Fix GetIndicatorDBotScoreFromCache to handle better a special charact…

…er (#31070) * a fix and a test * docker image update * added rn * Bump pack from version CommonScripts to 1.12.47. * unit test fix * unit test fix * unit test fix * Bump pack from version CommonScripts to 1.12.48. * Bump pack from version CommonScripts to 1.12.49. * Update Packs/CommonScripts/ReleaseNotes/1_12_49.md Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> --------- Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com>
demisto · Nov 27, 2023 · 199783c · 199783c
1 parent b67bae8
commit 199783c
Show file tree

Hide file tree

Showing 5 changed files with 34 additions and 4 deletions.
diff --git a/Packs/CommonScripts/ReleaseNotes/1_12_49.md b/Packs/CommonScripts/ReleaseNotes/1_12_49.md
@@ -0,0 +1,7 @@
+
+#### Scripts
+
+##### GetIndicatorDBotScoreFromCache
+
+- Fixed an issue where the script failed when providing indicator values with special characters.
+- Updated the Docker image to: *demisto/python3:3.10.13.80593*.
diff --git a/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache.py b/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache.py
@@ -7,8 +7,11 @@ def main():
     values: list[str] = argToList(demisto.args().get("value", None))
     unique_values: set[str] = {v.lower() for v in values}  # search query is case insensitive
 
+    query = f"""value:({' '.join([f'"{value}"' for value in unique_values])})"""
+    demisto.debug(f'{query=}')
+
     res = demisto.searchIndicators(
-        query=f'value:({" ".join(unique_values)})',
+        query=query,
         populateFields='name,score,aggregatedReliability,type,expirationStatus',
     )
 
@@ -67,5 +70,5 @@ def main():
         return_results(not_found_values_entry)
 
 
-if __name__ == "__builtin__" or __name__ == "builtins":  # pragma: no cover
+if __name__ in ("__builtin__", "builtins", "__main__"):  # pragma: no cover
     main()
diff --git a/...s/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache.yml b/...s/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache.yml
@@ -7,7 +7,7 @@ comment: Get the overall score for the indicator as calculated by DBot.
 commonfields:
   id: GetIndicatorDBotScoreFromCache
   version: -1
-dockerimage: demisto/python3:3.10.13.80014
+dockerimage: demisto/python3:3.10.13.80593
 enabled: true
 name: GetIndicatorDBotScoreFromCache
 runas: DBotWeakRole

diff --git a/...mmonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache_test.py b/...mmonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache_test.py
@@ -138,3 +138,23 @@ def test_multiple_iocs_with_same_value_but_different_casing(mocker):
 
     indicators_results = return_results_calls[0][0][0]["Contents"]
     assert {i["Indicator"] for i in indicators_results} == expected_found
+
+
+def test_query_values(mocker):
+    """
+    Given:
+        An array of indicator value (Test~.com, Test2~.com).
+    When:
+        Running GetIndicatorDBotScoreFromCache script.
+    Then:
+        Ensure all values in the query to demisto.searchIndicators has \".
+    """
+    mocker.patch.object(demisto, "args", return_value={"value": "Test~.com, Test2~.com"})
+    mocker.patch.object(demisto, "searchIndicators")
+    GetIndicatorDBotScoreFromCache.main()
+    args_list = demisto.searchIndicators.call_args_list
+    call_query = args_list[0][1]['query']
+    assert call_query in [
+        'value:("test2~.com" "test~.com")',
+        'value:("test~.com" "test2~.com")',
+    ]
diff --git a/Packs/CommonScripts/pack_metadata.json b/Packs/CommonScripts/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Common Scripts",
     "description": "Frequently used scripts pack.",
     "support": "xsoar",
-    "currentVersion": "1.12.48",
+    "currentVersion": "1.12.49",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",