Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for is array for rep commands js #31184

Merged
merged 5 commits into from Nov 29, 2023
Merged

Add support for is array for rep commands js #31184

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
df96418
JS files fixes
YuvHayun Nov 29, 2023
280a6a8
added rn
YuvHayun Nov 29, 2023
0b929ab
pre commit fixes
YuvHayun Nov 29, 2023
ae88f47
pre commit fixes
YuvHayun Nov 29, 2023
084430f
cr fixes
YuvHayun Nov 29, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
159 changes: 82 additions & 77 deletions Packs/IsItPhishing/Integrations/IsItPhishing/IsItPhishing.js
View file
Open in desktop
Expand Up @@ -29,87 +29,92 @@ var sendRequest = function(method, api, body) {
};

var isPhishing = function(url, force, smart, area, timeout) {
var md;
var body = {
name: params.credentials ? params.credentials.identifier : params.name,
license: params.credentials ? params.credentials.password : params.license,
version: '2',
force: force,
url: url,
area: area,
timeout: timeout
};
if (!area) {
delete body.area;
}
if (!timeout) {
delete body.timeout;
}
var res = sendRequest('POST', 'check', body);
var ec = {
IsItPhishing: {Url: url},
DBotScore: {
Indicator: url,
Score: 0,
Type: 'url',
Vendor: 'IsItPhishing',
Reliability: params.integrationReliability
var urls = url.split(',')
YuvHayun marked this conversation as resolved.
Show resolved Hide resolved
var results = new Array(urls.length)
for (var i = 0; i < urls.length; i++) {
var md;
var body = {
name: params.credentials ? params.credentials.identifier : params.name,
license: params.credentials ? params.credentials.password : params.license,
version: '2',
force: force,
url: urls[i],
area: area,
timeout: timeout
};
if (!area) {
delete body.area;
}
if (!timeout) {
delete body.timeout;
}
};
var resBody = res.Body.trim();
var res = sendRequest('POST', 'check', body);
var ec = {
IsItPhishing: {Url: urls[i]},
DBotScore: {
Indicator: urls[i],
Score: 0,
Type: 'url',
Vendor: 'IsItPhishing',
Reliability: params.integrationReliability
}
};
var resBody = res.Body.trim();

if (resBody.substring(0,17) == 'TOO_MANY_REQUESTS') {
md = 'You have reached the maximum number of requests for your license. You must wait for the returned period of time' + resBody.substring(17) + 'before running requests again.';
ec.IsItPhishing.Status = 'TOO_MANY_REQUESTS';
}
if (resBody.substring(0,5) == 'ERROR') {
md = 'An error has occurred. Please refer to the description of the error indicated in the' + resBody.substring(0,5) + 'value.';
ec.IsItPhishing.Status = 'ERROR';
}
if (resBody.substring(0,17) == 'TOO_MANY_REQUESTS') {
md = 'You have reached the maximum number of requests for your license. You must wait for the returned period of time' + resBody.substring(17) + 'before running requests again.';
ec.IsItPhishing.Status = 'TOO_MANY_REQUESTS';
}
if (resBody.substring(0,5) == 'ERROR') {
md = 'An error has occurred. Please refer to the description of the error indicated in the' + resBody.substring(0,5) + 'value.';
ec.IsItPhishing.Status = 'ERROR';
}

