IPQualityScore Encoding and Results Bug Fixes (#24701) (#25086)

* Fix bug with URL risk scoring.

* Fix URL encoding for emails.

* Version upgrade.

* Version.

* Release notes.

* Update docker image version.

* Fix URL Lib 3 import.

* Fix bugs with test_email_command.

* Test.

* Undo.

---------

Co-authored-by: IPQSDemisto <80794987+IPQSDemisto@users.noreply.github.com>
Co-authored-by: IPQualityScore LLC <support@ipqualityscore.com>

Packs/IPQualityScore/Integrations/IPQualityScore/IPQualityScore.py

@@ -1,11 +1,13 @@
 import urllib.parse
+import warnings
 import demistomock as demisto
 from CommonServerPython import *
 from CommonServerUserPython import *
+
 ''' IMPORTS '''
 
 # Disable insecure warnings
-requests.packages.urllib3.disable_warnings()
+warnings.filterwarnings('ignore', message='Unverified HTTPS request')
 
 ''' CONSTANTS '''
 DATE_FORMAT = '%Y-%m-%dT%H:%M:%SZ'
@@ -105,7 +107,8 @@ def email_command(client, args, email_suspicious_score_threshold, email_maliciou
     emails = argToList(args.get("email"), ",")
     results = []
     for email in emails:
-        result = client.get_email_reputation(email)
+        email_encoded = urllib.parse.quote(email, safe="")
+        result = client.get_email_reputation(email_encoded)
         result['address'] = email
 
         human_readable = tableToMarkdown(f"IPQualityScore Results for {email}", result, result.keys())
@@ -151,9 +154,9 @@ def url_command(client, args, url_suspicious_score_threshold, url_malicious_scor
 
         human_readable = tableToMarkdown(f"IPQualityScore Results for {url}", result, result.keys())
 
-        if result.get('fraud_score', 0) >= url_malicious_score_threshold:
+        if result.get('risk_score', 0) >= url_malicious_score_threshold:
             score = 3
-        elif result.get('fraud_score', 0) >= url_suspicious_score_threshold:
+        elif result.get('risk_score', 0) >= url_suspicious_score_threshold:
             score = 2
         else:
             score = 0

Packs/IPQualityScore/Integrations/IPQualityScore/IPQualityScore.yml

@@ -422,7 +422,7 @@ script:
     - contextPath: URL.Malicious.Vendor
       description: The vendor reporting the URL as malicious.
       type: String
-  dockerimage: demisto/python3:3.9.8.24399
+  dockerimage: demisto/python3:3.10.10.48392
   feed: false
   isfetch: false
   longRunning: false

Packs/IPQualityScore/Integrations/IPQualityScore/IPQualityScore_test.py

@@ -27,7 +27,7 @@ def test_ip_command(requests_mock):
 def test_email_command(requests_mock):
     from IPQualityScore import Client, email_command
     mock_response = util_load_json('test_data/email_response.json')
-    requests_mock.get('https://ipqualityscore.com/api/json/email/api_key_here/someone@gmail.com', json=mock_response)
+    requests_mock.get('https://ipqualityscore.com/api/json/email/api_key_here/someone%40gmail.com', json=mock_response)
     client = Client(
         base_url='https://ipqualityscore.com/api/json/email/api_key_here',
         verify=False)

Packs/IPQualityScore/ReleaseNotes/1_0_6.md

@@ -0,0 +1,5 @@
+#### Integrations
+##### IPQualityScore
+- Bug fixes for two issues:
+    - The URL lookup functionality currently doesn't pull the correct value. It should pull risk_score instead of fraud_score.
+    - The Email lookup functionality did not URL encode all emails. This could lead to malformed results. The Email lookup functionality now encodes all emails.

Packs/IPQualityScore/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "IPQualityScore (IPQS) Threat Risk Scoring",
     "description": "Detect threats with real-time risk scoring by IPQS. Playbook analyzes IP addresses, email addresses, and domains or URLs for high risk behavior.",
     "support": "partner",
-    "currentVersion": "1.0.5",
+    "currentVersion": "1.0.6",
     "author": "IPQualityScore",
     "url": "https://www.ipqualityscore.com",
     "email": "support@ipqualityscore.com",