From b1007af1447e7ceb5c95a202c277e90a6a891626 Mon Sep 17 00:00:00 2001 From: RotemAmit Date: Wed, 22 Nov 2023 18:07:27 +0200 Subject: [PATCH 01/10] a fix and a test --- .../GetIndicatorDBotScoreFromCache.py | 7 +++++-- .../GetIndicatorDBotScoreFromCache_test.py | 16 ++++++++++++++++ 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache.py b/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache.py index cdac997983aa..e34177f4fb6c 100644 --- a/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache.py +++ b/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache.py @@ -7,8 +7,11 @@ def main(): values: list[str] = argToList(demisto.args().get("value", None)) unique_values: set[str] = {v.lower() for v in values} # search query is case insensitive + query = f"""value:({' '.join([f'"{value}"' for value in unique_values])})""" + demisto.debug(f'{query=}') + res = demisto.searchIndicators( - query=f'value:({" ".join(unique_values)})', + query=query, populateFields='name,score,aggregatedReliability,type,expirationStatus', ) @@ -67,5 +70,5 @@ def main(): return_results(not_found_values_entry) -if __name__ == "__builtin__" or __name__ == "builtins": # pragma: no cover +if __name__ in ("__builtin__", "builtins", "__main__"): # pragma: no cover main() diff --git a/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache_test.py b/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache_test.py index 2a965a2273f8..be39bc2d676b 100644 --- a/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache_test.py +++ b/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache_test.py @@ -138,3 +138,19 @@ def test_multiple_iocs_with_same_value_but_different_casing(mocker): indicators_results = return_results_calls[0][0][0]["Contents"] assert {i["Indicator"] for i in indicators_results} == expected_found + + +def test_query_values(mocker): + """ + Given: + An array of indicator value (Test~.com). + When: + Running GetIndicatorDBotScoreFromCache script. + Then: + Ensure all values in the query to demisto.searchIndicators has \". + """ + mocker.patch.object(demisto, "args", return_value={"value": "Test~.com, Test2~.com"}) + mocker.patch.object(demisto, "searchIndicators") + GetIndicatorDBotScoreFromCache.main() + demisto.searchIndicators.assert_called_with(query='value:("test~.com" "test2~.com")', + populateFields='name,score,aggregatedReliability,type,expirationStatus') From 698bdd50c57b2e44c13c6e683dc1b01147ab470a Mon Sep 17 00:00:00 2001 From: RotemAmit Date: Wed, 22 Nov 2023 18:09:45 +0200 Subject: [PATCH 02/10] docker image update --- .../GetIndicatorDBotScoreFromCache.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache.yml b/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache.yml index f4a7f26aa24f..d82cff7a4e5f 100644 --- a/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache.yml +++ b/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache.yml @@ -7,7 +7,7 @@ comment: Get the overall score for the indicator as calculated by DBot. commonfields: id: GetIndicatorDBotScoreFromCache version: -1 -dockerimage: demisto/python3:3.10.13.80014 +dockerimage: demisto/python3:3.10.13.80593 enabled: true name: GetIndicatorDBotScoreFromCache runas: DBotWeakRole From 692d4c9af002fea921508f801ff04cd86c9dde34 Mon Sep 17 00:00:00 2001 From: RotemAmit Date: Wed, 22 Nov 2023 18:21:02 +0200 Subject: [PATCH 03/10] added rn --- Packs/CommonScripts/ReleaseNotes/1_12_46.md | 7 +++++++ Packs/CommonScripts/pack_metadata.json | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 Packs/CommonScripts/ReleaseNotes/1_12_46.md diff --git a/Packs/CommonScripts/ReleaseNotes/1_12_46.md b/Packs/CommonScripts/ReleaseNotes/1_12_46.md new file mode 100644 index 000000000000..8ae6cfeaafb6 --- /dev/null +++ b/Packs/CommonScripts/ReleaseNotes/1_12_46.md @@ -0,0 +1,7 @@ + +#### Scripts + +##### GetIndicatorDBotScoreFromCache + +- Fixed an issue where a special character didn't work with searchIndicators. +- Updated the Docker image to: *demisto/python3:3.10.13.80593*. diff --git a/Packs/CommonScripts/pack_metadata.json b/Packs/CommonScripts/pack_metadata.json index 62e6ed2d2b45..9ef501c85e85 100644 --- a/Packs/CommonScripts/pack_metadata.json +++ b/Packs/CommonScripts/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Common Scripts", "description": "Frequently used scripts pack.", "support": "xsoar", - "currentVersion": "1.12.45", + "currentVersion": "1.12.46", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", From 68e8a067bd54314207e1661f3dfe6592c8379a75 Mon Sep 17 00:00:00 2001 From: Content Bot Date: Wed, 22 Nov 2023 18:53:12 +0000 Subject: [PATCH 04/10] Bump pack from version CommonScripts to 1.12.47. --- Packs/CommonScripts/ReleaseNotes/1_12_47.md | 7 +++++++ Packs/CommonScripts/pack_metadata.json | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 Packs/CommonScripts/ReleaseNotes/1_12_47.md diff --git a/Packs/CommonScripts/ReleaseNotes/1_12_47.md b/Packs/CommonScripts/ReleaseNotes/1_12_47.md new file mode 100644 index 000000000000..8ae6cfeaafb6 --- /dev/null +++ b/Packs/CommonScripts/ReleaseNotes/1_12_47.md @@ -0,0 +1,7 @@ + +#### Scripts + +##### GetIndicatorDBotScoreFromCache + +- Fixed an issue where a special character didn't work with searchIndicators. +- Updated the Docker image to: *demisto/python3:3.10.13.80593*. diff --git a/Packs/CommonScripts/pack_metadata.json b/Packs/CommonScripts/pack_metadata.json index 9ef501c85e85..049c579cd41a 100644 --- a/Packs/CommonScripts/pack_metadata.json +++ b/Packs/CommonScripts/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Common Scripts", "description": "Frequently used scripts pack.", "support": "xsoar", - "currentVersion": "1.12.46", + "currentVersion": "1.12.47", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", From 805dcb8d16f5c96f8fbfb62fc206709c3632414e Mon Sep 17 00:00:00 2001 From: RotemAmit Date: Thu, 23 Nov 2023 09:31:02 +0200 Subject: [PATCH 05/10] unit test fix --- .../GetIndicatorDBotScoreFromCache_test.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache_test.py b/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache_test.py index be39bc2d676b..24b5c21d2a16 100644 --- a/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache_test.py +++ b/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache_test.py @@ -143,7 +143,7 @@ def test_multiple_iocs_with_same_value_but_different_casing(mocker): def test_query_values(mocker): """ Given: - An array of indicator value (Test~.com). + An array of indicator value (Test~.com, Test2~.com). When: Running GetIndicatorDBotScoreFromCache script. Then: @@ -152,5 +152,5 @@ def test_query_values(mocker): mocker.patch.object(demisto, "args", return_value={"value": "Test~.com, Test2~.com"}) mocker.patch.object(demisto, "searchIndicators") GetIndicatorDBotScoreFromCache.main() - demisto.searchIndicators.assert_called_with(query='value:("test~.com" "test2~.com")', + demisto.searchIndicators.assert_called_with(query=('value:("test~.com" "test2~.com")' or 'value:("test2~.com" "test~.com")'), populateFields='name,score,aggregatedReliability,type,expirationStatus') From c02d4180c7fbcd7da0bfe651eed9706667597895 Mon Sep 17 00:00:00 2001 From: RotemAmit Date: Thu, 23 Nov 2023 09:41:13 +0200 Subject: [PATCH 06/10] unit test fix --- .../GetIndicatorDBotScoreFromCache_test.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache_test.py b/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache_test.py index 24b5c21d2a16..3839cdb9d248 100644 --- a/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache_test.py +++ b/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache_test.py @@ -152,5 +152,5 @@ def test_query_values(mocker): mocker.patch.object(demisto, "args", return_value={"value": "Test~.com, Test2~.com"}) mocker.patch.object(demisto, "searchIndicators") GetIndicatorDBotScoreFromCache.main() - demisto.searchIndicators.assert_called_with(query=('value:("test~.com" "test2~.com")' or 'value:("test2~.com" "test~.com")'), + demisto.searchIndicators.assert_called_with(query=('value:("test2~.com" "test~.com")'), populateFields='name,score,aggregatedReliability,type,expirationStatus') From 2df150115d3aa561dab1ec80f556c191bd8c65a3 Mon Sep 17 00:00:00 2001 From: RotemAmit Date: Thu, 23 Nov 2023 09:56:50 +0200 Subject: [PATCH 07/10] unit test fix --- .../GetIndicatorDBotScoreFromCache_test.