v2.1.5 - proxy bug fix (#18)

GreyNoise-Intelligence · Mar 6, 2023 · 7836b58 · 7836b58
1 parent 31a17dc
commit 7836b58
Show file tree

Hide file tree

Showing 10 changed files with 30 additions and 19 deletions.
diff --git a/README.md b/README.md
@@ -6,7 +6,7 @@ This is an app powered by the Splunk Add-on Builder.
 GreyNoise Splunk app provides multiple dashboards to effectively analyse and visualize the contextual and statistical data provided by GreyNoise. It also includes custom commands and alert actions which can be used along with Splunk searches to leverage GreyNoise APIs for custom use cases. It periodically scans the Splunk deployment through saved search to indicate the noise and RIOT IPs in the complete Splunk deployment. Along with this, the workflow action provided can be used to obtain live context information of any CIM compliant field containing an IP address.
 
  - Author: GreyNoise Intelligence Inc
- - Version: 2.1.4
+ - Version: 2.1.5
  - Creates Index: False
  - Has index-time operation: True
  - Implements summarization: False
@@ -17,6 +17,9 @@ GreyNoise Splunk app provides multiple dashboards to effectively analyse and vis
  - OS: Platform independent
  - Vendor Products: GreyNoise API
 
+# RELEASE NOTES (Version 2.1.5) #
+ - Fix bug with `gnenrich`, `gnriot`, and `gnfilter` where proxy wasn't being used for API key validation
+
 # RELEASE NOTES (Version 2.1.4) #
  - Add support for configuring proxy information in conf file
  - Add support for IP Destination Geo feature fields

diff --git a/app.manifest b/app.manifest
@@ -5,7 +5,7 @@
     "id": {
       "group": null,
       "name": "SA-GreyNoise",
-      "version": "2.1.4"
+      "version": "2.1.5"
     },
     "author": [
       {

diff --git a/appserver/static/js/build/globalConfig.json b/appserver/static/js/build/globalConfig.json
@@ -274,7 +274,7 @@
     }, 
     "meta": {
         "displayName": "GreyNoise App for Splunk", 
-        "version": "2.1.4",
+        "version": "2.1.5",
         "restRoot": "app_greynoise", 
         "name": "SA-GreyNoise", 
         "apiVersion": "3.0.0"

diff --git a/bin/SA_GreyNoise/splunktaucclib/rest_handler/credentials.py b/bin/SA_GreyNoise/splunktaucclib/rest_handler/credentials.py
@@ -200,8 +200,12 @@ def decrypt_for_get(self, name, data):
 
                     else:
                         # get clear password for the field
-                        data[field_name] = clear_password[field_name]
-                        encrypting[field_name] = clear_password[field_name]
+                        if clear_password and field_name in clear_password:
+                            data[field_name] = clear_password[field_name]
+                            encrypting[field_name] = clear_password[field_name]
+                        else:
+                            data[field_name] = ""
+                            encrypting[field_name] = ""
 
             if encrypting and clear_password != encrypting:
                 # update passwords.conf if password changed
@@ -329,6 +333,10 @@ def _merge_passwords(self, data, passwords):
                     if existed_model["content"][k] == self.PASSWORD:
                         # set existing as raw value
                         existed_model["content"][k] = v
+                    elif existed_model["content"][k] == "********":
+                        # set existing as raw value, magic pattern is the old one so rewrite this item to fix it.
+                        existed_model["content"][k] = v
+                        need_write_magic_pwd = True
                     elif existed_model["content"][k] == "":
                         # mark to delete it
                         clear_password[k] = ""

diff --git a/bin/gnenrich.py b/bin/gnenrich.py
@@ -85,7 +85,7 @@ def transform(self, records):
 
                 # API key validation
                 if not self.api_validation_flag:
-                    api_key_validation, message = utility.validate_api_key(api_key, logger)
+                    api_key_validation, message = utility.validate_api_key(api_key, logger, proxy)
                     logger.debug("API validation status: {}, message: {}".format(api_key_validation, str(message)))
                     self.api_validation_flag = True
                     if not api_key_validation:

diff --git a/bin/gnfilter.py b/bin/gnfilter.py
@@ -161,7 +161,7 @@ def transform(self, records):
 
                 # API key validation
                 if not self.api_validation_flag:
-                    api_key_validation, message = utility.validate_api_key(api_key, logger)
+                    api_key_validation, message = utility.validate_api_key(api_key, logger, proxy)
                     logger.debug("API validation status: {}, message: {}".format(api_key_validation, str(message)))
                     self.api_validation_flag = True
                     if not api_key_validation:

diff --git a/bin/gnriot.py b/bin/gnriot.py
@@ -171,7 +171,7 @@ def transform(self, records):
 
