search

CrowdStrike / falconjs

CrowdStrike Falcon API JS library for the browser and Node
MIT License
11 stars 9 forks source link

Unable to use AlertsApi.getQueriesAlertsV1() #207

Open MMChrisHinshaw opened 12 months ago

MMChrisHinshaw commented 12 months ago

A few things, really....

  1. The AlertsApi is not part of the FalconClient() in version 0.2.4.
  2. In order to use the FalconClient, I had to define the basePath in the oauth2 and this.config objects (see issue 191)
  3. When I try to run the code below, I get the map() error that follows:
let config = falconClientFromEnv();
let falcon = new FalconClient(config);
let alerts = new AlertsApi(falcon.config);
alerts.getQueriesAlertsV1()
    .then(async (resp) => {
        alerts.postEntitiesAlertsV1({ids:resp.resources})
            .then(res => console.log(res.resources.length));
    });

Results in this error: 

~/crowdstrike/node_modules/crowdstrike-falcon/dist/models/MsaQueryResponse.js:39
        errors: json["errors"].map(MsaAPIError_1.MsaAPIErrorFromJSON),
                               ^
TypeError: Cannot read property 'map' of undefined
    at MsaQueryResponseFromJSONTyped (~/crowdstrike/node_modules/crowdstrike-falcon/dist/models/MsaQueryResponse.js:39:32)
    at MsaQueryResponseFromJSON (~/crowdstrike/node_modules/crowdstrike-falcon/dist/models/MsaQueryResponse.js:31:12)
    at JSONApiResponse.transformer (~/crowdstrike/node_modules/crowdstrike-falcon/dist/apis/AlertsApi.js:87:111)
    at JSONApiResponse.<anonymous> (~/crowdstrike/node_modules/crowdstrike-falcon/dist/runtime.js:283:25)
    at Generator.next (<anonymous>)
    at fulfilled (~/crowdstrike/node_modules/crowdstrike-falcon/dist/runtime.js:18:58)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)

This is because the API call doesn't actually have an errors field, per the swagger UI, this is the response:

{
  "meta": {
    "query_time": 0.179051223,
    "pagination": {
      "offset": 0,
      "limit": 100,
      "total": 0
    },
    "writes": {
      "resources_affected": 0
    },
    "powered_by": "detectsapi",
    "trace_id": "a128c843-4b5d-472e-af67-9b3062371539"
  },
  "resources": []
}

The npm module either needs to add some defensive code to ./dist/models/MsaQueryResponse.js to check for the existence of the 'errors' field, or the API needs to be updated to ensure there is an errors field (similar to other API routes).

MMChrisHinshaw commented 12 months ago

I will note that the file installed by npm install crowdstrike-falcon is not the same as: 

https://github.com/CrowdStrike/falconjs/blob/v0.2.4/src/models/MsaQueryResponse.ts

I assume there to be a typescript to javascript conversion that occurs.

evanstoner commented 1 week ago

Hi @MMChrisHinshaw 0.3.1 was released last week and contains the latest Alerts API (along with many other API's added since the the 0.2.4 release), the basePath fix (also in 0.2.5), and the error mapping fix.

If you are still working with this library please give it a try and let us know if you run into additional issues. Please note that in this version, the Request objects are prefixed with the API name to avoid conflicts with new API's, but this could be a breaking change if you were referencing using the Raw type API request methods. For example:

-export interface CreateRuleRequest {
+export interface CustomIoaApiCreateRuleRequest {
    body: ApiRuleCreateV1;
}