From 788eee8f0665000907fbea848e7513cf3b91988e Mon Sep 17 00:00:00 2001
From: Dan Dye <dandye@google.com>
Date: Mon, 26 Jan 2026 07:26:51 -0500
Subject: [PATCH] feat: make SOAR SSL verification configurable via
 SOAR_SSL_VERIFY environment variable

---
 server/secops-soar/pyproject.toml                  |  5 +++--
 server/secops-soar/secops_soar_mcp/bindings.py     | 12 ++++++++++--
 server/secops-soar/secops_soar_mcp/http_client.py  | 12 +++++++-----
 server/secops-soar/secops_soar_mcp/utils/consts.py |  3 ++-
 4 files changed, 22 insertions(+), 10 deletions(-)

diff --git a/server/secops-soar/pyproject.toml b/server/secops-soar/pyproject.toml
index c8503762..c94fcede 100644
--- a/server/secops-soar/pyproject.toml
+++ b/server/secops-soar/pyproject.toml
@@ -6,7 +6,8 @@ readme = "README.md"
 requires-python = ">=3.11"
 dependencies = [
     "aiohttp>=3.11.15",
-    "mcp[cli]>=1.4.1"
+    "certifi>=2026.1.4",
+    "mcp[cli]>=1.4.1",
 ]
 
 [project.optional-dependencies]
@@ -17,4 +18,4 @@ test = [
 
 [build-system]
 requires = ["setuptools>=61.0"]
-build-backend = "setuptools.build_meta"
\ No newline at end of file
+build-backend = "setuptools.build_meta"
diff --git a/server/secops-soar/secops_soar_mcp/bindings.py b/server/secops-soar/secops_soar_mcp/bindings.py
index 094c1f1a..4c5c7be1 100644
--- a/server/secops-soar/secops_soar_mcp/bindings.py
+++ b/server/secops-soar/secops_soar_mcp/bindings.py
@@ -41,12 +41,20 @@ async def _get_valid_scopes():
 async def bind():
     """Binds global variables."""
     global http_client, valid_scopes
+    
+    # Parse SSL_VERIFY from env, default to True if not set
+    ssl_verify_raw = os.getenv(consts.ENV_SOAR_SSL_VERIFY, "true").lower()
+    ssl_verify = ssl_verify_raw == "true"
+
     http_client = HttpClient(
-        os.getenv(consts.ENV_SOAR_URL), os.getenv(consts.ENV_SOAR_APP_KEY)
+        os.getenv(consts.ENV_SOAR_URL),
+        os.getenv(consts.ENV_SOAR_APP_KEY),
+        ssl_verify
     )
     valid_scopes = await _get_valid_scopes()
 
 
 async def cleanup():
     """Cleans up global variables."""
-    await http_client.close()
+    if http_client:
+        await http_client.close()
diff --git a/server/secops-soar/secops_soar_mcp/http_client.py b/server/secops-soar/secops_soar_mcp/http_client.py
index 1c03768b..59ce0db4 100644
--- a/server/secops-soar/secops_soar_mcp/http_client.py
+++ b/server/secops-soar/secops_soar_mcp/http_client.py
@@ -25,10 +25,11 @@
 class HttpClient:
     """HTTP client for making requests to the SecOps SOAR API."""
 
-    def __init__(self, base_url: str, app_key: str):
+    def __init__(self, base_url: str, app_key: str, ssl_verify: bool = True):
         self.base_url = base_url
         self.app_key = app_key
         self._session = None
+        self.ssl_verify = ssl_verify
 
     def _get_session(self) -> aiohttp.ClientSession:
         if self._session is None:
@@ -58,7 +59,7 @@ async def get(
         headers = await self._get_headers()
         try:
             async with self._get_session().get(
-                self.base_url + endpoint, params=params, headers=headers
+                self.base_url + endpoint, params=params, headers=headers, ssl=self.ssl_verify
             ) as response:
                 response.raise_for_status()  # Raise an exception for 4xx/5xx responses
                 return await response.json()
@@ -87,7 +88,7 @@ async def post(
         headers = await self._get_headers()
         try:
             async with self._get_session().post(
-                self.base_url + endpoint, json=req, params=params, headers=headers
+                self.base_url + endpoint, json=req, params=params, headers=headers, ssl=self.ssl_verify
             ) as response:
                 response.raise_for_status()
                 data = await response.content.read()
@@ -118,7 +119,7 @@ async def patch(
         headers = await self._get_headers()
         try:
             async with self._get_session().patch(
-                self.base_url + endpoint, json=req, params=params, headers=headers
+                self.base_url + endpoint, json=req, params=params, headers=headers, ssl=self.ssl_verify
             ) as response:
                 response.raise_for_status()
                 return await response.json()
@@ -129,4 +130,5 @@ async def patch(
         return None
 
     async def close(self):
-        await self._get_session().close()
+        if self._session:
+            await self._get_session().close()
diff --git a/server/secops-soar/secops_soar_mcp/utils/consts.py b/server/secops-soar/secops_soar_mcp/utils/consts.py
index 3ff9448c..0e10f4c7 100644
--- a/server/secops-soar/secops_soar_mcp/utils/consts.py
+++ b/server/secops-soar/secops_soar_mcp/utils/consts.py
@@ -15,7 +15,7 @@
 
 ENV_SOAR_URL = "SOAR_URL"
 ENV_SOAR_APP_KEY = "SOAR_APP_KEY"
-
+ENV_SOAR_SSL_VERIFY = "SOAR_SSL_VERIFY"
 
 class Endpoints:
     """Endpoints for SOAR."""
@@ -40,3 +40,4 @@ class Endpoints:
     LIST_INVOLVED_EVENTS_BY_ALERT = (
         "/api/1p/external/v1.0/cases/{CASE_ID}/alerts/{ALERT_ID}/involvedEvents"
     )
+