Add proxy support

requirements.txt

@@ -15,3 +15,4 @@ flake8-colors==0.1.9
 flake8-docstrings==1.7.0
 pre-commit>=2.15.0
 freezegun==1.4.0
+proxy.py==2.4.4

setup.py

@@ -27,6 +27,7 @@
         "flake8-docstrings==1.7.0",
         "pre-commit>=2.15.0",
         "freezegun==1.2.2",
+        "proxy.py==2.4.4",
     ]
 }
 

src/cbc_syslog/util/carbon_black_cloud.py

@@ -85,7 +85,8 @@ def __init__(self, source):
                               org_key=source["org_key"],
                               token=(source["custom_api_key"] + "/" + source["custom_api_id"]),
                               integration_name=f"CBC_SYSLOG/{__version__}",
-                              ssl_verify=not SSL_VERIFY_TEST_MODE),
+                              ssl_verify=not SSL_VERIFY_TEST_MODE,
+                              proxy=source.get("proxy", None)),
             "alerts_enabled": source.get("alerts_enabled", False),
             "alert_rules": source.get("alert_rules", []),
             "audit_logs_enabled": source.get("audit_logs_enabled", False)

src/cbc_syslog/util/config.py

@@ -359,6 +359,7 @@ def sources(self):
                     "alerts_enabled": section.get("alerts_enabled", False),
                     "alert_rules": section.get("alert_rules", [{}]),
                     "audit_logs_enabled": section.get("audit_logs_enabled", False),
+                    "proxy": section.get("proxy", None)
                 })
 
         return sources

src/tests/unit/test_carbon_black_cloud.py

@@ -11,6 +11,8 @@
 
 """Tests for the Carbon Black Cloud object."""
 
+import ipaddress
+import proxy
 import pytest
 import logging
 from cbc_syslog.util import CarbonBlackCloud
@@ -304,3 +306,34 @@ def audit_log():
 
     audit_logs = cbcloud.fetch_audit_logs(5)
     assert len(audit_logs) == 1
+
+
+def test_proxy():
+    """Test CarbonBlackCloud proxy"""
+    source = {
+        "custom_api_id": "CUSTOM_ID",
+        "custom_api_key": "CUSTOM_KEY",
+        "org_key": "ORG_KEY",
+        "server_url": "https://0.0.0.0:5001",
+        "audit_logs_enabled": True,
+        "alerts_enabled": True,
+        "alert_rules": [{
+            "type": ["CB_ANALYTICS"],
+            "policy_id": [7113786],
+            "minimum_severity": 3,
+            "alert_notes_present": True,
+            "threat_notes_present": True,
+            "remote_is_private": False
+        }],
+        "proxy": "0.0.0.0:8889"
+    }
+    with proxy.Proxy(hostname=ipaddress.IPv6Address('::'), port=8889):
+        # Set Alert Response
+        pytest.alert_search_response = GET_ALERTS_SINGLE
+
+        end = datetime.now(timezone.utc) - timedelta(seconds=30)
+        start = end - timedelta(minutes=5)
+        cbcloud = CarbonBlackCloud(source)
+
+        alerts = cbcloud.fetch_alerts(start, end)
+        assert len(alerts) == 1

src/tests/unit/test_config.py

@@ -145,7 +145,8 @@ def test_output(file_path, expected_params):
             "server_url": "http://0.0.0.0:5001",
             "alerts_enabled": False,
             "alert_rules": [{}],
-            'audit_logs_enabled': True
+            'audit_logs_enabled': True,
+            "proxy": None
         }]),
     ("multi-tenant.toml",
         [{
@@ -155,7 +156,8 @@ def test_output(file_path, expected_params):
             "server_url": "http://0.0.0.0:5001",
             "alerts_enabled": False,
             "alert_rules": [{}],
-            'audit_logs_enabled': False
+            'audit_logs_enabled': False,
+            "proxy": None
         }, {
             "custom_api_id": "RANDOM_ID",
             "custom_api_key": "RANDOM_SECRET",
@@ -170,7 +172,23 @@ def test_output(file_path, expected_params):
                 "type": ["WATCHLIST"],
                 "minimum_severity": 7
             }],
-            'audit_logs_enabled': False
+            'audit_logs_enabled': False,
+            "proxy": None
+        }]),
+    ("single-tenant-proxy.toml",
+        [{
+            "custom_api_id": "RANDOM_ID",
+            "custom_api_key": "RANDOM_SECRET",
+            "org_key": "SOME_ORG",
+            "server_url": "https://0.0.0.0:5001",
+            "alerts_enabled": True,
+            "alert_rules": [{
+                "minimum_severity": 3,
+                "policy_applied": True,
+                "type": ["CB_ANALYTICS"]
+            }],
+            'audit_logs_enabled': False,
+            "proxy": "0.0.0.0:8889"
         }]),
 ])
 def test_sources(file_path, expected_sources):

src/tests/unit/test_core.py

@@ -11,9 +11,11 @@
 
 """Tests for the Core commands."""
 
+import ipaddress
 import json
 import logging
 import pathlib
+import proxy
 import pytest
 import time
 
@@ -536,3 +538,31 @@ def test_convert(input, ini_file, valid_file, monkeypatch):
            "key = " in file1_lines[i] or "file_path = " in file1_lines[i]:
             continue
         assert file1_lines[i] == file2_lines[i]
+
+
+def test_proxy_enabled():
+    """Test proxy enabled"""
+    with proxy.Proxy(hostname=ipaddress.IPv6Address('::'), port=8889):
+        config = Config(str(CONFS_PATH.joinpath("single-tenant.toml")))
+
+        def alert_output(request):
+            """Alert output callable"""
+            if request.get("criteria", {}).get("backend_update_timestamp", {}) != {
+                "end": "2023-07-05T00:00:00.000000Z",
+                "start": "2023-07-01T00:00:00.000000Z"
+            }:
+                pytest.fail("Request time range did not match expected start and end time")
+
+            if request.get("time_range", {}) != {
+                "end": "2023-07-06T00:00:00.000000Z",
+                "start": "2023-06-30T00:00:00.000000Z"
+            }:
+                pytest.fail("Request time range did not match expected start and end time")
+
+            return GET_ALERTS_BULK(50, 50)
+
+        pytest.alert_search_response = alert_output
+
+        assert history(config, "2023-07-01T00:00:00.000Z", "2023-07-05T00:00:00.000Z")
+
+        assert len(pytest.recv_history) == 50