diff --git a/plugins/rapid7_insightvm/.CHECKSUM b/plugins/rapid7_insightvm/.CHECKSUM index c82c53470c..bf656cb4cd 100644 --- a/plugins/rapid7_insightvm/.CHECKSUM +++ b/plugins/rapid7_insightvm/.CHECKSUM @@ -1,7 +1,7 @@ { - "spec": "d18e8844f8a6f34300f9fbfc8e5443a5", - "manifest": "41d23a0b015987ea269fdafae0a4041a", - "setup": "7ca07c68a6cf358ba56b66787e6e8d05", + "spec": "6916cc2077c1551734f9ee315a2ff3bd", + "manifest": "25aab986ca8d5bc501e96bde2023115e", + "setup": "ec8e6afe4e0de95e44de346908c74ae6", "schemas": [ { "identifier": "add_scan_engine_pool_engine/schema.py", diff --git a/plugins/rapid7_insightvm/Dockerfile b/plugins/rapid7_insightvm/Dockerfile index 9231610c8d..911a8218e1 100755 --- a/plugins/rapid7_insightvm/Dockerfile +++ b/plugins/rapid7_insightvm/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=linux/amd64 rapid7/insightconnect-python-3-plugin:6.1.0 +FROM --platform=linux/amd64 rapid7/insightconnect-python-3-plugin:6.1.4 LABEL organization=rapid7 LABEL sdk=python diff --git a/plugins/rapid7_insightvm/bin/komand_rapid7_insightvm b/plugins/rapid7_insightvm/bin/komand_rapid7_insightvm index bc6e10af8d..1849961da4 100755 --- a/plugins/rapid7_insightvm/bin/komand_rapid7_insightvm +++ b/plugins/rapid7_insightvm/bin/komand_rapid7_insightvm @@ -6,7 +6,7 @@ from sys import argv Name = "Rapid7 InsightVM Console" Vendor = "rapid7" -Version = "8.0.5" +Version = "8.0.6" Description = "InsightVM is a powerful vulnerability management tool which finds, prioritizes, and remediates vulnerabilities. This plugin uses an orchestrator to get top remediations, scan results and start scans" diff --git a/plugins/rapid7_insightvm/help.md b/plugins/rapid7_insightvm/help.md index dfc3cc54a7..d7050ae587 100644 --- a/plugins/rapid7_insightvm/help.md +++ b/plugins/rapid7_insightvm/help.md @@ -4012,6 +4012,7 @@ Example output: # Version History +* 8.0.6 - Trigger `New Exception Request`: Updated the trigger with retry mechanism * 8.0.5 - Initial updates for fedramp compliance | `New Exception Request`: Fixed an issue where it would not trigger in certain scenarios | Updated SDK to the latest version * 8.0.4 - Updated SDK to the latest version | Update dependencies * 8.0.3 - Updated `Dockerfile` permissions from `nobody` to `root` diff --git a/plugins/rapid7_insightvm/komand_rapid7_insightvm/triggers/new_exception_request/trigger.py b/plugins/rapid7_insightvm/komand_rapid7_insightvm/triggers/new_exception_request/trigger.py index 70dce55be2..961c2c6c9d 100755 --- a/plugins/rapid7_insightvm/komand_rapid7_insightvm/triggers/new_exception_request/trigger.py +++ b/plugins/rapid7_insightvm/komand_rapid7_insightvm/triggers/new_exception_request/trigger.py @@ -1,11 +1,16 @@ -import insightconnect_plugin_runtime import time -from .schema import NewExceptionRequestInput, NewExceptionRequestOutput, Input, Output, Component +from typing import Any, Dict, List + +import insightconnect_plugin_runtime # Custom imports below from komand_rapid7_insightvm.util.endpoints import VulnerabilityException from komand_rapid7_insightvm.util.resource_requests import ResourceRequests -from typing import List +from komand_rapid7_insightvm.util.util import retry_request + +from .schema import Component, Input, NewExceptionRequestInput, NewExceptionRequestOutput, Output + +MAXIMUM_TRIES = 30 class NewExceptionRequest(insightconnect_plugin_runtime.Trigger): @@ -38,27 +43,16 @@ def run(self, params={}): if new_ids: self.logger.info(f"Found new {len(new_ids)} exceptions. Returning results...") for id_ in new_ids: - try: - self.send( - { - Output.EXCEPTION: resource_helper.resource_request( - endpoint=VulnerabilityException.vulnerability_exception( - self.connection.console_url, id_ - ) - ) - } - ) - except Exception as error: - self.logger.error( - f"Unexpected exception during trigger execution occurs. The error is: '{error}'" - ) + self.send({Output.EXCEPTION: self._get_exception(id_, resource_helper)}) previous_ids = current_ids else: - self.logger.info(f"No new exceptions found. Sleeping for {frequency} minutes...") + self.logger.info("No new exceptions found.") # Sleep for configured frequency in minutes + self.logger.info(f"Sleeping for {frequency} minutes...\n") time.sleep(frequency * 60) + @retry_request(maximum_tries=MAXIMUM_TRIES) def _get_ids(self, status_filters: List[str], resource_helper: ResourceRequests) -> List[int]: """ Get IDs. This method allows to get a list of vulnerability exception IDs from the API where the @@ -83,3 +77,22 @@ def _get_ids(self, status_filters: List[str], resource_helper: ResourceRequests) for element in response if element.get("state", "").lower() in map(str.lower, status_filters) ] + + @retry_request(maximum_tries=MAXIMUM_TRIES) + def _get_exception(self, identifier: str, resource_helper: ResourceRequests) -> Dict[str, Any]: + """ + Get Exception. This method allows you to get details about a vulnerability exception with its given identifier. + + :param identifier: The identifier of the vulnerability exception. + :type identifier: str + + :param resource_helper: The resource helper object to send