Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix a bug in fetch-indicators #32991

Merged
merged 172 commits into from
Mar 6, 2024
Merged

fix a bug in fetch-indicators #32991

Show file tree
Hide file tree
Changes from 167 commits
Commits
Show all changes
172 commits
Select commit Hold shift + click to select a range
a1ca0a6
fix
maimorag Feb 18, 2024
fde8849
fix fetch using timestamp
maimorag Feb 19, 2024
8d16cbb
cr notes
maimorag Feb 19, 2024
724713f
adding unify
maimorag Feb 20, 2024
a388928
cr
maimorag Feb 20, 2024
67ec005
after meeting with the client fix
maimorag Feb 28, 2024
a68bbbd
after meeting with the client fixing tests 2
maimorag Feb 28, 2024
9e0e87e
fixing fetching above 2000 indicators
maimorag Feb 28, 2024
b7c53da
fixing fetching
maimorag Feb 28, 2024
0e3310d
fixing fetching
maimorag Feb 28, 2024
6aae6df
adding unify for customer
maimorag Feb 28, 2024
6232c86
Bump gitpython from 3.1.40 to 3.1.41 (#32119)
dependabot[bot] Feb 14, 2024
ae62b74
Bump pillow from 10.1.0 to 10.2.0 (#32356)
dependabot[bot] Feb 14, 2024
a144486
Notify External PR Merge (#32349)
shmuel44 Feb 14, 2024
6d58ad1
added 'W291, # trailing-whitespace' to pyproject.toml and nightly (#3…
shmuel44 Feb 14, 2024
ea1baed
[greynoise-266] New Pack - FeedGreyNoiseIndicator (#32514) (#32942)
content-bot Feb 14, 2024
948d446
Fix CommonServerPython mypy (#32931)
ilaner Feb 15, 2024
6f9cde4
Update docker images of `CommonScript` items (#32938)
ilappe Feb 15, 2024
be39f92
[ASM] EXPANDR-3608: store potential offending firewall rules (#32721)…
content-bot Feb 15, 2024
b9cff43
XSUP-31342 - XDR mirroring changes incident resolution (#32359)
RotemAmit Feb 15, 2024
7e10a2b
Domaintools iris release v2.0.1 (#32880) (#32946)
content-bot Feb 15, 2024
344062a
revert docker changes (#32944)
sapirshuker Feb 15, 2024
58e0987
AWS Require Region (#32687)
jlevypaloalto Feb 15, 2024
094a27e
Update `demisto/fastapi` 70-100 coverage rate (#32573)
ilappe Feb 15, 2024
d138899
fix pb parser (#32826)
dantavori Feb 15, 2024
10697de
YR/Handle long running pipelines, and commits with no pipelines/CIAC-…
RosenbergYehuda Feb 15, 2024
313d971
Add Joesecurity onprem integration (#31674) (#32888)
content-bot Feb 15, 2024
4c1db1c
populated fields default values fix (#32879)
JasBeilin Feb 15, 2024
741b8fe
saassecurity (#32912)
sapirshuker Feb 15, 2024
76d80c5
Automate Demisto SDK release (#31941)
adi88d Feb 15, 2024
578346a
Major Rapid Ivanti Update (#32775)
melamedbn Feb 15, 2024
eb4878e
Remove the maximum page size from the docs (#32869)
RosenbergYehuda Feb 15, 2024
1cc392c
Fix issue with empty folder raising error, and fix duplicate emails/ …
RosenbergYehuda Feb 15, 2024
2c1a4b5
updated the reviwers and TL github users (#32952)
RotemAmit Feb 15, 2024
7179eee
