AF + threat vault - auto key (demisto#12169)

bakatzir · amshamah419 · web-flow · commit d5465829a745 · 2021-04-21T14:32:43.000+03:00
* add support for cortex xsoar AF api key * update RN * update DO * fix malformed yml * update api_key mock in UT * add to demistomock * added config without key * fix logic of override_default_credentials * add inline comment * support also threat vault * reformat to be used in a class * add rn * update conf.json * revert not needed change * added rn for threat vault * add @logger * add given/when/then * add docstring to the class * revert indentation * add more UT * re add changes * add newline * update conflicts * update conflicts2 * update conflicts3 * update conflicts vt * Update Packs/AutoFocus/Integrations/AutofocusV2/README.md Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> * Update Packs/AutoFocus/Integrations/AutofocusV2/AutofocusV2.yml Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> * Update Packs/AutoFocus/ReleaseNotes/1_1_17.md Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> * Update Packs/Base/ReleaseNotes/1_9_0.md Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> * Update Packs/PaloAltoNetworks_Threat_Vault/ReleaseNotes/1_0_3.md Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> * Update Packs/AutoFocus/ReleaseNotes/1_1_17.md Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> * Update Packs/AutoFocus/ReleaseNotes/1_1_17.md Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> * update readme * Merge branch 'af_auto_key' of github.com:demisto/content into af_auto_key # Please enter a commit message to explain why this merge is necessary, # especially if it merges an updated upstream into a topic branch. # # Lines starting with '#' will be ignored, and an empty message aborts # the commit. * mitre feed conflicts * latest condflicts revert * use demistoexception * add more UT * improve err msg * rm override_default_credentials usage * rm override_default_credentials UT * added additionalinfo * rm blank line * rn * rn_fix Co-authored-by: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>
diff --git a/Packs/AutoFocus/Integrations/AutofocusV2/AutofocusV2.py b/Packs/AutoFocus/Integrations/AutofocusV2/AutofocusV2.py
@@ -1,8 +1,4 @@
-from typing import Optional
-
-import demistomock as demisto
 from CommonServerPython import *
-from CommonServerUserPython import *
 
 ''' IMPORTS '''
 
@@ -17,7 +13,9 @@
 
 ''' GLOBALS/PARAMS '''
 PARAMS = demisto.params()
-API_KEY = PARAMS.get('api_key')
+
+API_KEY = AutoFocusKeyRetriever(PARAMS.get('api_key')).key
+
 # Remove trailing slash to prevent wrong URL path to service
 SERVER = 'https://autofocus.paloaltonetworks.com'
 # Should we use SSL
@@ -258,7 +256,6 @@
     for verdict in verdicts:
         VERDICTS_TO_DBOTSCORE[verdict] = 3
 
-
 ''' HELPER FUNCTIONS '''
 
 
diff --git a/Packs/AutoFocus/Integrations/AutofocusV2/AutofocusV2.yml b/Packs/AutoFocus/Integrations/AutofocusV2/AutofocusV2.yml
@@ -3,9 +3,10 @@ commonfields:
   id: AutoFocus V2
   version: -1
 configuration:
-- display: API Key
+- additionalinfo: TIM customers that upgraded to version 6.2 or above have this value pre-configured in their main account, so no additional input is needed.
+  display: API Key
   name: api_key
-  required: true
+  required: false
   type: 4
 - additionalinfo: Reliability of the source providing the intelligence data.
   defaultvalue: B - Usually reliable
@@ -1117,7 +1118,7 @@ script:
     - contextPath: Domain.Name
       description: The domain name.
       type: String
-  dockerimage: demisto/python3:3.9.2.17957
+  dockerimage: demisto/python3:3.9.4.18682
   isfetch: false
   longRunning: false
   longRunningPort: false
diff --git a/Packs/AutoFocus/Integrations/AutofocusV2/AutofocusV2_test.py b/Packs/AutoFocus/Integrations/AutofocusV2/AutofocusV2_test.py
@@ -149,6 +149,14 @@
 ]
 
 
+@pytest.fixture(autouse=True)
+def init_tests(mocker):
+    params = {
+        'api_key': '1234'
+    }
+    mocker.patch.object(demisto, 'params', return_value=params)
+
+
 def util_load_json(path):
     with io.open(path, mode='r', encoding='utf-8') as f:
         return json.loads(f.read())
diff --git a/Packs/AutoFocus/Integrations/AutofocusV2/README.md b/Packs/AutoFocus/Integrations/AutofocusV2/README.md
@@ -23,7 +23,7 @@ To get your API key, you need to add an authorization code, and then activate th
 Use the API key when configuring the integration.
 For more information on activating the license see [Activating AutoFocus Licenses](https://docs.paloaltonetworks.com/autofocus/autofocus-admin/get-started-with-autofocus/activate-autofocus-licenses.html).
 
