From b5d56d9c2cee56c878b331d2d1153f876a413e58 Mon Sep 17 00:00:00 2001 From: Simon Lukasik Date: Thu, 14 Oct 2021 14:34:46 +0200 Subject: [PATCH 1/4] Allow download of files sent with mime type application/pdf --- falcon/api_client.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/falcon/api_client.go b/falcon/api_client.go index ba781a9f..36c6d00b 100644 --- a/falcon/api_client.go +++ b/falcon/api_client.go @@ -6,6 +6,7 @@ import ( "time" "github.com/crowdstrike/gofalcon/falcon/client" + httpruntime "github.com/go-openapi/runtime" httptransport "github.com/go-openapi/runtime/client" "github.com/go-openapi/strfmt" log "github.com/sirupsen/logrus" @@ -33,6 +34,7 @@ func NewClient(ac *ApiConfig) (*client.CrowdStrikeAPISpecification, error) { customTransport := httptransport.NewWithClient( ac.Host(), ac.BasePath(), []string{}, authenticatedClient) customTransport.Debug = ac.Debug + customTransport.Consumers["application/pdf"] = httpruntime.ByteStreamConsumer() return client.New(customTransport, strfmt.Default), nil } From 20892cbd573697c11c7a2d4d54a6d3829f6c5d37 Mon Sep 17 00:00:00 2001 From: Simon Lukasik Date: Thu, 14 Oct 2021 14:35:26 +0200 Subject: [PATCH 2/4] Regenerate the swagger with the Intel Report PDF Download patch --- .../intel/get_intel_report_p_d_f_responses.go | 22 +++++++++++++++---- falcon/client/intel/intel_client.go | 8 ++++--- 2 files changed, 23 insertions(+), 7 deletions(-) diff --git a/falcon/client/intel/get_intel_report_p_d_f_responses.go b/falcon/client/intel/get_intel_report_p_d_f_responses.go index 00262628..ed5a77b2 100644 --- a/falcon/client/intel/get_intel_report_p_d_f_responses.go +++ b/falcon/client/intel/get_intel_report_p_d_f_responses.go @@ -20,13 +20,14 @@ import ( // GetIntelReportPDFReader is a Reader for the GetIntelReportPDF structure. type GetIntelReportPDFReader struct { formats strfmt.Registry + writer io.Writer } // ReadResponse reads a server response into the received o. func (o *GetIntelReportPDFReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) { switch response.Code() { case 200: - result := NewGetIntelReportPDFOK() + result := NewGetIntelReportPDFOK(o.writer) if err := result.readResponse(response, consumer, o.formats); err != nil { return nil, err } @@ -68,8 +69,11 @@ func (o *GetIntelReportPDFReader) ReadResponse(response runtime.ClientResponse, } // NewGetIntelReportPDFOK creates a GetIntelReportPDFOK with default headers values -func NewGetIntelReportPDFOK() *GetIntelReportPDFOK { - return &GetIntelReportPDFOK{} +func NewGetIntelReportPDFOK(writer io.Writer) *GetIntelReportPDFOK { + return &GetIntelReportPDFOK{ + + Payload: writer, + } } /* GetIntelReportPDFOK describes a response with status code 200, with default header values. @@ -85,10 +89,15 @@ type GetIntelReportPDFOK struct { /* The number of requests remaining for the sliding one minute window. */ XRateLimitRemaining int64 + + Payload io.Writer } func (o *GetIntelReportPDFOK) Error() string { - return fmt.Sprintf("[GET /intel/entities/report-files/v1][%d] getIntelReportPDFOK ", 200) + return fmt.Sprintf("[GET /intel/entities/report-files/v1][%d] getIntelReportPDFOK %+v", 200, o.Payload) +} +func (o *GetIntelReportPDFOK) GetPayload() io.Writer { + return o.Payload } func (o *GetIntelReportPDFOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error { @@ -115,6 +124,11 @@ func (o *GetIntelReportPDFOK) readResponse(response runtime.ClientResponse, cons o.XRateLimitRemaining = valxRateLimitRemaining } + // response payload + if err := consumer.Consume(response.Body(), o.Payload); err != nil && err != io.EOF { + return err + } + return nil } diff --git a/falcon/client/intel/intel_client.go b/falcon/client/intel/intel_client.go index f0897abd..eaadd375 100644 --- a/falcon/client/intel/intel_client.go +++ b/falcon/client/intel/intel_client.go @@ -6,6 +6,8 @@ package intel // Editing this file might prove futile when you re-run the swagger generate command import ( + "io" + "github.com/go-openapi/runtime" "github.com/go-openapi/strfmt" ) @@ -34,7 +36,7 @@ type ClientService interface { GetIntelReportEntities(params *GetIntelReportEntitiesParams, opts ...ClientOption) (*GetIntelReportEntitiesOK, error) - GetIntelReportPDF(params *GetIntelReportPDFParams, opts ...ClientOption) (*GetIntelReportPDFOK, error) + GetIntelReportPDF(params *GetIntelReportPDFParams, writer io.Writer, opts ...ClientOption) (*GetIntelReportPDFOK, error) GetIntelRuleEntities(params *GetIntelRuleEntitiesParams, opts ...ClientOption) (*GetIntelRuleEntitiesOK, error) @@ -173,7 +175,7 @@ func (a *Client) GetIntelReportEntities(params *GetIntelReportEntitiesParams, op /* GetIntelReportPDF returns a report p d f attachment */ -func (a *Client) GetIntelReportPDF(params *GetIntelReportPDFParams, opts ...ClientOption) (*GetIntelReportPDFOK, error) { +func (a *Client) GetIntelReportPDF(params *GetIntelReportPDFParams, writer io.Writer, opts ...ClientOption) (*GetIntelReportPDFOK, error) { // TODO: Validate the params before sending if params == nil { params = NewGetIntelReportPDFParams() @@ -186,7 +188,7 @@ func (a *Client) GetIntelReportPDF(params *GetIntelReportPDFParams, opts ...Clie ConsumesMediaTypes: []string{"application/json"}, Schemes: []string{"https"}, Params: params, - Reader: &GetIntelReportPDFReader{formats: a.formats}, + Reader: &GetIntelReportPDFReader{formats: a.formats, writer: writer}, Context: params.Context, Client: params.HTTPClient, } From 5ec7efc765c94b5c59d6a5369017b3e90a997c41 Mon Sep 17 00:00:00 2001 From: Simon Lukasik Date: Thu, 14 Oct 2021 14:51:26 +0200 Subject: [PATCH 3/4] patch swagger file to allow download of intel pdf report --- Makefile | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index a2c49fc0..c08b69c9 100644 --- a/Makefile +++ b/Makefile @@ -8,7 +8,7 @@ build: clean-generate: remove-generated generate -generate: specs/swagger-download-patch.json +generate: specs/swagger-pdf-download-patch.json $(GO) run github.com/go-swagger/go-swagger/cmd/swagger generate client --skip-validation -f $^ -t falcon .PHONY: build generate remove-generated @@ -28,6 +28,10 @@ specs/swagger-download-patch.json: specs/swagger-stripped-oauth.json # We add missing binary response body spec to the swagger jq '.definitions."domain.DownloadItem"."type"="string" | .definitions."domain.DownloadItem"."format"="binary"' $< > $@ +specs/swagger-pdf-download-patch.json: specs/swagger-download-patch.json + # We add missing binary response body spec to the swagger + jq '.paths."/intel/entities/report-files/v1"."get"."responses"."200"."schema"={"$$ref": "#/definitions/domain.DownloadItem"}' $< > $@ + specs/swagger.json: @echo "Sorry swagger.json needs to be obtained manually at this moment" @exit 1 From d5ec96c28fd9f0cce2e838c49688c082ce5a1b7b Mon Sep 17 00:00:00 2001 From: Simon Lukasik Date: Thu, 14 Oct 2021 15:30:08 +0200 Subject: [PATCH 4/4] Allow download of snort rules --- Makefile | 2 +- .../get_latest_intel_rule_file_responses.go | 22 +++++++++++++++---- falcon/client/intel/intel_client.go | 6 ++--- 3 files changed, 22 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile index c08b69c9..4bdcb730 100644 --- a/Makefile +++ b/Makefile @@ -30,7 +30,7 @@ specs/swagger-download-patch.json: specs/swagger-stripped-oauth.json specs/swagger-pdf-download-patch.json: specs/swagger-download-patch.json # We add missing binary response body spec to the swagger - jq '.paths."/intel/entities/report-files/v1"."get"."responses"."200"."schema"={"$$ref": "#/definitions/domain.DownloadItem"}' $< > $@ + jq '.paths."/intel/entities/report-files/v1"."get"."responses"."200"."schema"={"$$ref": "#/definitions/domain.DownloadItem"} | .paths."