Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ipv6 as an acceptable input parameter #21

Merged
merged 11 commits into from
Mar 22, 2024
Merged

Add ipv6 as an acceptable input parameter #21

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
ec64bba
Updated ["ip"] parameters list to include "ipv6"
we-are-beetzy Dec 21, 2023
68790be
Added self contribution and updated tox.ini to use "extend-ignore" ra…
we-are-beetzy Dec 21, 2023
51bb631
resolve merge conflicts
aparekh-crest Feb 19, 2024
3bfa1b7
added custom validator for ipv6 and precommit changes
aparekh-crest Feb 19, 2024
c85d829
linting changes
aparekh-crest Feb 19, 2024
f3cec2a
changed min phantom version
aparekh-crest Feb 20, 2024
cb70b51
updated release notes and tested version
aparekh-crest Mar 11, 2024
e64774d
review changes
aparekh-crest Mar 11, 2024
542bf46
removed py2 changes
aparekh-crest Mar 19, 2024
5f8f73a
added verbose
aparekh-crest Mar 19, 2024
c564f94
removed unused variable
aparekh-crest Mar 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion LICENSE
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -198,4 +198,4 @@
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
limitations under the License.
8 changes: 0 additions & 8 deletions exclude_files.txt
View file
Open in desktop

This file was deleted.

68 changes: 17 additions & 51 deletions maxmind.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,17 +4,22 @@
"description": "This app provides IP geolocation with the included MaxMind database",
"type": "information",
"publisher": "Splunk",
"contributors": [
{
"name": "Brady Davis"
}
],
"main_module": "maxmind_connector.py",
"app_version": "2.2.6",
"app_version": "2.3.0",
"utctime_updated": "2022-04-26T17:17:54.000000Z",
"package_name": "phantom_maxmind",
"product_name": "GeoIP2",
"product_vendor": "MaxMind",
"product_version_regex": ".*",
"min_phantom_version": "5.2.0",
"min_phantom_version": "6.1.1",
"fips_compliant": true,
"latest_tested_versions": [
"GeoLite2-City MMDB Updated 2020-11-03"
"GeoLite2-City MMDB Updated 2024-03-11"
],
"python_version": "3",
"configuration": {
Expand All @@ -33,34 +38,6 @@
"logo": "logo_maxmind.svg",
"logo_dark": "logo_maxmind_dark.svg",
"license": "Copyright (c) 2016-2024 Splunk Inc.",
"pip_dependencies": {
"wheel": [
{
"module": "geoip2",
"input_file": "wheels/shared/geoip2-2.9.0-py2.py3-none-any.whl"
},
{
"module": "ipaddress",
"input_file": "wheels/shared/ipaddress-1.0.23-py2.py3-none-any.whl"
},
{
"module": "maxminddb",
"input_file": "wheels/py2/maxminddb-1.5.1-py2-none-any.whl"
},
{
"module": "python_dateutil",
"input_file": "wheels/shared/python_dateutil-2.8.1-py2.py3-none-any.whl"
},
{
"module": "six",
"input_file": "wheels/shared/six-1.16.0-py2.py3-none-any.whl"
},
{
"module": "urllib3",
"input_file": "wheels/shared/urllib3-1.26.18-py2.py3-none-any.whl"
}
]
},
"actions": [
{
"action": "test connectivity",
Expand All @@ -84,10 +61,11 @@
"parameters": {
"ip": {
"order": 0,
"description": "IP to geolocate",
"description": "IP (IPv4/IPv6) to geolocate",
"data_type": "string",
"contains": [
"ip"
"ip",
"ipv6"
],
"primary": true,
"required": true,
Expand Down Expand Up @@ -155,18 +133,8 @@
"203.88.139.34"
],
"contains": [
"ip"
],
"map_info": "IP Address"
},
{
"data_path": "action_result.parameter.ip",
"data_type": "string",
"example_values": [
"203.88.139.34"
],
"contains": [
"ip"
"ip",
"ipv6"
],
"map_info": "name"
},
Expand Down Expand Up @@ -427,27 +395,25 @@
{
"action": "on poll",
"description": "Update the database if there is a newer one on the server",
"verbose": "This action replaces the maxmind database if database is updated.",
"type": "ingest",
"identifier": "on_poll",
"read_only": true,
"parameters": {
"container_id": {
"data_type": "string",
"order": 0,
"description": "Container IDs to limit the ingestion to",
"allow_list": true
"description": "Container IDs to limit the ingestion to"
},
"start_time": {
"data_type": "numeric",
"order": 1,
"description": "Start of time range, in epoch time (milliseconds)",
"verbose": "If not specified, the default is past 10 days."
"description": "Start of time range, in epoch time (milliseconds)"
},
"end_time": {
"data_type": "numeric",
"order": 2,
"description": "End of time range, in epoch time (milliseconds)",
"verbose": "If not specified, the default is now."
"description": "End of time range, in epoch time (milliseconds)"
},
"container_count": {
"data_type": "numeric",
Expand Down
95 changes: 73 additions & 22 deletions maxmind_connector.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
# either express or implied. See the License for the specific language governing permissions
# and limitations under the License.
import ipaddress
import json
import os
import pathlib
import sys
Expand Down Expand Up @@ -50,7 +51,6 @@ def __init__(self):

self.reader = None
self._ip_address = None
self._python_version = None
self._state = {}

def finalize(self):
Expand All @@ -60,22 +60,16 @@ def finalize(self):
def initialize(self):
self._state = self.load_state()

