Add requests timeouts, ClientError and allow non-cryptographic key va…

…lues.
CrowdStrike · Jan 28, 2024 · 82349fa · 82349fa
1 parent 09fa49b
commit 82349fa
Show file tree

Hide file tree

Showing 6 changed files with 28 additions and 24 deletions.
diff --git a/samples/automation_lambdas/ArtifactoryInstallerUpdate.py b/samples/automation_lambdas/ArtifactoryInstallerUpdate.py
@@ -28,6 +28,7 @@
 import requests
 import json
 import boto3
+from botocore.exceptions import ClientError
 from multiprocessing import Process, Pipe
 
 #############################################
@@ -43,7 +44,8 @@
 #Debian versions have to be uploaded in a weird way to support repos, please follow the existing format to add a new repo
 deb_ver = ["stretch","buster","bullseye","xenial","bionic","focal","jammy"]
 deb_arm_ver = ["bionic","focal","jammy"] 
-
+#Temp folder location
+temporary_folder = "/tmp/"  # nosec
 
 # Function to grab secrets
 def get_secret(secid):
@@ -65,7 +67,7 @@ def get_secret(secid):
     return sec1, sec2
 
 def alert_slack(message):
-    requests.post(slackhook, headers = {"Content-Type": "application/json"}, json = {"text": message})
+    requests.post(slackhook, headers = {"Content-Type": "application/json"}, json = {"text": message}, timeout=5)
     print("Slack Message Sent:",message)
 
 def do_the_needful(filters,uri,env):
@@ -121,16 +123,16 @@ def do_the_needful(filters,uri,env):
         else:
             pass
 
-        path="/tmp/" + fname
+        path=f"{temporary_folder}{fname}"
         try:        
             #Download the installer
             download_response = falcond.download_sensor_installer(id=sha,
-            download_path="/tmp/", file_name=fname)
+            download_path=temporary_folder, file_name=fname)
         except:
             print("Error Downloading\n",os,env,fname)
         try:
             #Upload to Artifactory    
-            response1=requests.put(afurl,auth=(afusername, afkey), data=open(path,'rb').read(),verify=False)
+            response1=requests.put(afurl,auth=(afusername, afkey), data=open(path,'rb').read(), verify=False, timeout=5)
         except:
             print("Error Uploading ",os,env,fname)
         print("Installer Downloaded:\n",os,env,filters,"\n",name,download_response['body'])

diff --git a/samples/automation_lambdas/FalconBot-EDR_End.py b/samples/automation_lambdas/FalconBot-EDR_End.py
@@ -104,7 +104,7 @@ def slack_post(message):
     print(slack_data)
 
     final_response = requests.post(
-        url=response_url, data=slack_data,
+        url=response_url, data=slack_data, timeout=5,
         headers={'Content-Type': 'application/json'}
         )   
     print(final_response.text)

diff --git a/samples/automation_lambdas/IntelDownloads.py b/samples/automation_lambdas/IntelDownloads.py
@@ -8,6 +8,7 @@
 import requests
 import boto3
 import smtplib
+from botocore.exceptions import ClientError
 from email.mime.application import MIMEApplication
 from email.mime.multipart import MIMEMultipart
 from email.mime.text import MIMEText
@@ -17,7 +18,7 @@
 port = 587
 dest_em = "<DESTINATION EMAIL>"
 slackhook = "https://hooks.slack.com/services/<REPLACE WITH YOUR SLACK HOOK URL>" 
-pdf_path = "/tmp/CS_Daily_Intel_Report.pdf"
+pdf_path = "/tmp/CS_Daily_Intel_Report.pdf"  # nosec
 em_message = "This is an automated email sent from an unmonitored inbox. \nFor issues with this automation, please reach out to the Operations Team"
 
