Merge pull request #13 from SEKOIA-IO/fix/sesitive_match_python_update

Fix: sesitive match python update
SEKOIA-IO · Aug 14, 2024 · ce699e6 · ce699e6
2 parents f6926b8 + d15855f
commit ce699e6
Show file tree

Hide file tree

Showing 324 changed files with 706 additions and 107,170 deletions.
diff --git a/.appinspect.manualcheck.yaml b/.appinspect.manualcheck.yaml
@@ -0,0 +1,18 @@
+# Required by pipeline
+check_for_builtin_functions:
+  comment: 'Checking for built-in functions'
+
+check_for_generic_operating_system_services:
+  comment: 'Checking for generic operating system services'
+
+check_for_plain_text_credentials_in_python:
+  comment: 'Checking for plain text credentials in Python'
+
+check_for_insecure_http_calls_in_python:
+  comment: 'Checking for insecure HTTP calls in Python'
+
+check_for_secret_disclosure:
+  comment: 'Checking for secret disclosure'
+
+check_for_executable_flag:
+  comment: 'Checking for executable flag'
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -27,7 +27,7 @@ jobs:
       - name: Setup Python
         uses: actions/setup-python@v2
         with:
-          python-version: 3.7
+          python-version: 3.9
 
       - name: Package Splunk App with CLI
         run: |

diff --git a/.gitignore b/.gitignore
@@ -6,3 +6,9 @@ __pycache__/
 # Splunk local configuration files
 sekoia.io/local/
 sekoia.io/metadata/local.meta
+
+.venv
+.venv-3.11
+.venv-3.10
+dist
+.idea
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,17 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## 2024-07-30 - 1.3.0
+
+### Changed
+
+- Remove support of python2
+- Add `case_sensitive_match` option to the configuration
+- Upgrade python build time version to 3.10
+- Custom wrapper over slim to have backward compatibility lower versions of python, as it is used by the splunk
diff --git a/sekoia.io/app.manifest b/sekoia.io/app.manifest
@@ -5,7 +5,7 @@
     "id": {
       "group": null,
       "name": "sekoia.io",
-      "version": "1.2.2"
+      "version": "1.3.0"
     },
     "author": [
       {

diff --git a/sekoia.io/bin/sekoia_indicators.py b/sekoia.io/bin/sekoia_indicators.py
@@ -248,8 +248,9 @@ def indicator_to_kv(self, indicator, api_root_url):
                         elif server_root_url.endswith("/api/"):
                             server_root_url = server_root_url[:-5]
 
+                    # Applying _key to lowercase to avoid case sensitivity
                     result = {
-                        "_key": value.strip("'"),
+                        "_key": value.strip("'").lower(),
                         "indicator_id": indicator["id"],
                         "server_root_url": server_root_url,
                         "valid_until": indicator.get("valid_until"),

diff --git a/sekoia.io/default/app.conf b/sekoia.io/default/app.conf
@@ -14,7 +14,7 @@ setup_view = setup
 [launcher]
 author = [email protected]
 description = Search your logs with Indicators of Compromise (IoCs) from SEKOIA.IO.
-version = 1.2.2
+version = 1.3.0
 
 [package]
 check_for_updates = 1

diff --git a/sekoia.io/default/transforms.conf b/sekoia.io/default/transforms.conf
@@ -17,6 +17,7 @@ max_matches = 1
 collection = sekoia_iocs_url
 external_type = kvstore
 fields_list = _key,type,valid_until,indicator_id
+case_sensitive_match = false
 max_matches = 1
 
 [sekoia_iocs_md5]