New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ews header deduplication bug #31529
Merged
YuvHayun
merged 7 commits into
master
from
contrib/ieichen137_EWS_header_deduplication_bug
Jan 1, 2024
Merged
Ews header deduplication bug #31529
YuvHayun
merged 7 commits into
master
from
contrib/ieichen137_EWS_header_deduplication_bug
Jan 1, 2024
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
content-bot
requested review from
amshamah419 and
thefrieddan1
as code owners
December 18, 2023 08:47
content-bot
added
Contribution
Thank you! Contributions are always welcome!
Contribution Form Filled
Whether contribution form filled or not.
Community
Xsoar Support Level
Indicates that the contribution is for XSOAR supported pack
Internal PR
labels
Dec 18, 2023
tkatzir
force-pushed
the
contrib/ieichen137_EWS_header_deduplication_bug
branch
from
December 20, 2023 22:21
38d1e28
to
a65f8b1
Compare
content-bot
requested review from
ilaner,
dansterenson,
dorschw,
yucohen,
michal-dagan and
Ni-Knight
as code owners
December 20, 2023 22:21
amshamah419
removed request for
thefrieddan1,
Ni-Knight,
dansterenson,
dorschw,
yucohen,
ilaner and
michal-dagan
December 21, 2023 14:04
Coverage Report
|
amshamah419
force-pushed
the
contrib/ieichen137_EWS_header_deduplication_bug
branch
from
December 28, 2023 11:43
25c5348
to
4f4c7f0
Compare
YuvHayun
reviewed
Dec 31, 2023
YuvHayun
approved these changes
Jan 1, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Community
Contribution Form Filled
Whether contribution form filled or not.
Contribution
Thank you! Contributions are always welcome!
docs-approved
Internal PR
Xsoar Support Level
Indicates that the contribution is for XSOAR supported pack
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Original External PR
external pull request
Contributor
@ieichen137
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Related Issues
fixes: link to the issue
Description
This is a quick bug fix for the recent additions to the EWS_0365 which added the rfc compliant specifications along with the header deduplication prevention.
We just had one email come through where the DATE header value stored in the O365 object was different than the value stored in the EML bytes.
When parsing using the python email library, since when using the SMTP and SMTPUTF8 policies, some headers have specific restrictions on how many can be included. DATE has a restriction of 1, and since the header deduplication works off key/value pair, as some headers can and should appear more than once, the DATE header was attempted to be added again with the altered value from the microsoft api data, which threw this uncaught exception.
This change adds a simple try/except around the add_header call to catch this specific error:
where is the limit and
is the name of the header.the exception logic is this:
Which will catch a value error and check if it matches the error message for this problem. If it does, the function will continue as normal. If it does not, the error is raised.
Must have