
+                "conditions": None,
+                "modified": 1606135803,
+                "fixDate": 0,
+                "link_id": "",
+                "description": "description1"
+            },
+            {
+                "cve": "cve2",
+                "distro": "distro",
+                "distro_release": "distro_release",
+                "type": "type",
+                "package": "package",
+                "severity": "severity",
+                "status": "fixed in 2.22-100.15",
+                "cvss": 7,
+                "rules": [
+                    "<2.22-100.15"
+                ],
+                "conditions": None,
+                "modified": 1606135803,
+                "fixDate": 0,
+                "link_id": "",
+                "description": "description2"
+            },
+        ],
+        [
+            {
+                "ID": "cve1",
+                "Description": "description1",
+                "CVSS": 5,
+                "Modified": "November 23, 2020 12:50:03 PM"
+            },
+            {
+                "ID": "cve2",
+                "Description": "description2",
+                "CVSS": 7,
+                "Modified": "November 23, 2020 12:50:03 PM"
+            }
+        ]
+    ),
     (
         {"limit": "20", "offset": "0"},
         get_defenders,

diff --git a/...s/PrismaCloudCompute/Integrations/PaloAltoNetworks_PrismaCloudCompute/README.md b/...s/PrismaCloudCompute/Integrations/PaloAltoNetworks_PrismaCloudCompute/README.md
@@ -1041,7 +1041,7 @@ devOps
 
 | **Argument Name** | **Description** | **Required** |
 | --- | --- | --- |
-| cve_id | Comma-separated list of CVEs, for example, cve_id=cve-2016-223,cve-2020-3546. | Required | 
+| cve | Comma-separated list of CVEs, for example, cve=cve-2016-223,cve-2020-3546. | Required | 
 
 
 #### Context Output
@@ -1059,7 +1059,7 @@ devOps
 
 
 #### Command Example
-```!cve cve_id=CVE-2021-4333```
+```!cve cve=CVE-2021-4333```
 
 #### Context Example
 ```json

diff --git a/Packs/PrismaCloudCompute/ReleaseNotes/1_4_4.md b/Packs/PrismaCloudCompute/ReleaseNotes/1_4_4.md
@@ -0,0 +1,3 @@
+#### Integrations
+##### Palo Alto Networks - Prisma Cloud Compute
+- Added the *cve* argument to the ***cve*** command to replace the *cve_id* argument.
diff --git a/Packs/PrismaCloudCompute/pack_metadata.json b/Packs/PrismaCloudCompute/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Prisma Cloud Compute by Palo Alto Networks",
     "description": "Use the Prisma Cloud Compute integration to fetch incidents from your Prisma Cloud Compute environment.",
     "support": "xsoar",
-    "currentVersion": "1.4.3",
+    "currentVersion": "1.4.4",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

diff --git a/Packs/VulnDB/Integrations/VulnDB/README.md b/Packs/VulnDB/Integrations/VulnDB/README.md
@@ -1404,7 +1404,7 @@
 </thead>
 <tbody>
 <tr>
-<td style="width: 160px;">cve_id</td>
+<td style="width: 160px;">cve</td>
 <td style="width: 509px;">CVE ID.</td>
 <td style="width: 71px;">Required</td>
 </tr>
@@ -1572,4 +1572,4 @@
 <p> </p>
 <h5>
 <a id="Command_Example_486"></a>Command Example</h5>
-<pre>!vulndb-get-vuln-by-cve-id cve_id="2013-1228" max_size="20"</pre>
+<pre>!vulndb-get-vuln-by-cve-id cve="2013-1228" max_size="20"</pre>
diff --git a/Packs/VulnDB/Integrations/VulnDB/VulnDB.py b/Packs/VulnDB/Integrations/VulnDB/VulnDB.py
@@ -357,7 +357,11 @@ def vulndb_get_version_command(args: dict, client: Client):
 
 
 def vulndb_get_cve_command(args: dict, client: Client, dbot_score_reliability: DBotScoreReliability):
-    cve_id = args['cve_id']
+    cve_id = args.get('cve_id', '') or args.get('cve', '')
+
+    if not cve_id:
+        raise DemistoException("You must provide a value to the `cve` argument")
+
     max_size = args.get('max_size')
 
     response = client.http_request(f'/vulnerabilities/{cve_id}/find_by_cve_id', max_size)

diff --git a/Packs/VulnDB/Integrations/VulnDB/VulnDB.yml b/Packs/VulnDB/Integrations/VulnDB/VulnDB.yml
@@ -881,11 +881,16 @@ script:
       description: Classification description (human readable).
       type: string
   - arguments:
+    - description: Deprecated. Use the `cve` argument instead.
+      isArray: false
+      name: cve_id
+      required: false
+      secret: false
     - default: true
       description: CVE ID.
       isArray: false
-      name: cve_id
-      required: true
+      name: cve
+      required: false
       secret: false
     - default: false
       description: Maximum number of entries to return. A high number of entries might affect performance. The default value is "20".
@@ -925,7 +930,7 @@ script:
     - contextPath: DBotScore.Indicator
       description: The indicator that was tested.
       type: String
-  dockerimage: demisto/python3:3.10.11.61265
+  dockerimage: demisto/python3:3.10.12.63474
   feed: false
   isfetch: false
   longRunning: false

diff --git a/Packs/VulnDB/Integrations/VulnDB/VulnDB_test.py b/Packs/VulnDB/Integrations/VulnDB/VulnDB_test.py
@@ -2,7 +2,8 @@
 from CommonServerPython import DemistoException, DBotScoreReliability
 
 
-def test_http_request_json_negative(requests_mock):
+@pytest.mark.parametrize('argument', ['cve_id', 'cve'])
+def test_http_request_json_negative(requests_mock, argument):
     from VulnDB import Client, vulndb_get_cve_command
     base_path = 'https://vulndb.cyberriskanalytics.com'
     requests_mock.post(
@@ -18,4 +19,4 @@ def test_http_request_json_negative(requests_mock):
         })
     client = Client(False, False, f'{base_path}/api/v1', 'client_id', 'client_secret')
     with pytest.raises(DemistoException, match='You have exceeded your API usage for the month'):
-        vulndb_get_cve_command({'cve_id': cve_id}, client, DBotScoreReliability.C)
+        vulndb_get_cve_command({argument: cve_id}, client, DBotScoreReliability.C)
diff --git a/Packs/VulnDB/ReleaseNotes/1_0_7.md b/Packs/VulnDB/ReleaseNotes/1_0_7.md
@@ -0,0 +1,7 @@
+
+#### Integrations
+
+##### VulnDB
+
+- Added the *cve* argument to the ***cve*** command to replace the *cve_id* argument.
+- Updated the Docker image to: *demisto/python3:3.10.12.63474*.
diff --git a/Packs/VulnDB/pack_metadata.json b/Packs/VulnDB/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "VulnDB",
     "description": "Lists all of the security vulnerabilities for various products (OS,Applications) etc)",
     "support": "xsoar",
-    "currentVersion": "1.0.6",
+    "currentVersion": "1.0.7",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",