[QRadar] Add support for last run and remove support multithreading (…
ilaner Feb 16, 2024
f5987b3
Add build files to git ignore (#32851)
MosheEichler Feb 16, 2024
4368c61
Update on call to Edri&Polishuk (#32964)
MosheEichler Feb 16, 2024
f221066
bug - Cortex IR resolved incidents not mirrored correctly (#32856)
MLainer1 Feb 17, 2024
8db8150
Update Docker Image To demisto/taxii-server (#32897)
content-bot Feb 18, 2024
ec41f0f
EXPANDR-8026: Azure Remediation Bug Fix and Improvements (#32882) (#3…
content-bot Feb 18, 2024
44b727e
fix(sekoiaio/cti): return None for unknown indicator (#32246) (#32953)
content-bot Feb 18, 2024
f233df9
stage private packs for the graph (#32923)
ilappe Feb 18, 2024
70a8882
Qualys_Add_New_Commands (#31917) (#32972)
content-bot Feb 18, 2024
a0f0c43
Update `demisto/crypto` 70-100 coverage rate (#32593)
ilappe Feb 18, 2024
fed2d42
Update demisto/yarapy 70-100 coverage rate (#32585)
ilappe Feb 18, 2024
b2cf100
Update `demisto/xml-feed` 55-70 coverage rate (#32642)
ilappe Feb 18, 2024
79ee028
Update `demisto/pycef` 55-70 coverage rate (#32672)
ilappe Feb 18, 2024
5fefb53
Update `demisto/faker3` 55-70 coverage rate (#32662)
ilappe Feb 18, 2024
06c97f6
Update `demisto/ntlm` 55-70 coverage rate (#32660)
ilappe Feb 18, 2024
b68fca2
Update `googleapi-python3` 40-55 coverage rate (#32647)
ilappe Feb 18, 2024
df6898a
Update `demisto/btfl-soup` 40-55 coverage rate (#32628)
ilappe Feb 18, 2024
4a1b01b
Update `demisto/python3-deb` 40-55 coverage rate (#32569)
ilappe Feb 18, 2024
6563b79
Update docker images of `Syslog` items (#32947)
ilappe Feb 18, 2024
d42e659
revert git commit (#32973)
MosheEichler Feb 18, 2024
212c7ed
update tanium v2 readme (#32975)
YuvHayun Feb 18, 2024
c069fe2
Revert "YR/Handle long running pipelines, and commits with no pipelin…
RosenbergYehuda Feb 18, 2024
1632964
MISP 2.1.41 - Add Custom Object command (#32955)
content-bot Feb 18, 2024
aabec1a
Zimperium v2Integration (#32615)
daryakoval Feb 18, 2024
4db3681
Upgrade `python3` docker images 0-20 coverage rate (#32446)
ilappe Feb 18, 2024
d0f4f5b
[Okta v2] Make API Token Non-required When Using OAuth (#32877)
MichaelYochpaz Feb 18, 2024
26ba9db
[Xsup 33523] fix for microsoft-365-defender-advanced-hunting (#32976)
michal-dagan Feb 18, 2024
527ae17
[AlienVault] Add error handling for convert_timestamp_to_iso86 (#32958)
DeanArbel Feb 18, 2024
8e7f84d
fix IdentifyAttachedEmail handle None (#32966)
anara123 Feb 18, 2024
32250b7
Update `demisto/dxl` 25-40 coverage rate (#32648)
ilappe Feb 18, 2024
2a82493
Update `demisto/googleapi-python3` 0-10 coverage rate (#32646)
ilappe Feb 18, 2024
924da78
Update `demisto/google-api-py3` 25-40 coverage rate (#32645)
ilappe Feb 18, 2024
b0c0d7f
Update `demisto/bs4-py3` 0-10 coverage rate (#32637)
ilappe Feb 18, 2024
