Update scripts in CommonScripts to support python3

Packs/CommonScripts/ReleaseNotes/1_7_65.md

@@ -0,0 +1,17 @@
+
+#### Scripts
+##### MaliciousRatioReputation
+- Updated the Docker image to: *demisto/python3:3.10.7.33922*.
+
+##### DisplayHTML
+- Updated the Docker image to: *demisto/python3:3.10.7.33922*.
+
+##### SendEmailOnSLABreach
+- Updated the Docker image to: *demisto/python3:3.10.7.33922*.
+
+##### ResolveShortenedURL
+- Updated the Docker image to: *demisto/python3:3.10.7.33922*.
+- Added support for the *insecure* argument.
+
+##### FileToBase64List
+- Updated the Docker image to: *demisto/python3:3.10.7.33922*.

Packs/CommonScripts/Scripts/DisplayHTML/DisplayHTML.py

@@ -0,0 +1,23 @@
+import demistomock as demisto  # noqa: F401
+from CommonServerPython import *  # noqa: F401
+
+
+def main():
+    html = demisto.args().get("html")
+    note = demisto.args().get("markAsNote")
+    header = demisto.args().get("header")
+
+    note = True if note and note.lower() == "true" else False
+    if header:
+        html = "<h1>{0}</h1></br>{1}".format(header, html)
+
+    demisto.results({
+        'ContentsFormat': formats['html'],
+        'Type': entryTypes['note'],
+        'Contents': html,
+        'Note': note
+    })
+
+
+if __name__ == "__builtin__" or __name__ == "builtins":
+    main()

Packs/CommonScripts/Scripts/DisplayHTML/DisplayHTML.yml

@@ -0,0 +1,28 @@
+commonfields:
+  id: DisplayHTML
+  version: -1
+name: DisplayHTML
+script: ''
+type: python
+subtype: python3
+tags: []
+comment: Display HTML in the War Room.
+system: true
+args:
+- name: html
+  required: true
+  description: The HTML to display
+- name: markAsNote
+  auto: PREDEFINED
+  predefined:
+  - "true"
+  - "false"
+  description: Should the entry be marked as a note?
+- name: header
+  description: Add a header text to the output
+scripttarget: 0
+runonce: false
+fromversion: 6.5.0
+dockerimage: demisto/python3:3.10.7.33922
+tests:
+- No tests (auto formatted)

Packs/CommonScripts/Scripts/DisplayHTML/DisplayHTML_test.py

@@ -0,0 +1,23 @@
+import demistomock as demisto
+from CommonServerPython import *
+
+
+def test_DisplayHTML(mocker):
+    """
+    Given:
+        - The script args.
+    When:
+        - Running the DisplayHTML script.
+    Then:
+        - Validating the results after manipulating the given data.
+    """
+    from DisplayHTML import main
+    mocker.patch.object(demisto, 'args', return_value={'html': 'html', 'markAsNote': 'True', "header": "header"})
+    results_mock = mocker.patch.object(demisto, 'results')
+    main()
+    results_mock.assert_called_once()
+    results = results_mock.call_args[0][0]
+    assert results == {'Contents': '<h1>header</h1></br>html',
+                       'ContentsFormat': 'html',
+                       'Note': True,
+                       'Type': EntryType.NOTE}

Packs/CommonScripts/Scripts/FileToBase64List/FileToBase64List.py

@@ -11,7 +11,7 @@ def get_file_data(file_path, zip=False):
         if zip:
             data = zlib.compress(data)
 
-    return base64.b64encode(data)
+    return base64.b64encode(data).decode('utf-8')
 
 
 def main():
@@ -42,5 +42,5 @@ def main():
     }
 
 
-if __name__ == "__builtin__" or __name__ == '__main__':
+if __name__ in ('__main__', '__builtin__', 'builtins'):
     demisto.results(main())

Packs/CommonScripts/Scripts/FileToBase64List/FileToBase64List.yml

@@ -36,10 +36,10 @@ tags:
 - list
 timeout: '0'
 type: python
-subtype: python2
+subtype: python3
 runas: DBotWeakRole
 runonce: true
 tests:
 - No Test
 fromversion: 5.0.0
-dockerimage: demisto/python:2.7.18.27799
+dockerimage: demisto/python3:3.10.7.33922

Packs/CommonScripts/Scripts/FileToBase64List/file_to_base64_list_test.py

@@ -38,6 +38,6 @@ def test_file_to_base64_list(mocker):
 
 def test_get_file_data(mocker):
     data = get_file_data(TEST_FILE_PATH)
-    assert base64.b64decode(data).strip() == "this is a test file"
+    assert base64.b64decode(data).strip() == b"this is a test file"
     data = get_file_data(TEST_FILE_PATH, True)
-    assert zlib.decompress(base64.b64decode(data)).strip() == "this is a test file"
+    assert zlib.decompress(base64.b64decode(data)).strip() == b"this is a test file"

