clue-api 1.5.0.dev261__tar.gz → 1.5.0.dev271__tar.gz

{clue_api-1.5.0.dev261 → clue_api-1.5.0.dev271}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: clue-api
-Version: 1.5.0.dev261
+Version: 1.5.0.dev271
 Summary: Clue distributed enrichment service
 License: MIT
 License-File: LICENSE

{clue_api-1.5.0.dev261 → clue_api-1.5.0.dev271}/clue/models/network.py

@@ -362,6 +362,7 @@ class QueryEntry(BaseModel):
             examples=sample(sorted(CLASSIFICATION.list_all_classification_combinations()), k=5),
         ),
     ] = "TLP:CLEAR"
+
     count: Annotated[
         int,
         Field(
@@ -369,14 +370,17 @@ class QueryEntry(BaseModel):
             examples=sorted([floor(i / 10) for i in randbytes(5)]),  # noqa: S311
         ),
     ] = 1
+
     link: Annotated[
         Optional[Url],
         Field(description="Link to more information", examples=[Url("https://example.com/moreinfo"), None]),
     ] = None
+
     annotations: Annotated[
         list[Annotation],
         Field(description="A list of annotations returned from the service for this entry"),
     ] = []
+
     raw_data: Annotated[
         Any,
         Field(
@@ -385,9 +389,7 @@ class QueryEntry(BaseModel):
         ),
     ] = None
 
-    expiry: Annotated[
-        datetime | None, Field(description="When should this record expire?", default_factory=generate_expiry)
-    ]
+    expiry: datetime | None = Field(description="When should this record expire?", default_factory=generate_expiry)
 
     model_config = ConfigDict(validate_assignment=True)
 

{clue_api-1.5.0.dev261 → clue_api-1.5.0.dev271}/clue/plugin/__init__.py

@@ -18,7 +18,6 @@ from pydantic_core import PydanticSerializationError
 
 from clue.cache import Cache
 from clue.common.exceptions import (
-    AuthenticationException,
     ClueException,
     ClueValueError,
     InvalidDataException,
@@ -515,34 +514,6 @@ class CluePlugin:
 
         self.logger.debug("Initialization complete!")
 
-    def __check_actions(self) -> list[Action] | None:
-        """Validate token and retrieve dynamic actions if setup_actions is configured.
-
-        This method handles token validation when required and calls the setup_actions
-        function to get a potentially user-specific or dynamically generated list of actions.
-
-        Returns:
-            list[Action] | None: List of actions if setup_actions is configured, None otherwise
-
-        Raises:
-            AuthenticationException: If token validation fails
-        """
-        if self.setup_actions:
-            # Validate token if token validation is configured
-            if self.validate_token:
-                token, error = self.validate_token()
-
-                if error:
-                    self.logger.error("Error on token validation: %s", error)
-                    raise AuthenticationException(error)
-            else:
-                token = None
-
-            # Call user-defined setup_actions with base actions and validated token
-            return self.setup_actions(self.actions or [], token)
-
-        return None
-
     def __init_apm(self):
         """Initialize Application Performance Monitoring (APM) using Elastic APM.
 
@@ -790,6 +761,96 @@ class CluePlugin:
             status_code,
         )
 
