Fix issue with input validation

rapid7 · Jan 7, 2025 · 6e25ce6 · 6e25ce6
1 parent 8cb6d65
commit 6e25ce6
Show file tree

Hide file tree

Showing 6 changed files with 22 additions and 9 deletions.
diff --git a/plugins/sentinelone/.CHECKSUM b/plugins/sentinelone/.CHECKSUM
@@ -1,7 +1,7 @@
 {
-	"spec": "175814e9d6bf3496067ab005bc81ab74",
-	"manifest": "bf2f37bb010ec31daf0a4aee3ae45b89",
-	"setup": "1e8d3387ed4d46dc2171d7ee9c3c4a2c",
+	"spec": "3c5580352019ace6c6b4a0bbb5fad9d9",
+	"manifest": "38aff416d59c85b3fc4b18618290accf",
+	"setup": "adc2b69e7c46068b1d13fe8ae3dc01bd",
 	"schemas": [
 		{
 			"identifier": "activities_list/schema.py",

diff --git a/plugins/sentinelone/bin/komand_sentinelone b/plugins/sentinelone/bin/komand_sentinelone
@@ -6,7 +6,7 @@ from sys import argv
 
 Name = "SentinelOne"
 Vendor = "rapid7"
-Version = "11.1.3"
+Version = "11.1.4"
 Description = "The SentinelOne plugin allows you to manage and mitigate all your security operations through SentinelOne"
 
 

diff --git a/plugins/sentinelone/help.md b/plugins/sentinelone/help.md
@@ -2351,6 +2351,7 @@ Example output:
 
 # Version History
 
+* 11.1.4 - Fix issue with URL input validation
 * 11.1.3 - Updated SDK to the latest version (v6.2.2) | Address vulnerabilities
 * 11.1.2 - Resolve issue where unexpected timestamps returned from SentinelOne were not parsed in task `Monitor Logs` | Update plugin to be FedRAMP compliant
 * 11.1.1 - Updated Plugin connection to improve `instance` input usability

diff --git a/plugins/sentinelone/komand_sentinelone/util/helper.py b/plugins/sentinelone/komand_sentinelone/util/helper.py
@@ -83,10 +83,21 @@ def _wrapper(self, *args, **kwargs):
 
 def format_subdomain(instance: str) -> str:
     """
-    If an input subdomain contains a scheme or the Sentinelone secondlevel domain, strip these values
+    If an input subdomain contains a scheme or the SentinelOne second-level domain, strip these values
     """
-    instance = instance.replace(".sentinelone.net", "")
-    return instance.replace("https://", "").replace("http://", "")
+
+    # Remove the scheme if it exists
+    if instance.startswith("http://"):
+        instance = instance[len("http://"):]
+    elif instance.startswith("https://"):
+        instance = instance[len("https://"):]
+
+    # Remove the SentinelOne domain suffix
+    if ".sentinelone.net" in instance:
+        instance = instance.replace(".sentinelone.net", "")
+
+    # Remove any trailing slashes
+    return instance.rstrip("/")
 
 
 class Helper:

diff --git a/plugins/sentinelone/plugin.spec.yaml b/plugins/sentinelone/plugin.spec.yaml
@@ -3,7 +3,7 @@ extension: plugin
 products: [insightconnect]
 name: sentinelone
 title: SentinelOne
-version: 11.1.3
+version: 11.1.4
 connection_version: 10
 cloud_ready: true
 fedramp_ready: true
@@ -58,6 +58,7 @@ hub_tags:
   keywords: [sentinelone, endpoint, detection, cloud_enabled]
   features: []
 version_history:
+  - "11.1.4 - Fix issue with URL input validation"
   - "11.1.3 - Updated SDK to the latest version (v6.2.2) | Address vulnerabilities"
   - "11.1.2 - Resolve issue where unexpected timestamps returned from SentinelOne were not parsed in task `Monitor Logs` | Update plugin to be FedRAMP compliant"
   - "11.1.1 - Updated Plugin connection to improve `instance` input usability"

diff --git a/plugins/sentinelone/setup.py b/plugins/sentinelone/setup.py
@@ -3,7 +3,7 @@
 
 
 setup(name="sentinelone-rapid7-plugin",
-      version="11.1.3",
+      version="11.1.4",
       description="The SentinelOne plugin allows you to manage and mitigate all your security operations through SentinelOne",
       author="rapid7",
       author_email="",