Refactor this class to reflect the changes introduced by the new code pattern

Update this service class to reflect the most recent pattern

Update this service class to reflect the new pattern

Update this service class to reflect the new pattern

Update this service class to reflect the new pattern

Update this service class to reflect the new pattern

In _service_class.py, class ServiceClass has hardcoded base_url: str = "https://api.crowdstrike.com" in the constructor object; but should happen that some tennant has https://api.us-2.crowdstrike.com.

Update this service class to reflect the most recent pattern

Describe the bug
Developers have to use the Uber class in order to specify the action string within the URL for this operation.

Environment (please complete the following information):

• OS: All
• Python 3.5 - 3.9

Additional context
This operation can still be performed using the Uber class and an override.

Discussed in #240

Update this service class to reflect the new pattern

Update this service class to reflect the new pattern

Describe the bug
When running the "entities_process" function out of the IOCS library, the response is also "500, Bad Request"

To Reproduce
Run the entities_process search for any process id.

Expected behavior
Return information on the processes, per the API documentation

Environment (please complete the following information):

• OS: PopOS 21.04
• Python: 3.9.5
• Falconpy: 0.5.2

Additional context
In src/falconpy/_endpoint/_iocs.py the uri is set to "/processes/entities/processes/v1?ids={}", but the code never fills in the URI with ids and the response from the falcon is "bad request". Updating the URI to ""/processes/entities/processes/v1" allows the calls to complete successfully. I don't have time to submit a pull request for the simple fix at this moment, so if someone else wants to go for it, other wise I'll try to get to it later today.

Update this service class to reflect the new pattern

Hi team,

I am not able to find anything in the documentation which details assigning a proxy for PyFalcon functionality.

Is there some way to assign a proxy, or do we need to use some other method?

def falcon_auth(self):
    authorization = FalconAuth.OAuth2(creds={
        "client_id": self.client_id,
        "client_secret": self.client_secret,
        },
        base_url=self.base_url)
        self.token = authorization.token()['"body"]["access_token"]

Describe the bug
When using legacy authentication, you are unable to specify a timeout value for calls to the request library.

To Reproduce
Use legacy authentication and create an instance of the OAuth2 class, when doing so, try and specify a timeout value.

Expected behavior
Timeout value is accepted and leveraged for calls to the request library.

Environment (please complete the following information):

• OS: All supported
• Python: All support
• FalconPy: <=0.5.4

Describe the bug
The following error is generated when trying to call GetSampleV3 to save a file.

{ 
   "status_code": 500, 
   "headers": {}, 
   "body": "Expecting value: line 1 column 1 (char 0)"
}

To Reproduce

from falconpy import api_complete as FalconSDK

falcon = FalconSDK.APIHarness(creds={
        "client_id": falcon_client_id,
        "client_secret": falcon_client_secret
    }
)

falcon.authenticate()

FILENAME="testfile.jpg"
PAYLOAD = open(FILENAME, 'rb').read()
response = falcon.command('UploadSampleV3', file_name="newfile.jpg", data=PAYLOAD, content_type="application/octet-stream")
print(response)

Expected behavior
When the API returns content that does not match the application/json content type, return the content as opposed to the json result.

Environment (please complete the following information):

• OS: All
• Python: 3.6 - 3.9
• FalconPy: 0.1.10

Describe the bug
Service class methods have not been coded to accept the ids parameter.

To Reproduce
Call any method that makes use of the ids parameter. A 500 will be generated.

Expected behavior
The ids parameter is accepted by the method and results are returned.

Environment (please complete the following information):

• OS: All
• Python >= 3.5
• FalconPy: <=0.1.11

Update this service class to reflect the new pattern

Discussed in #180

Detail

Impacted Versions: 0.5.0
Impacted Python Versions: All supported (3.6 - 3.9)
Impacted OS: All supported

Update this service class to reflect the new pattern

Describe the bug
unable to execute command
syntax error using command_string param
RTR-ExecuteActiveResponderCommand

To Reproduce

from falconpy import api_complete as FalconSDK falcon = FalconSDK.APIHarness(creds={
      'client_id': falcon_client_id_here,
      'client_secret': falcon_client_secret_here
   }
)
BODY = {
    'device_id': <device_id>
}
try:
    falcon.authenticate()
except:
    print("failed to authenticate")
session = falcon.command(action='RTR-InitSession',body=BODY)
sessionid = session["body"]["resources"][0]["session_id"]
Body = {
    "base_command": "runscript",
    "command_string": "runscript 'gci /'",
    "session_id": sessionid
}
response = falcon.command('RTR-ExecuteActiveResponderCommand', body=Body) 
print(json.dumps(response, indent=4)) 

produces a 400 error either for flag, or unrecognized command.

Expected behavior
Expectation would be command gets executed and 200 status code comes back

Environment (please complete the following information):

• OS: windows
• Python: 3.9

Additional context
open case with CS

Update this service class to reflect the new pattern

Describe the bug
When calling a service class method that is intended to produce non-JSON output, a 500 error is generated.