Packs/CommonScripts/Scripts/MaliciousRatioReputation/MaliciousRatioReputation.py

@@ -0,0 +1,48 @@
+import demistomock as demisto  # noqa: F401
+from CommonServerPython import *  # noqa: F401
+
+
+def get_indicator_from_value(indicator_value):
+    try:
+        res = demisto.executeCommand("findIndicators", {'value': indicator_value})
+        indicator = res[0]['Contents'][0]
+        return indicator
+    except Exception:
+        pass
+
+
+def get_indicator_result(indicator):
+    res = demisto.executeCommand("maliciousRatio", {'value': indicator['value']})
+
+    mr_score = res[0]['Contents'][0]['maliciousRatio']
+    if mr_score > float(demisto.args()['threshold']):
+        ec = {}
+        ec['DBotScore'] = {
+            'Type': indicator['indicator_type'].lower(),
+            'Score': 2,  # suspicious
+            'Vendor': 'DBot-MaliciousRatio',
+            'Indicator': indicator['value']
+        }
+        entry = {
+            'Type': entryTypes['note'],
+            'EntryContext': ec,
+            'Contents': ec['DBotScore']['Score'],
+            'ContentsFormat': formats['text'],
+            'HumanReadable': 'Malicious ratio for %s is %.2f' % (indicator['value'], mr_score),
+            'ReadableContentsFormat': formats['markdown']
+        }
+        return entry
+
+
+def main():
+    indicator_value = demisto.args().get('input')
+    indicator = get_indicator_from_value(indicator_value)
+    if indicator:
+        try:
+            demisto.results(get_indicator_result(indicator))
+        except Exception:
+            pass
+
+
+if __name__ == "__builtin__" or __name__ == "builtins":
+    main()

Packs/CommonScripts/Scripts/MaliciousRatioReputation/MaliciousRatioReputation.yml

@@ -0,0 +1,25 @@
+commonfields:
+  id: MaliciousRatioReputation
+  version: -1
+name: MaliciousRatioReputation
+fromversion: "6.5.0"
+script: ''
+type: python
+subtype: python3
+tags:
+- reputation
+comment: |-
+  Set indicator reputation to "suspicious" when malicious ratio is above threshold.
+  Malicious ratio is the ration between number of "bad" incidents to total number of incidents the indicator appears in.
+enabled: true
+args:
+- name: input
+  description: Value of the indicator.
+- name: threshold
+  description: 'Malicious ratio threshold to set indicator as suspicious. '
+  defaultValue: "0.3"
+scripttarget: 0
+runonce: false
+dockerimage: demisto/python3:3.10.7.33922
+tests:
+- No tests (auto formatted)

Packs/CommonScripts/Scripts/MaliciousRatioReputation/MaliciousRatioReputation_test.py

@@ -0,0 +1,87 @@
+import demistomock as demisto
+
+
+def test_main_malicious_ratio_reputation(mocker):
+    """
+    Given:
+        - The script args.
+    When:
+        - Running the main with valid indicator.
+    Then:
+        - Validating after calling the helper functions the results is as expected.
+    """
+    import MaliciousRatioReputation
+    args = {'input': 'value_a', 'threshold': '-2'}
+    mocker.patch.object(demisto, 'args', return_value=args)
+    mocker.patch.object(MaliciousRatioReputation, 'get_indicator_from_value',
+                        return_value={'value': 'value_a', 'indicator_type': 'IP'})
+    res_get_indicator_result = {'Type': 1, 'EntryContext': {'DBotScore': {'Type': 'ip',
+                                                                          'Score': 2, 'Vendor': 'DBot-MaliciousRatio',
+                                                                          'Indicator': 'value_a'}},
+                                'Contents': 2,
+                                'ContentsFormat': 'text',
+                                'HumanReadable': 'Malicious ratio for value_a is -1.00',
+                                'ReadableContentsFormat': 'markdown'}
+    mocker.patch.object(MaliciousRatioReputation, 'get_indicator_result',
+                        return_value=res_get_indicator_result)
+    res_mock = mocker.patch.object(demisto, 'results')
+    MaliciousRatioReputation.main()
+    assert res_mock.call_count == 1
+    assert res_mock.call_args[0][0] == res_get_indicator_result
+
+
+def test_get_indicator_result(mocker):
+    """
+    Given:
+        - The script args and indicator with mr_score > given threshold.
+    When:
+        - Running the get_indicator_result function.
+    Then:
+        - Validating that the function returns entry to the context.
+    """
+    from MaliciousRatioReputation import get_indicator_result
+    args = {'input': '8.8.8.8', 'threshold': '-2'}
+    mocker.patch.object(demisto, 'args', return_value=args)
+    indicator = {'value': '8.8.8.8', 'indicator_type': 'IP'}
+    execute_command_res = [{'Contents': [{'maliciousRatio': -1}]}]
+    execute_mock = mocker.patch.object(demisto, 'executeCommand', return_value=execute_command_res)
+    entry = get_indicator_result(indicator)
+    assert execute_mock.call_count == 1
+    assert len(entry['EntryContext']) > 0
+
+
+def test_get_indicator_result_with_smaller_mr_score(mocker):
+    """
+    Given:
+        - The script args and indicator with mr_score < given threshold.
+    When:
+        - Running the get_indicator_result function.
+    Then:
+        - Validating that the function doesn't return entry.
+    """
+    from MaliciousRatioReputation import get_indicator_result
+    mocker.patch.object(demisto, 'args', return_value={'input': '8.8.8.8', 'threshold': '0.3'})
+    indicator = {'value': '8.8.8.8', 'indicator_type': 'IP'}
+    execute_command_res = [{'Contents': [{'maliciousRatio': -1}]}]
+    execute_mock = mocker.patch.object(demisto, 'executeCommand', return_value=execute_command_res)
+    assert get_indicator_result(indicator) is None
+    assert execute_mock.call_count == 1
+
+
+def test_get_indicator_from_value(mocker):
+    """
+    Given:
+        - The function args.
+    When:
+        - Running the get_indicator_from_value function.
+    Then:
+        - Validating that the return value after calling to "findIndicators" command is as expected.
+    """
+    from MaliciousRatioReputation import get_indicator_from_value
+
+    execute_command_res = [{'Contents': [{'id': 'a', 'investigationIDs': ['1', '2', '10'], 'value': 'value_a',
+                                          'indicator_type': 'File'}], 'Type': 'note'}]
+    execute_mock = mocker.patch.object(demisto, 'executeCommand', return_value=execute_command_res)
+    indicator = get_indicator_from_value('value_a')
+    assert execute_mock.call_count == 1
+    assert indicator == execute_command_res[0]['Contents'][0]