aaace71
Update `demisto/netutils` 0-10 coverage rate (#32631)
ilappe Feb 18, 2024
b786969
Update `demisto/graphql` 0-10 coverage rate (#32625)
ilappe Feb 18, 2024
7640521
Update `demisto/blueliv` 0-10 coverage rate (#32624)
ilappe Feb 18, 2024
c546736
Update `demisto/taxii` 10-25 coverage rate (#32604)
ilappe Feb 18, 2024
f2c9a5b
Update `demisto/dnstwist` '0-10' coverage rate (#32582)
ilappe Feb 18, 2024
87c810b
Update `demisto/fastapi` 0-10 coverage rate (#32571)
ilappe Feb 18, 2024
a5878c0
Upgrade `demisto/boto3py3` items 0-10 coverage rate (#32565)
ilappe Feb 18, 2024
04dab35
Awssns listener (#31633)
thefrieddan1 Feb 19, 2024
2d4f56a
[Slack v3] - add support for file-mirroring from xsoar to slack (#32611)
GuyAfik Feb 19, 2024
538189c
Qradar reference sets list issue (#32779)
jbabazadeh Feb 19, 2024
82f1084
[XSUP-33662] Fix Okta Auth0 test-module (#32992)
yaakovpraisler Feb 19, 2024
f629035
XSIAM Compliance Dashboard&Report Update (#31947)
AradCarmi Feb 19, 2024
b55fe64
PhishTank v2 - Added the username parameter (#32951)
adi88d Feb 19, 2024
66d9938
[CortexXpanse] Update Integration Fetch Offset (#32868) (#33002)
content-bot Feb 20, 2024
16fc5d5
metrics in csp (#32383)
dantavori Feb 20, 2024
3af8ffd
Update Docker Image To demisto/boto3py3 (#33008)
content-bot Feb 20, 2024
08a0690
Update Docker Image To demisto/python3 (#33007)
content-bot Feb 20, 2024
961d0bc
Update Docker Image To demisto/googleapi-python3 (#33009)
content-bot Feb 20, 2024
aedba22
Update Docker Image To demisto/btfl-soup (#33010)
content-bot Feb 20, 2024
ceecd6a
update docker + RN (#32995)
ilappe Feb 20, 2024
8f685d7
update docker + RN (#32996)
ilappe Feb 20, 2024
640df5b
update docker + RN (#32999)
ilappe Feb 20, 2024
f0f970f
[Okta Event Collector] Add next pagination token logic (#32393)
samuelFain Feb 20, 2024
31bdb7e
Update `demisto/sklearn` 0-10 coverage rate (#32760)
ilappe Feb 20, 2024
deff547
Update `demisto/tidy` 0-10 coverage rate (#32671)
ilappe Feb 20, 2024
2c74e39
Update `demisto/snowflake` 0-10 coverage rate (#32667)
ilappe Feb 20, 2024
fa1bf26
Update `demisto/smbprotocol` 0-10 coverage rate (#32666)
ilappe Feb 20, 2024
323553d
Update `demisto/resilient` 10-25 coverage rate (#32659)
ilappe Feb 20, 2024
dc6c094
Update `demisto/google-vision-api` 0-10 coverage rate (#32658)
ilappe Feb 20, 2024
6c0179c
Update `demisto/google-kms` 10-25 coverage rate (#32656)
ilappe Feb 20, 2024
328696e
Update `demisto/google-cloud-translate` 25-40 coverage rate (#32655)
ilappe Feb 20, 2024
81693f7
Update `demisto/pwsh-exchangev3` 0-10 coverage rate (#32654)
ilappe Feb 20, 2024
4367a4d
Update `demisto/fastapi` 25-40 coverage rate (#32572)
ilappe Feb 20, 2024
d8f306a
Update `demisto/etl2pcap` 25-40 coverage rate (#32674)
ilappe Feb 20, 2024
0cdd042