To Reproduce
Call FalconX_Sandbox.FalconX_Sandbox(access_token=token).GetArtifacts()

Expected behavior
When non-JSON content is produced, deliver the content using the correct content-type.

Environment (please complete the following information):

• OS: All
• Python: >= 3.5
• FalconPy: <= 0.1.11

Update this service class to reflect the new pattern

Describe the bug
If you try to use Credential or Object authentication with a Service Class and provide invalid credentials when doing so, a KeyError is generated for the key 'access_token'.

To Reproduce

from falconpy import cloud_connect_aws as FalconAWS
falcon = FalconAWS.Cloud_Connect_AWS(creds={"client_id":"BadID","client_secret":"BadSecret"})
result = QueryAWSAccounts()

Results in

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python3.9/site-packages/falconpy/_service_class.py", line 60, in __init__
    self.headers = {'Authorization': 'Bearer {}'.format(auth_object.token()['body']['access_token'])}
KeyError: 'access_token'

Expected behavior
The object should instantiate successfully, then generate a HTTP 401 error (access denied, invalid bearer token) when a call to the API is made.

Environment (please complete the following information):

• OS: Discovered using MacOS 10.15, assume impacts all operating systems
• Python: Discovered using Python 3.9, assume impacts all versions
• FalconPy: Affects versions 0.4.0 - 0.4.5

Additional context
Discovered while working on the multi-CID classes.

Update this service class to reflect the new pattern

Update this service class to reflect the most recent pattern

Update this service class to reflect the most recent pattern

Describe the solution you'd like
Table of contents for API docs such as the page at https://github.com/CrowdStrike/falconpy/wiki/detects.

Additional context
Table of contents to reduce scrolling around. For example:

Table of contents

• GetAggregateDetects
• UpdatedDetectsByIdsV2
• GetDetectSummaries

Or maybe this could be a table instead:

Table of Contents

Describe the information
The following information can be found in the Reference.

Nearly all production code should use this parameter in nearly all requests. Failure to do so can cause your program to hang indefinitely:

Therefore, please consider implementing the timeout parameter setting within requests.request header.
This is a low priority and please decide by the development members about default value of the parameter.

References
https://2.python-requests.org/en/master/user/quickstart/#timeouts
https://2.python-requests.org/en/master/user/advanced/#timeouts

Traceback (most recent call last):
File "quarantine_hosts.py", line 62, in
response = falcon.PerformActionV2(parameters=PARAMS, body=BODY)
TypeError: PerformActionV2() missing 1 required positional argument: 'action_name'

PerformActionV2 requires an action_name, although for quarnatining a host, for example, that action_name is provided inside of the PARAMS variable (JSON) as part of the post request.

Update this service class to reflect the new pattern

Update this service class to reflect the new pattern

Describe the bug
The RTR_DeleteSession operation returns no content on success, but headers and a 204 status code are returned. Update the perform_request method within _util.py to handle this scenario.

To Reproduce
Create a RTR session, then try and delete the session using Real_Time_Response.RTR_DeleteSession.

Expected behavior
A 204 status code is returned with an empty response. No error is generated.

Environment (please complete the following information):

• OS: Mac OS 10.15
• Python: 3.9
• FalconPy: 0.5.5

After reviewing the Streaming API Event Dictionary, I couldn't find any corresponding eventTypes that map to Falcon Spotlight Vulnerability findings -- is that data also included in the Event Stream API? Or is vulnerability information only available through polling the Falcon Spotlight APIs?

There are multiple GitHub Action plugins for PyPi. Let's chose one/setup something that:

• For every merged PR, generates a TEST PyPi package
• For every pushed release tag, generates an official PyPi package.

This way release engineering can be fully automated via GitOps.

@jshcodes will require API keys to PyPi. Have not used PyPi before -- is it better to create a bot account vs use personal keys? Looks like packages are static to specific users.... is that accurate? Can multiple people be added in PyPi to a package, akin to how multiple people can be added to a GitHub repo?

Describe the bug
Unable to use Falconpy after successful authentication and getting bearer token
To Reproduce
Step 1 successfully generates token

authorization = FalconAuth.OAuth2(creds={
     'client_id': falcon_client_id,
     'client_secret': falcon_client_secret
})
try:
     token = authorization.token()['body']['access_token']
except:
     token = False
print("\n\n\n Token ==> " + token)

Step 2:

if token:
    falcon = FalconDetects.Detects(access_token=token)

    PARAMS = {
        'offset': 5,
        'limit': 5,
        'sort': 'max_severity|asc',
        'filter': '*',
        'q': ''
    }

    response = falcon.QueryDetects(parameters=PARAMS)
    print(response)

