Add Spotlight Vulnerability Metadat service collection

src/falconpy/__init__.py

@@ -196,6 +196,7 @@
 from .sensor_visibility_exclusions import SensorVisibilityExclusions
 from .serverless_vulnerabilities import ServerlessVulnerabilities
 from .spotlight_vulnerabilities import SpotlightVulnerabilities
+from .spotlight_vulnerability_metadata import SpotlightVulnerabilityMetadata
 from .spotlight_evaluation_logic import SpotlightEvaluationLogic
 from .tailored_intelligence import TailoredIntelligence
 from .threatgraph import ThreatGraph
@@ -253,7 +254,7 @@
     "IngestPayload", "HTTPEventCollector", "IngestConfig", "SessionManager", "TimeUnit",
     "Color", "Indicator", "random_string", "KubernetesContainerCompliance", "find_operation",
     "InvalidRoute", "InvalidServiceCollection", "InvalidOperationSearch", "ITAutomation", "F4IT",
-    "CloudSecurityCompliance", "CaseManagement", "SaasSecurity"
+    "CloudSecurityCompliance", "CaseManagement", "SaasSecurity", "SpotlightVulnerabilityMetadata"
     ]
 """
 This is free and unencumbered software released into the public domain.

src/falconpy/_endpoint/__init__.py

@@ -140,6 +140,7 @@
 from ._serverless_vulnerabilities import _serverless_vulnerabilities_endpoints
 from ._spotlight_evaluation_logic import _spotlight_evaluation_logic_endpoints
 from ._spotlight_vulnerabilities import _spotlight_vulnerabilities_endpoints
+from ._spotlight_vulnerability_metadata import _spotlight_vulnerability_metadata_endpoints
 from ._tailored_intelligence import _tailored_intelligence_endpoints
 from ._threatgraph import _threatgraph_endpoints
 from ._unidentified_containers import _unidentified_containers_endpoints
@@ -239,6 +240,7 @@
 api_endpoints.extend(_serverless_vulnerabilities_endpoints)
 api_endpoints.extend(_spotlight_evaluation_logic_endpoints)
 api_endpoints.extend(_spotlight_vulnerabilities_endpoints)
+api_endpoints.extend(_spotlight_vulnerability_metadata_endpoints)
 api_endpoints.extend(_tailored_intelligence_endpoints)
 api_endpoints.extend(_threatgraph_endpoints)
 api_endpoints.extend(_unidentified_containers_endpoints)

src/falconpy/_endpoint/_spotlight_vulnerability_metadata.py

@@ -0,0 +1,98 @@
+"""Internal API endpoint constant library.
+
+ _______                        __ _______ __        __ __
+|   _   .----.-----.--.--.--.--|  |   _   |  |_.----|__|  |--.-----.
+|.  1___|   _|  _  |  |  |  |  _  |   1___|   _|   _|  |    <|  -__|
+|.  |___|__| |_____|________|_____|____   |____|__| |__|__|__|_____|
+|:  1   |                         |:  1   |
+|::.. . |   CROWDSTRIKE FALCON    |::.. . |    FalconPy
+`-------'                         `-------'
+
+OAuth2 API - Customer SDK
+
+This is free and unencumbered software released into the public domain.
+
+Anyone is free to copy, modify, publish, use, compile, sell, or
+distribute this software, either in source code form or as a compiled
+binary, for any purpose, commercial or non-commercial, and by any
+means.
+
+In jurisdictions that recognize copyright laws, the author or authors
+of this software dedicate any and all copyright interest in the
+software to the public domain. We make this dedication for the benefit
+of the public at large and to the detriment of our heirs and
+successors. We intend this dedication to be an overt act of
+relinquishment in perpetuity of all present and future rights to this
+software under copyright law.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+For more information, please refer to <https://unlicense.org>
+"""
+
+_spotlight_vulnerability_metadata_endpoints = [
+  [
+    "combineVulnMetadataExt",
+    "GET",
+    "/spotlight/combined/vulnerability-metadata-external/v1",
+    "This endpoint allows getting CVEs(vulnerability metadata) entities by specifying their ids",
+    "spotlight_vulnerability_metadata",
+    [
+      {
+        "type": "string",
+        "description": "A pagination token used with the limit parameter to manage pagination of results. On "
+        "your first request, don't provide an after token. On subsequent requests, provide the after token from the "
+        "previous response to continue from that place in the results.",
+        "name": "after",
+        "in": "query"
+      },
+      {
+        "minimum": 0,
+        "type": "string",
+        "description": "Starting index of overall result set from which to return ids.",
+        "name": "offset",
+        "in": "query"
+      },
+      {
+        "maximum": 10000,
+        "minimum": 1,
+        "type": "integer",
+        "description": "The number of items to return in this response (default: 100, max: 10000). Use with "
+        "the after parameter to manage pagination of results.",
+        "name": "limit",
+        "in": "query"
+      },
+      {
+        "type": "string",
+        "description": "Sort vulnerabilities by their properties. Available sort options: "
+        "<ul><li>created_timestamp|asc/desc</li><li>updated_timestamp|asc/desc</li></ul>. Can be used in a format "
+        "<field>|asc for ascending order or <field>|desc for descending order.",
+        "name": "sort",
+        "in": "query"
+      },
+      {
+        "type": "string",
+        "description": "Filter items using a query in Falcon Query Language (FQL). Wildcards * and empty "
+        "filter values are unsupported.\n\t\t\t\tAvailable filter fields that supports match (~): "
+        "N/A\n\t\t\t\tAvailable filter fields that supports exact match: id, provider, cve_ids, cwe_ids, "
+        "impact.cvss_v2.base_metrics.vector, "
+        "impact.cvss_v2.temporal_metrics.vector,\n\t\t\t\t\timpact.cvss_v3.base_metrics.integrity_impact, "
+        "impact.cvss_v3.base_metrics.vector, impact.cvss_v3.temporal_metrics.vector\n\t\t\t\tAvailable filter fields "
+        "that supports wildcard (*): N/A\n\t\t\t\tAvailable filter fields that supports range comparisons (>, <, >=, "
+        "<=): created_timestamp, impact.cvss_v2.base_metrics.base_score, "
+        "impact.cvss_v3.base_metrics.base_score,\n\t\t\t\t\timpact.cvss_v2.temporal_metrics.temporal_score, "
+        "impact.cvss_v3.temporal_metrics.temporal_score, source_created_timestamp, source_updated_timestamp, "
+        "updated_timestamp\n\t\t\t\t",
+        "name": "filter",
+        "in": "query",
+        "required": True
+      }
+    ]
+  ]
+]

