diff --git a/.github/workflows/generate-doc.yml b/.github/workflows/generate-doc.yml
new file mode 100644
index 0000000..9284f9d
--- /dev/null
+++ b/.github/workflows/generate-doc.yml
@@ -0,0 +1,20 @@
+name: Generate Readme Doc
+on:
+ workflow_dispatch:
+ push:
+ paths:
+ - '*.json'
+ - 'readme.html'
+ - 'manual_readme_content.md'
+ tags-ignore:
+ - '**'
+ branches-ignore:
+ - next
+ - main
+jobs:
+ generate-doc:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: 'phantomcyber/dev-cicd-tools/github-actions/generate-doc@main'
+ with:
+ GITHUB_TOKEN: ${{ secrets.SOAR_APPS_TOKEN }}
diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml
index 6f15b22..131c639 100644
--- a/.github/workflows/linting.yml
+++ b/.github/workflows/linting.yml
@@ -1,7 +1,7 @@
name: Linting
on: [push, pull_request]
jobs:
- lint:
+ lint:
# Run per push for internal contributers. This isn't possible for forked pull requests,
# so we'll need to run on PR events for external contributers.
# String comparison below is case insensitive.
diff --git a/.github/workflows/review-release.yml b/.github/workflows/review-release.yml
new file mode 100644
index 0000000..6f3bf31
--- /dev/null
+++ b/.github/workflows/review-release.yml
@@ -0,0 +1,22 @@
+name: Review Release
+concurrency:
+ group: app-release
+ cancel-in-progress: true
+permissions:
+ contents: read
+ id-token: write
+ statuses: write
+on:
+ workflow_dispatch:
+ inputs:
+ task_token:
+ description: 'StepFunction task token'
+ required: true
+
+jobs:
+ review:
+ uses: 'phantomcyber/dev-cicd-tools/.github/workflows/review-release.yml@main'
+ with:
+ task_token: ${{ inputs.task_token }}
+ secrets:
+ resume_release_role_arn: ${{ secrets.RESUME_RELEASE_ROLE_ARN }}
diff --git a/.github/workflows/start-release.yml b/.github/workflows/start-release.yml
index d5fb354..7bbce79 100644
--- a/.github/workflows/start-release.yml
+++ b/.github/workflows/start-release.yml
@@ -1,9 +1,13 @@
name: Start Release
-on: workflow_dispatch
+on:
+ workflow_dispatch:
+ push:
+ tags:
+ - '*-beta*'
jobs:
start-release:
runs-on: ubuntu-latest
steps:
- uses: 'phantomcyber/dev-cicd-tools/github-actions/start-release@main'
with:
- GITHUB_TOKEN: ${{ secrets.SOAR_APPS_TOKEN }}
\ No newline at end of file
+ GITHUB_TOKEN: ${{ secrets.SOAR_APPS_TOKEN }}
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 7bda7cb..33c86c5 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,11 +1,11 @@
repos:
- repo: https://github.com/phantomcyber/dev-cicd-tools
- rev: v1.5
+ rev: v1.18
hooks:
- id: org-hook
- id: package-app-dependencies
- repo: https://github.com/Yelp/detect-secrets
- rev: v1.1.0
+ rev: v1.5.0
hooks:
- id: detect-secrets
args: ['--no-verify', '--exclude-files', '^dns.json$']
diff --git a/LICENSE b/LICENSE
index ef54a0e..b7b3c69 100644
--- a/LICENSE
+++ b/LICENSE
@@ -186,7 +186,7 @@
same "printed page" as the copyright notice for easier
identification within third-party archives.
- Copyright 2016-2022 Splunk Inc.
+ Copyright (c) 2016-2024 Splunk Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -198,4 +198,4 @@
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
- limitations under the License.
+ limitations under the License.
\ No newline at end of file
diff --git a/NOTICE b/NOTICE
index c36d53e..3c8be6e 100644
--- a/NOTICE
+++ b/NOTICE
@@ -1,22 +1,10 @@
Splunk SOAR DNS
-Copyright (c) 2016-2022 Splunk Inc.
+Copyright (c) 2016-2024 Splunk Inc.