Update `demisto/btfl-soup` 25-40 coverage rate (#32627)
ilappe Feb 20, 2024
6c4514b
[Microsoft Graph Security] Update msg-update-alert documentation (#32…
michal-dagan Feb 20, 2024
55492e4
Ignore E2E jobs in check jobs are really done (#32963)
MosheEichler Feb 20, 2024
e075bc0
update docker + RN (#33000)
ilappe Feb 20, 2024
2ff3b83
troubleshooting splunk cloud (#33019)
jbabazadeh Feb 20, 2024
a5dff32
AWS Cloud Watch logs - fix proxy issue (#32956) (#33024)
content-bot Feb 20, 2024
522910c
fix + RN (#32990)
ilappe Feb 20, 2024
f7b0378
Add nightly ok label workflow (#32876)
MosheEichler Feb 20, 2024
2c71b2f
[FeedElasticSearch] Fix ids in last run (#32778)
ilaner Feb 20, 2024
eca4c92
Update Docker Image To demisto/crypto (#33042)
content-bot Feb 21, 2024
5247737
Update Docker Image To demisto/python3 (#33040)
content-bot Feb 21, 2024
ec7260e
fix base client execution metrics (#33044)
dantavori Feb 21, 2024
d12ddf0
[pre commit] Update coverage-analyze hook (#33035)
samuelFain Feb 21, 2024
06b9c86
Teams docs (#32949)
merit-maita Feb 21, 2024
99f444c
[bug] - threatconnect feed missing indicator type parser (#32993)
MLainer1 Feb 21, 2024
6ff70f8
[Sleep] Removed Polling in 6 (#33056)
DeanArbel Feb 21, 2024
04a4940
ad-modify-user-ou adds backslash to CN (#31491)
daryakoval Feb 21, 2024
e1e245d
Update MS DNS README (#33053)
eepstain Feb 22, 2024
5794268
Update `demisto/teams` 0-10 coverage rate (#32633)
ilappe Feb 22, 2024
5375af4
Updated repo name from the Github Context (#33055)
AradCarmi Feb 22, 2024
69d9553
[EWSO365] Handle corrupt Message-ID header (#32776)
samuelFain Feb 22, 2024
28c74bd
[Native Image] Release py3-native 8.6 (#32977)
samuelFain Feb 22, 2024
b4dc7c4
ServiceNow mirror: fix bug when mirror not started (#33065)
ilappe Feb 22, 2024
6136595
[OpenCTI] Update Documentation (#33071)
MichaelYochpaz Feb 22, 2024
1b2dd42
Prisma Cloud Compute docs update (#32943)
BEAdi Feb 22, 2024
b469dec
[Native Image] Update native image tag (#33080)
samuelFain Feb 23, 2024
529d09a
SentinelOne V2 3.2.21 (#33005) (#33057)
content-bot Feb 25, 2024
2578edf
Exclude nightly ok in contribution PRs (#33087)
MosheEichler Feb 25, 2024
911ee54
[Marketplace Contribution] XSOAR File Management - Content Pack Updat…
content-bot Feb 25, 2024
c5e0f01
Convert file hash to corresponding hash improvement (#33001)
karinafishman Feb 25, 2024
fe815d8
Fix QRadar TPB (#33003)
jlevypaloalto Feb 25, 2024
a9359bf
[Marketplace Contribution] PAN-OS by Palo Alto Networks - Content Pac…
content-bot Feb 25, 2024
28d8afb
Fix retrieve the SDK changelog workflow status while loop (#33093)
adi88d Feb 25, 2024
180d8bd
fix infra mypy errors (#33067)
dorschw Feb 25, 2024
7a62951
pre-commit: Upload pytest junit artifact (#33033)
dorschw Feb 25, 2024
6347f47
