Version 1.5.1 - Patches

.github/wordlist.txt

@@ -1592,4 +1592,5 @@ jimmyruann
 executeactiverespondercommand
 combineddevicesbyfilter
 BCCA
-Sonoma
+Sonoma
+jbfuzier

CHANGELOG.md

@@ -58,6 +58,13 @@
     - `_util/_uber.py`
     - Thanks go out to @Gage-BCCA for submitting this fix! 🙇
 
++ Updated: Expanded the operations covered by the PREFER_IDS_IN_BODY constant.
+    - `_constant/__init__.py`
+
++ Updated: Updated the `data_payload` payload handler for operations within __Real Time Response__ service collections to allow for blank parameter values. Closes #1339.
+    - `_payload/_real_time_response.py`
+    - Thanks go out to @jbfuzier for reporting this issue! 🙇
+
 ## Other
 + Updated: Cosmetic updates to enum and parameter descriptions in the _GetMigrationIDsV1_ and _GetHostMigrationIDsV1_ operations within the __Host Migration__ service collection.
     - `_endpoint/_host_migration.py`

src/falconpy/_constant/__init__.py

@@ -43,10 +43,20 @@
     "RTR_DeleteSession"
 ]
 PREFER_IDS_IN_BODY: List[str] = [
-    "GetDeviceDetails", "PostDeviceDetailsV2", "GetVulnerabilities", "GetIntelIndicatorEntities",
-    "getChildrenV2", "cancel-scans", "GetDetectSummaries", "UpdateQuarantinedDetectsByIds",
-    "GetQuarantineFiles", "PostEntitiesAlertsV1", "CreateSavedSearchesDeployV1",
-    "WorkflowExecutionsAction", "signalChangesExternal"
+    "GetBehaviors", "GetCaseActivityByIds", "GetCaseEntitiesByIDs", "GetDetectSummaries",
+    "GetEventsEntities", "GetHostMigrationsV1", "GetIncidents", "GetIntelIndicatorEntities",
+    "GetQuarantineFiles", "GetRulesEntities", "GetSensorDetails", "GetVulnerabilities",
+    "HostMigrationsActionsV1", "MigrationsActionsV1", "PatchEntitiesAlertsV2", "PerformActionV2",
+    "PerformIncidentAction", "PostDeviceDetailsV2", "PostEntitiesAlertsV1", "PostMitreAttacks",
+    "QueryDeviceLoginHistory", "QueryDeviceLoginHistoryV2", "QueryGetNetworkAddressHistoryV1",
+    "RTR_ListQueuedSessions", "RTR_ListSessions", "UpdateDetectsByIdsV2", "cancel_scans",
+    "UpdateQuarantinedDetectsByIds", "WorkflowExecutionsAction", "get_rules_get", "getChildrenV2",
+    "performContentUpdatePoliciesAction", "performDeviceControlPoliciesAction", "userActionV1",
+    "performFirewallPoliciesAction", "performGroupAction", "performPreventionPoliciesAction",
+    "performRTResponsePoliciesAction", "performSensorUpdatePoliciesAction", "retrieveUsersGETV1",
+    "setContentUpdatePoliciesPrecedence", "setDeviceControlPoliciesPrecedence",
+    "setFirewallPoliciesPrecedence", "setPreventionPoliciesPrecedence", "signalChangesExternal",
+    "setRTResponsePoliciesPrecedence", "setSensorUpdatePoliciesPrecedence"
 ]
 MOCK_OPERATIONS: List[str] = [
     "GetImageAssessmentReport", "DeleteImageDetails", "ImageMatchesPolicy"

src/falconpy/_payload/_real_time_response.py

@@ -114,7 +114,7 @@ def data_payload(passed_keywords: dict) -> dict:
         "content", "platform", "permission_type"
         ]
     for key in keys:
-        if passed_keywords.get(key, None):
+        if passed_keywords.get(key, None) is not None:
             returned_payload[key] = passed_keywords.get(key, None)
 
     return returned_payload

tests/test_identity_protection.py

@@ -18,34 +18,57 @@
 falcon = IdentityProtection(auth_object=config)
 AllowedResponses = [200, 400, 429]
 
+# TEST_QUERY = r"""query ($after: Cursor) {
+#   entities(types: [USER], archived: false, learned: false, first: 5, after: $after) {
+#     nodes {
+#       primaryDisplayName
+#       secondaryDisplayName
+#       accounts {
+#         ... on ActiveDirectoryAccountDescriptor {
+#           domain
+#         }
+#       }
+#     }
+#     pageInfo {
+#       hasNextPage
+#       endCursor
+#     }
+#   }
+# }"""
+
 TEST_QUERY = """
-query ($after: Cursor) {
-  entities(types: [USER], archived: false, learned: false, first: 5, after: $after) {
-    nodes {
-      primaryDisplayName
-      secondaryDisplayName
-      accounts {
-        ... on ActiveDirectoryAccountDescriptor {
-          domain
-        }
-      }
-    }
+{
+  entities (   
+    roles: [BuiltinAdministratorRole]
+    sortKey: PRIMARY_DISPLAY_NAME
+    sortOrder: ASCENDING
+    # Limit the response to two records:
+    first: 2
+  )
+  {
+    # Include pageInfo properties for pagination:  
     pageInfo {
+      # Are there more results to obtain?  
       hasNextPage
+      # Identify the last records in the results:
       endCursor
     }
+    nodes {
+      primaryDisplayName
+      secondaryDisplayName
+    }
   }
 }
 """
-
 class TestIdentityProtection:
     def idp_graphql(self):
         payload = {"query":"{\n  entities(first: 1)\n  {\n    nodes {\n      entityId    \n    }\n  }\n}"}
-        result = falcon.GraphQL(query=TEST_QUERY, variables={"after", ""})
+        result = falcon.GraphQL(query=TEST_QUERY, variables={"after": "$after"})
         if not isinstance(result, dict):
             result = json.loads(result.decode())
         else:
             result = result["body"]
+
         if result.get("data", {}).get("entities", {}).get("pageInfo", {}).get("hasNextPage", None):
             next_page = result["data"].get("entities", {}).get("pageInfo", {}).get("endCursor", None)
             result = falcon.graphql(query=TEST_QUERY, variables={"after": next_page})["body"]