From 624630a3073c63fa752677ac124f39a9e9ada9cb Mon Sep 17 00:00:00 2001
From: grokas <grokas@splunk.com>
Date: Tue, 26 Nov 2024 11:48:04 -0800
Subject: [PATCH] PAPP-34988 cleaning and fixes from tests

---
 crowdstrikeoauthapi.json         |  6 +++---
 crowdstrikeoauthapi_connector.py | 35 ++++++++++++++++----------------
 crowdstrikeoauthapi_consts.py    | 10 ++++++++-
 3 files changed, 29 insertions(+), 22 deletions(-)

diff --git a/crowdstrikeoauthapi.json b/crowdstrikeoauthapi.json
index 4d465cf..71d8c97 100644
--- a/crowdstrikeoauthapi.json
+++ b/crowdstrikeoauthapi.json
@@ -10367,8 +10367,8 @@
             "read_only": false,
             "versions": "EQ(*)",
             "parameters": {
-                "id": {
-                    "description": "Alert composite_id(s) to update, Comma-separated list allowed",
+                "alert_ids": {
+                    "description": "List of alert composite_ids to update, Comma-separated list allowed",
                     "data_type": "string",
                     "contains": [
                         "crowdstrike alert id"
@@ -10377,7 +10377,7 @@
                     "required": true,
                     "order": 0
                 },
-                "state": {
+                "status": {
                     "description": "Status to set",
                     "data_type": "string",
                     "value_list": [
diff --git a/crowdstrikeoauthapi_connector.py b/crowdstrikeoauthapi_connector.py
index 49042c0..7ede475 100644
--- a/crowdstrikeoauthapi_connector.py
+++ b/crowdstrikeoauthapi_connector.py
@@ -583,14 +583,13 @@ def _handle_resolve_detection(self, param):
     def _handle_resolve_epp_alerts(self, param):
         action_result = self.add_action_result(ActionResult(dict(param)))
 
-        composite_ids = param[CROWDSTRIKE_JSON_ID]
-        to_state = param[CROWDSTRIKE_RESOLVE_DETECTION_TO_STATE]
+        composite_ids = self.validate_comma_seperated_values(param.get(CROWDSTRIKE_ALERT_IDS))
+        if not composite_ids:
+            return action_result.set_status(phantom.APP_ERROR, CROWDSTRIKE_ERROR_INVALID_ACTION_PARAM.format(key=CROWDSTRIKE_ALERT_IDS))
 
+        to_state = param[CROWDSTRIKE_STATUS]
         if to_state not in CROWDSTRIKE_EPP_ALERT_STATUSES:
-            return action_result.set_status(phantom.APP_ERROR, CROWDSTRIKE_ERROR_INVALID_ACTION_PARAM.format(key="state"))
-
-        composite_ids = [x.strip() for x in composite_ids.split(",")]
-        composite_ids = list(filter(None, composite_ids))
+            return action_result.set_status(phantom.APP_ERROR, CROWDSTRIKE_ERROR_INVALID_ACTION_PARAM.format(key=CROWDSTRIKE_STATUS))
 
         api_data = {
             "composite_ids": composite_ids,
@@ -2031,9 +2030,9 @@ def _handle_get_epp_alerts_details(self, param):
         self.save_progress("In action handler for: {0}".format(self.get_action_identifier()))
         action_result = self.add_action_result(ActionResult(dict(param)))
 
-        composite_ids = self.validate_comma_seperated_values(param.get("alert_ids"))
+        composite_ids = self.validate_comma_seperated_values(param.get(CROWDSTRIKE_ALERT_IDS))
         if not composite_ids:
-            return action_result.set_status(phantom.APP_ERROR, CROWDSTRIKE_ERROR_INVALID_ACTION_PARAM.format(key="alert_ids"))
+            return action_result.set_status(phantom.APP_ERROR, CROWDSTRIKE_ERROR_INVALID_ACTION_PARAM.format(key=CROWDSTRIKE_ALERT_IDS))
 
         ret_val, response = self._make_rest_call_helper_oauth2(
             action_result,
@@ -2101,32 +2100,32 @@ def _handle_update_epp_alerts(self, param):
         self.save_progress("In action handler for: {0}".format(self.get_action_identifier()))
         action_result = self.add_action_result(ActionResult(dict(param)))
 