switch (resBody){
case 'SPAM':
md = 'URL was identified as spam.';
ec.IsItPhishing.Status = 'SPAM';
ec.DBotScore.Score = 2;
addMalicious(ec, outputPaths.url, {
Data: url,
Malicious: {Vendor: 'IsItPhishing', Description: 'URL found as spam by IsItPhishing'}
});
break;
case 'PHISHING':
md = 'URL was identified as phishing.';
ec.IsItPhishing.Status = 'PHISHING';
ec.DBotScore.Score = 3;
addMalicious(ec, outputPaths.url, {
Data: url,
Malicious: {Vendor: 'IsItPhishing', Description: 'URL found as phishing by IsItPhishing'}
});
break;
case 'UNKNOWN':
md = 'URL is clean.';
ec.IsItPhishing.Status = 'CLEAN';
ec.DBotScore.Score = 1;
break;
case 'TIMEOUT':
md = 'Timeout for the request has been reached. No verdict was returned for the request, and the URL should be considered clean.';
ec.IsItPhishing.Status = 'TIMEOUT';
break;
case 'NOT_EXPLORED':
md = 'The URL was not analyzed as triggering the analysis may cause collateral damage (unsubscribe, order conformation, etc.)';
ec.IsItPhishing.Status = 'NOT_EXPLORED';
break;
case 'NOT_AUTHORIZED':
md = 'Authorization has failed for one of the following reasons:\n• Invalid customer name,\n• Invalid customer license.';
ec.IsItPhishing.Status = 'NOT_AUTHORIZED';
break;
case 'REVOKED':
md = 'The license provided is no longer valid for one of the following reasons:\n• Validity period has expired,\n• License has been revoked.';
ec.IsItPhishing.Status = 'REVOKED';
break;
}
switch (resBody){
case 'SPAM':
md = 'URL was identified as spam.';
ec.IsItPhishing.Status = 'SPAM';
ec.DBotScore.Score = 2;
addMalicious(ec, outputPaths.url, {
Data: urls[i],
Malicious: {Vendor: 'IsItPhishing', Description: 'URL found as spam by IsItPhishing'}
});
break;
case 'PHISHING':
md = 'URL was identified as phishing.';
ec.IsItPhishing.Status = 'PHISHING';
ec.DBotScore.Score = 3;
addMalicious(ec, outputPaths.url, {
Data: urls[i],
Malicious: {Vendor: 'IsItPhishing', Description: 'URL found as phishing by IsItPhishing'}
});
break;
case 'UNKNOWN':
md = 'URL is clean.';
ec.IsItPhishing.Status = 'CLEAN';
ec.DBotScore.Score = 1;
break;
case 'TIMEOUT':
md = 'Timeout for the request has been reached. No verdict was returned for the request, and the URL should be considered clean.';
ec.IsItPhishing.Status = 'TIMEOUT';
break;
case 'NOT_EXPLORED':
md = 'The URL was not analyzed as triggering the analysis may cause collateral damage (unsubscribe, order conformation, etc.)';
ec.IsItPhishing.Status = 'NOT_EXPLORED';
break;
case 'NOT_AUTHORIZED':
md = 'Authorization has failed for one of the following reasons:\n• Invalid customer name,\n• Invalid customer license.';
ec.IsItPhishing.Status = 'NOT_AUTHORIZED';
break;
case 'REVOKED':
md = 'The license provided is no longer valid for one of the following reasons:\n• Validity period has expired,\n• License has been revoked.';
ec.IsItPhishing.Status = 'REVOKED';
break;
}

return {Type: entryTypes.note, Contents: resBody, ContentsFormat: formats.text, HumanReadable: md, EntryContext: ec, HumanReadableFormat: formats.text};
results[i] = {Type: entryTypes.note, Contents: resBody, ContentsFormat: formats.text, HumanReadable: md, EntryContext: ec, HumanReadableFormat: formats.text};
}
return results
};

switch (command) {
Expand Down
31 changes: 16 additions & 15 deletions Packs/IsItPhishing/Integrations/IsItPhishing/IsItPhishing.yml
View file
Open in desktop
@@ -1,10 +1,10 @@
commonfields:

Check failure on line 1 in Packs/IsItPhishing/Integrations/IsItPhishing/IsItPhishing.yml

View workflow job for this annotation

GitHub Actions / pre-commit

Validation Error CJ105 

Either IsItPhishing does not have any test playbooks or that all test playbooks in this pack are currently skipped, and there is no unittests file to be found.
Please create a test playbook or un-skip at least one of the relevant test playbooks.
 You can un-skip a playbook by deleting the line relevant to one of the test playbooks from the 'skipped_tests' section inside the conf.json file and deal with the matching issue,
  or create a new active test playbook and add the id to the 'tests' field in the yml.

Check failure on line 1 in Packs/IsItPhishing/Integrations/IsItPhishing/IsItPhishing.yml