Third-party Software Attributions:
-Library: beautifulsoup4
-Version: 4.9.1
-License: MIT
-Copyright 2004-2017 Leonard Richardson
-Copyright 2004-2019 Leonard Richardson
-Copyright 2018 Isaac Muse
-
Library: dnspython
Version: 1.16.0
License: ISC
Copyright 2001-2017 Nominum, Inc
Copyright Dnspython Contributors
-
-Library: requests
-Version: 2.25.0
-License: Apache 2.0
-Kenneth Reitz
diff --git a/README.md b/README.md
index 6cc990d..a58d68f 100644
--- a/README.md
+++ b/README.md
@@ -2,16 +2,16 @@
# DNS
Publisher: Splunk
-Connector Version: 2\.0\.23
+Connector Version: 2.0.25
Product Vendor: Generic
Product Name: DNS
-Product Version Supported (regex): "\.\*"
-Minimum Product Version: 5\.0\.0
+Product Version Supported (regex): ".\*"
+Minimum Product Version: 5.1.0
This app implements investigative actions that return DNS Records for the object queried
-[comment]: # " File: readme.md"
-[comment]: # " Copyright (c) 2016-2022 Splunk Inc."
+[comment]: # " File: README.md"
+[comment]: # " Copyright (c) 2016-2024 Splunk Inc."
[comment]: # ""
[comment]: # "Licensed under the Apache License, Version 2.0 (the 'License');"
[comment]: # "you may not use this file except in compliance with the License."
@@ -34,8 +34,8 @@ The below configuration variables are required for this Connector to operate. T
VARIABLE | REQUIRED | TYPE | DESCRIPTION
-------- | -------- | ---- | -----------
-**dns\_server** | optional | string | IP of the DNS server for lookups
-**host\_name** | optional | string | Hostname to be used in test connectivity
+**dns_server** | optional | string | IP of the DNS server for lookups
+**host_name** | optional | string | Hostname to be used in test connectivity
### Supported Actions
[test connectivity](#action-test-connectivity) - Validate the asset configuration for connectivity
@@ -60,7 +60,7 @@ Query DNS records for a Domain or Host Name
Type: **investigate**
Read only: **True**
-A list of record types to be resolved is supplied, one of which the user may choose as the value for the type parameter, these are\:
A
AAAA
CNAME
HINFO
ISDN
MX
NS
SOA
TXT
When taking a lookup domain action from a Playbook, the author can look up arbitrary DNS record types by supplying the desired record type as a string for the type parameter\.
+A list of record types to be resolved is supplied, one of which the user may choose as the value for the type parameter, these are:
A
AAAA
CNAME
HINFO
ISDN
MX
NS
SOA
TXT
When taking a lookup domain action from a Playbook, the author can look up arbitrary DNS record types by supplying the desired record type as a string for the type parameter.
#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
@@ -69,21 +69,21 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
**type** | optional | DNS Record Type | string |
#### Action Output
-DATA PATH | TYPE | CONTAINS
---------- | ---- | --------
-action\_result\.status | string |
-action\_result\.parameter\.domain | string | `host name` `domain`
-action\_result\.parameter\.type | string |
-action\_result\.data\.\*\.record\_info\_objects\.\*\.record\_info | string | `ip`
-action\_result\.data\.\*\.record\_infos | string | `ip`
-action\_result\.summary\.cannonical\_name | string |
-action\_result\.summary\.canonical\_name | string |
-action\_result\.summary\.hostname | string | `host name` `domain`
-action\_result\.summary\.record\_info | string | `ip`
-action\_result\.summary\.total\_record\_infos | numeric |
-action\_result\.message | string |
-summary\.total\_objects | numeric |
-summary\.total\_objects\_successful | numeric |
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string | | success failed
+action_result.parameter.domain | string | `host name` `domain` | test.com
+action_result.parameter.type | string | |
+action_result.data.\*.record_info_objects.\*.record_info | string | `ip` | 122.122.122.122
+action_result.data.\*.record_infos | string | `ip` | 122.122.122.122
+action_result.summary.cannonical_name | string | | phantomtest.com. test.com.
+action_result.summary.canonical_name | string | |
+action_result.summary.hostname | string | `host name` `domain` | ffobaaar.com
+action_result.summary.record_info | string | `ip` | 122.122.122.122
+action_result.summary.total_record_infos | numeric | | 1 6
+action_result.message | string | | None of DNS query names exist: ['ffobaaar.com.', 'ffobaaar.com.localdomain.'] Record info: 54.239.25.192, Total record infos: 6, Cannonical name: amazon.com.
+summary.total_objects | numeric | | 1
+summary.total_objects_successful | numeric | | 1
## action: 'lookup ip'
Query Reverse DNS records for an IP
@@ -91,7 +91,7 @@ Query Reverse DNS records for an IP
Type: **investigate**
Read only: **True**
-The lookup ip action takes an IP address parameter\. The IP address \(IPv4 or IPv6\) will be looked up against the appropriate reverse lookup DNS records, and any associate hostname\(s\) will be returned\. Only PTR type lookups are returned\.
+The lookup ip action takes an IP address parameter. The IP address (IPv4 or IPv6) will be looked up against the appropriate reverse lookup DNS records, and any associate hostname(s) will be returned. Only PTR type lookups are returned.
#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
@@ -99,15 +99,17 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
**ip** | required | IP to resolve | string | `ip`
#### Action Output
-DATA PATH | TYPE | CONTAINS
---------- | ---- | --------
-action\_result\.status | string |
-action\_result\.parameter\.ip | string | `ip`
-action\_result\.data | string |
-action\_result\.summary\.cannonical\_name | string |
-action\_result\.summary\.canonical\_name | string |
-action\_result\.summary\.hostname | string | `host name` `domain`
-action\_result\.summary\.ip | string | `ip`
-action\_result\.message | string |
-summary\.total\_objects | numeric |
-summary\.total\_objects\_successful | numeric |
\ No newline at end of file
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string | | success failed
+action_result.parameter.ip | string | `ip` | 122.122.122.122 123.123.123.123
+action_result.data | string | |
+action_result.summary.cannonical_name | string | | 122.122.122.122.in-addr.arpa.
+action_result.summary.canonical_name | string | |
+action_result.summary.hostname | string | `host name` `domain` | ec2-52-91-186-198.compute-1.test.com.
+action_result.summary.ip | string | `ip` | 122.122.122.122
+action_result.message | string | | Ip: 122.122.122.122
+Hostname: ec2-52-91-186-198.compute-1.test.com.
+Cannonical name: 122.122.122.122.in-addr.arpa. The DNS query name does not exist: 123.123.123.123.in-addr.arpa.
+summary.total_objects | numeric | | 1
+summary.total_objects_successful | numeric | | 1
\ No newline at end of file
diff --git a/__init__.py b/__init__.py
index 156a533..d7d82bb 100644
--- a/__init__.py
+++ b/__init__.py
@@ -1,6 +1,6 @@
# File: __init__.py
#
-# Copyright (c) 2016-2022 Splunk Inc.
+# Copyright (c) 2016-2024 Splunk Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/display_ip.html b/display_ip.html
index 9b42d12..7b2ca82 100644
--- a/display_ip.html
+++ b/display_ip.html
@@ -10,7 +10,7 @@
{% block widget_content %}
{% endblock %}
-
diff --git a/dns.json b/dns.json
index badcb76..90d6d87 100644
--- a/dns.json
+++ b/dns.json
@@ -5,14 +5,14 @@
"publisher": "Splunk",
"package_name": "phantom_dns",
"type": "information",
- "license": "Copyright (c) 2016-2022 Splunk Inc.",
+ "license": "Copyright (c) 2016-2024 Splunk Inc.",
"main_module": "dns_connector.py",
- "app_version": "2.0.23",
- "utctime_updated": "2022-01-07T04:07:45.000000Z",
+ "app_version": "2.0.25",
+ "utctime_updated": "2022-01-31T19:38:57.000000Z",
"product_vendor": "Generic",
"product_name": "DNS",
"product_version_regex": ".*",
- "min_phantom_version": "5.0.0",
+ "min_phantom_version": "5.1.0",
"fips_compliant": true,
"latest_tested_versions": [
"N/A (Note: tested using Google Public DNS server 8.8.8.8 as of 11/2020)"
@@ -28,8 +28,8 @@
"pip_dependencies": {
"wheel": [
{
- "module": "dns",
- "input_file": "dnspython/dnspython-1.16.0-py2.py3-none-any.whl"
+ "module": "dnspython",
+ "input_file": "wheels/shared/dnspython-1.16.0-py2.py3-none-any.whl"
}
]
},
@@ -328,4 +328,4 @@
"versions": "EQ(*)"
}
]
-}
\ No newline at end of file
+}
diff --git a/dns_connector.py b/dns_connector.py
index 16a500c..bb7b0b8 100644
--- a/dns_connector.py
+++ b/dns_connector.py
@@ -1,6 +1,6 @@
# File: dns_connector.py
#
-# Copyright (c) 2016-2022 Splunk Inc.
+# Copyright (c) 2016-2024 Splunk Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -156,6 +156,8 @@ def _handle_forward_lookup(self, param):
action_result = ActionResult(dict(param))
self.add_action_result(action_result)
+ self.save_progress(EXECUTION_START_MESSAGE.format(self.ACTION_ID_FORWARD_LOOKUP))
+
# get the server
server = self._server
host = param.get('domain')
@@ -205,6 +207,8 @@ def _handle_reverse_lookup(self, param):
action_result = ActionResult(dict(param))
self.add_action_result(action_result)
+ self.save_progress(EXECUTION_START_MESSAGE.format(self.ACTION_ID_REVERSE_LOOKUP))
+
# get the server
server = self._server
host = param.get('ip')
@@ -269,12 +273,14 @@ def handle_action(self, param):
argparser.add_argument('input_test_json', help='Input Test JSON file')
argparser.add_argument('-u', '--username', help='username', required=False)
argparser.add_argument('-p', '--password', help='password', required=False)
+ argparser.add_argument('-v', '--verify', action='store_true', help='verify', required=False, default=False)
args = argparser.parse_args()
session_id = None
username = args.username
password = args.password
+ verify = args.verify
if (username is not None and password is None):
# User specified a username but not a password, so ask
@@ -286,7 +292,7 @@ def handle_action(self, param):
try:
print("Accessing the Login page")
login_url = BaseConnector._get_phantom_base_url() + 'login'
- r = requests.get(login_url, verify=False)
+ r = requests.get(login_url, verify=verify, timeout=SAMPLEDNS_DEFAULT_REQUEST_TIMEOUT)
csrftoken = r.cookies['csrftoken']
data = dict()
@@ -299,11 +305,11 @@ def handle_action(self, param):
headers['Referer'] = login_url
print("Logging into Platform to get the session id")
- r2 = requests.post(login_url, verify=False, data=data, headers=headers)
+ r2 = requests.post(login_url, verify=verify, data=data, headers=headers, timeout=SAMPLEDNS_DEFAULT_REQUEST_TIMEOUT)
session_id = r2.cookies['sessionid']
except Exception as e:
print("Unable to get session id from the platfrom. Error: " + str(e))
- exit(1)
+ sys.exit(1)
with open(args.input_test_json) as f:
in_json = f.read()
@@ -320,4 +326,4 @@ def handle_action(self, param):
ret_val = connector._handle_action(json.dumps(in_json), None)
print(json.dumps(json.loads(ret_val), indent=4))
- exit(0)
+ sys.exit(0)
diff --git a/dns_consts.py b/dns_consts.py
index a28e331..bb9b547 100644
--- a/dns_consts.py
+++ b/dns_consts.py
@@ -1,6 +1,6 @@
# File: dns_consts.py
#
-# Copyright (c) 2016-2022 Splunk Inc.
+# Copyright (c) 2016-2024 Splunk Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -15,3 +15,7 @@
SAMPLEDNS_ERR_QUERY = "Lookup query failed"
SAMPLEDNS_SUCC_QUERY = "Host lookup successful"
SAMPLEDNS_ERR_QUERY_RETURNED_NO_DATA = "Lookup did not return any information"
+
+EXECUTION_START_MESSAGE = "Executing {0} action"
+
+SAMPLEDNS_DEFAULT_REQUEST_TIMEOUT = 30 # in seconds
diff --git a/dns_view.py b/dns_view.py
index b7e7b08..ab538cb 100644
--- a/dns_view.py
+++ b/dns_view.py
@@ -1,6 +1,6 @@
# File: dns_view.py
#
-# Copyright (c) 2016-2022 Splunk Inc.