-        composite_ids = self.validate_comma_seperated_values(param.get("alert_ids"))
+        composite_ids = self.validate_comma_seperated_values(param.get(CROWDSTRIKE_ALERT_IDS))
         if not composite_ids:
-            return action_result.set_status(phantom.APP_ERROR, CROWDSTRIKE_ERROR_INVALID_ACTION_PARAM.format(key="alert_ids"))
+            return action_result.set_status(phantom.APP_ERROR, CROWDSTRIKE_ERROR_INVALID_ACTION_PARAM.format(key=CROWDSTRIKE_ALERT_IDS))
 
         data = {
             "composite_ids": composite_ids,
             "action_parameters": []
         }
 
-        show_in_ui = param.get("show_in_ui")
+        show_in_ui = param.get(CROWDSTRIKE_SHOW_IN_UI)
         if show_in_ui is not None:
             data["action_parameters"].append({
                 "name": "show_in_ui",
                 "value": str(show_in_ui).lower()
             })
 
-        status = param.get("status")
+        status = param.get(CROWDSTRIKE_STATUS)
         if status:
             if status not in CROWDSTRIKE_EPP_ALERT_STATUSES:
-                return action_result.set_status(phantom.APP_ERROR, CROWDSTRIKE_ERROR_INVALID_ACTION_PARAM.format(key="status"))
+                return action_result.set_status(phantom.APP_ERROR, CROWDSTRIKE_ERROR_INVALID_ACTION_PARAM.format(key=CROWDSTRIKE_STATUS))
             data["action_parameters"].append({
                 "name": "update_status",
                 "value": status
             })
 
-        assigned_to_user = param.get("assigned_to_user")
+        assigned_to_user = param.get(CROWDSTRIKE_ASSIGNED_TO_USER)
         unassign = param.get("unassign", False)
 
         if unassign:
@@ -2147,7 +2146,7 @@ def _handle_update_epp_alerts(self, param):
                 "value": assigned_to_user
             })
 
-        add_tags = param.get("add_tags")
+        add_tags = param.get(CROWDSTRIKE_ADD_TAGS)
         if add_tags:
             tags = [tag.strip() for tag in add_tags.split(",")]
             for tag in tags:
@@ -2157,7 +2156,7 @@ def _handle_update_epp_alerts(self, param):
                         "value": tag
                     })
 
-        remove_tags = param.get("remove_tags")
+        remove_tags = param.get(CROWDSTRIKE_REMOVE_TAGS)
         if remove_tags:
             tags = [tag.strip() for tag in remove_tags.split(",")]
             for tag in tags:
@@ -2167,14 +2166,14 @@ def _handle_update_epp_alerts(self, param):
                         "value": tag
                     })
 
-        remove_tags_prefix = param.get("remove_tags_by_prefix")
+        remove_tags_prefix = param.get(CROWDSTRIKE_REMOVE_TAGS_BY_PREFIX)
         if remove_tags_prefix:
             data["action_parameters"].append({
                 "name": "remove_tags_by_prefix",
                 "value": remove_tags_prefix.strip()
             })
 
-        comment = param.get("comment")
+        comment = param.get(CROWDSTRIKE_COMMENT)
         if comment:
             data["action_parameters"].append({
                 "name": "append_comment",
diff --git a/crowdstrikeoauthapi_consts.py b/crowdstrikeoauthapi_consts.py
index 4edd318..52dec00 100644
--- a/crowdstrikeoauthapi_consts.py
+++ b/crowdstrikeoauthapi_consts.py
@@ -55,7 +55,15 @@
 CROWDSTRIKE_JSON_LIST_IOC = "indicator_value"
 CROWDSTRIKE_POLL_INTERVAL = "detonate_timeout"
 CROWDSTRIKE_RESOURCE_ID = "resource_id"
-
+CROWDSTRIKE_ALERT_IDS = "alert_ids"
+CROWDSTRIKE_STATUS = "status"
+CROWDSTRIKE_COMMENT = "comment"
+CROWDSTRIKE_ASSIGNED_TO_USER = "assigned_to_user"
+CROWDSTRIKE_UNASSIGN = "unassign"
+CROWDSTRIKE_SHOW_IN_UI = "show_in_ui"
+CROWDSTRIKE_ADD_TAGS = "add_tags"
+CROWDSTRIKE_REMOVE_TAGS = "remove_tags"
+CROWDSTRIKE_REMOVE_TAGS_BY_PREFIX = "remove_tags_by_prefix"
 # general parameters
 CROWDSTRIKE_FILTER = "filter"
 CROWDSTRIKE_INCLUDE_HIDDEN = "include_hidden"