+    def _resolve_token(self: Self, context: str | None = None) -> tuple[str | None, Response | None]:
+        """Call the plugin's validate_token function and return the token, or an error response.
+
+        Args:
+            context: Optional name of the calling endpoint (e.g. "action", "fetcher") used
+                     in the warning message when no validator is configured.
+
+        Returns:
+            tuple[str | None, Response | None]: ``(token, None)`` on success,
+                or ``(None, error_response)`` when validation fails or raises.
+        """
+        if not self.validate_token:
+            if context:
+                self.logger.warning(
+                    "No token validator provided. The access token will not be provided to the %s.", context
+                )
+            else:
+                self.logger.warning("No token validator provided")
+            return None, None
+
+        self.logger.debug("Executing plugin-provided token validator")
+        try:
+            token, error = self.validate_token()
+        except Exception:
+            self.logger.exception("Catastrophic error in validate_token")
+            return None, self.make_api_response(None, "An internal error has occurred", 500)
+
+        if error:
+            return None, self.make_api_response(None, f"Error on token validation: {error}", status_code=401)
+
+        self.logger.debug("Token is valid")
+        return token, None
+
+    def _call_plugin_func(self: Self, func: Callable, *args: Any, **kwargs: Any) -> tuple[Any, Response | None]:
+        """Call a plugin-provided function with standard enrichment exception handling.
+
+        Maps the well-known Clue exceptions to their corresponding HTTP responses and
+        catches any other exception as a 500. Intended for ``enrich`` and
+        ``alternate_bulk_lookup`` calls.
+
+        Args:
+            func: The plugin function to call.
+            *args: Positional arguments forwarded to the function.
+            **kwargs: Keyword arguments forwarded to the function.
+
+        Returns:
+            tuple[Any, Response | None]: ``(result, None)`` on success,
+                or ``(None, error_response)`` when the function raises.
+        """
+        try:
+            return func(*args, **kwargs), None
+        except InvalidDataException as e:
+            return None, self.make_api_response(None, e.message, 400)
+        except NotFoundException:
+            return None, self.make_api_response([], "", 404)
+        except TimeoutException as e:
+            return None, self.make_api_response(None, e.message or "Request timed out", 408)
+        except UnprocessableException as e:
+            return None, self.make_api_response(None, e.message, 422)
+        except Exception:
+            self.logger.exception("Unknown internal exception")
+            return None, self.make_api_response(None, "An internal error has occurred", 500)
+
+    def _get_actions(self: Self) -> tuple[list[Action], Response | None]:
+        """Retrieve the action list, running setup_actions if configured.
+
+        If setup_actions is configured, validates the token first and then calls it
+        to get a potentially user-specific or dynamic list of actions.
+
+        Returns:
+            tuple[list[Action], Response | None]: ``(actions, None)`` on success,
+                or ``([], error_response)`` if token validation or setup_actions fails.
+        """
+        try:
+            if self.setup_actions:
+                token, error_response = self._resolve_token(context="action setup")
+                if error_response:
+                    return [], error_response
+
+                # Call user-defined setup_actions with base actions and validated token
+                actions = self.setup_actions(self.actions or [], token)
+                if actions is None:
+                    return self.actions or [], None
+                return actions, None
+
+            return self.actions or [], None
+        except Exception:
+            self.logger.exception("Exception on setup actions:")
+            return [], self.make_api_response({}, err="Error on action setup.", status_code=500)
+
     def get_type_names(self: Self) -> Response:
         """Return the list of supported selector types with their classifications.
 
@@ -859,12 +920,10 @@ class CluePlugin:
                 422,
             )
 
-        token: str | None = None
-        if self.validate_token:
-            token, error = self.validate_token()
+        token, error_response = self._resolve_token()
+        if error_response:
+            return error_response
 
-            if error:
-                return self.make_api_response(None, f"Error on token validation: {error}", status_code=401)
         try:
             if self.cache and params.use_cache:
                 if result := self.cache.get(type_name, value, params):
@@ -879,22 +938,12 @@ class CluePlugin:
         except Exception:
             self.logger.exception("Unknown internal exception on cache check, continuing to standard enrichment")
 
-        try:
-            results = self.enrich(type_name, value, params, token)
+        results, error_response = self._call_plugin_func(self.enrich, type_name, value, params, token)
+        if error_response:
+            return error_response
 
-            if not isinstance(results, list):
-                results = [results]
-        except InvalidDataException as e:
-            return self.make_api_response(None, e.message, 400)
-        except NotFoundException:
-            return self.make_api_response([], "", 404)
-        except TimeoutException as e:
-            return self.make_api_response(None, e.message or "Request timed out", 408)
-        except UnprocessableException as e:
-            return self.make_api_response(None, e.message, 422)
-        except Exception as e:
-            self.logger.exception("Unknown internal exception")
-            return self.make_api_response(None, f"Something went wrong when enriching: {e}", 500)
+        if not isinstance(results, list):
+            results = [results]
 
         try:
             serialized_reult = TypeAdapter(list[QueryEntry]).dump_python(results, mode="json", exclude_none=True)
@@ -994,18 +1043,9 @@ class CluePlugin:
 
             remaining_items.append(entry)
 