Packs/CommonScripts/Scripts/script-ResolveShortenedURL_README.md → Packs/CommonScripts/Scripts/ResolveShortenedURL/README.md

@@ -11,9 +11,10 @@ Resolves the original URL from the given shortened URL and places it in both, as
 ## Inputs
 ---
 
-| **Argument Name** | **Description** |
-| --- | --- |
-| url | The URL to resolve. |
+| **Argument Name** | **Description**                                         |
+| --- |---------------------------------------------------------|
+| url | The URL to resolve.                                     |
+| insecure | Trust any certificate (not secure) |
 
 ## Outputs
 ---

Packs/CommonScripts/Scripts/ResolveShortenedURL/ResolveShortenedURL.py

@@ -0,0 +1,44 @@
+import demistomock as demisto  # noqa: F401
+from CommonServerPython import *  # noqa: F401
+import requests
+# disable insecure warnings
+requests.packages.urllib3.disable_warnings()
+
+headers = {
+    'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11',
+    'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
+    'Accept-Charset': 'ISO-8859-1,utf-8;q=0.7,*;q=0.3',
+    'Accept-Encoding': 'none',
+    'Accept-Language': 'en-US,en;q=0.8',
+    'Connection': 'keep-alive'
+}
+
+
+def main():
+    url = demisto.args().get('url')
+    verify = not argToBoolean(demisto.args().get('insecure', False))
+    req = requests.get('https://unshorten.me/json/' + url, headers=headers, verify=verify)
+    content = req.json()
+    if content['success']:
+        resolvedUrl = content['resolved_url']
+        shortenedUrl = content['requested_url']
+        usageCount = content['usage_count']
+        ec = {}
+        ec['URL.Data'] = [resolvedUrl]
+        demisto.results({
+            'Type': entryTypes['note'],
+            'Contents': [resolvedUrl],
+            'ContentsFormat': formats['json'],
+            'HumanReadable': tableToMarkdown('Shorten URL results', [{
+                'Shortened URL': shortenedUrl,
+                'Resolved URL': resolvedUrl,
+                'Usage count': usageCount
+            }]),
+            'EntryContext': ec
+        })
+    else:
+        demisto.results('Provided URL could not be un-shortened')
+
+
+if __name__ == "__builtin__" or __name__ == "builtins":
+    main()

Packs/CommonScripts/Scripts/ResolveShortenedURL/ResolveShortenedURL.yml

@@ -0,0 +1,29 @@
+commonfields:
+  id: ResolveShortenedURL
+  version: -1
+name: ResolveShortenedURL
+script: ''
+type: python
+subtype: python3
+tags:
+- Utility
+comment: Resolve the original URL from the given shortened URL and place it in both as output and in the context of a playbook. (https://unshorten.me/api)
+enabled: true
+args:
+- name: url
+  required: true
+  default: true
+  description: URL to resolve
+- name: insecure
+  required: false
+  type: Boolean
+  defaultValue: "false"
+  description: Trust any certificate (not secure)
+outputs:
+- contextPath: URL.Data
+  description: Shortened URL
+scripttarget: 0
+tests:
+- "No test"
+fromversion: 6.5.0
+dockerimage: demisto/python3:3.10.7.33922