                     # API key validation
                     if not self.api_validation_flag:
-                        api_key_validation, message = utility.validate_api_key(api_key, logger)
+                        api_key_validation, message = utility.validate_api_key(api_key, logger, proxy)
                         logger.debug("API validation status: {}, message: {}".format(api_key_validation, str(message)))
                         self.api_validation_flag = True
                         if not api_key_validation:

diff --git a/bin/greynoise_constants.py b/bin/greynoise_constants.py
@@ -1,4 +1,4 @@
 
-INTEGRATION_NAME = "greynoise-splunk-app-v2.1.4"
+INTEGRATION_NAME = "greynoise-splunk-app-v2.1.5"
 BACKOFF_FACTOR = 30
 MAX_RETRIES = 3
diff --git a/default/app.conf b/default/app.conf
@@ -7,7 +7,7 @@ build = 29
 
 [launcher]
 author = GreyNoise Intelligence Inc
-version = 2.1.4
+version = 2.1.5
 description = Provides dashboards to effectively analyze and visualize the contextual and statistical data for the IPs using GreyNoise Python SDK. It also provides custom commands for the GreyNoise.
 
 [ui]

diff --git a/default/searchbnf.conf b/default/searchbnf.conf
@@ -5,7 +5,7 @@ shortdesc = Retrieves context information about IP from the GreyNoise.
 example1 = | gnip ip="<ip_address>"
 comment1 = Retrieve the context information of the given ip_address
 usage = public
-appears-in = 2.1.4
+appears-in = 2.1.5
 category = generating
 maintainer = GreyNoise
 tags = context
@@ -26,7 +26,7 @@ comment1 = Retrieve the noise and RIOT status for all IPs retrieved from the SPL
 example2 = | gnquick ip="<ip_address>"
 comment2 = Retrieve the noise and RIOT status of the given ip_address
 usage = public
-appears-in = 2.1.4
+appears-in = 2.1.5
 maintainer = GreyNoise
 tags = quick
 
@@ -43,7 +43,7 @@ comment1 = Retrieve the results of GNQL_query with maximum 50 results
 example2 = | gnquery query="<GNQL_query>"
 comment2 = Retrieve the result of GNQL_query with default 50000 results
 usage = public
-appears-in = 2.1.4
+appears-in = 2.1.5
 category = generating
 maintainer = GreyNoise
 tags = query
@@ -57,7 +57,7 @@ shortdesc = Retrieves aggregation statistics for the top entities for a given GN
 example1 = | gnstats query="<GNQL_query>" count="10"
 comment1 = Retrieve aggregate statistics in organizations, actors, tags, ASNs, countries, classifications, and operating systems from the results of the given GNQL_query
 usage = public
-appears-in = 2.1.4
+appears-in = 2.1.5
 category = generating
 maintainer = GreyNoise
 tags = stats
@@ -74,7 +74,7 @@ description = \
 shortdesc = Retrieves noise and RIOT status of the IP addresses represented by ip_field parameter present in each event, and adds the noise and RIOT information to each event.
 example1 = SPL_QUERY | gnmulti ip_field=<ip_field>
 category = transforming
-appears-in = 2.1.4
+appears-in = 2.1.5
 maintainer = GreyNoise
 usage = public
 tags = multi
@@ -86,7 +86,7 @@ shortdesc = Retrieves context information about IP from the GreyNoise.
 example1 = | gncontext ip="<ip_address>"
 comment1 = Retrieve the context information of the given ip_address
 usage = public
-appears-in = 2.1.4
+appears-in = 2.1.5
 category = generating
 maintainer = GreyNoise
 tags = context
@@ -100,7 +100,7 @@ shortdesc = Filters the events based on the noise status of IP address represent
 example1 = SPL_QUERY | gnfilter ip_field="<ip_field>" noise_events="true"
 comment1 = Filters the events having ip represented by ip_field and outputs the only events that are having noisy IP addresses.
 usage = public
-appears-in = 2.1.4
+appears-in = 2.1.5
 category = transforming
 maintainer = GreyNoise
 tags = filter
@@ -114,7 +114,7 @@ shortdesc = Enriches the Splunk events with the context information of IP addres
 example1 = SPL_QUERY | gnenrich ip_field="<ip_field>"
 comment1 = Enriches the events with the context information of the IP address represented by the IP field.
 usage = public
-appears-in = 2.1.4
+appears-in = 2.1.5
 category = transforming
 maintainer = GreyNoise
 tags = enrich
@@ -133,6 +133,6 @@ example1 = | gnriot ip="<ip_address>" [OR] SPL_QUERY | gnriot ip_field="<ip_fiel
 comment1 = Retrieve the RIOT information for all IPs retrieved from the SPL_QUERY for specified ip_field or retrieve \
            the RIOT information of the given IP address.
 usage = public
-appears-in = 2.1.4
+appears-in = 2.1.5
 maintainer = GreyNoise
 tags = riot