Modify redactindicator script so that it can be used as a transformer (…

…#32516) (#32546) * modify redactindicator script so that it can be used as a transformer * fix SDK validate errors Co-authored-by: Ali Sawyer <91506078+ali-sawyer@users.noreply.github.com>
demisto · Feb 4, 2024 · 91d580a · 91d580a
1 parent 9e00df9
commit 91d580a
Show file tree

Hide file tree

Showing 4 changed files with 61 additions and 39 deletions.
diff --git a/Packs/CommunityCommonScripts/ReleaseNotes/1_1_6.md b/Packs/CommunityCommonScripts/ReleaseNotes/1_1_6.md
@@ -0,0 +1,5 @@
+
+#### Scripts
+
+##### redactindicator
+- Modify the script so that it can be used as a transformer.
diff --git a/Packs/CommunityCommonScripts/Scripts/RedactIndicator/RedactIndicator.py b/Packs/CommunityCommonScripts/Scripts/RedactIndicator/RedactIndicator.py
@@ -1314,9 +1314,6 @@
                      ".zuerich": "[.]zuerich",
                      ".zw": "[.]zw"}
 
-text = demisto.args()['indicator']
-searchkey = demisto.args().get('searchkey')
-
 
 def redactIP(ip):
     iplist = ip.split(".")
@@ -1332,35 +1329,50 @@ def redactemail(email):
     return newemail
 
 
-ip = re.compile(r"\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b")
+def main():
+    try:
+        args = demisto.args()
+        if not args.get('value') and not args.get('indicator'):
+            return_error('Must provide either arg "value" or arg "indicator".')
+        text = args.get('value', args.get('indicator'))
+        searchkey = demisto.args().get('searchkey')
+        ip = re.compile(r"\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b")
+        redactDictBASIC = {"http": "hxxp", "meow": "hxxp", "HTTP": "hxxp"}
+
+        redactDict = {}
+        searchkeyDict = {}
+        if searchkey is not None:
+            if len(searchkey) > 1:
+                Redact_String = "<REDACTED>"
+                for item in searchkey.split(","):
+                    if (item.startswith("$#=")):
+                        Redact_String = item.split("=")[1]
+                    else:
+                        searchkeyDict.update({item.strip(): Redact_String})
+                for key, value in searchkeyDict.items():
+                    text = text.replace(str(key).strip(), str(value).strip())
 
-redactDictBASIC = {"http": "hxxp", "meow": "hxxp", "HTTP": "hxxp"}
+        for item in ip.findall(text):
+            redactDict.update({item: redactIP(item)})
 
-redactDict = {}
-searchkeyDict = {}
-if searchkey is not None:
-    if len(searchkey) > 1:
-        Redact_String = "<REDACTED>"
-        for item in searchkey.split(","):
-            if (item.startswith("$#=")):
-                Redact_String = item.split("=")[1]
-            else:
-                searchkeyDict.update({item.strip(): Redact_String})
-        for key, value in searchkeyDict.items():
+        email = re.compile(r'[\w\.-]+@[\w\.-]+')
+        for item in email.findall(text):
+            redactDict.update({item: redactemail(item)})
+        for key, value in redactDict.items():
+            text = text.replace(str(key).strip(), str(value).strip())
+        for key, value in redactDictBASIC.items():
+            text = text.replace(str(key).strip(), str(value).strip())
+        for key, value in ROOOT_Domain_List.items():
             text = text.replace(str(key).strip(), str(value).strip())
+        output = CommandResults(
+            outputs_prefix="Redacted_inicator",
+            outputs=text
+        )
+        return_results(output)
+    except Exception as ex:
+        demisto.error(traceback.format_exc())  # print the traceback
+        return_error(f'Failed to execute redactindicator. Error: {str(ex)}')
 
-for item in ip.findall(text):
-    redactDict.update({item: redactIP(item)})
 
-email = re.compile(r'[\w\.-]+@[\w\.-]+')
-for item in email.findall(text):
-    redactDict.update({item: redactemail(item)})
-for key, value in redactDict.items():
-    text = text.replace(str(key).strip(), str(value).strip())
-for key, value in redactDictBASIC.items():
-    text = text.replace(str(key).strip(), str(value).strip())
-for key, value in ROOOT_Domain_List.items():
-    text = text.replace(str(key).strip(), str(value).strip())
-context = demisto.context()
-demisto.executeCommand('Set', {'key': "Redacted_inicator", 'value': text})
-return_results(text)
+if __name__ in ('__main__', '__builtin__', 'builtins'):
+    main()
diff --git a/Packs/CommunityCommonScripts/Scripts/RedactIndicator/RedactIndicator.yml b/Packs/CommunityCommonScripts/Scripts/RedactIndicator/RedactIndicator.yml
@@ -1,21 +1,26 @@
 args:
-- description: Indicator to be redacted
+- description: Indicator to be redacted.
+  name: value
+- description: 'Indicator to be redacted (can be used instead of ''value'' for backwards compatibility).'
   name: indicator
-  required: true
-- description: 'string which should be REDACTED '
+- description: 'string which should be REDACTED.'
   name: searchkey
-comment: Redactindicator can help you to defang/redact any kind of indicator (IPv4, url, domain and email), IP addresses will be in the dotted representation like 8.8.8[.].8, all domains will be example[.]com. Optional you can define a "searchkey" which does not to be case sensitive, which will be replaced as <REDACTED>
+comment: Redactindicator can help you to defang/redact any kind of indicator (IPv4, url, domain and email), IP addresses will be in the dotted representation like 8.8.8[.].8, all domains will be example[.]com. Optional you can define a "searchkey" which does not to be case sensitive, which will be replaced as <REDACTED>.
 commonfields:
   id: redactindicator
   version: -1
 enabled: true
 name: redactindicator
-script: '-'
+script: ''
 subtype: python3
-timeout: '0'
 type: python
-dockerimage: demisto/python3:3.10.12.63474
+dockerimage: demisto/python3:3.10.13.86272
 runas: DBotWeakRole
 fromversion: 6.0.0
 tests:
 - No tests (auto formatted)
+engineinfo: {}
+runonce: false
+scripttarget: 0
+tags:
+- transformer
diff --git a/Packs/CommunityCommonScripts/pack_metadata.json b/Packs/CommunityCommonScripts/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Community Common Scripts",
     "description": "A pack that contains community scripts",
     "support": "community",
-    "currentVersion": "1.1.5",
+    "currentVersion": "1.1.6",
     "author": "",
     "url": "https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/bd-p/Cortex_XSOAR_Discussions",
     "email": "",
@@ -22,4 +22,4 @@
         "marketplacev2"
     ],
     "githubUser": []
-}
+}