# Fetching the Python major version
try:
self._python_version = int(sys.version_info[0])
except:
return self.set_status(phantom.APP_ERROR, "Error occurred while getting the Phantom server's Python major version.")
# custom contain for validating ipv6
self.set_validator('ipv6', self._is_ip)

# Validate the configuration parameters
config = self.get_config()
self._ip_address = config.get('ip_address', MAXMIND_DEFAULT_IP_CONNECTIVITY)
self._license_key = config.get('license_key')

try:
if self._python_version == 2:
ipaddress.ip_address(unicode(self._ip_address))
else:
ipaddress.ip_address(self._ip_address)
ipaddress.ip_address(self._ip_address)
except:
return self.set_status(phantom.APP_ERROR, "Please provide a valid IP Address in the configuration parameters")

Expand All @@ -89,6 +83,20 @@ def initialize(self):
self.save_progress(MAXMIND_MSG_DB_LOADED)
return phantom.APP_SUCCESS

def _is_ip(self, input_ip_address):
"""
Function that checks given address and return True if address is valid IPv4 or IPV6 address.

:param input_ip_address: IP address
:return: status (success/failure)
"""

try:
ipaddress.ip_address(input_ip_address)
except Exception:
return False
return True

def _handle_test_connectivity(self, param):

# Create a ActionResult object to store the result
Expand Down Expand Up @@ -329,26 +337,69 @@ def handle_action(self, param):

if __name__ == '__main__':

import json
# import pudb
from traceback import format_exc
import argparse

import pudb

pudb.set_trace()

argparser = argparse.ArgumentParser()

# pudb.set_trace()
argparser.add_argument('input_test_json', help='Input Test JSON file')
argparser.add_argument('-u', '--username', help='username', required=False)
argparser.add_argument('-p', '--password', help='password', required=False)
argparser.add_argument('-v', '--verify', action='store_true', help='verify', required=False, default=False)

if (len(sys.argv) < 2):
print('No test json specified as input')
sys.exit(0)
args = argparser.parse_args()
session_id = None

with open(sys.argv[1]) as f:
username = args.username
password = args.password
verify = args.verify

if (username is not None and password is None):
# User specified a username but not a password, so ask
import getpass

password = getpass.getpass("Password: ")

if (username and password):
try:
print("Accessing the Login page")
r = requests.get( # nosemgrep: python.requests.best-practice.use-timeout.use-timeout
BaseConnector._get_phantom_base_url() + "login", verify=verify)
csrftoken = r.cookies['csrftoken']

data = dict()
data['username'] = username
data['password'] = password
data['csrfmiddlewaretoken'] = csrftoken

headers = dict()
headers['Cookie'] = 'csrftoken=' + csrftoken
headers['Referer'] = BaseConnector._get_phantom_base_url() + 'login'

print("Logging into Platform to get the session id")
r2 = requests.post( # nosemgrep: python.requests.best-practice.use-timeout.use-timeout
BaseConnector._get_phantom_base_url() + "login", verify=verify, data=data, headers=headers)
session_id = r2.cookies['sessionid']
except Exception as e:
print("Unable to get session id from the platfrom. Error: " + str(e))
sys.exit(1)

with open(args.input_test_json) as f:
in_json = f.read()
in_json = json.loads(in_json)
print(json.dumps(in_json, indent=4))

connector = MaxmindConnector()
connector.print_progress_message = True
try:
ret_val = connector._handle_action(json.dumps(in_json), None)
except:
print(format_exc())

if (session_id is not None):
in_json['user_session_token'] = session_id
connector._set_csrf_info(csrftoken, headers['Referer'])

ret_val = connector._handle_action(json.dumps(in_json), None)
print(json.dumps(json.loads(ret_val), indent=4))

sys.exit(0)
1 change: 1 addition & 0 deletions release_notes/unreleased.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
**Unreleased**
* Added the support for IPv6 in 'geolocate ip' action
Binary file removed wheels/py2/maxminddb-1.5.1-py2-none-any.whl
View file
Open in desktop
Binary file not shown.
Binary file removed wheels/shared/ipaddress-1.0.23-py2.py3-none-any.whl
View file
Open in desktop
Binary file not shown.
Loading