Skip to content

PAN-OS - Security Advisories Vulnerability Check #40414

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 28 commits into
base: master
Choose a base branch
from
Open

PAN-OS - Security Advisories Vulnerability Check #40414

wants to merge 28 commits into from

Conversation

aneeshamore
Copy link
Contributor

Contributing to Cortex XSOAR Content

Make sure to register your contribution by filling the contribution registration form

The Pull Request will be reviewed only after the contribution registration form is filled.

Status

  • In Progress
  • Ready
  • In Hold - (Reason for hold)

Related Issues

fixes: link to the issue

Description

New playbook to analyze Firewall software version and Global Protect client package version for vulnerability to a Palo Alto Networks Security Advisory

Must have

  • Tests
  • Documentation

@aneeshamore
Copy link
Contributor Author

@michalgold FYI.

@github-actions GitHub Actions
Copy link

github-actions bot commented Jun 30, 2025
edited
Loading

Coverage

Coverage Report
FileStmtsMissCoverMissing
Packs/PAN-OS/Scripts/CheckFirewallAndGPForCVEs
   CheckFirewallAndGPForCVEs.py831977%49, 97, 110–111, 114, 155, 164–169, 195–196, 211, 224, 268, 270–271
Packs/PAN-OS/Scripts/PANOSSecurityAdvisoriesEnrichment
   PANOSSecurityAdvisoriesEnrichment.py1383971%26, 81–86, 88, 95–96, 98–108, 116–119, 121–123, 232–233, 235–240, 242–244
TOTAL2215873% 

Tests Skipped Failures Errors Time
21 0 💤 0 ❌ 0 🔥 2.166s ⏱️

@merit-maita merit-maita self-requested a review July 10, 2025 07:39
@merit-maita merit-maita added Contribution Thank you! Contributions are always welcome! ready-for-pipeline-running Whether the pr is ready for running the whole pipeline, including testing on SAAS machines labels Jul 10, 2025
@merit-maita
Copy link
Contributor

@aneeshamore it looks good, please handle the merge conflict and the failing pre-commit and validation steps.
@Benimanela please review the playbooks

@merit-maita merit-maita added the pending-contributor The PR is pending the response of its creator label Jul 13, 2025
@aneeshamore aneeshamore force-pushed the pan-os-panw-security-advisories-pack branch from 5c8daed to a98747a Compare July 14, 2025 20:40
@aneeshamore
Copy link
Contributor Author

@merit-maita I have committed fixes based on the last pre-commit and validation errors. I am waiting for PR ##40583 to be merged. Then there shouldn't be any conflict. In the latest validation check, the script failed on Validation for validate_config file but it does not indicate any issues with my files. Could you please help me with that?

@merit-maita
Copy link
Contributor

@merit-maita I have committed fixes based on the last pre-commit and validation errors. I am waiting for PR ##40583 to be merged. Then there shouldn't be any conflict. In the latest validation check, the script failed on Validation for validate_config file but it does not indicate any issues with my files. Could you please help me with that?

the PR ##40583 is already merged now,
regarding the issue with the validate, pulling from master is supposed to solve the issue

@aneeshamore aneeshamore force-pushed the pan-os-panw-security-advisories-pack branch 2 times, most recently from d328980 to 1212f61 Compare July 15, 2025 16:59
@aneeshamore
Copy link
Contributor Author

@richardbluestone Please review docs.

@aneeshamore aneeshamore force-pushed the pan-os-panw-security-advisories-pack branch from 8ace6f3 to c14c026 Compare July 16, 2025 03:27
@content-bot
Copy link
Collaborator

Validate summary
The following errors were thrown as a part of this pr: GR110.
The following errors cannot be ignored: GR110.
If the AG100 validation in the pre-commit GitHub Action fails, the pull request cannot be force-merged.

Verdict: PR can be force merged from validate perspective? ❌

@m-berman
Copy link

Hi @aneeshamore
I made suggestions. After you have implemented the suggestions you like, could you please use the SDK to regenerate the markdown? Then I can take another look.
Thanks

m-berman
m-berman reviewed Jul 16, 2025
View reviewed changes
@aneeshamore aneeshamore force-pushed the pan-os-panw-security-advisories-pack branch from ef156e3 to acf5f5e Compare July 16, 2025 17:45
@m-berman
Copy link

Approved docs.

@aneeshamore aneeshamore force-pushed the pan-os-panw-security-advisories-pack branch from 2f875e3 to ac03d0a Compare July 17, 2025 16:26
merit-maita
merit-maita reviewed Jul 20, 2025
View reviewed changes
Packs/PAN-OS/Playbooks/PAN-OS_-_Security_Advisories_Vulnerability_Check.yml
name: Check if CVE affects PAN-OS sw version or gp version
script: CheckFirewallAndGPForCVEs
type: regular
timertriggers: []
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the validation is failing due to the task id key being missing for task 7, i think it should looks something like what im suggesting here.
after making the change, please make sure the edited playbook is still working.

Suggested change
timertriggers: []
taskid: 9ce917fd-b79c-4508-908e-90095d0761dd
timertriggers: []

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@merit-maita merit-maita merit-maita approved these changes

@m-berman m-berman m-berman left review comments

Assignees

@merit-maita merit-maita

@rshunim rshunim

@m-berman m-berman

Labels
Contribution Thank you! Contributions are always welcome! docs-approved pending-contributor The PR is pending the response of its creator ready-for-pipeline-running Whether the pr is ready for running the whole pipeline, including testing on SAAS machines
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@aneeshamore @merit-maita @content-bot @m-berman @richardbluestone @rshunim @jbabazadeh