def test_taxii_endpoint_raises_exception():
"""Test exception is raised when conn and (user or pass) is provided"""
conn = _HTTPConnection(user="******", password="******", verify=False)
error_str = "Only one of a connection, username/password, or auth object may be provided."
fake_url = "https://example.com/api1/collections/"
with pytest.raises(InvalidArgumentsError) as excinfo:
_TAXIIEndpoint(fake_url, conn, "other", "test")
assert error_str in str(excinfo.value)
with pytest.raises(InvalidArgumentsError) as excinfo:
_TAXIIEndpoint(fake_url, conn, auth=TokenAuth('abcd'))
assert error_str in str(excinfo.value)
with pytest.raises(InvalidArgumentsError) as excinfo:
_TAXIIEndpoint(fake_url,
user="******",
password="******",
auth=TokenAuth('abcd'))
assert error_str in str(excinfo.value)
with pytest.raises(InvalidArgumentsError) as excinfo:
_TAXIIEndpoint(fake_url, conn, "other", "test", auth=TokenAuth('abcd'))
assert error_str in str(excinfo.value)
def __init__(self, api_key, verify):
"""Implements class for Unit 42 feed.
Args:
api_key: unit42 API Key.
verify: boolean, if *false* feed HTTPS server certificate is verified. Default: *false*
"""
super().__init__(base_url='https://stix2.unit42.org/taxii',
verify=verify,
proxy=argToBoolean(demisto.params().get('proxy')
or 'false'))
self._api_key = api_key
self._proxies = handle_proxy()
self.objects_data = {}
self.server = Server(url=self._base_url,
auth=TokenAuth(key=self._api_key),
verify=self._verify,
proxies=self._proxies)
def fetch_stix_objects_from_api(self, test: bool = False, **kwargs):
"""Retrieves all entries from the feed.
Args:
test: Whether it was called during clicking the test button or not - designed to save time.
"""
data = []
server = Server(url=self._base_url, auth=TokenAuth(key=self._api_key), verify=self._verify,
proxies=self._proxies)
for api_root in server.api_roots:
for collection in api_root.collections:
for bundle in as_pages(collection.get_objects, per_request=100, **kwargs):
data.extend(bundle.get('objects'))
if test:
return data
self.objects_data[kwargs.get('type')] = data
def get_stix_objects(self, test: bool = False) -> list:
"""Retrieves all entries from the feed.
Args:
test: Whether it was called during clicking the test button or not - designed to save time.
Returns:
A list of stix objects, containing the indicators.
"""
data = []
server = Server(url=self._base_url,
auth=TokenAuth(key=self._api_key),
verify=self._verify,
proxies=self._proxies)
for api_root in server.api_roots:
for collection in api_root.collections:
for bundle in as_pages(collection.get_objects,
per_request=100):
data.extend(bundle.get('objects'))
if test:
break
return data
def __init__(
self,
url: str,
collection_to_fetch,
proxies,
verify: bool,
objects_to_fetch: List[str],
skip_complex_mode: bool = False,
username: Optional[str] = None,
password: Optional[str] = None,
field_map: Optional[dict] = None,
tags: Optional[list] = None,
tlp_color: Optional[str] = None,
limit_per_request: int = DFLT_LIMIT_PER_REQUEST,
certificate: str = None,
key: str = None,
):
"""
TAXII 2 Client used to poll and parse indicators in XSOAR formar
:param url: discovery service URL
:param collection_to_fetch: Collection to fetch objects from
:param proxies: proxies used in request
:param skip_complex_mode: if set to True will skip complex observations
:param verify: verify https
:param username: username used for basic authentication OR api_key used for authentication
:param password: password used for basic authentication
:param field_map: map used to create fields entry ({field_name: field_value})
:param tags: custom tags to be added to the created indicator
:param limit_per_request: Limit the objects requested per poll request
:param tlp_color: Traffic Light Protocol color
:param certificate: TLS Certificate
:param key: TLS Certificate key
"""
self._conn = None
self.server = None
self.api_root = None
self.collections = None
self.last_fetched_indicator__modified = None
self.collection_to_fetch = collection_to_fetch
self.skip_complex_mode = skip_complex_mode
if not limit_per_request:
limit_per_request = DFLT_LIMIT_PER_REQUEST
self.limit_per_request = limit_per_request
self.base_url = url
self.proxies = proxies
self.verify = verify
self.auth = None
self.auth_header = None
self.auth_key = None
self.crt = None
if username and password:
# authentication methods:
# 1. API Token
# 2. Authentication Header
# 3. Basic
if username == API_USERNAME:
self.auth = TokenAuth(key=password)
elif username.startswith(HEADER_USERNAME):
self.auth_header = username.split(HEADER_USERNAME)[1]
self.auth_key = password
else:
self.auth = requests.auth.HTTPBasicAuth(username, password)
if (certificate and not key) or (not certificate and key):
raise DemistoException(
'Both certificate and key should be provided or neither should be.'
)
if certificate and key:
self.crt = (self.build_certificate(certificate),
self.build_certificate(key))
self.field_map = field_map if field_map else {}
self.tags = tags if tags else []
self.tlp_color = tlp_color
self.indicator_regexes = [
re.compile(INDICATOR_EQUALS_VAL_PATTERN),
re.compile(HASHES_EQUALS_VAL_PATTERN),
]
self.cidr_regexes = [
re.compile(CIDR_ISSUBSET_VAL_PATTERN),
re.compile(CIDR_ISUPPERSET_VAL_PATTERN),
]
self.id_to_object: Dict[str, Any] = {}
self.objects_to_fetch = objects_to_fetch