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache_test.py b/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache_test.py index 3839cdb9d248..99ed68b71205 100644 --- a/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache_test.py +++ b/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache_test.py @@ -152,5 +152,9 @@ def test_query_values(mocker): mocker.patch.object(demisto, "args", return_value={"value": "Test~.com, Test2~.com"}) mocker.patch.object(demisto, "searchIndicators") GetIndicatorDBotScoreFromCache.main() - demisto.searchIndicators.assert_called_with(query=('value:("test2~.com" "test~.com")'), - populateFields='name,score,aggregatedReliability,type,expirationStatus') + args_list = demisto.searchIndicators.call_args_list + call_query = args_list[0][1]['query'] + assert call_query in [ + 'value:("test2~.com" "test~.com")', + 'value:("test~.com" "test2~.com")', + ] From 862b09b175ae5a50576014ddb6570059ca42bc38 Mon Sep 17 00:00:00 2001 From: Content Bot Date: Sun, 26 Nov 2023 08:54:50 +0000 Subject: [PATCH 08/10] Bump pack from version CommonScripts to 1.12.48. --- Packs/CommonScripts/ReleaseNotes/1_12_48.md | 7 +++++++ Packs/CommonScripts/pack_metadata.json | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 Packs/CommonScripts/ReleaseNotes/1_12_48.md diff --git a/Packs/CommonScripts/ReleaseNotes/1_12_48.md b/Packs/CommonScripts/ReleaseNotes/1_12_48.md new file mode 100644 index 000000000000..8ae6cfeaafb6 --- /dev/null +++ b/Packs/CommonScripts/ReleaseNotes/1_12_48.md @@ -0,0 +1,7 @@ + +#### Scripts + +##### GetIndicatorDBotScoreFromCache + +- Fixed an issue where a special character didn't work with searchIndicators. +- Updated the Docker image to: *demisto/python3:3.10.13.80593*. diff --git a/Packs/CommonScripts/pack_metadata.json b/Packs/CommonScripts/pack_metadata.json index 049c579cd41a..486617406114 100644 --- a/Packs/CommonScripts/pack_metadata.json +++ b/Packs/CommonScripts/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Common Scripts", "description": "Frequently used scripts pack.", "support": "xsoar", - "currentVersion": "1.12.47", + "currentVersion": "1.12.48", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", From d386065ba7298c00d19768ead8812858c0d6f272 Mon Sep 17 00:00:00 2001 From: Content Bot Date: Sun, 26 Nov 2023 12:36:06 +0000 Subject: [PATCH 09/10] Bump pack from version CommonScripts to 1.12.49. --- Packs/CommonScripts/ReleaseNotes/1_12_49.md | 7 +++++++ Packs/CommonScripts/pack_metadata.json | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 Packs/CommonScripts/ReleaseNotes/1_12_49.md diff --git a/Packs/CommonScripts/ReleaseNotes/1_12_49.md b/Packs/CommonScripts/ReleaseNotes/1_12_49.md new file mode 100644 index 000000000000..8ae6cfeaafb6 --- /dev/null +++ b/Packs/CommonScripts/ReleaseNotes/1_12_49.md @@ -0,0 +1,7 @@ + +#### Scripts + +##### GetIndicatorDBotScoreFromCache + +- Fixed an issue where a special character didn't work with searchIndicators. +- Updated the Docker image to: *demisto/python3:3.10.13.80593*. diff --git a/Packs/CommonScripts/pack_metadata.json b/Packs/CommonScripts/pack_metadata.json index 486617406114..66b425c390ec 100644 --- a/Packs/CommonScripts/pack_metadata.json +++ b/Packs/CommonScripts/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Common Scripts", "description": "Frequently used scripts pack.", "support": "xsoar", - "currentVersion": "1.12.48", + "currentVersion": "1.12.49", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", From 5cb8c6b84793cc48ebe961ce87a0c8fa2b8d09fd Mon Sep 17 00:00:00 2001 From: RotemAmit Date: Mon, 27 Nov 2023 13:50:36 +0200 Subject: [PATCH 10/10] Update Packs/CommonScripts/ReleaseNotes/1_12_49.md Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> --- Packs/CommonScripts/ReleaseNotes/1_12_49.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/CommonScripts/ReleaseNotes/1_12_49.md b/Packs/CommonScripts/ReleaseNotes/1_12_49.md index 8ae6cfeaafb6..d244fa0f1f3c 100644 --- a/Packs/CommonScripts/ReleaseNotes/1_12_49.md +++ b/Packs/CommonScripts/ReleaseNotes/1_12_49.md @@ -3,5 +3,5 @@ ##### GetIndicatorDBotScoreFromCache -- Fixed an issue where a special character didn't work with searchIndicators. +- Fixed an issue where the script failed when providing indicator values with special characters. - Updated the Docker image to: *demisto/python3:3.10.13.80593*.