requests. + :type resource_helper: ResourceRequests + + :return: Dictionary that contains vulnerability exception data. + :rtype: Dict[str, Any] + """ + + return resource_helper.resource_request( + endpoint=VulnerabilityException.vulnerability_exception(self.connection.console_url, identifier) + ) diff --git a/plugins/rapid7_insightvm/komand_rapid7_insightvm/util/util.py b/plugins/rapid7_insightvm/komand_rapid7_insightvm/util/util.py index 72b7103220..4c6453d42c 100644 --- a/plugins/rapid7_insightvm/komand_rapid7_insightvm/util/util.py +++ b/plugins/rapid7_insightvm/komand_rapid7_insightvm/util/util.py @@ -1,10 +1,13 @@ -from komand_rapid7_insightvm.util import endpoints -from komand_rapid7_insightvm.util.resource_requests import ResourceRequests -import insightconnect_plugin_runtime -from insightconnect_plugin_runtime.exceptions import PluginException import time +from functools import wraps +from typing import Any, Callable, Dict + +import insightconnect_plugin_runtime from dateutil.parser import parse -from typing import Dict, Any +from insightconnect_plugin_runtime.exceptions import PluginException + +from komand_rapid7_insightvm.util import endpoints +from komand_rapid7_insightvm.util.resource_requests import ResourceRequests def convert_date_to_iso8601(date: str) -> str: @@ -105,3 +108,24 @@ def check_not_null(account: Dict[str, Any], var_name: str) -> str: raise PluginException(cause=f"{var_name} has not been entered.", assistance=f"Enter valid {var_name}") else: return value + + +def retry_request(maximum_tries: int, delay: int = 5) -> Callable: + def _decorator(function_: Callable) -> Callable: + @wraps(function_) + def wrapper(self, *args, **kwargs): + error_, counter = None, 0 + while counter < maximum_tries: + try: + return function_(self, *args, **kwargs) + except PluginException as error: + self.logger.info( + f"{error} Retrying the API call in {delay} seconds... ({counter + 1}/{maximum_tries})" + ) + counter, error_ = counter + 1, error + time.sleep(delay) + raise error_ + + return wrapper + + return _decorator diff --git a/plugins/rapid7_insightvm/plugin.spec.yaml b/plugins/rapid7_insightvm/plugin.spec.yaml index 672d995e98..040a068e59 100644 --- a/plugins/rapid7_insightvm/plugin.spec.yaml +++ b/plugins/rapid7_insightvm/plugin.spec.yaml @@ -4,7 +4,7 @@ products: [insightconnect] name: rapid7_insightvm title: Rapid7 InsightVM Console description: InsightVM is a powerful vulnerability management tool which finds, prioritizes, and remediates vulnerabilities. This plugin uses an orchestrator to get top remediations, scan results and start scans -version: 8.0.5 +version: 8.0.6 connection_version: 8 supported_versions: ["Rapid7 InsightVM API v3 2022-05-25"] fedramp_ready: true @@ -12,16 +12,17 @@ vendor: rapid7 support: rapid7 status: [] key_features: - - Get top remediations - - Start scans - - Get scan results + - "Get top remediations" + - "Start scans" + - "Get scan results" requirements: - - Username and password for a user with the necessary permissions + - "Username and password for a user with the necessary permissions" links: - "[InsightVM](https://www.rapid7.com/products/insightvm/)" references: - "[InsightVM API 3](https://help.rapid7.com/insightvm/en-us/api/index.html)" version_history: + - "8.0.6 - Trigger `New Exception Request`: Updated the trigger with retry mechanism" - "8.0.5 - Initial updates for fedramp compliance | `New Exception Request`: Fixed an issue where it would not trigger in certain scenarios | Updated SDK to the latest version" - "8.0.4 - Updated SDK to the latest version | Update dependencies" - "8.0.3 - Updated `Dockerfile` permissions from `nobody` to `root`" @@ -77,7 +78,7 @@ version_history: - "1.0.0 - Initial plugin release" sdk: type: full - version: 6.1.0 + version: 6.1.4 user: root resources: source_url: https://github.com/rapid7/insightconnect-plugins/tree/master/plugins/rapid7_insightvm diff --git a/plugins/rapid7_insightvm/requirements.txt b/plugins/rapid7_insightvm/requirements.txt index 6eedbb4511..55139061c7 100755 --- a/plugins/rapid7_insightvm/requirements.txt +++ b/plugins/rapid7_insightvm/requirements.txt @@ -1,11 +1,11 @@ # List third-party dependencies here, separated by newlines. # All dependencies must be version-pinned, eg. requests==1.2.0 # See: https://pip.pypa.io/en/stable/user_guide/#requirements-files -setuptools==74.0.0 -aiohttp==3.10.5 +setuptools==75.3.0 +aiohttp==3.10.10 defusedxml==0.7.1 datetime==5.5 python-dateutil==2.9.0 parameterized==0.8.1 -pytest==8.3.2 +pytest==8.3.3 freezegun==1.5.1 diff --git a/plugins/rapid7_insightvm/setup.py b/plugins/rapid7_insightvm/setup.py index 4b2481474d..34be0ee248 100755 --- a/plugins/rapid7_insightvm/setup.py +++ b/plugins/rapid7_insightvm/setup.py @@ -3,7 +3,7 @@ setup(name="rapid7_insightvm-rapid7-plugin", - version="8.0.5", + version="8.0.6", description="InsightVM is a powerful vulnerability management tool which finds, prioritizes, and remediates vulnerabilities. This plugin uses an orchestrator to get top remediations, scan results and start scans", author="rapid7", author_email="",