-## Configure AutoFocus V2 on Demisto
+## Configure AutoFocus V2 on Cortex XSOAR
 ---
 
 1. Navigate to **Settings** > **Integrations** > **Servers & Services**.
@@ -35,9 +35,10 @@ For more information on activating the license see [Activating AutoFocus License
    | Name | A meaningful name for the integration instance. | AutoFocus V2_instance_2 |
    | API Key | Account's private token. | N/A  |
    | Source Reliability | Reliability of the source providing the intelligence data. | B - Usually reliable |
+   | Additional Malicious Verdicts  | A comma-separated list of Palo Alto Networks verdicts to consider as malicious when calculating the DBot score.  | malware,phishing,c2 |   
+   | Override default credentials | Whether to override the default AutoFocus API key given by the Cortex XSOAR platform. | False |   
    | Trust any certificate (not secure) | When selected, certificates are not checked. | N/A |
-   | Use System Proxy Settings | Runs the integration instance using the proxy server (HTTP or HTTPS) that you defined in the server configuration. |  https:/<span></span>/www.markdownguide.org |
-   | Additional Malicious Verdicts  | A comma-separated list of Palo Alto Networks verdicts to consider as malicious when calculating the DBot score.  | malware,phishing,c2 |
+   | Use System Proxy Settings | Runs the integration instance using the proxy server (HTTP or HTTPS) that you defined in the server configuration. |  N/A | 
 
 
 4. Click **Test** to validate the URLs, token, and connection.
diff --git a/Packs/AutoFocus/Integrations/FeedAutofocus/FeedAutofocus.py b/Packs/AutoFocus/Integrations/FeedAutofocus/FeedAutofocus.py
@@ -537,14 +537,6 @@ def main():
     feed_tags = argToList(params.get('feedTags'))
     tlp_color = params.get('tlp_color')
 
-    client = Client(api_key=params.get('api_key'),
-                    insecure=params.get('insecure'),
-                    proxy=params.get('proxy'),
-                    indicator_feeds=params.get('indicator_feeds'),
-                    custom_feed_urls=params.get('custom_feed_urls'),
-                    scope_type=params.get('scope_type'),
-                    sample_query=params.get('sample_query'))
-
     command = demisto.command()
     demisto.info(f'Command being called is {command}')
     # Switch case
@@ -553,6 +545,15 @@ def main():
         'autofocus-get-indicators': get_indicators_command
     }
     try:
+        auto_focus_key_retriever = AutoFocusKeyRetriever(params.get('api_key'))
+        client = Client(api_key=auto_focus_key_retriever.key,
+                        insecure=params.get('insecure'),
+                        proxy=params.get('proxy'),
+                        indicator_feeds=params.get('indicator_feeds'),
+                        custom_feed_urls=params.get('custom_feed_urls'),
+                        scope_type=params.get('scope_type'),
+                        sample_query=params.get('sample_query'))
+
         if demisto.command() == 'fetch-indicators':
             indicators = fetch_indicators_command(client, feed_tags, tlp_color)
             # we submit the indicators in batches
diff --git a/Packs/AutoFocus/Integrations/FeedAutofocus/FeedAutofocus.yml b/Packs/AutoFocus/Integrations/FeedAutofocus/FeedAutofocus.yml
@@ -16,9 +16,10 @@ configuration:
   - Samples Feed
   required: true
   type: 16
-- display: The AutoFocus API key
+- additionalinfo: TIM customers that upgraded to version 6.2 or above have this value pre-configured in their main account, so no additional input is needed.
+  display: API Key
   name: api_key
-  required: true
+  required: false
   type: 4
 - additionalinfo: Only necessary in case a Custom Feed is fetched. Can also support
     a CSV of Custom feed URLs.
@@ -139,7 +140,7 @@ script:
     description: Gets the indicators from AutoFocus.
     execution: false
     name: autofocus-get-indicators
-  dockerimage: demisto/python3:3.8.5.11789
+  dockerimage: demisto/python3:3.9.4.18682
   feed: true
   isfetch: false
   longRunning: false
diff --git a/Packs/AutoFocus/Integrations/FeedAutofocus/README.md b/Packs/AutoFocus/Integrations/FeedAutofocus/README.md
@@ -3,7 +3,7 @@ For more information click [here](https://docs.paloaltonetworks.com/autofocus/au
 This Feed supports the AutoFocus Custom Feed and the AutoFocus Samples Feed.
 To ingest the Daily Feed, use the [AutoFocus Daily Feed](https://xsoar.pan.dev/docs/reference/integrations/auto-focus-daily-feed). 
 
