[Auto Update Docker] auto_update_docker_staging_branch (demisto#34465)

* Updated docker image to demisto/pcap-miner:1.0.0.91369. PR batch #1/3 (demisto#33830)

* Updated docker image to demisto/pcap-miner:1.0.0.91369. PR batch #2/3 (demisto#33831)

Co-authored-by: Tal Zichlinsky <35036457+talzich@users.noreply.github.com>

* demisto/paho-mqtt:1.0.0.56447 | 0-100 | PR batch #1/1 (demisto#33828)

* Updated docker image to demisto/paho-mqtt:1.0.0.56447. PR batch #1/1

* Revert ZipFile image (demisto#33825)

* revert docker image and added the TPB to the yml

* updated release notes

* pre-commit fixes

* updated release notes

* Docker Hardening test - fix flaky test (demisto#33805)

* Revert "Merge branch 'auto_update_docker_staging_branch' into AUD-demisto/paho-mqtt-1.0.0.56447-pr-batch-1"

This reverts commit c5dffd6, reversing
changes made to d9ce372.

* add space

* delete space

* version 29

---------

Co-authored-by: Arad Carmi <62752352+AradCarmi@users.noreply.github.com>
Co-authored-by: ilaner <88267954+ilaner@users.noreply.github.com>
Co-authored-by: Tal <tcarmeli@paloaltonetworks.com>
Co-authored-by: Tal Carmeli <158452762+tcarmeli1@users.noreply.github.com>

* Fix conflict

* Updated docker image to demisto/py3-tools:1.0.0.91908. PR batch #1/3 (demisto#33871)

* Update release notes

* Validate

* pre-commit

* Fix RN for Anomali ThreatStream v3

* Fix PcapAnalysis.yml file

* update devdemisto/polyswarm

* dockerImage uploaded to docker hub

* revert pcap-minor related changes

* Resolve Packs/CommonScripts merge conflict

* Resolve Packs/CommonScripts merge conflict

* Remove pcap-minor RN file

* Update release notes

* Update release notes

* Update UBIRCH to use demisto/py3-tools instead of demisto/paho-mqtt

* Resolve Packs/CommonScripts merge conflict

* Resolve Packs/Anomali_ThreatStream merge conflict

---------

Co-authored-by: Tal Zichlinsky <35036457+talzich@users.noreply.github.com>
Co-authored-by: Arad Carmi <62752352+AradCarmi@users.noreply.github.com>
Co-authored-by: ilaner <88267954+ilaner@users.noreply.github.com>
Co-authored-by: Tal <tcarmeli@paloaltonetworks.com>
Co-authored-by: Tal Carmeli <158452762+tcarmeli1@users.noreply.github.com>
Co-authored-by: TalZich <tzichlinsky@paloaltonetworks.com>

Packs/AccentureCTI_Feed/Integrations/ACTIIndicatorFeed/ACTIIndicatorFeed.py

@@ -1,9 +1,8 @@
-from typing import Dict, Union
 from CommonServerPython import *
 from JSONFeedApiModule import *  # noqa: E402
 
 
-def custom_build_iterator(client: Client, feed: Dict, limit, **kwargs) -> List:
+def custom_build_iterator(client: Client, feed: dict, limit, **kwargs) -> List:
     """
     Implement the http_request with API that works with pagination and filtering. Uses the integration context to
     save last fetch time to each indicator type
@@ -79,7 +78,7 @@ def custom_build_iterator(client: Client, feed: Dict, limit, **kwargs) -> List:
     return result
 
 
-def create_fetch_configuration(indicators_type: list, filters: dict, params: dict) -> Dict[str, dict]:
+def create_fetch_configuration(indicators_type: list, filters: dict, params: dict) -> dict[str, dict]:
     mapping_by_indicator_type = {                                                                             # pragma: no cover
         'IP': {
             'last_seen_as': 'malwaretypes',
@@ -119,7 +118,7 @@ def create_fetch_configuration(indicators_type: list, filters: dict, params: dic
     return indicators_configuration
 