-        token: str | None = None
-        if self.validate_token:
-            self.logger.debug("Executing plugin-provided token validator")
-
-            token, error = self.validate_token()
-
-            if error:
-                return self.make_api_response(None, f"Error on token validation: {error}", status_code=401)
-
-            self.logger.debug("Token is valid")
-        else:
-            self.logger.warning("No token validator provided")
+        token, error_response = self._resolve_token()
+        if error_response:
+            return error_response
 
         # All results were cached
         if len(remaining_items) == 0:
@@ -1014,23 +1054,22 @@ class CluePlugin:
         elif self.alternate_bulk_lookup:
             self.logger.debug("Executing plugin-provided alternate bulk lookup script")
 
-            try:
-                alternate_results = self.alternate_bulk_lookup(remaining_items, params, token)
+            alternate_results, error_response = self._call_plugin_func(
+                self.alternate_bulk_lookup, remaining_items, params, token
+            )
+            if error_response:
+                return error_response
 
-                for _type, _values in alternate_results.items():
-                    for _value, _result in _values.items():
-                        bulk_result[_type][_value] = _result
-            except InvalidDataException as e:
-                return self.make_api_response(None, e.message, 400)
-            except NotFoundException:
-                return self.make_api_response([], "", 404)
-            except TimeoutException as e:
-                return self.make_api_response(None, e.message or "Request timed out", 408)
-            except UnprocessableException as e:
-                return self.make_api_response(None, e.message, 422)
-            except Exception as e:
-                self.logger.exception("Unknown internal exception")
-                return self.make_api_response(None, f"Something went wrong when enriching: {e}", 500)
+            if not isinstance(alternate_results, dict):
+                self.logger.error(
+                    "alternate_bulk_lookup returned unexpected type: %s",
+                    type(alternate_results).__name__,
+                )
+                return self.make_api_response(None, "Something went wrong when enriching: unexpected result type", 500)
+
+            for _type, _values in alternate_results.items():
+                for _value, _result in _values.items():
+                    bulk_result[_type][_value] = _result
 
             if self.cache and len(remaining_items) > 0:
                 self.logger.info("Caching results for %s selectors", len(remaining_items))
@@ -1043,7 +1082,11 @@ class CluePlugin:
                         self.logger.warning("Selector not present in bulk result, skipping cache step")
         # Default bulk lookup
         else:
-            self.__default_bulk_lookup(bulk_result, remaining_items, params, token)
+            try:
+                self.__default_bulk_lookup(bulk_result, remaining_items, params, token)
+            except Exception as e:
+                self.logger.exception("Catastrophic error in default bulk lookup")
+                return self.make_api_response(None, f"Something went wrong when enriching: {e}", 500)
 
         # Calculate how close we came to the deadline (positive = time remaining, negative = overrun)
         variance = params.deadline - time.time()
@@ -1077,20 +1120,15 @@ class CluePlugin:
             ...
         }
         """
-        try:
-            actions = self.__check_actions()
-        except Exception:
-            self.logger.exception("Exception on setup actions:")
-
-            return self.make_api_response({}, err="Error on action setup.", status_code=500)
+        actions, error_response = self._get_actions()
+        if error_response:
+            return error_response
 
-        if actions is None:
-            actions = self.actions or []
-
-        if not self.validate_token or not (token := self.validate_token()[0]):
-            self.logger.debug("Returning %s actions for unknown user", len(actions))
-        else:
+        token, _ = self._resolve_token()
+        if token:
             self.logger.debug("Returning %s actions for user %s", len(actions), get_username(token))
+        else:
+            self.logger.debug("Returning %s actions for unknown user", len(actions))
 
         results: dict[str, dict[str, Any]] = {}
         for action in actions:
@@ -1118,32 +1156,17 @@ class CluePlugin:
         if not self.run_action:
             return self.make_api_response({}, err=f"{self.app_name} does not support any actions.", status_code=400)
 
