Merge pull request #52 from cisagov/goose-1.2.4

goose v1.2.4

CHANGELOG.md

@@ -2,6 +2,16 @@
 
 All notable changes to this project will be documented in this file.
 
+## [1.2.4] - The goose is loose - 2023-07-27
+### Added
+
+### Changed
+- Updated and pinned `MSAL` dependencies.
+
+### Fixed
+- Updated `validationkey` logic for m365 authentication.
+- Updated `MSAL` calls to align with the `MSAL` 1.23.0 change.
+
 ## [1.2.3] - The goose is loose - 2023-07-20
 ### Added
 

cyclonedx_output.json

@@ -2,10 +2,10 @@
  "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.4",
- "serialNumber": "urn:uuid:da04caa5-5c97-4a60-847f-066f7e1d562c",
+ "serialNumber": "urn:uuid:1fd2d207-8341-4360-90f2-9ccbc917bb3c",
  "version": 1,
  "metadata": {
- "timestamp": "2023-07-20T15:22:04-04:00",
+ "timestamp": "2023-07-27T18:14:16-04:00",
  "tools": [
  {
  "vendor": "anchore",
@@ -312,6 +312,76 @@
  }
  ]
  },
+ {
+ "bom-ref": "pkg:pypi/[email protected]?package-id=a06e645e01f805bc",
+ "type": "library",
+ "name": "msal",
+ "version": "1.23.0",
+ "cpe": "cpe:2.3:a:python-msal:python-msal:1.23.0:*:*:*:*:*:*:*",
+ "purl": "pkg:pypi/[email protected]",
+ "properties": [
+ {
+ "name": "syft:package:foundBy",
+ "value": "python-index-cataloger"
+ },
+ {
+ "name": "syft:package:language",
+ "value": "python"
+ },
+ {
+ "name": "syft:package:type",
+ "value": "python"
+ },
+ {
+ "name": "syft:cpe23",
+ "value": "cpe:2.3:a:python-msal:python_msal:1.23.0:*:*:*:*:*:*:*"
+ },
+ {
+ "name": "syft:cpe23",
+ "value": "cpe:2.3:a:python_msal:python-msal:1.23.0:*:*:*:*:*:*:*"
+ },
+ {
+ "name": "syft:cpe23",
+ "value": "cpe:2.3:a:python_msal:python_msal:1.23.0:*:*:*:*:*:*:*"
+ },
+ {
+ "name": "syft:cpe23",
+ "value": "cpe:2.3:a:python:python-msal:1.23.0:*:*:*:*:*:*:*"
+ },
+ {
+ "name": "syft:cpe23",
+ "value": "cpe:2.3:a:python:python_msal:1.23.0:*:*:*:*:*:*:*"
+ },
+ {
+ "name": "syft:cpe23",
+ "value": "cpe:2.3:a:msal:python-msal:1.23.0:*:*:*:*:*:*:*"
+ },
+ {
+ "name": "syft:cpe23",
+ "value": "cpe:2.3:a:msal:python_msal:1.23.0:*:*:*:*:*:*:*"
+ },
+ {
+ "name": "syft:cpe23",
+ "value": "cpe:2.3:a:python-msal:msal:1.23.0:*:*:*:*:*:*:*"
+ },
+ {
+ "name": "syft:cpe23",
+ "value": "cpe:2.3:a:python_msal:msal:1.23.0:*:*:*:*:*:*:*"
+ },
+ {
+ "name": "syft:cpe23",
+ "value": "cpe:2.3:a:python:msal:1.23.0:*:*:*:*:*:*:*"
+ },
+ {
+ "name": "syft:cpe23",
+ "value": "cpe:2.3:a:msal:msal:1.23.0:*:*:*:*:*:*:*"
+ },
+ {
+ "name": "syft:location:0:path",
+ "value": "/setup.py"
+ }
+ ]
+ },
  {
  "bom-ref": "pkg:pypi/[email protected]?package-id=6ba25d40458e5d0a",
  "type": "library",

goosey/auth.py

@@ -27,7 +27,7 @@
 from seleniumwire import webdriver
 
 __author__ = "Claire Casalnova, Jordan Eberst, Wellington Lee, Victoria Wallace"
-__version__ = "1.2.3"
+__version__ = "1.2.4"
 
 green = "\x1b[1;32m"
 
@@ -88,9 +88,9 @@ def get_mfa_resource_uri(self):
  Returns the MFA Graph API resource URI for a commercial or government tenant.
  """
  if self.us_government == 'false':
- return 'https://graph.microsoft.com/.default'
+ return ['https://graph.microsoft.com/.default']
  elif self.us_government == 'true':
- return 'https://graph.microsoft.us/.default'
+ return ['https://graph.microsoft.us/.default']
 
  def get_app_resource_uri(self):
  """
@@ -119,7 +119,7 @@ def authenticate_device_code_selenium(self):
  self.logger.debug(f"Device code selenium resource uri: {str(resource_uri)}")
 
  context = msal.PublicClientApplication(client_id=self.app_client_id, authority=authority_host_uri)
- code = context.initiate_device_flow(scopes=[resource_uri])
+ code = context.initiate_device_flow(scopes=resource_uri)
 
  self.logger.info('Attempting to automatically auth via device code. You may have to accept MFA prompts.')
 