 
-def build_feed_filters(params: dict) -> Dict[str, Optional[Union[str, list]]]:
+def build_feed_filters(params: dict) -> dict[str, Optional[str | list]]:
     filters = {'severity.from': params.get('severity'),
                'threat_types.values': params.get('threat_type'),
                'confidence.from': params.get('confidence_from'),
@@ -131,7 +130,7 @@ def build_feed_filters(params: dict) -> Dict[str, Optional[Union[str, list]]]:
 
 def main():  # pragma: no cover
     params = demisto.params()
-    filters: Dict[str, Optional[Union[str, list]]] = build_feed_filters(params)
+    filters: dict[str, Optional[str | list]] = build_feed_filters(params)
     indicators_type: list = argToList(params.get('indicator_type', []))
     params['feed_name_to_config'] = create_fetch_configuration(indicators_type, filters, params)
 

Packs/AccentureCTI_Feed/Integrations/ACTIIndicatorFeed/ACTIIndicatorFeed.yml

@@ -150,7 +150,7 @@ script:
       name: limit
     description: Gets the feed indicators.
     name: acti-get-indicators
-  dockerimage: demisto/py3-tools:1.0.0.86612
+  dockerimage: demisto/py3-tools:1.0.0.96102
   feed: true
   runonce: false
   script: '-'

Packs/AccentureCTI_Feed/ReleaseNotes/1_1_36.md

@@ -0,0 +1,8 @@
+
+#### Integrations
+
+##### ACTI Indicator Feed
+- Updated the Docker image to: *demisto/py3-tools:1.0.0.96102*.
+
+
+

Packs/AccentureCTI_Feed/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Accenture CTI Feed",
     "description": "Accenture Cyber Threat Intelligence Feed",
     "support": "partner",
-    "currentVersion": "1.1.35",
+    "currentVersion": "1.1.36",
     "author": "Accenture",
     "url": "https://www.accenture.com/us-en/services/security/cyber-defense",
     "email": "CTI.AcctManagement@accenture.com",

Packs/Anomali_ThreatStream/ReleaseNotes/2_2_20.md

@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### Anomali ThreatStream v3
+
+- Updated the Docker image to: *demisto/py3-tools:1.0.0.93223*.

Packs/Anomali_ThreatStream/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Anomali ThreatStream",
     "description": "Use Anomali ThreatStream to query and submit threats.",
     "support": "xsoar",
-    "currentVersion": "2.2.19",
+    "currentVersion": "2.2.20",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/CommonScripts/ReleaseNotes/1_15_4.md

@@ -0,0 +1,43 @@
+
+#### Scripts
+
+##### FetchIndicatorsFromFile
+- Updated the Docker image to: *demisto/py3-tools:1.0.0.96102*.
+
+
+
+##### ExifRead
+- Updated the Docker image to: *demisto/py3-tools:1.0.0.96102*.
+
+
+
+##### ExtractDomainAndFQDNFromUrlAndEmail
+- Updated the Docker image to: *demisto/py3-tools:1.0.0.96102*.
+
+
+
+##### ExtractFQDNFromUrlAndEmail
+- Updated the Docker image to: *demisto/py3-tools:1.0.0.96102*.
+
+
+
+##### LanguageDetect
+- Updated the Docker image to: *demisto/py3-tools:1.0.0.96102*.
+
+
+
+##### StixCreator
+- Updated the Docker image to: *demisto/py3-tools:1.0.0.96102*.
+
+
+
+##### ExtractDomainFromUrlAndEmail
+- Updated the Docker image to: *demisto/py3-tools:1.0.0.96102*.
+
+
+
+##### ParseExcel
+- Updated the Docker image to: *demisto/py3-tools:1.0.0.96102*.
+
+
+

Packs/CommonScripts/Scripts/ExifRead/ExifRead.py

@@ -9,7 +9,7 @@ def get_exif_tags(file_entry_id):
 
     tags = exifread.process_file(f)
     arr = []
-    for tag in tags.keys():
+    for tag in tags:
         arr.append({'tag': str(tag), 'value': str(tags[tag])})
 
     md = tableToMarkdown('Exif Tags', arr)

Packs/CommonScripts/Scripts/ExifRead/ExifRead.yml

@@ -7,22 +7,22 @@ type: python
 subtype: python3
 tags:
 - Utility
-comment: Read image files metadata and provide Exif tags
+comment: Read image files metadata and provide Exif tags.
 enabled: true
 args:
 - name: EntryID
   required: true
   default: true
-  description: Entry ID of image file
+  description: Entry ID of image file.
 outputs:
 - contextPath: Exif.tag
-  description: Exif tag name
+  description: Exif tag name.
   type: string
 - contextPath: Exif.value
-  description: Exif tag value
+  description: Exif tag value.
   type: string
 scripttarget: 0
-dockerimage: demisto/py3-tools:1.0.0.91504
+dockerimage: demisto/py3-tools:1.0.0.96102
 fromversion: 6.5.0
 tests:
 - ExifReadTest

Packs/CommonScripts/Scripts/ExtractDomainAndFQDNFromUrlAndEmail/ExtractDomainAndFQDNFromUrlAndEmail.yml

@@ -15,7 +15,7 @@ tags:
 - indicator-format
 timeout: '0'
 type: python
-dockerimage: demisto/py3-tools:1.0.0.81280
+dockerimage: demisto/py3-tools:1.0.0.96102
 runas: DBotWeakRole
 tests:
 - ExtractDomainAndFQDNFromUrlAndEmail-Test

Packs/CommonScripts/Scripts/ExtractDomainFromUrlFormat/ExtractDomainFromUrlFormat.py

@@ -81,7 +81,7 @@ def extract_domain(the_input):
         domain = get_fld(full_domain, fail_silently=True)
 
     # convert None to empty string if needed
-    domain = '' if not domain else domain
+    domain = domain if domain else ''
     return domain
 
 

Packs/CommonScripts/Scripts/ExtractDomainFromUrlFormat/ExtractDomainFromUrlFormat.yml

@@ -6,14 +6,14 @@ script: ''
 type: python
 tags:
 - indicator-format
-comment: Extract Domain(s) from URL(s) and/or Email(s)
+comment: Extract Domain(s) from URL(s) and/or Email(s).
 enabled: true
 args:
 - name: input
-  description: The URL(s) or Email(s) to process
+  description: The URL(s) or Email(s) to process.
   isArray: true
 scripttarget: 0
-dockerimage: demisto/py3-tools:1.0.0.91504
+dockerimage: demisto/py3-tools:1.0.0.96102
 runas: DBotWeakRole
 subtype: python3
 tests:

Packs/CommonScripts/Scripts/ExtractDomainFromUrlFormat/ExtractDomainFromUrlFormat_test.py

@@ -1,4 +1,3 @@
-# -*- coding: utf-8 -*-
 from ExtractDomainFromUrlFormat import extract_domain
 from ExtractDomainFromUrlFormat import unescape_url
 import pytest
@@ -9,7 +8,7 @@
     ('http:example.com', 'example.com'),
     ('http:\\\\example.com', 'example.com'),
     ('https://caseapi.phishlabs.com', 'phishlabs.com'),
-    (u'www.bücher.de', u'bücher.de'),
+    ('www.bücher.de', 'bücher.de'),
     ('https://urldefense.proofpoint.com/v2/url?u=http-3A__go.getpostman.com_y4wULsdG0h0DDMY0Dv00100&d=DwMFaQ&c=ywDJJevdGcjv4rm9P3FcNg&r=s5kA2oIAQRXsacJiBKmTORIWyRN39ZKhobje2GyRgNs&m=vN1dVSiZvEoM9oExtQqEptm9Dbvq9tnjACDZzrBLaWI&s=zroN7KQdBCPBOfhOmv5SP1DDzZKZ1y9I3x4STS5PbHA&e=', 'getpostman.com'),  # noqa: E501
     ('hxxps://www[.]demisto[.]com', 'demisto.com'),
     ('https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2FPhilipsBeLux&data=02|01||cb2462dc8640484baf7608d638d2a698|1a407a2d76754d178692b3ac285306e4|0|0|636758874714819880&sdata=dnJiphWFhnAKsk5Ps0bj0p%2FvXVo8TpidtGZcW6t8lDQ%3D&reserved=0%3E%5bcid:image003.gif@01CF4D7F.1DF62650%5d%3C', 'twitter.com'),  # noqa: E501 disable-secrets-detection

Packs/CommonScripts/Scripts/ExtractFQDNFromUrlAndEmail/ExtractFQDNFromUrlAndEmail.py

@@ -61,7 +61,7 @@ def get_fqdn(the_input):
         # get the subdomain using tld.subdomain
         subdomain = domain.subdomain
         if (subdomain):
-            fqdn = "{}.{}".format(subdomain, domain.fld)
+            fqdn = f"{subdomain}.{domain.fld}"
 
     return fqdn
 
@@ -95,7 +95,7 @@ def extract_fqdn(the_input):
         fqdn = get_fqdn(full_domain)
 