JoeSecurityv2 fixed filename and comment (#32819)
JasBeilin Feb 25, 2024
e1be176
[Microsoft Graph Security] msg-purge-ediscovery-data - update docs (#…
michal-dagan Feb 25, 2024
a24005f
demisto-sdk-release 1.27.0 (#33095)
content-bot Feb 25, 2024
d976f28
Add a limit to cs falcon search device command (#32979)
omerKarkKatz Feb 25, 2024
8602707
Fixed error runner not found (#33031)
BEAdi Feb 25, 2024
da69e03
Upgrade native:candidate to 8.6 (#33094)
samuelFain Feb 26, 2024
ade80db
Add alert output content as specified in yml file (#120) (#33030) (#3…
content-bot Feb 26, 2024
1a6bfa1
Extract indicators from file fix (#33100)
karinafishman Feb 26, 2024
f81a719
revert the nightly in gitlab on-push (#33099)
israelpoli Feb 26, 2024
90f356f
BmcITSM work order support added (#33043) (#33102)
content-bot Feb 26, 2024
081dab9
add git add (#33105)
adi88d Feb 26, 2024
78a6720
Fix AWSRecreateSG EC2 breaking change bug (#32962)
jlevypaloalto Feb 26, 2024
6450b33
Add Teradata to GenericSQL integration (#29352)
rshunim Feb 26, 2024
737a4fe
Refactor product parsing rule ms graph (#33049)
yasta5 Feb 26, 2024
f3c3710
Extract indicators hyperlinks (#33073)
daryakoval Feb 26, 2024
5bf5a42
taxii2serverperformancetest - add server configuration (#32713)
sapirshuker Feb 26, 2024
50633c8
EXPANDR-8024: Additional Azure Remediation Bug Fix and Improvements (…
content-bot Feb 28, 2024
d4b2a8f
fix tpb (#33117)
jlevypaloalto Feb 28, 2024
b072e80
Raise neo4j memory limit. (#33120)
YuvHayun Feb 28, 2024
5363bd2
Deprecate old bmc (#33118)
JudahSchwartz Feb 28, 2024
012d531
Fix/[XSUP-33100]/GitHub/Payload too large (#33045)
MosheEichler Feb 28, 2024
8f69ed6
[Marketplace Contribution] Cisco Umbrella cloud security - Content Pa…
content-bot Feb 28, 2024
83abce7
[EDL] get_indicators_to_format - fix demisto.error (#33123)
michal-dagan Feb 28, 2024
686cd80
Splunkpy cache incidents by window (#32857)
anas-yousef Feb 28, 2024
78ea735
[AzureLogAnalytics] update docs (#33076)
michal-dagan Feb 28, 2024
c629de8
merge from master
maimorag Feb 29, 2024
4e2afa7
removing param
maimorag Feb 29, 2024
c6de4ba
Update Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.py
maimorag Mar 4, 2024
a60cf46
Apply suggestions from code review
maimorag Mar 4, 2024
49a8b60
cr notes dan
maimorag Mar 4, 2024
1ea89b4
fixing test
maimorag Mar 6, 2024
a276d0c
cr dan
maimorag Mar 6, 2024
ccdc130
Update Packs/FeedMISP/ReleaseNotes/1_0_32.md
maimorag Mar 6, 2024
3f73597
cr eyal
maimorag Mar 6, 2024
03a902c
Update FeedMISP.yml
maimorag Mar 6, 2024
29b4e1c
Update 1_0_32.md
maimorag Mar 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 25 additions & 10 deletions Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,8 @@
'misp-galaxy:mitre-course-of-action': ThreatIntel.ObjectsNames.COURSE_OF_ACTION,
}