@@ -317,11 +317,13 @@ def authenticate_as_app(self, resource_uri):
  self.logger.debug(f"App Authentication authority uri: {str(authority_uri)}")
  self.logger.debug(f"App authentication resource uri: {str(resource_uri)}")
  context = msal.ConfidentialClientApplication(client_id=self.app_client_id, client_credential=self.client_secret, authority=authority_uri)
- self.tokendata = context.acquire_token_for_client(resource_uri)
+ self.tokendata = context.acquire_token_for_client(scopes=[resource_uri])
  if 'error' in self.tokendata:
  if self.tokendata['error'] == 'invalid_client':
  self.logger.error("There was an issue with your application auth: " + self.tokendata['error_description'])
  sys.exit(1)
+ else:
+ self.logger.error("There was an issue with your application auth: " + self.tokendata['error_description'])
  if 'expires_in' in self.tokendata:
  expiration_time = time.time() + self.tokendata['expires_in']
  self.tokendata['expires_on'] = expiration_time
@@ -341,12 +343,11 @@ def authenticate_mfa_interactive(self):
  PASSWORDFIELD = (By.ID, "i0118")
  NEXTBUTTON = (By.ID, "idSIButton9")
 
- self.logger.info('Attempting to automatically auth as an user. You may have to accept MFA prompts.')
-
  browser = self.get_webdriver_browser()
 
  if self.m365 == 'true':
  self.logger.debug("M365 authentication set to True. Pulling authentication information.")
+ self.logger.info('Attempting to automatically auth as an user. You may have to accept MFA prompts.')
  try:
  if browser:
  if self.us_government == 'false':
@@ -579,13 +580,19 @@ def authenticate_mfa_interactive(self):
  except Exception as e:
  self.logger.error("Error obtaining " + cookie_str + ": " + str(e))
 
- for request in browser.requests:
- if request.headers['validationkey']:
- self.tokendata['validationkey'] = request.headers['validationkey']
- break
-
- if not self.tokendata['validationkey']:
- self.logger.error("Error obtaining validationkey.")
+ try:
+ validkey = None
+ while validkey == None:
+ count = 0
+ for request in browser.requests:
+ count += 1
+ if request.headers['validationkey']:
+ self.logger.debug("Validationkey found! It took " + str(count) + " requests.")
+ validkey = request.headers['validationkey']
+ break
+ self.tokendata['validationkey'] = validkey
+ except Exception as e:
+ self.logger.error("Error obtaining validationkey: " + str(e))
 
  self.logger.info("Third tab: Obtained Exchange cookies.") 
 
@@ -871,7 +878,7 @@ def ugt_auth(self):
  custom_auth_dict['sdk_auth']['client_secret'] = self.client_secret 
  custom_auth_dict['sdk_auth']['subscriptionid'] = self.subscriptions 
 
- uri = self.get_mfa_resource_uri()
+ uri = str(self.get_mfa_resource_uri())
 
  if self.tokendata:
  custom_auth_dict['mfa'][uri] = copy.copy(self.tokendata)

goosey/azure_ad_datadumper.py

@@ -15,7 +15,7 @@
 from goosey.utils import *
 
 __author__ = "Claire Casalnova, Jordan Eberst, Wellington Lee, Victoria Wallace"
-__version__ = "1.2.3"
+__version__ = "1.2.4"
 
 class AzureAdDataDumper(DataDumper):
 

goosey/azure_dumper.py

@@ -29,7 +29,7 @@
 from typing import NewType, Optional
 
 __author__ = "Claire Casalnova, Jordan Eberst, Wellington Lee, Victoria Wallace"
-__version__ = "1.2.3"
+__version__ = "1.2.4"
 
 utc = pytz.UTC
 
@@ -193,7 +193,6 @@ async def dump_portal_pcap(self) -> None:
  nexturl = None
  if '@odata.nextLink' in result:
  nexturl = result['@odata.nextLink']
- print("here")
  if 'value' in result:
  for x in result['value']:
  alert_ids.append(x['id'])

goosey/csv.py

@@ -14,7 +14,7 @@
 from goosey.utils import *
 
 __author__ = "Claire Casalnova, Jordan Eberst, Wellington Lee, Victoria Wallace"
-__version__ = "1.2.3"
+__version__ = "1.2.4"
 
 if sys.platform == 'win32':
  asyncio.set_event_loop_policy(asyncio.WindowsSelectorEventLoopPolicy())

goosey/d4iot.py

@@ -22,7 +22,7 @@
 from goosey.utils import *
 
 __author__ = "Claire Casalnova, Jordan Eberst, Wellington Lee, Victoria Wallace"
-__version__ = "1.2.3"
+__version__ = "1.2.4"
 
 if sys.platform == 'win32':
  asyncio.set_event_loop_policy(asyncio.WindowsSelectorEventLoopPolicy())

goosey/d4iot_dumper.py

@@ -12,7 +12,7 @@
 from goosey.utils import *
 
 __author__ = "Claire Casalnova, Jordan Eberst, Wellington Lee, Victoria Wallace"
-__version__ = "1.2.3"
+__version__ = "1.2.4"
 
 class DefenderIoTDumper(DataDumper):
  def __init__(self, output_dir, reports_dir, session, csrftoken, sessionid, config, auth_un_pw, debug):

goosey/datadumper.py

@@ -4,7 +4,7 @@
 from goosey.utils import *
 
 __author__ = "Claire Casalnova, Jordan Eberst, Wellington Lee, Victoria Wallace"
-__version__ = "1.2.3"
+__version__ = "1.2.4"
 
 class DataDumper(object):
  def __init__(self, output_dir: str, reports_dir: str, auth: dict, app_auth: dict, session, debug):

goosey/graze.py

@@ -24,7 +24,7 @@
 from urllib.parse import unquote
 
 __author__ = "Claire Casalnova, Jordan Eberst, Wellington Lee, Victoria Wallace"
-__version__ = "1.2.3"
+__version__ = "1.2.4"
 
 warnings.simplefilter('ignore')
 

goosey/guimain.py

@@ -18,7 +18,7 @@
 from goosey.main import main as gooseymain
 
 __author__ = "Claire Casalnova, Jordan Eberst, Wellington Lee, Victoria Wallace"
-__version__ = "1.2.3"
+__version__ = "1.2.4"
 
 try:
  from gooey import Gooey, GooeyParser

goosey/honk.py

@@ -26,7 +26,7 @@
 from goosey.utils import *
 
 __author__ = "Claire Casalnova, Jordan Eberst, Wellington Lee, Victoria Wallace"
-__version__ = "1.2.3"
+__version__ = "1.2.4"
 
 if sys.platform == 'win32':
  asyncio.set_event_loop_policy(asyncio.WindowsSelectorEventLoopPolicy())

goosey/m365_datadumper.py

@@ -23,7 +23,7 @@
 from io import StringIO
 
 __author__ = "Claire Casalnova, Jordan Eberst, Wellington Lee, Victoria Wallace"
-__version__ = "1.2.3"
+__version__ = "1.2.4"
 
 class M365DataDumper(DataDumper):
 

goosey/main.py

@@ -35,7 +35,7 @@
 '''
 
 __author__ = "Claire Casalnova, Jordan Eberst, Wellington Lee, Victoria Wallace"
-__version__ = "1.2.3"
+__version__ = "1.2.4"
 
 def main():
  # Primary argument parser

goosey/mde_datadumper.py

@@ -11,7 +11,7 @@
 from goosey.utils import *
 
 __author__ = "Claire Casalnova, Jordan Eberst, Wellington Lee, Victoria Wallace"
-__version__ = "1.2.3"
+__version__ = "1.2.4"
 
 end_29_days_ago = datetime.today().replace(hour=0, minute=0, second=0, microsecond=0) - timedelta(days=29)
 today_date = datetime.today().replace(hour=0, minute=0, second=0, microsecond=0)

goosey/messagetrace.py

@@ -40,7 +40,7 @@
 '''
 
 __author__ = "Claire Casalnova, Jordan Eberst, Wellington Lee, Victoria Wallace"
-__version__ = "1.2.3"
+__version__ = "1.2.4"
 
 logger = None
 encryption_pw = None

goosey/utils.py

@@ -18,7 +18,7 @@
 from logging import handlers
 
 __author__ = "Claire Casalnova, Jordan Eberst, Wellington Lee, Victoria Wallace"
-__version__ = "1.2.3"
+__version__ = "1.2.4"
 
 if sys.platform == 'win32':
  import msvcrt

scripts/generate_conf.py

@@ -12,7 +12,7 @@
 from goosey.mde_datadumper import MDEDataDumper
 
 __author__ = "Claire Casalnova, Jordan Eberst, Wellington Lee, Victoria Wallace"
-__version__ = "1.2.3"
+__version__ = "1.2.4"
 
 def main():
  auth_s = '[auth]\nusername=\npassword=\nappid=\nclientsecret=\n\n'

setup.py

@@ -6,7 +6,7 @@
 
 from setuptools import setup
 setup(name='goosey',
- version='1.2.3',
+ version='1.2.4',
  description='AzureAD, Azure and M365 Data Collector',
  author='Claire Casalnova, Jordan Eberst, Wellington Lee, Victoria Wallace',
  classifiers=[
@@ -38,7 +38,7 @@
  'azure-mgmt-security',
  'selenium==4.10.0',
  'selenium-wire',
- 'adal>=1.2.7',
+ 'msal==1.23.0',
  'msrestazure',
  'Gooey==1.0.8.1',
  'typing-extensions>=4.1.1',