fix: pop Keep-internal kwargs in BaseProvider before passing to providers (#5732)

Co-authored-by: Shahar Glazner <shaharglazner@gmail.com>

Author: Eliesmbr

keep/providers/base/base_provider.py

@@ -187,14 +187,16 @@ def notify(self, **kwargs):
         Args:
             **kwargs (dict): The provider context (with statement)
         """
-        # TODO: pop enrich_event from kwargs to handle it more elegantly then in every provider (http, webhook, etc.)
+        # Pop Keep-internal fields before passing kwargs to the provider
+        enrich_alert = kwargs.pop("enrich_alert", [])
+        enrich_incident = kwargs.pop("enrich_incident", [])
+        audit_enabled = bool(kwargs.pop("audit_enabled", True))
         # trigger the provider
         results = self._notify(**kwargs)
         self.results.append(results)
         # if the alert should be enriched, enrich it
-        enrich_event = kwargs.get("enrich_alert", kwargs.get("enrich_incident", []))
+        enrich_event = enrich_alert or enrich_incident
         if enrich_event:
-            audit_enabled = bool(kwargs.get("audit_enabled", True))
             self._enrich(enrich_event, results, audit_enabled=audit_enabled)
 
         return results if results else None
@@ -384,6 +386,9 @@ def _query(self, **kwargs: dict):
         raise NotImplementedError("query() method not implemented")
 
     def query(self, **kwargs: dict):
+        # Pop Keep-internal fields before passing kwargs to the provider
+        enrich_alert = kwargs.pop("enrich_alert", [])
+        audit_enabled = bool(kwargs.pop("audit_enabled", True))
         # just run the query
         results = self._query(**kwargs)
         self.results.append(results)
@@ -393,9 +398,7 @@ def query(self, **kwargs: dict):
         elif results:
             self.context_manager.dependencies.add(results.__class__)
 
-        enrich_alert = kwargs.get("enrich_alert", [])
         if enrich_alert:
-            audit_enabled = bool(kwargs.get("audit_enabled", True))
             self._enrich(enrich_alert, results, audit_enabled=audit_enabled)
         # and return the results
         return results

keep/providers/http_provider/http_provider.py

@@ -100,7 +100,6 @@ def _query(
             params = {}
 
         extra_args = copy.deepcopy(kwargs)
-        extra_args.pop("enrich_alert", None)
 
         # todo: this might be problematic if params/body/headers contain sensitive data
         # think about changing those debug messages or adding a flag to enable/disable them

keep/providers/webhook_provider/webhook_provider.py

@@ -200,7 +200,6 @@ def _query(
             params = {}
 
         extra_args = copy.deepcopy(kwargs)
-        extra_args.pop("enrich_alert", None)
         verify = extra_args.pop("verify", self.authentication_config.verify)
 
         if http_basic_authentication_username and http_basic_authentication_password: