[SIEM Connector] Cleaned docs, a bit of core cleanup (#20)

* Cleaned up documentation and code
SocketDev · Dec 10, 2024 · 4e94a96 · 4e94a96
1 parent 4ac6c36
commit 4e94a96
Show file tree

Hide file tree

Showing 4 changed files with 63 additions and 36 deletions.
diff --git a/README.md b/README.md
@@ -26,11 +26,10 @@ The connectors supported by this script have some shared configuration in order
 | Option              | Required | Format           | Description                                                                                                                                 |
 |---------------------|----------|------------------|---------------------------------------------------------------------------------------------------------------------------------------------|
 | api_key             | True     | string           | This is the Socket API Key created in the Socket dashboard. This should have the scoped permissions to access reports                       |
-| from_time           | False    | int              | This is the number of seconds to pull reports from. If this is not defined then it will pull the last 30 days of reports.                   |
 | report_id           | False    | Socket Report ID | If this is provided then only the specified report ID will be processed                                                                     |
 | request_timeout     | False    | int              | This is the number of seconds to wait for an API request to complete before killing it and returning an error. Defaults to 30 seconds       |
-| default_branch_only | False    | boolean          | If enabled only reports where the branch name matches what is the latest report for each default branch per repo                            |
-| from_time           | False    | int              | Period in seconds to pull reports when not specifying a specific `report_id`. If not set defaults to 30 days                                |
+| default_branch_only | False    | boolean          | If enabled only use the latest report from each repo's default branch                                                                       |
+| from_time           | False    | int              | Period in seconds to pull reports when not specifying a specific `report_id`. If not set defaults to 5 minutes                              |
 | actions_override    | False    | list[str]        | List of acceptable values to override the security policy configuration of issues to include. I.E. `error`, `warn`, `monitor`, and `ignore` |
 
 
@@ -43,10 +42,13 @@ from socketsync.core import Core
 if __name__ == '__main__':
     socket_org = os.getenv("SOCKET_ORG") or exit(1)
     api_key = os.getenv("SOCKET_API_KEY") or exit(1)
-    start_date = os.getenv("START_DATE")
+    days_ago = os.getenv("DAYS_AGO") or exit(1)
+
+    from_time = days_ago * 24 * 60 * 60 #Convert days to seconds
+
     core = Core(
         api_key=api_key,
-        start_date=start_date,
+        from_time=from_time,
         report_id=report_id,
         request_timeout=300
     )
@@ -75,11 +77,14 @@ from socketsync.connectors.csv import CSV
 if __name__ == '__main__':
     socket_org = os.getenv("SOCKET_ORG") or exit(1)
     api_key = os.getenv("SOCKET_API_KEY") or exit(1)
-    start_date = os.getenv("START_DATE")
+    days_ago = os.getenv("DAYS_AGO") or exit(1)
     report_id = os.getenv("SOCKET_REPORT_ID")
+
+    from_time = days_ago * 24 * 60 * 60 #Convert days to seconds
+
     core = Core(
         api_key=api_key,
-        start_date=start_date,
+        from_time=from_time,
         report_id=report_id
     )
     issue_data = core.get_issues()
@@ -113,11 +118,14 @@ from socketsync.connectors.bigquery import BigQuery
 if __name__ == '__main__':
     socket_org = os.getenv("SOCKET_ORG") or exit(1)
     api_key = os.getenv("SOCKET_API_KEY") or exit(1)
-    start_date = os.getenv("START_DATE")
+    days_ago = os.getenv("DAYS_AGO") or exit(1)
     report_id = os.getenv("SOCKET_REPORT_ID")
+
+    from_time = days_ago * 24 * 60 * 60 #Convert days to seconds
+
     core = Core(
         api_key=api_key,
-        start_date=start_date,
+        from_time=from_time,
         report_id=report_id
     )
     issue_data = core.get_issues()
@@ -147,11 +155,14 @@ from socketsync.connectors.panther import Panther
 if __name__ == '__main__':
     socket_org = os.getenv("SOCKET_ORG") or exit(1)
     api_key = os.getenv("SOCKET_API_KEY") or exit(1)
-    start_date = os.getenv("START_DATE")
+    days_ago = os.getenv("DAYS_AGO") or exit(1)
     report_id = os.getenv("SOCKET_REPORT_ID")
+
+    from_time = days_ago * 24 * 60 * 60 #Convert days to seconds
+
     core = Core(
         api_key=api_key,
-        start_date=start_date,
+        from_time=from_time,
         report_id=report_id
     )
     issue_data = core.get_issues()
@@ -178,11 +189,14 @@ from socketsync.connectors.elastic import Elastic
 if __name__ == '__main__':
     socket_org = os.getenv("SOCKET_ORG") or exit(1)
     api_key = os.getenv("SOCKET_API_KEY") or exit(1)
-    start_date = os.getenv("START_DATE")
+    days_ago = os.getenv("DAYS_AGO") or exit(1)
     report_id = os.getenv("SOCKET_REPORT_ID")
+
+    from_time = days_ago * 24 * 60 * 60 #Convert days to seconds
+
     core = Core(
         api_key=api_key,
-        start_date=start_date,
+        from_time=from_time,
         report_id=report_id
     )
     issue_data = core.get_issues()
@@ -218,11 +232,14 @@ from socketsync.connectors.webhook import Webhook
 if __name__ == '__main__':
     socket_org = os.getenv("SOCKET_ORG") or exit(1)
     api_key = os.getenv("SOCKET_API_KEY") or exit(1)
-    start_date = os.getenv("START_DATE")
+    days_ago = os.getenv("DAYS_AGO") or exit(1)
     report_id = os.getenv("SOCKET_REPORT_ID")
+
+    from_time = days_ago * 24 * 60 * 60 #Convert days to seconds
+
     core = Core(
         api_key=api_key,
-        start_date=start_date,
+        from_time=from_time,
         report_id=report_id
     )
     issue_data = core.get_issues()
@@ -256,11 +273,14 @@ from socketsync.connectors.slack import Slack
 if __name__ == '__main__':
     socket_org = os.getenv("SOCKET_ORG") or exit(1)
     api_key = os.getenv("SOCKET_API_KEY") or exit(1)
-    start_date = os.getenv("START_DATE")
+    days_ago = os.getenv("DAYS_AGO") or exit(1)
     report_id = os.getenv("SOCKET_REPORT_ID")
+
+    from_time = days_ago * 24 * 60 * 60 #Convert days to seconds
+
     core = Core(
         api_key=api_key,
-        start_date=start_date,
+        from_time=from_time,
         report_id=report_id
     )
     issue_data = core.get_issues()

diff --git a/pyproject.toml b/pyproject.toml
@@ -15,10 +15,12 @@ license = {file = "LICENSE"}
 description = "Socket Security Sync Tool"
 keywords = ["socketsecurity", "socket.dev", "sca", "oss", "security", "sdk"]
 authors = [
-    {name = "Douglas Coburn", email = "[email protected]"}
+    {name = "Douglas Coburn", email = "[email protected]"},
+    {name = "Eric Hibbs", email = "[email protected]"}
 ]
 maintainers = [
-    {name = "Douglas Coburn", email = "[email protected]"}
+    {name = "Douglas Coburn", email = "[email protected]"},
+    {name = "Eric Hibbs", email = "[email protected]"}
 ]
 classifiers = [
     "Development Status :: 5 - Production/Stable",

diff --git a/socketsync/__init__.py b/socketsync/__init__.py
@@ -2,7 +2,7 @@
 
 
 __author__ = "socket.dev"
-__version__ = "1.0.18"
+__version__ = "1.0.19"
 __all__ = ["log", "__version__", "columns", "default_headers"]
 
 log = logging.getLogger("socketdev")

diff --git a/socketsync/core.py b/socketsync/core.py
@@ -239,30 +239,35 @@ def create_reports_list(raw_reports: dict, report_id: str = None) -> list:
         return reports
 
     def get_issues(self) -> list:
-        issues = []
+        reports = self.get_reports()
+
+        log.debug(f"Found {len(reports)} Socket Scans")
+        issues = Core.handle_reports(reports, [])
+        return issues
+
+    def get_reports(self) -> list:
         if self.report_id is not None:
             report_data = socket.fullscans.metadata(org_slug, self.report_id)
             report = Report(**report_data)
-            reports = [report]
-        elif self.default_branch_only:
+            return [report]
+
+        if self.default_branch_only:
             reports = Core.get_latest_default_branch()
-        else:
-            raw_reports = socket.fullscans.get(org_slug, {"from": int(report_from_time)})
+            return reports
 
-            if raw_reports.get("success") is False:
-                log.error(f"Unable to get full scans: {raw_reports.get('message')}")
-                raise Exception(raw_reports.get("message"))
+        raw_reports = socket.fullscans.get(org_slug, {"from": int(report_from_time)})
 
-            if raw_reports.get("success"):
-                del raw_reports["success"]
-            if raw_reports.get("status"):
-                del raw_reports["status"]
+        if raw_reports.get("success") is False:
+            log.error(f"Unable to get full scans: {raw_reports.get('message')}")
+            raise Exception(raw_reports.get("message"))
 
-            reports = [Report(**report_data) for report_data in raw_reports.get("results")]
+        if raw_reports.get("success"):
+            del raw_reports["success"]
+        if raw_reports.get("status"):
+            del raw_reports["status"]
 
-        log.debug(f"Found {len(reports)} Socket Scans")
-        issues = Core.handle_reports(reports, issues)
-        return issues
+        reports = [Report(**report_data) for report_data in raw_reports.get("results")]
+        return reports
 
     @staticmethod
     def handle_reports(reports: list, issues: list) -> list: