From 5ed4ea73755555c6af31dce03f49a1ac3d079019 Mon Sep 17 00:00:00 2001 From: Jason DeMelo Date: Fri, 28 Jan 2022 16:22:18 -0800 Subject: [PATCH 01/14] fix pipeline --- dns.json | 2 +- dns_connector.py | 10 ++++++---- dns_consts.py | 2 ++ 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/dns.json b/dns.json index badcb76..614d225 100644 --- a/dns.json +++ b/dns.json @@ -12,7 +12,7 @@ "product_vendor": "Generic", "product_name": "DNS", "product_version_regex": ".*", - "min_phantom_version": "5.0.0", + "min_phantom_version": "5.1.0", "fips_compliant": true, "latest_tested_versions": [ "N/A (Note: tested using Google Public DNS server 8.8.8.8 as of 11/2020)" diff --git a/dns_connector.py b/dns_connector.py index 16a500c..92a798b 100644 --- a/dns_connector.py +++ b/dns_connector.py @@ -269,12 +269,14 @@ def handle_action(self, param): argparser.add_argument('input_test_json', help='Input Test JSON file') argparser.add_argument('-u', '--username', help='username', required=False) argparser.add_argument('-p', '--password', help='password', required=False) + argparser.add_argument('-v', '--verify', action='store_true', help='verify', required=False, default=False) args = argparser.parse_args() session_id = None username = args.username password = args.password + verify = args.verify if (username is not None and password is None): # User specified a username but not a password, so ask @@ -286,7 +288,7 @@ def handle_action(self, param): try: print("Accessing the Login page") login_url = BaseConnector._get_phantom_base_url() + 'login' - r = requests.get(login_url, verify=False) + r = requests.get(login_url, verify=verify, timeout=SAMPLEDNS_DEFAULT_REQUEST_TIMEOUT) csrftoken = r.cookies['csrftoken'] data = dict() @@ -299,11 +301,11 @@ def handle_action(self, param): headers['Referer'] = login_url print("Logging into Platform to get the session id") - r2 = requests.post(login_url, verify=False, data=data, headers=headers) + r2 = requests.post(login_url, verify=verify, data=data, headers=headers, timeout=SAMPLEDNS_DEFAULT_REQUEST_TIMEOUT) session_id = r2.cookies['sessionid'] except Exception as e: print("Unable to get session id from the platfrom. Error: " + str(e)) - exit(1) + sys.exit(1) with open(args.input_test_json) as f: in_json = f.read() @@ -320,4 +322,4 @@ def handle_action(self, param): ret_val = connector._handle_action(json.dumps(in_json), None) print(json.dumps(json.loads(ret_val), indent=4)) - exit(0) + sys.exit(0) diff --git a/dns_consts.py b/dns_consts.py index a28e331..3fd2b93 100644 --- a/dns_consts.py +++ b/dns_consts.py @@ -15,3 +15,5 @@ SAMPLEDNS_ERR_QUERY = "Lookup query failed" SAMPLEDNS_SUCC_QUERY = "Host lookup successful" SAMPLEDNS_ERR_QUERY_RETURNED_NO_DATA = "Lookup did not return any information" + +SAMPLEDNS_DEFAULT_REQUEST_TIMEOUT = 30 # in seconds From e0109d18c2a339c7303aa5064bf35f6e5bdf34d7 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 31 Jan 2022 11:39:01 -0800 Subject: [PATCH 02/14] Bumped up the version of dns from 2.0.23 to 2.0.24 --- dns.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dns.json b/dns.json index 614d225..d126e2d 100644 --- a/dns.json +++ b/dns.json @@ -7,8 +7,8 @@ "type": "information", "license": "Copyright (c) 2016-2022 Splunk Inc.", "main_module": "dns_connector.py", - "app_version": "2.0.23", - "utctime_updated": "2022-01-07T04:07:45.000000Z", + "app_version": "2.0.24", + "utctime_updated": "2022-01-31T19:38:57.000000Z", "product_vendor": "Generic", "product_name": "DNS", "product_version_regex": ".