This returns 401

{'status_code': 401, 'headers': {'Server': 'nginx', 'Date': 'Thu, 15 Apr 2021 13:39:10 GMT', 'Content-Type': 'application/json', 'Content-Length': '232', 'Connection': 'keep-alive', 'X-Content-Type-Options': 'nosniff', 'X-Ratelimit-Limit': '15', 'X-Ratelimit-Remaining': '14', 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'}, 'body': {'meta': {'query_time': 1.27e-07, 'powered_by': 'crowdstrike-api-gateway', 'trace_id': '6b25ea5a-8389-4cdc-a20a-b2cb55b649d0'}, 'errors': [{'code': 401, 'message': 'access denied, invalid bearer token'}]}}

My API key has all read permission and write permission for Detection module. This thing works with CURL.
Expected behavior
It should be able to use same bearer token for all subsequent requests.
Environment (please complete the following information):

• OS: Mac OS catalina
• Python 3.7.0

Describe the bug
When calling refreshActiveStreamSession within the Events Streams service class, a HTTP status code 415 is generated. This appears to be due to a body payload not being present in the request. (Even though the body payload is empty in this use case.)

To Reproduce
Create an instance of the Events Streams service class, open a stream, and then try and refresh it.

Expected behavior
A 200 success status code with the stream token being refreshed.

Environment (please complete the following information):

• OS: All supported
• Python: All supported
• FalconPy: <=0.5.6

Additional context
This issue DOES NOT impact the Uber class due to how the Uber class crafts body payloads.

A fix for this issue is being tested now, and is planned to be committed as part of v0.5.7 update

Describe the bug
The base class of all service classes, _service_class.py does not respect values passed for the BASE_URL, PROXY or SSL_VERIFY attributes when creating an instance of the auth_object for credential authentication.

To Reproduce
Create an instance of any service class, and change it's base_url to US-2 or disable SSL verification with ssl_verify=False.

Expected behavior
The service class is instantiated with an auth_object that respects the passed attribute values.

Environment (please complete the following information):

• OS: All supported
• Python: All supported
• FalconPy: <=0.5.5

Update this service class to reflect the new pattern

Is your feature request related to a problem? Please describe.

For customers with MSSP (Master/member) we need to support using master API credentials to lock the token to member CIDs/

Describe the solution you'd like

Alter the oauth2.py module to include a new key in the DATA dictionary for 'member_cid'
Alter uber class to send this in the body, can include in self.creds during instantiation

Describe alternatives you've considered
Don't think this is possible today as we can't override the DATA dictionary.

Additional context

Describe the bug
During installation I am getting the below error.
"Could not find a version that satisfies the requirement crowdstrike-falconpy (from versions: )
No matching distribution found for crowdstrike-falconpy"

To Reproduce
pip install crowdstrike-falconpy

Expected behavior
Installation with out any issue.

Environment (please complete the following information):

• OS: Ubuntu 18.04.5 LTS
• Python: pip 9.0.1 from /usr/lib/python2.7/dist-packages (python 2.7)

Additional context
None

Update setup.py and __init__.py to dynamically pull in version and other package metadata from a standalone __version__.py file. (Similar to how setup.py works in the requests package).

Update this service class to reflect the most recent pattern

Update this service class to reflect the new pattern

Most of the time, User-Agent is that unnecessary thing that is just sitting there. One day, it may turn out to be extremely helpful in tracking down some operational issue.

Here is how we implemented User-Agent request header in gofalcon

This is fairly low priority, I admit.

Describe the bug
Some service class methods are requiring parameters when they are not required. This most often happens with the parameters parameter.

To Reproduce
Call FalconHosts.Hosts(access_token=token).QueryHiddenDevices().

Expected behavior
If the API service endpoint does not require the parameter value, it should not be required by the method.

Environment (please complete the following information):

• OS: All
• Python >= 3.5
• FalconPy <= 0.1.11

Describe the bug
There is a bug in versions v.0.4.1 - 0.4.3 related to action_name parameters used within several Service Classes. This issue will be addressed in v0.4.4.

Please note: This issue only impacts Service Classes

To prevent issues like the above from impacting developers in the future, provide a boolean flag that is passed at class instantiation that globally disables payload validators for the class in question.

Expected behavior
I can submit an incorrect parameter name in a parameter payload, and the method will still execute.

Environment (please complete the following information):

• OS: [e.g. Red Hat Enterprise Linux 8.3]
• Python [e.g. 3.9]

Additional context
Add any other context about the problem here.

Description

When calling getChildren, and providing a properly formatted list or comma-delimited string for the ids argument, a 500 error is generated.

This is confirmed to not be generated via the API, and is coming from the Service Class call to requests.

This issue does not impact the Uber class.

See discussion post #143 for more detail.

To Reproduce

Create an instance of the MSSP service class, and then call getChildren passing either a list or a comma-delimited string for the ids argument.

Expected Behavior

Properly formatted API results matching what is produced when performing this operation via the Uber class.

Environment

• OS: MacOS 10.15.7 (Assume all operating systems, all versions)
• Python: 3.9+ (Assume 3.6+)
• FalconPy: 0.4.6+