LIMIT: int = 2000


class Client(BaseClient):

Expand Down Expand Up @@ -210,7 +212,8 @@ def handle_file_type_fields(raw_type: str, indicator_obj: Dict[str, Any]) -> Non
indicator_obj['fields'][raw_type.upper()] = hash_value


def build_params_dict(tags: List[str], attribute_type: List[str], limit: int, page: int) -> Dict[str, Any]:
def build_params_dict(tags: List[str], attribute_type: List[str], limit: int, page: int, from_timestamp: str | None = None
) -> Dict[str, Any]:
"""
Creates a dictionary in the format required by MISP to be used as a query.
Args:
Expand All @@ -229,20 +232,28 @@ def build_params_dict(tags: List[str], attribute_type: List[str], limit: int, pa
'limit': limit,
'page': page
}
if from_timestamp:
params['from'] = from_timestamp
return params


def clean_user_query(query: str) -> Dict[str, Any]:
def parsing_user_query(query: str, limit: int, page: int = 1, from_timestamp: str | None = None) -> Dict[str, Any]:
"""
Takes the query string created by the user, adds necessary argument and removes unnecessary arguments
Parsing the query string created by the user by adding necessary argument and removing unnecessary arguments
Args:
query: User's query string
Returns: Dict which has only needed arguments to be sent to MISP
"""
global LIMIT
try:
params = json.loads(query)
params["returnFormat"] = "json"
params.pop("timestamp", None)
if 'page' not in params:
params["page"] = page
params["limit"] = params.get("limit") or LIMIT
if from_timestamp:
params['from'] = from_timestamp
except Exception as err:
demisto.debug(str(err))
raise DemistoException(f'Could not parse user query. \nError massage: {err}')
Expand Down Expand Up @@ -472,8 +483,8 @@ def get_attributes_command(client: Client, args: Dict[str, str], params: Dict[st
query = args.get('query', None)
attribute_type = argToList(args.get('attribute_type', ''))
page = arg_to_number(args.get('page')) or 1
params_dict = clean_user_query(query) if query else build_params_dict(tags=tags, attribute_type=attribute_type, limit=limit,
page=page)
params_dict = parsing_user_query(query, limit, page) if query else build_params_dict(tags=tags, attribute_type=attribute_type,
limit=limit, page=page)
response = client.search_query(params_dict)
if error_message := response.get('Error'):
raise DemistoException(error_message)
Expand Down Expand Up @@ -512,19 +523,23 @@ def fetch_attributes_command(client: Client, params: Dict[str, str]):
feed_tags = argToList(params.get("feedTags", []))
attribute_types = argToList(params.get('attribute_types', ''))
query = params.get('query', None)
params_dict = clean_user_query(query) if query else build_params_dict(tags=tags, attribute_type=attribute_types, limit=2000,
page=1)
last_run = demisto.getLastRun().get('timestamp') or ""
params_dict = parsing_user_query(query, LIMIT, from_timestamp=last_run) if query else\
build_params_dict(tags=tags, attribute_type=attribute_types, limit=LIMIT, page=1, from_timestamp=last_run)
search_query_per_page = client.search_query(params_dict)
demisto.debug(f'params_dict: {params_dict}')
while len(search_query_per_page.get("response", {}).get("Attribute", [])):
maimorag marked this conversation as resolved.
Show resolved Hide resolved
demisto.debug(f'search_query_per_page number of attributes:\
{len(search_query_per_page.get("response", {}).get("Attribute", []))}\
page: {params_dict["page"]}')
{len(search_query_per_page.get("response", {}).get("Attribute", []))} page: {params_dict["page"]}')
indicators = build_indicators(search_query_per_page, attribute_types, tlp_color, params.get('url'), reputation, feed_tags)
demisto.createIndicators(indicators)
for iter_ in batch(indicators, batch_size=2000):
demisto.createIndicators(iter_)
params_dict['page'] += 1
last_run = search_query_per_page['response']['Attribute'][-1]['timestamp']
maimorag marked this conversation as resolved.
Show resolved Hide resolved
search_query_per_page = client.search_query(params_dict)
if error_message := search_query_per_page.get('Error'):
raise DemistoException(f"Error in API call - check the input parameters and the API Key. Error: {error_message}")
demisto.setLastRun({'timestamp': last_run, 'params': params_dict})
maimorag marked this conversation as resolved.
Show resolved Hide resolved
maimorag marked this conversation as resolved.
Show resolved Hide resolved


def main():
Expand Down
2 changes: 1 addition & 1 deletion Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
category: Data Enrichment & Threat Intelligence

Check failure on line 1 in Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.yml

View workflow job for this annotation

GitHub Actions / pre-commit / pre-commit

Validation Error DO106 

The docker image tag is not the latest numeric tag, please update it.
The docker image tag in the yml file is: 3.10.13.87159
The latest docker image tag in docker hub is: 3.10.13.89009

You can check for the most updated version of demisto/python3 here: https://hub.docker.com/r/demisto/python3/tags 
To update the docker image run:
demisto-sdk format -ud -i Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.yml

Check failure on line 1 in Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.yml

View workflow job for this annotation

GitHub Actions / pre-commit / pre-commit

Validation Error BA109 

The integration files ['integration-FeedMISP.yml'] should be named ['integrationFeedMISP.yml'] without any separator in the base name.
commonfields:
id: MISP Feed
version: -1
Expand Down Expand Up @@ -142,7 +142,7 @@
script: '-'
type: python
subtype: python3
dockerimage: demisto/python3:3.10.13.86272
dockerimage: demisto/python3:3.10.13.87159
fromversion: 5.5.0
tests:
- MISPfeed Test
Expand Down
25 changes: 13 additions & 12 deletions Packs/FeedMISP/Integrations/FeedMISP/FeedMISP_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
import demistomock as demisto

from CommonServerPython import DemistoException, ThreatIntel, FeedIndicatorType
from FeedMISP import clean_user_query, build_indicators_iterator, \
from FeedMISP import parsing_user_query, build_indicators_iterator, \
handle_file_type_fields, get_galaxy_indicator_type, build_indicators_from_galaxies, \
update_indicator_fields, get_ip_type, Client, fetch_attributes_command

Expand Down Expand Up @@ -90,7 +90,7 @@ def test_handle_file_type_fields_hash_and_filename():
assert indicator_obj['value'] == 'somehashvalue'


def test_clean_user_query_success():
def test_parsing_user_query_success():
"""
Given
- A json string query
Expand All @@ -99,12 +99,12 @@ def test_clean_user_query_success():
Then
- create a dict from json string
"""
querystr = '{"returnFormat": "json", "type": {"OR": ["ip-src"]}, "tags": {"OR": ["tlp:%"]}}'
params = clean_user_query(querystr)
assert len(params) == 3
querystr = '{"returnFormat": "json","limit": "3", "type": {"OR": ["ip-src"]}, "tags": {"OR": ["tlp:%"]}}'
params = parsing_user_query(querystr, limit=40000)
assert len(params) == 5


def test_clean_user_query_bad_query():
def test_parsing_user_query_bad_query():
"""
Given
- A json string query
Expand All @@ -115,10 +115,10 @@ def test_clean_user_query_bad_query():
"""
with pytest.raises(DemistoException):
querystr = '{"returnFormat": "json", "type": {"OR": ["md5"]}, "tags": {"OR": ["tlp:%"]'
clean_user_query(querystr)
parsing_user_query(querystr, limit=4)


def test_clean_user_query_change_format():
def test_parsing_user_query_change_format():
"""
Given
- A json parsed result from qualys
Expand All @@ -128,11 +128,11 @@ def test_clean_user_query_change_format():
- change return format to json
"""
querystr = '{"returnFormat": "xml", "type": {"OR": ["md5"]}, "tags": {"OR": ["tlp:%"]}}'
params = clean_user_query(querystr)
params = parsing_user_query(querystr, limit=4)
assert params["returnFormat"] == "json"


def test_clean_user_query_remove_timestamp():
def test_parsing_user_query_remove_timestamp():
"""
Given
- A json parsed result from qualys
Expand All @@ -141,9 +141,9 @@ def test_clean_user_query_remove_timestamp():
Then
- Return query without the timestamp parameter
"""
good_query = '{"returnFormat": "json", "type": {"OR": ["md5"]}, "tags": {"OR": ["tlp:%"]}}'
good_query = '{"returnFormat": "json", "type": {"OR": ["md5"]}, "tags": {"OR": ["tlp:%"]}, "page": 1, "limit": 2000}'
querystr = '{"returnFormat": "json", "timestamp": "1617875568", "type": {"OR": ["md5"]}, "tags": {"OR": ["tlp:%"]}}'
params = clean_user_query(querystr)
params = parsing_user_query(querystr, limit=2)
assert good_query == json.dumps(params)


Expand Down Expand Up @@ -317,6 +317,7 @@ def test_search_query_indicators_pagination(mocker):
'type': 'attribute',
'filters': {'category': ['Payload delivery']},
}
mocker.patch("FeedMISP.LIMIT", new=2000)
mocker.patch.object(demisto, 'setLastRun')
mocker.patch.object(demisto, 'createIndicators')
fetch_attributes_command(client, params_dict)
Expand Down
Loading
Loading