*", From e71b53be209dc92078e97280e19d4bd66486acd3 Mon Sep 17 00:00:00 2001 From: splunk-soar-connectors-admin Date: Tue, 1 Feb 2022 13:12:17 -0800 Subject: [PATCH 03/14] Update pre-commit hook version --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 7bda7cb..9d205b7 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/phantomcyber/dev-cicd-tools - rev: v1.5 + rev: v1.9 hooks: - id: org-hook - id: package-app-dependencies From fc494ec6fb64dd6f0aa688d26d1c55b7df29d74f Mon Sep 17 00:00:00 2001 From: splunk-soar-connectors-admin Date: Fri, 4 Feb 2022 13:30:25 -0800 Subject: [PATCH 04/14] Updating start-release action trigger --- .github/workflows/start-release.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/start-release.yml b/.github/workflows/start-release.yml index d5fb354..7bbce79 100644 --- a/.github/workflows/start-release.yml +++ b/.github/workflows/start-release.yml @@ -1,9 +1,13 @@ name: Start Release -on: workflow_dispatch +on: + workflow_dispatch: + push: + tags: + - '*-beta*' jobs: start-release: runs-on: ubuntu-latest steps: - uses: 'phantomcyber/dev-cicd-tools/github-actions/start-release@main' with: - GITHUB_TOKEN: ${{ secrets.SOAR_APPS_TOKEN }} \ No newline at end of file + GITHUB_TOKEN: ${{ secrets.SOAR_APPS_TOKEN }} From c5fec376393568087f6446ec3441b22ab6fc8ba6 Mon Sep 17 00:00:00 2001 From: splunk-soar-connectors-admin Date: Mon, 18 Jul 2022 09:43:34 -0700 Subject: [PATCH 05/14] Adding workflow file for release review --- .github/workflows/review-release.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .github/workflows/review-release.yml diff --git a/.github/workflows/review-release.yml b/.github/workflows/review-release.yml new file mode 100644 index 0000000..6f3bf31 --- /dev/null +++ b/.github/workflows/review-release.yml @@ -0,0 +1,22 @@ +name: Review Release +concurrency: + group: app-release + cancel-in-progress: true +permissions: + contents: read + id-token: write + statuses: write +on: + workflow_dispatch: + inputs: + task_token: + description: 'StepFunction task token' + required: true + +jobs: + review: + uses: 'phantomcyber/dev-cicd-tools/.github/workflows/review-release.yml@main' + with: + task_token: ${{ inputs.task_token }} + secrets: + resume_release_role_arn: ${{ secrets.RESUME_RELEASE_ROLE_ARN }} From 1994e8affde90ea1ded466b6e8651d5d847530de Mon Sep 17 00:00:00 2001 From: splunk-soar-connectors-admin Date: Thu, 21 Jul 2022 22:03:17 -0700 Subject: [PATCH 06/14] 'stop maintaining and delete release_notes.html' --- release_notes/release_notes.html | 42 -------------------------------- 1 file changed, 42 deletions(-) delete mode 100644 release_notes/release_notes.html diff --git a/release_notes/release_notes.html b/release_notes/release_notes.html deleted file mode 100644 index 5289df9..0000000 --- a/release_notes/release_notes.html +++ /dev/null @@ -1,42 +0,0 @@ -DNS Release Notes - Published by Splunk January 07, 2022 -

-Version 2.0.23 - Released January 07, 2022 -
    -
  • Marked the app as FIPS Compliant [PAPP-21502]
    • -
-Version 2.0.22 - Released December 17, 2020 -
    -
  • Improved Python 3 compatibility release
    • -
-Version 2.0.9 - Released February 05, 2020 -
    -
  • Compatibility changes for Python 3 support
    • -
-Version 1.3.32 - Released November 26, 2018 -
    -
  • Bug fixes in 'lookup domain' action
    • -
-Version 1.3.28 - Released February 05, 2018 -
    -
  • App action views and Logo updates