-## Configure AutoFocus Feed on Demisto
+## Configure AutoFocus Feed on Cortex XSOAR
 
 1. Navigate to **Settings** > **Integrations** > **Servers & Services**.
 2. Search for AutoFocus Feed.
@@ -13,7 +13,7 @@ To ingest the Daily Feed, use the [AutoFocus Daily Feed](https://xsoar.pan.dev/d
 | --- | --- | --- |
 | feed | The fetch indicators. | False |
 | indicator_feeds | The indicator feed. Choose the requested indicator feeds. The Custom Feeds and Daily Threat Feed. | True |
-| api_key | The AutoFocus API key. | True |
+| api_key | API Key. | False |
 | custom_feed_urls | The URL for the custom feed to fetch. This applies only in cases where a Custom Feed is requested. | False |
 | scope_type | The scope of the samples to be fetched. | False |
 | sample_query | The query that will be used to fetch the samples. | False |
@@ -24,6 +24,7 @@ To ingest the Daily Feed, use the [AutoFocus Daily Feed](https://xsoar.pan.dev/d
 | feedExpirationInterval | The interval after which the feed expires. | False |
 | feedFetchInterval | The feed fetch interval. | False |
 | feedBypassExclusionList | Whether to bypass exclusion list. | False |
+| override_default_credentials | Override default credentials | False |
 | insecure | Whether to trust any certificate (not secure). | False |
 | proxy | Whether to use the system proxy settings. | False |
 
diff --git a/Packs/AutoFocus/Integrations/FeedAutofocusDaily/FeedAutofocusDaily.py b/Packs/AutoFocus/Integrations/FeedAutofocusDaily/FeedAutofocusDaily.py
@@ -1,10 +1,10 @@
-import demistomock as demisto
-from CommonServerPython import *
-from CommonServerUserPython import *
+from typing import List, Tuple, Optional
 
 # IMPORTS
 import requests
-from typing import List, Tuple, Optional
+from CommonServerUserPython import *
+
+from CommonServerPython import *
 
 # Disable insecure warnings
 requests.packages.urllib3.disable_warnings()
@@ -237,17 +237,19 @@ def main():
     params = demisto.params()
     feed_tags = argToList(params.get('feedTags'))
     tlp_color = params.get('tlp_color')
-    client = Client(api_key=params.get('api_key'),
-                    insecure=params.get('insecure'))
 
     command = demisto.command()
     demisto.info(f'Command being called is {command}')
-    # Switch case
+
     commands = {
         'test-module': module_test_command,
         'autofocus-daily-get-indicators': get_indicators_command
     }
     try:
+        auto_focus_key_retriever = AutoFocusKeyRetriever(params.get('api_key'))
+        client = Client(api_key=auto_focus_key_retriever.key,
+                        insecure=params.get('insecure'))
+
         if demisto.command() == 'fetch-indicators':
             indicators = fetch_indicators_command(client, feed_tags, tlp_color)
             # we submit the indicators in batches
diff --git a/Packs/AutoFocus/Integrations/FeedAutofocusDaily/FeedAutofocusDaily.yml b/Packs/AutoFocus/Integrations/FeedAutofocusDaily/FeedAutofocusDaily.yml
@@ -8,9 +8,10 @@ configuration:
   required: false
   defaultvalue: 'true'
   type: 8
-- display: The AutoFocus API key
+- additionalinfo: TIM customers that upgraded to version 6.2 or above have this value pre-configured in their main account, so no additional input is needed.
+  display: API Key
   name: api_key
-  required: true
+  required: false
   type: 4
 - additionalinfo: Indicators from this integration instance will be marked with this reputation
   defaultvalue: Bad
@@ -118,7 +119,7 @@ script:
     description: Gets indicators from AutoFocus.
     execution: false
     name: autofocus-daily-get-indicators
-  dockerimage: demisto/python3:3.8.5.10845
+  dockerimage: demisto/python3:3.9.4.18682
   feed: true
   isfetch: false
   longRunning: false
diff --git a/Packs/AutoFocus/Integrations/FeedAutofocusDaily/README.md b/Packs/AutoFocus/Integrations/FeedAutofocusDaily/README.md
@@ -1,7 +1,7 @@
 Use the AutoFocus Feeds integration to fetch indicators from AutoFocus.
 For more information click [here](https://docs.paloaltonetworks.com/autofocus/autofocus-admin/autofocus-feeds.html).
 