     # convert None to empty string if needed
-    fqdn = '' if not fqdn else fqdn
+    fqdn = fqdn if fqdn else ''
     return fqdn
 
 

Packs/CommonScripts/Scripts/ExtractFQDNFromUrlAndEmail/ExtractFQDNFromUrlAndEmail.yml

@@ -14,7 +14,7 @@ tags:
 - indicator-format
 timeout: '0'
 type: python
-dockerimage: demisto/py3-tools:1.0.0.91504
+dockerimage: demisto/py3-tools:1.0.0.96102
 runas: DBotWeakRole
 subtype: python3
 tests:

Packs/CommonScripts/Scripts/ExtractFQDNFromUrlAndEmail/ExtractFQDNFromUrlAndEmail_test.py

@@ -1,4 +1,3 @@
-# -*- coding: utf-8 -*-
 from ExtractFQDNFromUrlAndEmail import extract_fqdn
 import pytest
 
@@ -8,7 +7,7 @@
     [  # noqa: E501 disable-secrets-detection
         ("http://this.is.test.com", "this.is.test.com"),
         ("https://caseapi.phishlabs.com", "caseapi.phishlabs.com"),
-        (u"www.bücher.de", u"www.bücher.de"),
+        ("www.bücher.de", "www.bücher.de"),
         (
             "https://urldefense.proofpoint.com/v2/url?u=http-3A__go.getpostman.com_y4wULsdG0h0DDMY0Dv00100&d=DwMFaQ&c=yw"
             "DJJevdGcjv4rm9P3FcNg&r=s5kA2oIAQRXsacJiBKmTORIWyRN39ZKhobje2GyRgNs&m=vN1dVSiZvEoM9oExtQqEptm9Dbvq9tnjACDZzr"

Packs/CommonScripts/Scripts/FetchIndicatorsFromFile/FetchIndicatorsFromFile.py

@@ -15,7 +15,7 @@ def csv_file_to_indicator_list(file_path, col_num, starting_row, auto_detect, de
     # TODO: add run on all columns functionality
 
     line_index = 0
-    with open(file_path, 'r') as csv_file:
+    with open(file_path) as csv_file:
         # csv reader can fail when encountering a NULL byte (\0) - so we go through the file and take out the NUL bytes.
         file_reader = csv.reader(line.replace('\0', '') for line in csv_file)
         for row in file_reader:
@@ -78,7 +78,7 @@ def xls_file_to_indicator_list(file_path, sheet_name, col_num, starting_row, aut
 
 
 def txt_file_to_indicator_list(file_path, auto_detect, default_type, limit, offset):
-    with open(file_path, "r") as fp:
+    with open(file_path) as fp:
         file_data = fp.read()
 
     indicator_list = []
@@ -211,7 +211,7 @@ def fetch_indicators_from_file(args):
     file = demisto.getFilePath(args.get('entry_id'))
     file_path = file['path']
     file_name = file['name']
-    auto_detect = True if args.get('auto_detect') == 'True' else False
+    auto_detect = args.get('auto_detect') == 'True'
     default_type = args.get('default_type')
     limit = args.get("limit")
 
@@ -229,7 +229,7 @@ def fetch_indicators_from_file(args):
     # from which row should I start reading the indicators, it is used to avoid table headers.
     starting_row = args.get('starting_row')
 
-    if file_name.endswith('xls') or file_name.endswith('xlsx'):
+    if file_name.endswith(('xls', 'xlsx')):
         indicator_list = xls_file_to_indicator_list(file_path, sheet_name, int(indicator_col_num) - 1,
                                                     int(starting_row) - 1, auto_detect, default_type,
                                                     indicator_type_col_num, limit, offset)
@@ -265,7 +265,7 @@ def main():
     try:
         return_outputs(*fetch_indicators_from_file(demisto.args()))
     except Exception as ex:
-        return_error('Failed to execute Fetch Indicators From File. Error: {}'.format(str(ex)),
+        return_error(f'Failed to execute Fetch Indicators From File. Error: {str(ex)}',
                      error=traceback.format_exc())
 
 

Packs/CommonScripts/Scripts/FetchIndicatorsFromFile/FetchIndicatorsFromFile.yml

@@ -64,7 +64,7 @@ tags:
 - indicators
 timeout: '0'
 type: python
-dockerimage: demisto/py3-tools:1.0.0.89345
+dockerimage: demisto/py3-tools:1.0.0.96102
 fromversion: 6.5.0
 tests:
 - No tests (auto formatted)

