[SOAR-19626] Palo Alto pan os adjusted existing actions to ensure compatibility

plugins/palo_alto_pan_os/.CHECKSUM

@@ -1,7 +1,7 @@
 {
-	"spec": "951c905a41e40251c94144236196828f",
-	"manifest": "4b73a65f26d11b03b3f8e816bde4c610",
-	"setup": "c0d3112f675341f3752724921ec4b037",
+	"spec": "19e11636e618b397ab4d376f3c92b0e7",
+	"manifest": "a01418b01c795875566e03d4bf863e12",
+	"setup": "530bdd16960976a9417f24abb29ff665",
 	"schemas": [
 		{
 			"identifier": "add_address_object_to_group/schema.py",

plugins/palo_alto_pan_os/Dockerfile

@@ -1,4 +1,4 @@
-FROM --platform=linux/amd64 rapid7/insightconnect-python-3-plugin:6.3.4 AS builder
+FROM --platform=linux/amd64 rapid7/insightconnect-python-3-plugin:6.3.7 AS builder
 
 WORKDIR /python/src
 
@@ -11,7 +11,7 @@ ADD . /python/src
 RUN pip install .
 RUN pip uninstall -y setuptools
 
-FROM --platform=linux/amd64 rapid7/insightconnect-python-3-plugin:6.3.4
+FROM --platform=linux/amd64 rapid7/insightconnect-python-3-plugin:6.3.7
 
 LABEL organization=rapid7
 LABEL sdk=python

plugins/palo_alto_pan_os/bin/komand_palo_alto_pan_os

@@ -6,7 +6,7 @@ from sys import argv
 
 Name = "Palo Alto Firewall"
 Vendor = "rapid7"
-Version = "6.1.9"
+Version = "6.1.10"
 Description = "[PAN-OS](https://www.paloaltonetworks.com/documentation/80/pan-os) is the software that runs all Palo Alto Networks next-generation firewalls. This plugin utilizes the [PAN-OS API](https://www.paloaltonetworks.com/documentation/80/pan-os/xml-api) to provide programmatic management of the Palo Alto Firewall appliance(s). It supports managing firewalls individually or centralized via [Panorama](https://www.paloaltonetworks.com/network-security/panorama)"
 
 

plugins/palo_alto_pan_os/help.md

@@ -19,7 +19,7 @@
 
 # Supported Product Versions
 
-* 9.0.3
+* 10.1
 
 # Documentation
 
@@ -1114,6 +1114,7 @@ Example output:
 
 # Version History
 
+* 6.1.10 - Adjusted existing actions to ensure compatibility with Palo Alto version 10.1 | Updated SDK to latest version (6.3.7)
 * 6.1.9 - Addressed Snyk Vulnerability | Updated SDK to latest version (6.3.4)
 * 6.1.8 - Updated SDK to the latest version (6.2.6)
 * 6.1.7 - Fix issue in 'add_address_object_to_group' action | SDK bump to 6.2.0 | Bumping requirements.txt

plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_address_object_to_group/action.py

@@ -28,7 +28,9 @@ def run(self, params={}):
 
         # See if we can get the group the user is looking for:
         response = self.connection.request.get_address_group(
-            device_name=device_name, virtual_system=virtual_system, group_name=group_name
+            device_name=device_name,
+            virtual_system=virtual_system,
+            group_name=group_name,
         )
 
         try:
@@ -43,20 +45,21 @@ def run(self, params={}):
 
         # We got the group, now pull out all the address object names
         names = []
-        for name in address_objects:
-            if isinstance(name, str):
-                names.append(name)
+
+        try:
+            if isinstance(address_objects, list):
+                for address in address_objects:
+                    names.append(address.get("#text"))
             else:
-                try:
-                    names.append(name.get("#text"))
-                except AttributeError:
-                    raise PluginException(
-                        cause="PAN OS returned an unexpected response.",
-                        assistance=f"Could not get the address object name. Check the group name, virtual system "
-                        f"name, and device name and try again.\nDevice name: {device_name}\nVirtual "
-                        f"system: {virtual_system}\n",
-                        data=name,
-                    )
+                names.append(address_objects.get("#text"))
+        except AttributeError:
+            raise PluginException(
+                cause="PAN OS returned an unexpected response.",
+                assistance=f"Could not get the address object name. Check the group name, virtual system "
+                f"name, and device name and try again.\nDevice name: {device_name}\nVirtual "
+                f"system: {virtual_system}\n",
+                data=address_objects,
+            )
 
         # Append the address_objects
         for name in new_address_objects:
@@ -77,8 +80,6 @@ def run(self, params={}):
 
     @staticmethod
     def make_xml(names, group_name):
-        members = ""
-        for name in names:
-            members += f"<member>{name}</member>"
+        members = "".join(f"<member>{name}</member>" for name in names)
         xml_template = f"<entry name='{group_name}'><static>{members}</static></entry>"
         return xml_template

plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/check_if_address_object_in_group/action.py

@@ -38,23 +38,23 @@ def run(self, params={}):  # noqa: MC0001
             )
 
         # Extract all the address objects from the address group
-        self.logger.info(f"Searching through {len(ip_objects)} address objects.")
+        members = ip_objects.get("member")
+        self.logger.info(f"Searching through {self.count_members(members)} address objects.")
         ip_object_names = []
-        for member in ip_objects.get("member", {}):
-            if isinstance(member, str):
-                ip_object_names.append(member)
-            else:
-                object_name = member.get("#text", "")
-                if object_name:
-                    ip_object_names.append(object_name)
+
+        if isinstance(members, list):
+            for member in members:
+                ip_object_names.append(member.get("#text", ""))
+        else:
+            ip_object_names.append(members.get("#text", ""))
 