-        try:
-            actions = self.__check_actions()
-        except Exception:
-            self.logger.exception("Exception on setup actions:")
-
-            return self.make_api_response({}, err="Error on action setup.", status_code=500)
-
-        if actions is None:
-            actions = self.actions or []
+        actions, error_response = self._get_actions()
+        if error_response:
+            return error_response
 
         action_to_run = next((action for action in actions if action.id == action_id), None)
         if not action_to_run:
             return self.make_api_response({}, err="Action does not exist", status_code=404)
 
-        token: str | None = None
-        if self.validate_token:
-            self.logger.debug("Executing plugin-provided token validator")
-
-            token, error = self.validate_token()
-
-            if error:
-                return self.make_api_response(None, f"Error on token validation: {error}", status_code=401)
-
-            self.logger.debug("Token is valid")
-        else:
-            self.logger.warning("No token validation provided. The access token will not be provided to the action.")
+        token, error_response = self._resolve_token(context="action")
+        if error_response:
+            return error_response
 
         # Extract the parameter type from the action definition for validation
         param_type: Any = action_to_run.model_fields["params"].annotation or Any
@@ -1213,32 +1236,17 @@ class CluePlugin:
                 {}, err=f"{self.app_name} does not support the get action status functions.", status_code=400
             )
 
-        try:
-            actions = self.__check_actions()
-        except Exception:
-            self.logger.exception("Exception on setup actions:")
-
-            return self.make_api_response({}, err="Error on action setup.", status_code=500)
-
-        if actions is None:
-            actions = self.actions or []
+        actions, error_response = self._get_actions()
+        if error_response:
+            return error_response
 
         action_to_check = next((action for action in actions if action.id == action_id), None)
         if not action_to_check:
             return self.make_api_response({}, err="Action does not exist", status_code=404)
 
-        token: str | None = None
-        if self.validate_token:
-            self.logger.debug("Executing plugin-provided token validator")
-
-            token, error = self.validate_token()
-
-            if error:
-                return self.make_api_response(None, f"Error on token validation: {error}", status_code=401)
-
-            self.logger.debug("Token is valid")
-        else:
-            self.logger.warning("No token validation provided. The access token will not be provided to the action.")
+        token, error_response = self._resolve_token(context="action")
+        if error_response:
+            return error_response
 
         try:
             # Validate request body against the action's parameter schema
@@ -1326,18 +1334,9 @@ class CluePlugin:
         if not fetcher_to_run:
             return self.make_api_response({}, err=f"Fetcher {fetcher_id} does not exist", status_code=404)
 
-        token: str | None = None
-        if self.validate_token:
-            self.logger.debug("Executing plugin-provided token validator")
-
-            token, error = self.validate_token()
-
-            if error:
-                return self.make_api_response(None, f"Error on token validation: {error}", status_code=401)
-
-            self.logger.debug("Token is valid")
-        else:
-            self.logger.warning("No token validation provided. The access token will not be provided to the fetcher.")
+        token, error_response = self._resolve_token(context="fetcher")
+        if error_response:
+            return error_response
 
         status_code = 200
         try:
@@ -1419,18 +1418,9 @@ class CluePlugin:
         if not fetcher:
             return self.make_api_response({}, err=f"Fetcher {fetcher_id} does not exist", status_code=404)
 
-        token: str | None = None
-        if self.validate_token:
-            self.logger.debug("Executing plugin-provided token validator")
-
-            token, error = self.validate_token()
-
-            if error:
-                return self.make_api_response(None, f"Error on token validation: {error}", status_code=401)
-
-            self.logger.debug("Token is valid")
-        else:
-            self.logger.warning("No token validation provided. The access token will not be provided to the fetcher.")
+        token, error_response = self._resolve_token(context="fetcher")
+        if error_response:
+            return error_response
 
         status_code = 200
         try:

{clue_api-1.5.0.dev261 → clue_api-1.5.0.dev271}/pyproject.toml

@@ -141,7 +141,7 @@ log_cli_level = "WARN"
 [tool.poetry]
 package-mode = true
 name = "clue-api"
-version = "1.5.0.dev261"
+version = "1.5.0.dev271"
 description = "Clue distributed enrichment service"
 authors = ["Canadian Centre for Cyber Security <contact@cyber.gc.ca>"]
 license = "MIT"