    • -
-Version 1.3.21 - Released August 23, 2017 -
    -
  • 3.0 compatibility update
    • -
-Version 1.3.17 - Released January 10, 2017 -
    -
  • Code cleanup for pylint warnings, no functional change
    • -
-Version 1.3.16 - Released October 14, 2016 -
    -
  • Made improvements to the datapath settings
    • -
-Version 1.3.15 - Released June 28, 2016 -
    -
  • Updated Phantom logo, no functional changes
    • -
-Version 1.3.14 - Released June 13, 2016 -
    -
  • Initial release
    • -
From 0a308384cc39fd652ac9d48c1ba6b2d428902d57 Mon Sep 17 00:00:00 2001 From: splunk-soar-connectors-admin Date: Thu, 2 Mar 2023 22:14:35 -0800 Subject: [PATCH 07/14] 'create generate-doc.yml file' --- .github/workflows/generate-doc.yml | 14 ++++++++++++++ .pre-commit-config.yaml | 4 ++-- 2 files changed, 16 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/generate-doc.yml diff --git a/.github/workflows/generate-doc.yml b/.github/workflows/generate-doc.yml new file mode 100644 index 0000000..4661718 --- /dev/null +++ b/.github/workflows/generate-doc.yml @@ -0,0 +1,14 @@ +name: Generate Readme Doc +on: + workflow_dispatch: + push: + paths: + - '*.json' + - 'readme.html' +jobs: + generate-doc: + runs-on: ubuntu-latest + steps: + - uses: 'phantomcyber/dev-cicd-tools/github-actions/generate-doc@main' + with: + GITHUB_TOKEN: ${{ secrets.SOAR_APPS_TOKEN }} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 9d205b7..b1170e4 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,11 +1,11 @@ repos: - repo: https://github.com/phantomcyber/dev-cicd-tools - rev: v1.9 + rev: v1.16 hooks: - id: org-hook - id: package-app-dependencies - repo: https://github.com/Yelp/detect-secrets - rev: v1.1.0 + rev: v1.4.0 hooks: - id: detect-secrets args: ['--no-verify', '--exclude-files', '^dns.json$'] From 72a8d87540987c7f42396a017e1af0c0b7c07828 Mon Sep 17 00:00:00 2001 From: splunk-soar-connectors-admin Date: Mon, 6 Mar 2023 22:20:48 -0800 Subject: [PATCH 08/14] 'update generate-doc.yml file' --- .github/workflows/generate-doc.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/generate-doc.yml b/.github/workflows/generate-doc.yml index 4661718..e63a4cd 100644 --- a/.github/workflows/generate-doc.yml +++ b/.github/workflows/generate-doc.yml @@ -5,6 +5,11 @@ on: paths: - '*.json' - 'readme.html' + tags-ignore: + - '*-beta*' + branches-ignore: + - next + - main jobs: generate-doc: runs-on: ubuntu-latest From 478c2f24334944e21070a4672ae8332859f43f74 Mon Sep 17 00:00:00 2001 From: splunk-soar-connectors-admin Date: Tue, 7 Mar 2023 15:23:19 -0800 Subject: [PATCH 09/14] 'update generate-doc.yml file' --- .github/workflows/generate-doc.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/generate-doc.yml b/.github/workflows/generate-doc.yml index e63a4cd..7a3ba90 100644 --- a/.github/workflows/generate-doc.yml +++ b/.github/workflows/generate-doc.yml @@ -6,7 +6,7 @@ on: - '*.json' - 'readme.html' tags-ignore: - - '*-beta*' + - '**' branches-ignore: - next - main From 6bf3d4d03a91f95efc5b442ab3c193dd1339e6ad Mon Sep 17 00:00:00 2001 From: splunk-soar-connectors-admin Date: Sat, 22 Apr 2023 00:49:22 -0700 Subject: [PATCH 10/14] 'update generate-doc.yml file with manual_readme_content.md' --- .github/workflows/generate-doc.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/generate-doc.yml b/.github/workflows/generate-doc.yml index 7a3ba90..9284f9d 100644 --- a/.github/workflows/generate-doc.yml +++ b/.github/workflows/generate-doc.yml @@ -5,6 +5,7 @@ on: paths: - '*.json' - 'readme.html' + - 'manual_readme_content.md' tags-ignore: - '**' branches-ignore: From 14bd900b459521d29aa7475bbb952dc3ffa36e6e Mon Sep 17 00:00:00 2001 From: splunk-soar-connectors-admin Date: Fri, 14 Jul 2023 14:34:06 -0700 Subject: [PATCH 11/14] Remove semgrep workflow file --- .github/workflows/semgrep.yml | 28 ---------------------------- 1 file changed, 28 deletions(-) delete mode 100644 .github/workflows/semgrep.yml diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml deleted file mode 100644 index 23d31c5..0000000 --- a/.github/workflows/semgrep.yml +++ /dev/null @@ -1,28 +0,0 @@ -name: Semgrep -on: - pull_request_target: - branches: - - next - - main - push: - branches: - - next - - main -jobs: - semgrep: - runs-on: ubuntu-latest - steps: - - if: github.event_name == 'push' - run: | - echo "REPOSITORY=${{ github.repository }}" >> $GITHUB_ENV - echo "REF=${{ github.REF }}" >> $GITHUB_ENV - - if: github.event_name == 'pull_request_target' - run: | - echo "REPOSITORY=${{ github.event.pull_request.head.repo.full_name }}" >> $GITHUB_ENV - echo "REF=${{ github.event.pull_request.head.ref }}" >> $GITHUB_ENV - - uses: 'phantomcyber/dev-cicd-tools/github-actions/semgrep@main' - with: - SEMGREP_DEPLOYMENT_ID: ${{ secrets.SEMGREP_DEPLOYMENT_ID }} - SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }} - REPOSITORY: ${{ github.repository }} - REF: ${{ github.ref }} From cafa1d43b8ebb81bd81908fa12a31107d0e56f31 Mon Sep 17 00:00:00 2001 From: splunk-soar-connectors-admin Date: Tue, 1 Aug 2023 12:54:29 -0700 Subject: [PATCH 12/14] 'convert readme.html to manual_readme_content.md' --- manual_readme_content.md | 17 +++++++++++++++++ readme.html | 15 --------------- 2 files changed, 17 insertions(+), 15 deletions(-) create mode 100644 manual_readme_content.md delete mode 100644 readme.html diff --git a/manual_readme_content.md b/manual_readme_content.md new file mode 100644 index 0000000..e90a994 --- /dev/null +++ b/manual_readme_content.md @@ -0,0 +1,17 @@ +[comment]: # " File: README.md" +[comment]: # " Copyright (c) 2016-2022 Splunk Inc." +[comment]: # "" +[comment]: # "Licensed under the Apache License, Version 2.0 (the 'License');" +[comment]: # "you may not use this file except in compliance with the License." +[comment]: # "You may obtain a copy of the License at" +[comment]: # "" +[comment]: # " http://www.apache.org/licenses/LICENSE-2.0" +[comment]: # "" +[comment]: # "Unless required by applicable law or agreed to in writing, software distributed under" +[comment]: # "the License is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND," +[comment]: # "either express or implied. See the License for the specific language governing permissions" +[comment]: # "and limitations under the License." +[comment]: # "" +This simple DNS resolver app is designed to provide both forward and reverse lookup capabilities. +Users can specify a name and record type in a "lookup domain" action, or an IP address in a "lookup +ip" action. IPv4 and IPv6 addresses are both supported. diff --git a/readme.html b/readme.html deleted file mode 100644 index 66aadbe..0000000 --- a/readme.html +++ /dev/null @@ -1,15 +0,0 @@ - -

This simple DNS resolver app is designed to provide both forward and reverse lookup capabilities. Users can specify a name and record type in a "lookup domain" action, or an IP address in a "lookup ip" action. IPv4 and IPv6 addresses are both supported.