-## Configure AutoFocus Feed on Demisto
+## Configure AutoFocus Feed on Cortex XSOAR
 
 1. Navigate to **Settings** > **Integrations** > **Servers & Services**.
 2. Search for AutoFocus Feed.
@@ -10,14 +10,15 @@ For more information click [here](https://docs.paloaltonetworks.com/autofocus/au
 | **Parameter** | **Description** | **Required** |
 | --- | --- | --- |
 | feed | The fetch indicators. | False |
-| api_key | The AutoFocus API key. | True |
+| api_key | API Key. | False |
 | feedReputation | The indicator reputation. | False |
 | feedReliability | The source's reliability. | True |
 | tlp_color | The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed. More information about the protocol can be found at https://us-cert.cisa.gov/tlp | False |
 | feedExpirationPolicy | The feed's expiration policy. | False |
 | feedExpirationInterval | The interval after which the feed expires. | False |
 | feedFetchInterval | The feed fetch interval. | False |
 | feedBypassExclusionList | Whether to bypass exclusion list. | False |
+| override_default_credentials | Override default credentials | False | 
 | insecure | Whether to trust any certificate (not secure). | False |
 | proxy | Whether to use the system proxy settings. | False |
 
diff --git a/Packs/AutoFocus/ReleaseNotes/1_1_17.md b/Packs/AutoFocus/ReleaseNotes/1_1_17.md
@@ -0,0 +1,11 @@
+
+#### Integrations
+##### AutoFocus Daily Feed
+- Added support to enable the usage of the Cortex XSOAR Auto Focus API key.
+- Updated the Docker image to: *demisto/python3:3.9.4.18682*.
+##### Palo Alto Networks AutoFocus v2
+- Added support to enable the usage of the Cortex XSOAR Auto Focus API key.
+- Updated the Docker image to: *demisto/python3:3.9.4.18682*.
+##### AutoFocus Feed
+- Added support to enable the usage of the Cortex XSOAR Auto Focus API key.
+- Updated the Docker image to: *demisto/python3:3.9.4.18682*.
diff --git a/Packs/AutoFocus/pack_metadata.json b/Packs/AutoFocus/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "AutoFocus",
     "description": "Use the Palo Alto Networks AutoFocus integration to distinguish the most\n  important threats from everyday commodity attacks.",
     "support": "xsoar",
-    "currentVersion": "1.1.16",
+    "currentVersion": "1.1.17",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",
diff --git a/Packs/Base/ReleaseNotes/1_9_0.md b/Packs/Base/ReleaseNotes/1_9_0.md
@@ -0,0 +1,4 @@
+
+#### Scripts
+##### CommonServerPython
+- Added support to enable usage of the AutoFocus API key (XSOAR server version 6.2.0+).
diff --git a/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py b/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py
@@ -6507,3 +6507,25 @@ def search_indicators_by_version(self, from_date=None, query='', size=100, to_da
     @property
     def page(self):
         return self._page
+
+
+class AutoFocusKeyRetriever:
+    """AutoFocus API Key management class
+    :type api_key: ``str``
+    :param api_key: Auto Focus API key coming from the integration parameters
+    :type override_default_credentials: ``bool``
+    :param override_default_credentials: Whether to override the default credentials and use the
+     Cortex XSOAR given AutoFocus API Key
+    :return: No data returned
+    :rtype: ``None``
+    """
+    def __init__(self, api_key):
+        # demisto.getAutoFocusApiKey() is available from version 6.2.0
+        if not api_key:
+            if not is_demisto_version_ge("6.2.0"):  # AF API key is available from version 6.2.0
+                raise DemistoException('For versions earlier than 6.2.0, configure an API Key.')
+            try:
+                api_key = demisto.getAutoFocusApiKey()  # is not available on tenants
+            except ValueError as err:
+                raise DemistoException('AutoFocus API Key is only available on the main account for TIM customers. ' + str(err))
+        self.key = api_key
diff --git a/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py b/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py
@@ -16,8 +16,8 @@
     IntegrationLogger, parse_date_string, IS_PY3, DebugLogger, b64_encode, parse_date_range, return_outputs, \
     argToBoolean, ipv4Regex, ipv4cidrRegex, ipv6cidrRegex, ipv6Regex, batch, FeedIndicatorType, \
     encode_string_results, safe_load_json, remove_empty_elements, aws_table_to_markdown, is_demisto_version_ge, \
-    appendContext, auto_detect_indicator_type, handle_proxy, get_demisto_version_as_str, get_x_content_info_headers,\
-    url_to_clickable_markdown, WarningsHandler
+    appendContext, auto_detect_indicator_type, handle_proxy, get_demisto_version_as_str, get_x_content_info_headers, \
+    url_to_clickable_markdown, WarningsHandler, DemistoException
 
 try:
     from StringIO import StringIO
@@ -4117,3 +4117,54 @@ def test_search_indicators_by_search_after(self, mocker):
 
         assert search_indicators_obj_search_after._search_after_param == 5
         assert search_indicators_obj_search_after._page == 0
+
+
+class TestAutoFocusKeyRetriever:
+    def test_instantiate_class_with_param_key(self, mocker, clear_version_cache):
+        """
+        Given:
+            - giving the api_key parameter
+        When:
+            - Mocking getAutoFocusApiKey
+            - Mocking server version to be 6.2.0
+        Then:
+            - The Auto Focus API Key is the one given to the class
+        """
+        from CommonServerPython import AutoFocusKeyRetriever
+        mocker.patch.object(demisto, 'getAutoFocusApiKey', return_value='test')
+        mocker.patch.object(demisto, 'demistoVersion', return_value={'version': '6.2.0', 'buildNumber': '62000'})
+        auto_focus_key_retriever = AutoFocusKeyRetriever(api_key='1234')
+        assert auto_focus_key_retriever.key == '1234'
+
+    def test_instantiate_class_pre_6_2_failed(self, mocker, clear_version_cache):
+        """
+        Given:
+            - not giving the api_key parameter
+        When:
+            - Mocking getAutoFocusApiKey
+            - Mocking server version to be 6.1.0
+        Then:
+            - Validate an exception with appropriate error message is raised.
+        """
+        from CommonServerPython import AutoFocusKeyRetriever
+        mocker.patch.object(demisto, 'getAutoFocusApiKey', return_value='test')
+        mocker.patch.object(demisto, 'demistoVersion', return_value={'version': '6.1.0', 'buildNumber': '61000'})
+        with raises(DemistoException, match='For versions earlier than 6.2.0, configure an API Key.'):
+            AutoFocusKeyRetriever(api_key='')
+
+    def test_instantiate_class_without_param_key(self, mocker, clear_version_cache):
+        """
+        Given:
+            - not giving the api_key parameter
+        When:
+            - Mocking getAutoFocusApiKey
+            - Mocking server version to be 6.2.0
+        Then:
+            - The Auto Focus API Key is the one given by the getAutoFocusApiKey method
+        """
+        from CommonServerPython import AutoFocusKeyRetriever
+        mocker.patch.object(demisto, 'getAutoFocusApiKey', return_value='test')
+        mocker.patch.object(demisto, 'demistoVersion', return_value={'version': '6.2.0', 'buildNumber': '62000'})
+        auto_focus_key_retriever = AutoFocusKeyRetriever(api_key='')
+        assert auto_focus_key_retriever.key == 'test'
+
diff --git a/Packs/Base/pack_metadata.json b/Packs/Base/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Base",
     "description": "The base pack for Cortex XSOAR.",
     "support": "xsoar",
-    "currentVersion": "1.8.12",
+    "currentVersion": "1.9.0",
     "author": "Cortex XSOAR",
     "serverMinVersion": "6.0.0",
     "url": "https://www.paloaltonetworks.com/cortex",
diff --git a/Packs/PaloAltoNetworks_Threat_Vault/Integrations/Threat_Vault/Threat_Vault.py b/Packs/PaloAltoNetworks_Threat_Vault/Integrations/Threat_Vault/Threat_Vault.py
diff --git a/Packs/PaloAltoNetworks_Threat_Vault/Integrations/Threat_Vault/Threat_Vault.yml b/Packs/PaloAltoNetworks_Threat_Vault/Integrations/Threat_Vault/Threat_Vault.yml
diff --git a/Packs/PaloAltoNetworks_Threat_Vault/ReleaseNotes/1_0_3.md b/Packs/PaloAltoNetworks_Threat_Vault/ReleaseNotes/1_0_3.md
diff --git a/Packs/PaloAltoNetworks_Threat_Vault/pack_metadata.json b/Packs/PaloAltoNetworks_Threat_Vault/pack_metadata.json
diff --git a/Tests/demistomock/demistomock.py b/Tests/demistomock/demistomock.py