 # Function to grab secrets
@@ -49,11 +50,11 @@ def upload_to_slack(slack_token, subject):
     headers = {"authorization": f"Bearer {slack_token}",}
     with open(pdf_path, "rb") as f:
         files = {"file": f}
-        output = requests.post('https://slack.com/api/files.upload', data=payload, headers=headers, files=files)
+        output = requests.post('https://slack.com/api/files.upload', data=payload, headers=headers, files=files, timeout=5)
     print(output.text)
 
 def alert_don(message):
-    requests.post(slackhook, headers = {"Content-Type": "application/json"}, json = {"text": message})
+    requests.post(slackhook, headers = {"Content-Type": "application/json"}, json = {"text": message}, timeout=5)
     print("Slack Message Sent:",message)
 
 def send_email_pdf(subject, dest_em, email_un, email_pw, desc):

diff --git a/samples/automation_lambdas/PickNextSensorVersion.py b/samples/automation_lambdas/PickNextSensorVersion.py
@@ -26,11 +26,11 @@ def get_secret(secret):
 
     # Decrypts secret using the associated KMS key.
     secrets = json.loads(get_secret_value_response['SecretString'])
-    if secret == "CSKey":
+    if secret == "CSKey":  # nosec
         clientid = secrets['clientid']
         clientsec = secrets['clientsec']
         return clientid, clientsec
-    elif secret == "APIKey":
+    elif secret == "APIKey":  # nosec
         key = secrets['update_key']
         return key
     else:
@@ -39,22 +39,22 @@ def get_secret(secret):
 
 def alert_don(message):
     slack_data = json.dumps({'blocks': message})
-    requests.post(url=slackhook, data=slack_data,headers={'Content-Type': 'application/json'})
+    requests.post(url=slackhook, data=slack_data,headers={'Content-Type': 'application/json'}, timeout=5)
     print("Slack Message Sent:",message)
 
 def grab_dates():
-    dates = requests.get('https://<REPLACE ME>.execute-api.us-east-1.amazonaws.com/default/API/sensor_dates_changes', headers = {'auth': 'YOUR_API_KEY'}).text
+    dates = requests.get('https://<REPLACE ME>.execute-api.us-east-1.amazonaws.com/default/API/sensor_dates_changes', headers = {'auth': 'YOUR_API_KEY'}, timeout=5).text
     return dates
 
 def grab_versions():
-    versions = requests.get('https://<REPLACE ME>.execute-api.us-east-1.amazonaws.com/default/API/proposed_sensor_versions', headers = {'auth': 'YOUR_API_KEY'}).text.replace('[', '').replace(']', '')
+    versions = requests.get('https://<REPLACE ME>.execute-api.us-east-1.amazonaws.com/default/API/proposed_sensor_versions', headers = {'auth': 'YOUR_API_KEY'}, timeout=5).text.replace('[', '').replace(']', '')
     return versions
 
 def set_new_versions(platform,version):
     url = 'https://<REPLACE ME>.execute-api.us-east-1.amazonaws.com/default/API/proposed_sensor_versions/up'
     payload = "{\""+platform+"\": \""+version+"\"}"
     headers = {'auth': EDR_Update_Key,'Content-Type': 'text/plain'}
-    response = requests.patch(url, headers=headers, data=payload)
+    response = requests.patch(url, headers=headers, data=payload, timeout=5)
     print(response)
 
 def lambda_handler(event, context):

diff --git a/samples/automation_lambdas/Sensor_version_change.py b/samples/automation_lambdas/Sensor_version_change.py
@@ -33,7 +33,7 @@ def get_secret(secret):
 
     # Decrypts secret using the associated KMS key.
     secrets = json.loads(get_secret_value_response['SecretString'])
-    if secret == "Falcon_Key":
+    if secret == "Falcon_Key":  # nosec
         clientid = secrets['clientid']
         clientsec = secrets['clientsec']
         return clientid, clientsec
@@ -43,16 +43,16 @@ def get_secret(secret):
 
 def slack_alert(message):
     slack_data = json.dumps({'blocks': message})
-    response = requests.post(url=slackhook, data=slack_data,headers={'Content-Type': 'application/json'})
+    response = requests.post(url=slackhook, data=slack_data,headers={'Content-Type': 'application/json'}, timeout=5)
     print("Slack Message Sent:",message)
     print(response)
 