+# Copyright (c) 2016-2024 Splunk Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/exclude_files.txt b/exclude_files.txt
deleted file mode 100644
index 2bfc80b..0000000
--- a/exclude_files.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-docker-compose.yml
-.gitlab-ci.yml
-Makefile
-.git*
-whitesource-results
\ No newline at end of file
diff --git a/logo_splunk.svg b/logo_splunk.svg
index 225e1cd..c67198d 100644
--- a/logo_splunk.svg
+++ b/logo_splunk.svg
@@ -1 +1 @@
-
\ No newline at end of file
+
diff --git a/logo_splunk_dark.svg b/logo_splunk_dark.svg
index 053089f..9051579 100644
--- a/logo_splunk_dark.svg
+++ b/logo_splunk_dark.svg
@@ -1 +1 @@
-
\ No newline at end of file
+
diff --git a/manual_readme_content.md b/manual_readme_content.md
new file mode 100644
index 0000000..32df151
--- /dev/null
+++ b/manual_readme_content.md
@@ -0,0 +1,17 @@
+[comment]: # " File: README.md"
+[comment]: # " Copyright (c) 2016-2024 Splunk Inc."
+[comment]: # ""
+[comment]: # "Licensed under the Apache License, Version 2.0 (the 'License');"
+[comment]: # "you may not use this file except in compliance with the License."
+[comment]: # "You may obtain a copy of the License at"
+[comment]: # ""
+[comment]: # " http://www.apache.org/licenses/LICENSE-2.0"
+[comment]: # ""
+[comment]: # "Unless required by applicable law or agreed to in writing, software distributed under"
+[comment]: # "the License is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,"
+[comment]: # "either express or implied. See the License for the specific language governing permissions"
+[comment]: # "and limitations under the License."
+[comment]: # ""
+This simple DNS resolver app is designed to provide both forward and reverse lookup capabilities.
+Users can specify a name and record type in a "lookup domain" action, or an IP address in a "lookup
+ip" action. IPv4 and IPv6 addresses are both supported.
diff --git a/readme.html b/readme.html
deleted file mode 100644
index 66aadbe..0000000
--- a/readme.html
+++ /dev/null
@@ -1,15 +0,0 @@
-
-
This simple DNS resolver app is designed to provide both forward and reverse lookup capabilities. Users can specify a name and record type in a "lookup domain" action, or an IP address in a "lookup ip" action. IPv4 and IPv6 addresses are both supported.
diff --git a/release_notes/2.0.25.md b/release_notes/2.0.25.md
new file mode 100644
index 0000000..fffb9fc
--- /dev/null
+++ b/release_notes/2.0.25.md
@@ -0,0 +1 @@
+* Removed certifi, requests and urllib dependencies in order to use platform packages [PAPP-31096, PAPP-30822, PAPP-33451]
\ No newline at end of file
diff --git a/requirements.txt b/requirements.txt
index 92637bc..2214373 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,3 +1 @@
-beautifulsoup4==4.9.1
dnspython==1.16.0
-requests==2.25.0
diff --git a/tox.ini b/tox.ini
new file mode 100644
index 0000000..c4644ad
--- /dev/null
+++ b/tox.ini
@@ -0,0 +1,7 @@
+[flake8]
+max-line-length = 145
+max-complexity = 28
+extend-ignore = F403,E128,E126,E111,E121,E127,E731,E201,E202,F405,E722,D,W292
+
+[isort]
+line_length = 145
diff --git a/dnspython/dnspython-1.16.0-py2.py3-none-any.whl b/wheels/shared/dnspython-1.16.0-py2.py3-none-any.whl
similarity index 100%
rename from dnspython/dnspython-1.16.0-py2.py3-none-any.whl
rename to wheels/shared/dnspython-1.16.0-py2.py3-none-any.whl