/intel/entities/rules-latest-files/v1"."get"."responses"."200"."schema"={"$$ref": "#/definitions/domain.DownloadItem"}' $< > $@ specs/swagger.json: @echo "Sorry swagger.json needs to be obtained manually at this moment" diff --git a/falcon/client/intel/get_latest_intel_rule_file_responses.go b/falcon/client/intel/get_latest_intel_rule_file_responses.go index 4a1d708f..457aa615 100644 --- a/falcon/client/intel/get_latest_intel_rule_file_responses.go +++ b/falcon/client/intel/get_latest_intel_rule_file_responses.go @@ -20,13 +20,14 @@ import ( // GetLatestIntelRuleFileReader is a Reader for the GetLatestIntelRuleFile structure. type GetLatestIntelRuleFileReader struct { formats strfmt.Registry + writer io.Writer } // ReadResponse reads a server response into the received o. func (o *GetLatestIntelRuleFileReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) { switch response.Code() { case 200: - result := NewGetLatestIntelRuleFileOK() + result := NewGetLatestIntelRuleFileOK(o.writer) if err := result.readResponse(response, consumer, o.formats); err != nil { return nil, err } @@ -74,8 +75,11 @@ func (o *GetLatestIntelRuleFileReader) ReadResponse(response runtime.ClientRespo } // NewGetLatestIntelRuleFileOK creates a GetLatestIntelRuleFileOK with default headers values -func NewGetLatestIntelRuleFileOK() *GetLatestIntelRuleFileOK { - return &GetLatestIntelRuleFileOK{} +func NewGetLatestIntelRuleFileOK(writer io.Writer) *GetLatestIntelRuleFileOK { + return &GetLatestIntelRuleFileOK{ + + Payload: writer, + } } /* GetLatestIntelRuleFileOK describes a response with status code 200, with default header values. @@ -91,10 +95,15 @@ type GetLatestIntelRuleFileOK struct { /* The number of requests remaining for the sliding one minute window. */ XRateLimitRemaining int64 + + Payload io.Writer } func (o *GetLatestIntelRuleFileOK) Error() string { - return fmt.Sprintf("[GET /intel/entities/rules-latest-files/v1][%d] getLatestIntelRuleFileOK ", 200) + return fmt.Sprintf("[GET /intel/entities/rules-latest-files/v1][%d] getLatestIntelRuleFileOK %+v", 200, o.Payload) +} +func (o *GetLatestIntelRuleFileOK) GetPayload() io.Writer { + return o.Payload } func (o *GetLatestIntelRuleFileOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error { @@ -121,6 +130,11 @@ func (o *GetLatestIntelRuleFileOK) readResponse(response runtime.ClientResponse, o.XRateLimitRemaining = valxRateLimitRemaining } + // response payload + if err := consumer.Consume(response.Body(), o.Payload); err != nil && err != io.EOF { + return err + } + return nil } diff --git a/falcon/client/intel/intel_client.go b/falcon/client/intel/intel_client.go index eaadd375..751a45a0 100644 --- a/falcon/client/intel/intel_client.go +++ b/falcon/client/intel/intel_client.go @@ -42,7 +42,7 @@ type ClientService interface { GetIntelRuleFile(params *GetIntelRuleFileParams, opts ...ClientOption) (*GetIntelRuleFileOK, error) - GetLatestIntelRuleFile(params *GetLatestIntelRuleFileParams, opts ...ClientOption) (*GetLatestIntelRuleFileOK, error) + GetLatestIntelRuleFile(params *GetLatestIntelRuleFileParams, writer io.Writer, opts ...ClientOption) (*GetLatestIntelRuleFileOK, error) QueryIntelActorEntities(params *QueryIntelActorEntitiesParams, opts ...ClientOption) (*QueryIntelActorEntitiesOK, error) @@ -286,7 +286,7 @@ func (a *Client) GetIntelRuleFile(params *GetIntelRuleFileParams, opts ...Client /* GetLatestIntelRuleFile downloads the latest rule set */ -func (a *Client) GetLatestIntelRuleFile(params *GetLatestIntelRuleFileParams, opts ...ClientOption) (*GetLatestIntelRuleFileOK, error) { +func (a *Client) GetLatestIntelRuleFile(params *GetLatestIntelRuleFileParams, writer io.Writer, opts ...ClientOption) (*GetLatestIntelRuleFileOK, error) { // TODO: Validate the params before sending if params == nil { params = NewGetLatestIntelRuleFileParams() @@ -299,7 +299,7 @@ func (a *Client) GetLatestIntelRuleFile(params *GetLatestIntelRuleFileParams, op ConsumesMediaTypes: []string{"application/json"}, Schemes: []string{"https"}, Params: params, - Reader: &GetLatestIntelRuleFileReader{formats: a.formats}, + Reader: &GetLatestIntelRuleFileReader{formats: a.formats, writer: writer}, Context: params.Context, Client: params.HTTPClient, }