 def grab_dates():
-    dates = requests.get('https://<Replace>.execute-api.us-east-1.amazonaws.com/default/API/sensor_date_changes', headers = {'auth': 'YOUR_API_KEY'}).text
+    dates = requests.get('https://<Replace>.execute-api.us-east-1.amazonaws.com/default/API/sensor_date_changes', headers = {'auth': 'YOUR_API_KEY'}, timeout=5).text
     return dates
 
 def grab_versions():
-    versions = requests.get('https://<Replace>.execute-api.us-east-1.amazonaws.com/default/API/proposed_sensor_versions', headers = {'auth': 'YOUR_API_KEY'}).text.replace('[', '').replace(']', '')
+    versions = requests.get('https://<Replace>.execute-api.us-east-1.amazonaws.com/default/API/proposed_sensor_versions', headers = {'auth': 'YOUR_API_KEY'}, timeout=5).text.replace('[', '').replace(']', '')
     return versions
 
 def set_new_versions(policy,version,platform):
@@ -84,7 +84,7 @@ def set_new_versions(policy,version,platform):
 def patch_api(platform,version):
     payload = "{\""+platform+"\": \""+version+"\"}"
     print(payload)
-    response = requests.patch("https://<Replace>.execute-api.us-east-1.amazonaws.com/default/API/sensor_versions/up", headers = {'auth': EDR_Update_Key,'Content-Type': 'text/plain'}, data=payload)
+    response = requests.patch("https://<Replace>.execute-api.us-east-1.amazonaws.com/default/API/sensor_versions/up", headers = {'auth': EDR_Update_Key,'Content-Type': 'text/plain'}, data=payload, timeout=5)
     print("Update in EDR API: ",response)
 
 #####!!!!! Need to Send Slack Start alert 
@@ -95,7 +95,7 @@ def lambda_handler(event, context):
         print("Congrats! It's time to run this puppy and update the Sensor Versions!!!")
         # Send Slack Start alert 
         body = "Hello Teams!\n This is a reminder that the scheduled change of the Standard Sensor Versions is about to occur in 5 minutes."
-        output = requests.post('https://hooks.slack.com/services/<Replace_With_Your_Slack_Hook',headers = {"Content-Type": "application/json"},json = {"text": body})
+        output = requests.post('https://hooks.slack.com/services/<Replace_With_Your_Slack_Hook',headers = {"Content-Type": "application/json"},json = {"text": body}, timeout=5)
         print("Slack post status: "+output.text)
         print("Sleeping for 5 minutes")
         sleep(300)

diff --git a/samples/automation_lambdas/UpdateSupportedKernelsList_Sorted.py b/samples/automation_lambdas/UpdateSupportedKernelsList_Sorted.py
@@ -34,7 +34,7 @@ def get_secret():
 
 def get_version(id):
     headersList = {"Accept": "*/*","auth": "YOUR_AUTH_KEY","version": id}
-    response = requests.get("https://<REPLACE>.execute-api.us-east-1.amazonaws.com/default/API/sensor_versions",   headers=headersList)
+    response = requests.get("https://<REPLACE>.execute-api.us-east-1.amazonaws.com/default/API/sensor_versions", headers=headersList, timeout=5)
     version = json.loads(response.text)[0][id]
     return version
 
@@ -167,7 +167,7 @@ def lambda_handler(event, context):
 
         else:
             body = ":warning: Hey Team,\n there's a new distro you haven't accounted for yet\n"+d
-            output = requests.post(slackhook, headers = {"Content-Type": "application/json"}, json = {"text": body})
+            output = requests.post(slackhook, headers = {"Content-Type": "application/json"}, json = {"text": body}, timeout=5)
 
     outdata +="</body></html>"
 
@@ -185,5 +185,6 @@ def lambda_handler(event, context):
     #Send completion Message to Slack
     output = requests.post(slackhook, 
         headers = {"Content-Type": "application/json"},
-        json = {"text": "The Linux Supported Kernels Page has been updated"})
+        json = {"text": "The Linux Supported Kernels Page has been updated"},
+        timeout=5)
     print("Slack post status: "+output.text)