src/falconpy/spotlight_vulnerability_metadata.py

@@ -0,0 +1,109 @@
+"""CrowdStrike Falcon SpotlightVulnerabilityMetadata API interface class.
+
+ _______                        __ _______ __        __ __
+|   _   .----.-----.--.--.--.--|  |   _   |  |_.----|__|  |--.-----.
+|.  1___|   _|  _  |  |  |  |  _  |   1___|   _|   _|  |    <|  -__|
+|.  |___|__| |_____|________|_____|____   |____|__| |__|__|__|_____|
+|:  1   |                         |:  1   |
+|::.. . |   CROWDSTRIKE FALCON    |::.. . |    FalconPy
+`-------'                         `-------'
+
+OAuth2 API - Customer SDK
+
+This is free and unencumbered software released into the public domain.
+
+Anyone is free to copy, modify, publish, use, compile, sell, or
+distribute this software, either in source code form or as a compiled
+binary, for any purpose, commercial or non-commercial, and by any
+means.
+
+In jurisdictions that recognize copyright laws, the author or authors
+of this software dedicate any and all copyright interest in the
+software to the public domain. We make this dedication for the benefit
+of the public at large and to the detriment of our heirs and
+successors. We intend this dedication to be an overt act of
+relinquishment in perpetuity of all present and future rights to this
+software under copyright law.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+For more information, please refer to <https://unlicense.org>
+"""
+from typing import Dict, Union
+from ._util import force_default, process_service_request
+from ._result import Result
+from ._service_class import ServiceClass
+from ._endpoint._spotlight_vulnerability_metadata import _spotlight_vulnerability_metadata_endpoints as Endpoints
+
+
+class SpotlightVulnerabilityMetadata(ServiceClass):
+    """The only requirement to instantiate an instance of this class is one of the following.
+
+    - a valid client_id and client_secret provided as keywords.
+    - a credential dictionary with client_id and client_secret containing valid API credentials
+      {
+          "client_id": "CLIENT_ID_HERE",
+          "client_secret": "CLIENT_SECRET_HERE"
+      }
+    - a previously-authenticated instance of the authentication service class (oauth2.py)
+    - a valid token provided by the authentication service class (oauth2.py)
+    """
+    @force_default(defaults=["parameters"], default_types=["dict"])
+    def get_cve_metadata(self: object, parameters: dict = None, **kwargs) -> Union[Dict[str, Union[int, dict]], Result]:
+        """This endpoint allows getting CVEs(vulnerability metadata) entities by specifying their ids
+
+        Keyword arguments:
+        after -- A pagination token used with the `limit` parameter to manage pagination of results. 
+        On your first request, don't provide an `after` token. 
+        On subsequent requests, provide the `after` token from the 
+        previous response to continue from that place in the results.
+        offset -- Starting index of overall result set from which to return ids.
+        limit -- The number of items to return in this response (default: 100, max: 10000).
+        Use with the after parameter to manage pagination of results.
+        sort -- Sort vulnerabilities by their properties. 
+          Available sort options:
+            created_timestamp|asc/desc
+            updated_timestamp|asc/desc 
+        Can be used in a format <field>|asc for ascending order or <field>|desc for descending order.
+        filter -- Filter items using a query in Falcon Query Language (FQL). 
+        Wildcards * and empty filter values are unsupported.
+				Available filter fields that supports match (~): N/A
+				Available filter fields that supports exact match: 
+          id                                            provider
+          cve_ids                                       cwe_ids
+          impact.cvss_v2.base_metrics.vector            impact.cvss_v2.temporal_metrics.vector
+					impact.cvss_v3.base_metrics.integrity_impact, impact.cvss_v3.base_metrics.vector, 
+          impact.cvss_v3.temporal_metrics.vector
+				Available filter fields that supports wildcard (*): N/A
+				Available filter fields that supports range comparisons (>, <, >=, <=):
+          created_timestamp                               impact.cvss_v2.base_metrics.base_score
+          impact.cvss_v3.base_metrics.base_score          impact.cvss_v2.temporal_metrics.temporal_score
+          impact.cvss_v3.temporal_metrics.temporal_score  source_created_timestamp
+          source_updated_timestamp                        updated_timestamp
+
+        parameters -- Full parameters payload dictionary. Not required if using other keywords.
+
+        This method only supports keywords for providing arguments.
+
+        Returns: dict object containing API response.
+
+        HTTP Method: GET
+
+        Swagger URL
+        https://assets.falcon.crowdstrike.com/support/api/swagger.html#/spotlight-vulnerability-metadata/combineVulnMetadataExt
+        """
+        return process_service_request(
+            calling_object=self,
+            endpoints=Endpoints,
+            operation_id="combineVulnMetadataExt",
+            keywords=kwargs,
+            params=parameters
+            )
+
+    combineVulnMetadataExt = get_cve_metadata

tests/test_spotlight_vulnerability_metadata.py

@@ -0,0 +1,33 @@
+# test_spotlight_vulnerability_metadata.py
+# This class tests the SpotlightVulnerabilityMetadata service class
+
+# import json
+import os
+import sys
+
+# Authentication via the test_authorization.py
+from tests import test_authorization as Authorization
+
+# Import our sibling src folder into the path
+sys.path.append(os.path.abspath('src'))
+# Classes to test - manually imported from sibling folder
+from falconpy import SpotlightVulnerabilityMetadata
+
+auth = Authorization.TestAuthorization()
+config = auth.getConfigObject()
+falcon = SpotlightVulnerabilityMetadata(auth_object=config)
+AllowedResponses = [200, 201, 207, 400, 403, 404, 429]
+
+
+class TestSpotlightVulnerabilityMetadata:
+    def test_all_code_paths(self):
+        error_checks = True
+        tests = {
+            "combineVulnMetadataExt": falcon.get_cve_metadata(),
+        }
+        for key in tests:
+            if tests[key]["status_code"] not in AllowedResponses:
+                error_checks = False
+            # print(key)
+            # print(tests[key])
+        assert error_checks