Packs/CommonScripts/Scripts/FetchIndicatorsFromFile/FetchIndicatorsFromFile_test.py

@@ -63,15 +63,15 @@ def test_csv_file_to_indicator_list_1():
     result = csv_file_to_indicator_list(file_path='test_data/Hashes_list.csv',
                                         col_num=0, starting_row=0, auto_detect=True, default_type=None, type_col=None,
                                         limit=None, offset=0)
-    assert CSV_TEST_RESULTS_1 == result
+    assert result == CSV_TEST_RESULTS_1
 
 
 def test_csv_file_to_indicator_list_2():
     from FetchIndicatorsFromFile import csv_file_to_indicator_list
     result = csv_file_to_indicator_list(file_path='test_data/Hashes_list.csv',
                                         col_num=0, starting_row=1, auto_detect=False, default_type='Domain',
                                         type_col=None, limit=2, offset=0)
-    assert CSV_TEST_RESULTS_2 == result
+    assert result == CSV_TEST_RESULTS_2
 
 
 def test_xls_file_to_indicator_list_1():
@@ -124,15 +124,15 @@ def test_txt_file_to_indicator_list_2():
 
 def test_detect_type():
     from FetchIndicatorsFromFile import detect_type
-    assert 'File' == detect_type('4f79697b40d0932e91105bd496908f8e02c130a0e36f6d3434d6243e79ef82e0')
-    assert 'Domain' == detect_type('demisto.com')
-    assert 'IP' == detect_type('8.8.8.8')
-    assert 'IPv6' == detect_type('2001:db8:85a3:8d3:1319:8a2e:370:7348')
-    assert 'URL' == detect_type('www.demisto.com/path')
-    assert 'CIDR' == detect_type('8.8.8.8/12')
-    assert 'Email' == detect_type('some@mail.com')
-    assert 'DomainGlob' == detect_type('*.demisto.com')
-    assert 'IPv6CIDR' == detect_type('2001:db8:85a3:8d3:1319:8a2e:370:7348/32')
+    assert detect_type('4f79697b40d0932e91105bd496908f8e02c130a0e36f6d3434d6243e79ef82e0') == 'File'
+    assert detect_type('demisto.com') == 'Domain'
+    assert detect_type('8.8.8.8') == 'IP'
+    assert detect_type('2001:db8:85a3:8d3:1319:8a2e:370:7348') == 'IPv6'
+    assert detect_type('www.demisto.com/path') == 'URL'
+    assert detect_type('8.8.8.8/12') == 'CIDR'
+    assert detect_type('some@mail.com') == 'Email'
+    assert detect_type('*.demisto.com') == 'DomainGlob'
+    assert detect_type('2001:db8:85a3:8d3:1319:8a2e:370:7348/32') == 'IPv6CIDR'
     assert None is detect_type('not_an_indicator')
 
 

Packs/CommonScripts/Scripts/LanguageDetect/LanguageDetect.yml

@@ -13,14 +13,14 @@ args:
 - name: text
   required: true
   default: true
-  description: Text to analyse for language detection
+  description: Text to analyse for language detection.
 outputs:
 - contextPath: langDetect.lang
-  description: Language detection
+  description: Language detection.
 - contextPath: langDetect.probability
-  description: Probability of language detection
+  description: Probability of language detection.
 scripttarget: 0
-dockerimage: demisto/py3-tools:1.0.0.91504
+dockerimage: demisto/py3-tools:1.0.0.96102
 fromversion: 5.0.0
 tests:
-  - LanguageDetect-Test
+- LanguageDetect-Test

Packs/CommonScripts/Scripts/ParseExcel/ParseExcel.yml

@@ -6,17 +6,17 @@ script: ''
 type: python
 subtype: python3
 tags: []
-comment: The automation takes Excel file (entryID) as an input and parses its content to the war room and context
+comment: The automation takes Excel file (entryID) as an input and parses its content to the war room and context.
 enabled: true
 args:
 - name: entryId
   required: true
-  description: The entry id of the excel file
+  description: The entry id of the excel file.
 outputs:
 - contextPath: ParseExcel
-  description: ParseExcel
+  description: ParseExcel.
 scripttarget: 0
-dockerimage: demisto/py3-tools:1.0.0.91504
+dockerimage: demisto/py3-tools:1.0.0.96102
 tests:
 - ParseExcel-test
 fromversion: 5.0.0