remg427 / misp42splunk

A Splunk app to use MISP in background
GNU Lesser General Public License v3.0
108 stars 30 forks source link

Search commands throwing error when using proxy settings #189

Closed DipsyTipsy closed 3 years ago

DipsyTipsy commented 3 years ago

Hello,

It seems that the proxy settings defined inlocal/misp42splunk_settings.conf are not used for a lot of the commands, it even throws errors for most of the search commands. There are some calls to helper.get_proxy in misp_common.py, however this is only defined for alert_actions_base.py

I was able to make proxy work in my enviroment by changing the proxy code in misp_common.py to the following:

    # get proxy parameters if any
    config_args['proxies'] = dict()

    if int(app_config['misp_use_proxy']) == 1:
        misp_settings_file = os.path.join(
        _SPLUNK_PATH, 'etc', 'apps', app_name,
        'local', app_name + '_settings.conf')

        proxy = None

        if os.path.exists(misp_settings_file):
            settingsConf = cli.readConfFile(misp_settings_file)
            foundStanza = False
            for name, content in list(settingsConf.items()):
                if "proxy" == str(name):
                    proxy = content
                    foundStanza = True
            if not foundStanza:
                raise Exception(
                    "local/misp42splunk_settings.conf does not contain "
                    "any stanza proxy")

            if proxy:
                proxy_url = '://'
                if 'proxy_username' in proxy:
                    if proxy['proxy_username'] not in ['', None]:
                        proxy_url = proxy_url + \
                            proxy['proxy_username'] + ':' \
                            + proxy['proxy_password'] + '@'
                proxy_url = proxy_url + proxy['proxy_url'] + \
                ':' + proxy['proxy_port'] + '/'

            config_args['proxies'] = {
                "http": "http" + proxy_url,
                "https": "http" + proxy_url
                }
remg427 commented 3 years ago

Hello, thanks for reporting this. Code is back in place in 4.0.1

remg427 commented 3 years ago

duplicate of #180