         # If enable search is false, we just want to see if the address to check matches an address object
         # If enable search is true, we have to look in each address object for address to check
         if not enable_search:
             for name in ip_object_names:
                 if name == address_to_check:
                     return {Output.FOUND: True, Output.ADDRESS_OBJECTS: [name]}
-        else:  # enable_search is false
+        else:  # enable_search is true
             # This is a helper to check addresses against address objects
             ip_checker = IpCheck()
 
@@ -102,3 +102,17 @@ def run(self, params={}):  # noqa: MC0001
 
         # That was a lot of work for nothing...bail out
         return {Output.FOUND: False, Output.ADDRESS_OBJECTS: []}
+
+    @staticmethod
+    def count_members(member: dict) -> int:
+        try:
+            if isinstance(member, list):
+                return len(member)
+            elif isinstance(member, dict):
+                if "#text" in member:
+                    return 1
+                else:
+                    return 0
+
+        except (KeyError, TypeError):
+            return 0

plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get_addresses_from_group/action.py

@@ -39,7 +39,15 @@ def run(self, params={}):  # noqa: MC0001
         ipv6_addresses = []
         all_addresses = []
 
-        for name in address_objects:
+        names = []
+
+        if isinstance(address_objects, list):
+            for address in address_objects:
+                names.append(address.get("#text"))
+        else:
+            names.append(address_objects.get("#text"))
+
+        for name in names:
             object_name = self.get_name(name)
             response = self.connection.request.get_address_object(
                 device_name=device_name, virtual_system=virtual_system, object_name=object_name

plugins/palo_alto_pan_os/komand_palo_alto_pan_os/util/util.py

@@ -59,18 +59,21 @@ def extract_from_security_policy(self, policy: dict) -> dict:  # noqa: MC0001
         for _, object_value in output.items():
             if isinstance(object_value, list):
                 if isinstance(object_value[0], dict):
-                    for _, object_value_value in object_value.items():
+                    new_list = []
+                    for object_value_value in object_value:
                         try:
-                            object_value[key] = object_value_value["#text"]
+                            new_list.append(object_value_value["#text"])
                         except KeyError:
                             raise PluginException(
                                 cause="An unknown formatting error occurred when formatting a security subpolicy.",
                                 assistance="Contact support for help.",
-                                data=f"Subpolicy {object_value[0]}",
+                                data=f"Subpolicy {object_value_value}",
                             )
-            if isinstance(object_value, dict):
-                if isinstance(object_value, dict) and "#text" in object_value:
-                    object_value = object_value["#text"]
+                    object_value[:] = new_list
+
+            elif isinstance(object_value, dict):
+                if "#text" in object_value:
+                    output[_] = object_value["#text"]
 
         return output
 
@@ -172,15 +175,15 @@ def element_for_policy_update(
         self.logger.debug(f"Dictionary to convert to XML {element}")
 
         for key, value in element.items():
-            if not value == "action" and isinstance(key, str):
-                temp = key
-                key = {"member": temp}
+            if key != "action":
+                if isinstance(value, str):
+                    element[key] = [value]
 
         element = dicttoxml.dicttoxml(element, attr_type=False, root=False)
         element = element.decode()
         element = element.replace("<item>", "<member>")
         element = element.replace("</item>", "</member>")
-        element = f'<entry name="{rule_name}">{element}</entry>'
+        element = f"<entry name='{rule_name}'>{element}</entry>"
         self.logger.info(f"XML :{element}")
         return element
 

plugins/palo_alto_pan_os/plugin.spec.yaml

@@ -8,12 +8,12 @@ description: '[PAN-OS](https://www.paloaltonetworks.com/documentation/80/pan-os)
   utilizes the [PAN-OS API](https://www.paloaltonetworks.com/documentation/80/pan-os/xml-api)
   to provide programmatic management of the Palo Alto Firewall appliance(s). It supports
   managing firewalls individually or centralized via [Panorama](https://www.paloaltonetworks.com/network-security/panorama)'
-version: 6.1.9
+version: 6.1.10
 sdk:
   type: full
-  version: 6.3.4
+  version: 6.3.7
   user: nobody
-supported_versions: [9.0.3]
+supported_versions: [10.1]
 connection_version: 6
 vendor: rapid7
 support: rapid7
@@ -42,6 +42,7 @@ requirements: [Access to Palo Alto Next Generation firewall or Palo Alto Panoram
 references: ['[Palo Alto PAN-OS API](https://www.paloaltonetworks.com/documentation/80/pan-os/xml-api)']
 links: ['[Palo Alto PAN-OS](https://www.paloaltonetworks.com/documentation/80/pan-os)']
 version_history:
+- 6.1.10 - Adjusted existing actions to ensure compatibility with Palo Alto version 10.1 | Updated SDK to latest version (6.3.7)
 - 6.1.9 - Addressed Snyk Vulnerability | Updated SDK to latest version (6.3.4)
 - 6.1.8 - Updated SDK to the latest version (6.2.6)
 - 6.1.7 - Fix issue in 'add_address_object_to_group' action | SDK bump to 6.2.0 |

plugins/palo_alto_pan_os/setup.py

@@ -4,7 +4,7 @@
 
 setup(
     name="palo_alto_pan_os-rapid7-plugin",
-    version="6.1.9",
+    version="6.1.10",
     description="[PAN-OS](https://www.paloaltonetworks.com/documentation/80/pan-os) is the software that runs all Palo Alto Networks next-generation firewalls. This plugin utilizes the [PAN-OS API](https://www.paloaltonetworks.com/documentation/80/pan-os/xml-api) to provide programmatic management of the Palo Alto Firewall appliance(s). It supports managing firewalls individually or centralized via [Panorama](https://www.paloaltonetworks.com/network-security/panorama)",
     author="rapid7",
     author_email="",