View workflow job for this annotation

GitHub Actions / pre-commit

Validation Error IN140 

The integration IsItPhishing is currently in skipped. Please add working tests and unskip. Skip comment: No instance
id: IsItPhishing
version: -1
name: IsItPhishing
display: IsItPhishing
category: Data Enrichment & Threat Intelligence
description: Collaborative web service that provides validation on whether a URL is a phishing page or not by analyzing the content of the webpage
description: Collaborative web service that provides validation on whether a URL is a phishing page or not by analyzing the content of the webpage.
configuration:
- display: Server URL (e.g. https://192.168.0.1)
name: url
Expand Down Expand Up @@ -70,36 +70,37 @@
arguments:
- name: url
required: true
description: URL to be checked if phishing
description: Comma separated list of URLs to be checked if phishing.
default: true
isArray: true
- name: force
description: Set true to analyze URL, or false to check whether URL may cause collateral damage to the end user
description: Set true to analyze URL, or false to check whether URL may cause collateral damage to the end user.
defaultValue: "false"
- name: smart
description: Set true to force checks on URLs that may cause collateral damage to the end user, or false to ignore the argument
description: Set true to force checks on URLs that may cause collateral damage to the end user, or false to ignore the argument.
defaultValue: "true"
- name: area
description: The regional area to force using a proxy
description: The regional area to force using a proxy.
- name: timeout
description: Timeout in milliseconds. Default value set to 10000, with a minimum value of 1000. Once timeout is reached, TIMEOUT response is returned
description: Timeout in milliseconds. Default value set to 10000, with a minimum value of 1000. Once timeout is reached, TIMEOUT response is returned.
outputs:
- contextPath: URL.Status
description: URL identification result
description: URL identification result.
- contextPath: URL.Url
description: The URL that was tested
description: The URL that was tested.
- contextPath: URL.Malicious.Vendor
description: For malicious URLs, the vendor that made the decision
description: For malicious URLs, the vendor that made the decision.
- contextPath: URL.Malicious.Description
description: For malicious URLs, the reason for the vendor to make the decision
description: For malicious URLs, the reason for the vendor to make the decision.
- contextPath: DBotScore.Indicator
description: The indicator that was tested
description: The indicator that was tested.
- contextPath: DBotScore.Type
description: The type of the indicator
description: The type of the indicator.
- contextPath: DBotScore.Vendor
description: Vendor used to calculate the score
description: Vendor used to calculate the score.
- contextPath: DBotScore.Score
description: The actual score
description: Checks if URL is phishing
description: The actual score.
description: Checks if URL is phishing.
tests:
- No tests
fromversion: 5.0.0
6 changes: 6 additions & 0 deletions Packs/IsItPhishing/ReleaseNotes/1_0_4.md
View file
Open in desktop
@@ -0,0 +1,6 @@

#### Integrations

##### IsItPhishing

- Added support for multiple url addresses input for **url** command.
YuvHayun marked this conversation as resolved.
Show resolved Hide resolved
2 changes: 1 addition & 1 deletion Packs/IsItPhishing/pack_metadata.json
View file
Open in desktop
Expand Up @@ -2,7 +2,7 @@
"name": "IsItPhishing",
"description": "Collaborative web service that provides validation on whether a URL is a phishing page or not by analyzing the content of the webpage",
"support": "xsoar",
"currentVersion": "1.0.3",
"currentVersion": "1.0.4",
"author": "Cortex XSOAR",
"url": "https://www.paloaltonetworks.com/cortex",
"email": "",
Expand Down
14 changes: 12 additions & 2 deletions Packs/Pipl/Integrations/Pipl/Pipl.js
View file
Open in desktop
Expand Up @@ -100,6 +100,17 @@ var createReputationEntry = function(response) {
};
};

var email_command = function(args) {
var emails = args.email.split(',')
var results = new Array(emails.length)
for (var i = 0; i < emails.length; i++) {
args.email = emails[i]
var response = sendRequest(args);
results[i] = createReputationEntry(response)
}
return results;
}

var buildEC = function(data, i) {
return {
Addresses: data[i].Addresses,
Expand Down Expand Up @@ -215,8 +226,7 @@ switch (command) {
var response = sendRequest(args);
return createEntry(response);
case 'email':
var response = sendRequest(args);
return createReputationEntry(response);
return email_command(args);
default:

}
3 changes: 2 additions & 1 deletion Packs/Pipl/Integrations/Pipl/Pipl.yml
View file
Open in desktop
@@ -1,4 +1,4 @@
commonfields:

Check failure on line 1 in Packs/Pipl/Integrations/Pipl/Pipl.yml

View workflow job for this annotation

GitHub Actions / pre-commit

Validation Error IN140 

The integration Pipl is currently in skipped. Please add working tests and unskip. Skip comment: No instance
id: Pipl
version: -1
name: Pipl
Expand Down Expand Up @@ -97,7 +97,8 @@
arguments:
- name: email
required: true
description: Email address to search for.
description: Comma separated list of email addresses to search for.
isArray: true
outputs:
- contextPath: Account.Email.Address
description: Email addresses.
Expand Down
6 changes: 6 additions & 0 deletions Packs/Pipl/ReleaseNotes/1_0_9.md
View file
Open in desktop
@@ -0,0 +1,6 @@

#### Integrations

##### Pipl

- Added support for multiple email addresses input for **email** command.
YuvHayun marked this conversation as resolved.
Show resolved Hide resolved
2 changes: 1 addition & 1 deletion Packs/Pipl/pack_metadata.json
View file
Open in desktop
Expand Up @@ -2,7 +2,7 @@
"name": "Pipl",
"description": "Get contact, social, and professional information about people",
"support": "xsoar",
"currentVersion": "1.0.8",
"currentVersion": "1.0.9",
"author": "Cortex XSOAR",
"url": "https://www.paloaltonetworks.com/cortex",
"email": "",
Expand Down