From 25a68d31f867fc75a6d7274e8beccf4cf64d95d6 Mon Sep 17 00:00:00 2001 From: mmomin-crest <85155176+mmomin-crest@users.noreply.github.com> Date: Mon, 9 Sep 2024 10:50:00 +0530 Subject: [PATCH 13/14] PAPP-31096, PAPP-30822: Updated requests, certifi, requests, urllib3 dependencies (#7) * PAPP-30822: Updated requests dependencies * Update README.md * Done pre-commit changes --------- Co-authored-by: splunk-soar-connectors-admin Co-authored-by: Ishan Shah --- .github/workflows/linting.yml | 2 +- .pre-commit-config.yaml | 4 +- LICENSE | 2 +- NOTICE | 14 +--- README.md | 74 +++++++++--------- __init__.py | 2 +- display_ip.html | 5 +- dns.json | 10 +-- dns_connector.py | 6 +- dns_consts.py | 4 +- dns_view.py | 2 +- exclude_files.txt | 5 -- logo_splunk.svg | 2 +- logo_splunk_dark.svg | 2 +- manual_readme_content.md | 2 +- release_notes/unreleased.md | 1 + requirements.txt | 2 - tox.ini | 7 ++ .../dnspython-1.16.0-py2.py3-none-any.whl | Bin 19 files changed, 71 insertions(+), 75 deletions(-) delete mode 100644 exclude_files.txt create mode 100644 tox.ini rename {dnspython => wheels/shared}/dnspython-1.16.0-py2.py3-none-any.whl (100%) diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index 6f15b22..131c639 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -1,7 +1,7 @@ name: Linting on: [push, pull_request] jobs: - lint: + lint: # Run per push for internal contributers. This isn't possible for forked pull requests, # so we'll need to run on PR events for external contributers. # String comparison below is case insensitive. diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index b1170e4..33c86c5 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,11 +1,11 @@ repos: - repo: https://github.com/phantomcyber/dev-cicd-tools - rev: v1.16 + rev: v1.18 hooks: - id: org-hook - id: package-app-dependencies - repo: https://github.com/Yelp/detect-secrets - rev: v1.4.0 + rev: v1.5.0 hooks: - id: detect-secrets args: ['--no-verify', '--exclude-files', '^dns.json$'] diff --git a/LICENSE b/LICENSE index ef54a0e..4b0cd55 100644 --- a/LICENSE +++ b/LICENSE @@ -186,7 +186,7 @@ same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright 2016-2022 Splunk Inc. + Copyright 2016-2024 Splunk Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/NOTICE b/NOTICE index c36d53e..3c8be6e 100644 --- a/NOTICE +++ b/NOTICE @@ -1,22 +1,10 @@ Splunk SOAR DNS -Copyright (c) 2016-2022 Splunk Inc. +Copyright (c) 2016-2024 Splunk Inc. Third-party Software Attributions: -Library: beautifulsoup4 -Version: 4.9.1 -License: MIT -Copyright 2004-2017 Leonard Richardson -Copyright 2004-2019 Leonard Richardson -Copyright 2018 Isaac Muse - Library: dnspython Version: 1.16.0 License: ISC Copyright 2001-2017 Nominum, Inc Copyright Dnspython Contributors - -Library: requests -Version: 2.25.0 -License: Apache 2.0 -Kenneth Reitz diff --git a/README.md b/README.md index 6cc990d..a58d68f 100644 --- a/README.md +++ b/README.md @@ -2,16 +2,16 @@ # DNS Publisher: Splunk -Connector Version: 2\.0\.23 +Connector Version: 2.0.25 Product Vendor: Generic Product Name: DNS -Product Version Supported (regex): "\.\*" -Minimum Product Version: 5\.0\.0 +Product Version Supported (regex): ".\*" +Minimum Product Version: 5.1.0 This app implements investigative actions that return DNS Records for the object queried -[comment]: # " File: readme.md" -[comment]: # " Copyright (c) 2016-2022 Splunk Inc." +[comment]: # " File: README.md" +[comment]: # " Copyright (c) 2016-2024 Splunk Inc." [comment]: # "" [comment]: # "Licensed under the Apache License, Version 2.0 (the 'License');" [comment]: # "you may not use this file except in compliance with the License." @@ -34,8 +34,8 @@ The below configuration variables are required for this Connector to operate. T VARIABLE | REQUIRED | TYPE | DESCRIPTION -------- | -------- | ---- | ----------- -**dns\_server** | optional | string | IP of the DNS server for lookups -**host\_name** | optional | string | Hostname to be used in test connectivity +**dns_server** | optional | string | IP of the DNS server for lookups +**host_name** | optional | string | Hostname to be used in test connectivity ### Supported Actions [test connectivity](#action-test-connectivity) - Validate the asset configuration for connectivity @@ -60,7 +60,7 @@ Query DNS records for a Domain or Host Name Type: **investigate** Read only: **True** -A list of record types to be resolved is supplied, one of which the user may choose as the value for the type parameter, these are\:
  • A
  • AAAA
  • CNAME
  • HINFO
  • ISDN
  • MX
  • NS
  • SOA
  • TXT
When taking a lookup domain action from a Playbook, the author can look up arbitrary DNS record types by supplying the desired record type as a string for the type parameter\. +A list of record types to be resolved is supplied, one of which the user may choose as the value for the type parameter, these are:
  • A
  • AAAA
  • CNAME
  • HINFO
  • ISDN
  • MX
  • NS
  • SOA
  • TXT
When taking a lookup domain action from a Playbook, the author can look up arbitrary DNS record types by supplying the desired record type as a string for the type parameter. #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS @@ -69,21 +69,21 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS **type** | optional | DNS Record Type | string | #### Action Output -DATA PATH | TYPE | CONTAINS ---------- | ---- | -------- -action\_result\.status | string | -action\_result\.parameter\.domain | string | `host name` `domain` -action\_result\.parameter\.type | string | -action\_result\.data\.\*\.record\_info\_objects\.\*\.record\_info | string | `ip` -action\_result\.data\.\*\.record\_infos | string | `ip` -action\_result\.summary\.cannonical\_name | string | -action\_result\.summary\.canonical\_name | string | -action\_result\.summary\.hostname | string | `host name` `domain` -action\_result\.summary\.record\_info | string | `ip` -action\_result\.summary\.total\_record\_infos | numeric | -action\_result\.message | string | -summary\.total\_objects | numeric | -summary\.total\_objects\_successful | numeric | +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.status | string | | success failed +action_result.parameter.domain | string | `host name` `domain` | test.com +action_result.parameter.type | string | | +action_result.data.\*.record_info_objects.\*.record_info | string | `ip` | 122.122.122.122 +action_result.data.\*.record_infos | string | `ip` | 122.122.122.122 +action_result.summary.cannonical_name | string | | phantomtest.com. test.com. +action_result.summary.canonical_name | string | | +action_result.summary.hostname | string | `host name` `domain` | ffobaaar.com +action_result.summary.record_info | string | `ip` | 122.122.122.122 +action_result.summary.total_record_infos | numeric | | 1 6 +action_result.message | string | | None of DNS query names exist: ['ffobaaar.com.', 'ffobaaar.com.localdomain.'] Record info: 54.239.25.192, Total record infos: 6, Cannonical name: amazon.com. +summary.total_objects | numeric | | 1 +summary.total_objects_successful | numeric | | 1 ## action: 'lookup ip' Query Reverse DNS records for an IP @@ -91,7 +91,7 @@ Query Reverse DNS records for an IP Type: **investigate** Read only: **True** -The lookup ip action takes an IP address parameter\. The IP address \(IPv4 or IPv6\) will be looked up against the appropriate reverse lookup DNS records, and any associate hostname\(s\) will be returned\. Only PTR type lookups are returned\. +The lookup ip action takes an IP address parameter. The IP address (IPv4 or IPv6) will be looked up against the appropriate reverse lookup DNS records, and any associate hostname(s) will be returned. Only PTR type lookups are returned. #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS @@ -99,15 +99,17 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS **ip** | required | IP to resolve | string | `ip` #### Action Output -DATA PATH | TYPE | CONTAINS ---------- | ---- | -------- -action\_result\.status | string | -action\_result\.parameter\.ip | string | `ip` -action\_result\.data | string | -action\_result\.summary\.cannonical\_name | string | -action\_result\.summary\.canonical\_name | string | -action\_result\.summary\.hostname | string | `host name` `domain` -action\_result\.summary\.ip | string | `ip` -action\_result\.message | string | -summary\.total\_objects | numeric | -summary\.total\_objects\_successful | numeric | \ No newline at end of file +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.status | string | | success failed +action_result.parameter.ip | string | `ip` | 122.122.122.122 123.123.123.123 +action_result.data | string | | +action_result.summary.cannonical_name | string | | 122.122.122.122.in-addr.arpa. +action_result.summary.canonical_name | string | | +action_result.summary.hostname | string | `host name` `domain` | ec2-52-91-186-198.compute-1.test.com. +action_result.summary.ip | string | `ip` | 122.122.122.122 +action_result.message | string | | Ip: 122.122.122.122 +Hostname: ec2-52-91-186-198.compute-1.test.com. +Cannonical name: 122.122.122.122.in-addr.arpa. The DNS query name does not exist: 123.123.123.123.in-addr.arpa. +summary.total_objects | numeric | | 1 +summary.total_objects_successful | numeric | | 1 \ No newline at end of file diff --git a/__init__.py b/__init__.py index 156a533..d7d82bb 100644 --- a/__init__.py +++ b/__init__.py @@ -1,6 +1,6 @@ # File: __init__.py # -# Copyright (c) 2016-2022 Splunk Inc. +# Copyright (c) 2016-2024 Splunk Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/display_ip.html b/display_ip.html index 9b42d12..7b2ca82 100644 --- a/display_ip.html +++ b/display_ip.html @@ -10,7 +10,7 @@ {% block widget_content %} {% endblock %} - diff --git a/dns.json b/dns.json index d126e2d..90d6d87 100644 --- a/dns.json +++ b/dns.json @@ -5,9 +5,9 @@ "publisher": "Splunk", "package_name": "phantom_dns", "type": "information", - "license": "Copyright (c) 2016-2022 Splunk Inc.", + "license": "Copyright (c) 2016-2024 Splunk Inc.", "main_module": "dns_connector.py", - "app_version": "2.0.24", + "app_version": "2.0.25", "utctime_updated": "2022-01-31T19:38:57.000000Z", "product_vendor": "Generic", "product_name": "DNS", @@ -28,8 +28,8 @@ "pip_dependencies": { "wheel": [ { - "module": "dns", - "input_file": "dnspython/dnspython-1.16.0-py2.py3-none-any.whl" + "module": "dnspython", + "input_file": "wheels/shared/dnspython-1.16.0-py2.py3-none-any.whl" } ] }, @@ -328,4 +328,4 @@ "versions": "EQ(*)" } ] -} \ No newline at end of file +} diff --git a/dns_connector.py b/dns_connector.py index 92a798b..bb7b0b8 100644 --- a/dns_connector.py +++ b/dns_connector.py @@ -1,6 +1,6 @@ # File: dns_connector.py # -# Copyright (c) 2016-2022 Splunk Inc. +# Copyright (c) 2016-2024 Splunk Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -156,6 +156,8 @@ def _handle_forward_lookup(self, param): action_result = ActionResult(dict(param)) self.add_action_result(action_result) + self.save_progress(EXECUTION_START_MESSAGE.format(self.ACTION_ID_FORWARD_LOOKUP)) + # get the server server = self._server host = param.get('domain') @@ -205,6 +207,8 @@ def _handle_reverse_lookup(self, param): action_result = ActionResult(dict(param)) self.add_action_result(action_result) + self.save_progress(EXECUTION_START_MESSAGE.format(self.ACTION_ID_REVERSE_LOOKUP)) + # get the server server = self._server host = param.get('ip') diff --git a/dns_consts.py b/dns_consts.py index 3fd2b93..bb9b547 100644 --- a/dns_consts.py +++ b/dns_consts.py @@ -1,6 +1,6 @@ # File: dns_consts.py # -# Copyright (c) 2016-2022 Splunk Inc. +# Copyright (c) 2016-2024 Splunk Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,4 +16,6 @@ SAMPLEDNS_SUCC_QUERY = "Host lookup successful" SAMPLEDNS_ERR_QUERY_RETURNED_NO_DATA = "Lookup did not return any information" +EXECUTION_START_MESSAGE = "Executing {0} action" + SAMPLEDNS_DEFAULT_REQUEST_TIMEOUT = 30 # in seconds diff --git a/dns_view.py b/dns_view.py index b7e7b08..ab538cb 100644 --- a/dns_view.py +++ b/dns_view.py @@ -1,6 +1,6 @@ # File: dns_view.py # -# Copyright (c) 2016-2022 Splunk Inc. +# Copyright (c) 2016-2024 Splunk Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/exclude_files.txt b/exclude_files.txt deleted file mode 100644 index 2bfc80b..0000000 --- a/exclude_files.txt +++ /dev/null @@ -1,5 +0,0 @@ -docker-compose.yml -.gitlab-ci.yml -Makefile -.git* -whitesource-results \ No newline at end of file diff --git a/logo_splunk.svg b/logo_splunk.svg index 225e1cd..c67198d 100644 --- a/logo_splunk.svg +++ b/logo_splunk.svg @@ -1 +1 @@ -Asset 1 \ No newline at end of file +Asset 1 diff --git a/logo_splunk_dark.svg b/logo_splunk_dark.svg index 053089f..9051579 100644 --- a/logo_splunk_dark.svg +++ b/logo_splunk_dark.svg @@ -1 +1 @@ -Asset 2 \ No newline at end of file +Asset 2 diff --git a/manual_readme_content.md b/manual_readme_content.md index e90a994..32df151 100644 --- a/manual_readme_content.md +++ b/manual_readme_content.md @@ -1,5 +1,5 @@ [comment]: # " File: README.md" -[comment]: # " Copyright (c) 2016-2022 Splunk Inc." +[comment]: # " Copyright (c) 2016-2024 Splunk Inc." [comment]: # "" [comment]: # "Licensed under the Apache License, Version 2.0 (the 'License');" [comment]: # "you may not use this file except in compliance with the License." diff --git a/release_notes/unreleased.md b/release_notes/unreleased.md index fbcb2fd..7f5e8f4 100644 --- a/release_notes/unreleased.md +++ b/release_notes/unreleased.md @@ -1 +1,2 @@ **Unreleased** +* Removed certifi, requests and urllib dependencies in order to use platform packages [PAPP-31096, PAPP-30822, PAPP-33451] diff --git a/requirements.txt b/requirements.txt index 92637bc..2214373 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1 @@ -beautifulsoup4==4.9.1 dnspython==1.16.0 -requests==2.25.0 diff --git a/tox.ini b/tox.ini new file mode 100644 index 0000000..c4644ad --- /dev/null +++ b/tox.ini @@ -0,0 +1,7 @@ +[flake8] +max-line-length = 145 +max-complexity = 28 +extend-ignore = F403,E128,E126,E111,E121,E127,E731,E201,E202,F405,E722,D,W292 + +[isort] +line_length = 145 diff --git a/dnspython/dnspython-1.16.0-py2.py3-none-any.whl b/wheels/shared/dnspython-1.16.0-py2.py3-none-any.whl similarity index 100% rename from dnspython/dnspython-1.16.0-py2.py3-none-any.whl rename to wheels/shared/dnspython-1.16.0-py2.py3-none-any.whl From 1f2507a65c7bbc14f89e3dc7a01a8fee1529c75b Mon Sep 17 00:00:00 2001 From: root Date: Sun, 8 Sep 2024 22:21:12 -0700 Subject: [PATCH 14/14] Release notes for version 2.0.25 --- LICENSE | 4 ++-- release_notes/2.0.25.md | 1 + release_notes/unreleased.md | 1 - 3 files changed, 3 insertions(+), 3 deletions(-) create mode 100644 release_notes/2.0.25.md diff --git a/LICENSE b/LICENSE index 4b0cd55..b7b3c69 100644 --- a/LICENSE +++ b/LICENSE @@ -186,7 +186,7 @@ same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright 2016-2024 Splunk Inc. + Copyright (c) 2016-2024 Splunk Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -198,4 +198,4 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and - limitations under the License. + limitations under the License. \ No newline at end of file diff --git a/release_notes/2.0.25.md b/release_notes/2.0.25.md new file mode 100644 index 0000000..fffb9fc --- /dev/null +++ b/release_notes/2.0.25.md @@ -0,0 +1 @@ +* Removed certifi, requests and urllib dependencies in order to use platform packages [PAPP-31096, PAPP-30822, PAPP-33451] \ No newline at end of file diff --git a/release_notes/unreleased.md b/release_notes/unreleased.md index 7f5e8f4..fbcb2fd 100644 --- a/release_notes/unreleased.md +++ b/release_notes/unreleased.md @@ -1,2 +1 @@ **Unreleased** -* Removed certifi, requests and urllib dependencies in order to use platform packages [PAPP-31096, PAPP-30822, PAPP-33451]