demisto · DeanArbel · Apr 7, 2024 · Mar 31, 2024 · Mar 31, 2024 · Apr 1, 2024
diff --git a/Packs/Base/ReleaseNotes/1_33_49.md b/Packs/Base/ReleaseNotes/1_33_49.md
@@ -0,0 +1,6 @@
+
+#### Scripts
+
+##### CommonServerPython
+
+Added FileAttachmentType Enum to used it in PreprocessEmail script to handle inline image attachments correctly.
diff --git a/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py b/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py
@@ -350,6 +350,18 @@ def is_valid_type(cls, _type):
         )
 
 
+class FileAttachmentType(object):
+    """
+    Enum: contains the file attachment types,
+          Used to add metadata to the description of the attachment
+          whether the file content is expected to be inline or attached as a file
+
+    :return:: The file attachment type
+    :rtype: ``str``
+    """
+    ATTACHED = "attached_file"
+
+
 brands = {
     'xfe': 'xfe',
     'vt': 'virustotal',

diff --git a/Packs/Base/pack_metadata.json b/Packs/Base/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Base",
     "description": "The base pack for Cortex XSOAR.",
     "support": "xsoar",
-    "currentVersion": "1.33.48",
+    "currentVersion": "1.33.49",
     "author": "Cortex XSOAR",
     "serverMinVersion": "6.0.0",
     "url": "https://www.paloaltonetworks.com/cortex",

diff --git a/Packs/EmailCommunication/ReleaseNotes/2_0_27.md b/Packs/EmailCommunication/ReleaseNotes/2_0_27.md
@@ -0,0 +1,7 @@
+
+#### Scripts
+
+##### PreprocessEmail
+
+- Fixed an issue where inline image attachments were not handled correctly by added description field to attachments to distinguish file attachments from inline images.
+- Updated the Docker image to: *demisto/python3:3.10.14.91134*.
diff --git a/Packs/EmailCommunication/Scripts/PreprocessEmail/PreprocessEmail.py b/Packs/EmailCommunication/Scripts/PreprocessEmail/PreprocessEmail.py
@@ -88,7 +88,7 @@ def get_entry_id_list(attachments, files):
     for attachment in attachments:
         attachment_name = attachment.get('name', '')
         for file in files:
-            if attachment_name == file.get('Name'):
+            if attachment_name == file.get('Name') and attachment.get('description', '') != FileAttachmentType.ATTACHED:
                 entry_id_list.append((attachment_name, file.get('EntryID')))
 
     return entry_id_list

diff --git a/Packs/EmailCommunication/Scripts/PreprocessEmail/PreprocessEmail.yml b/Packs/EmailCommunication/Scripts/PreprocessEmail/PreprocessEmail.yml
@@ -33,7 +33,7 @@ tags:
 - email
 - preProcessing
 type: python
-dockerimage: demisto/python3:3.10.13.80593
+dockerimage: demisto/python3:3.10.14.91134
 runas: DBotRole
 tests:
 - No tests (auto formatted)

diff --git a/Packs/EmailCommunication/Scripts/PreprocessEmail/PreprocessEmail_test.py b/Packs/EmailCommunication/Scripts/PreprocessEmail/PreprocessEmail_test.py
@@ -1,16 +1,17 @@
 import json
+from CommonServerPython import FileAttachmentType
 import demistomock as demisto
 import pytest
 from datetime import datetime
 
 
 def util_open_file(path):
-    with open(path, mode='r') as f:
+    with open(path) as f:
         return f.read()
 
 
 def util_load_json(path):
-    with open(path, mode='r') as f:
+    with open(path) as f:
         return json.loads(f.read())
 
 
@@ -248,6 +249,99 @@ def test_get_entry_id_list():
     assert expected == get_entry_id_list(attachments, files)
 
 
+def test_get_entry_id_list_with_attached_file():
+    """
+        Given
+        - List of the email's attachments - but one attachment is marked as ATTACHED (not inline image)
+        - List of files of the email's related incident
+        When
+        - building an entry id list in order to replace the email's attachments source path.
+        Then
+        - Ensures that only the email attachments entry id's were returned and not all files entries
+        - Ensures that the attached file (attachment_1.pdf) is excluded since it is marked as ATTACHED
+    """
+    from PreprocessEmail import get_entry_id_list
+    attachments = [
+        {
+            "description": FileAttachmentType.ATTACHED,
+            "name": "attachment_1.pdf",
+            "path": "131_dd98957a-d5c3-42e0-8a81-f3ce7fa68215",
+            "showMediaFile": False,
+            "type": ""
+        },
+        {
+            "description": "",
+            "name": "image_1.png",
+            "path": "131_dd98957a-d5c3-42e0-8a81-f3ce7fa68215",
+            "showMediaFile": False,
+            "type": ""
+        },
+        {
+            "description": "",
+            "name": "image_2.png",
+            "path": "131_17545998-4b16-4e58-8e6c-2221ada856d4",
+            "showMediaFile": False,
+            "type": ""
+        }
+    ]
+    files = [
+        {
+            "EntryID": "30@119",
+            "Extension": "pdf",
+            "Info": "application/pdf",
+            "MD5": "md5",
+            "Name": "attachment_1.pdf",
+            "SHA1": "sha1",
+            "SHA256": "sha256",
+            "SHA512": "sha512",
+            "SSDeep": "ssdeep",
+            "Size": 63111,
+            "Type": "PDF document, version 1.4"
+        },
+        {
+            "EntryID": "34@119",
+            "Extension": "png",
+            "Info": "image/png",
+            "MD5": "md5",
+            "Name": "attachment_2.png",
+            "SHA1": "4sha1",
+            "SHA256": "sha256",
+            "SHA512": "sha512",
+            "SSDeep": "ssdeep",
+            "Size": 9580,
+            "Type": "PNG image data, 264 x 60, 8-bit/color RGBA, non-interlaced"
+        },
+        {
+            "EntryID": "35@119",
+            "Extension": "png",
+            "Info": "image/png",
+            "MD5": "md5",
+            "Name": "image_1.png",
+            "SHA1": "4sha1",
+            "SHA256": "sha256",
+            "SHA512": "sha512",
+            "SSDeep": "ssdeep",
+            "Size": 9580,
+            "Type": "PNG image data, 264 x 60, 8-bit/color RGBA, non-interlaced"
+        },
+        {
+            "EntryID": "36@119",
+            "Extension": "png",
+            "Info": "image/png",
+            "MD5": "md5",
+            "Name": "image_2.png",
+            "SHA1": "4sha1",
+            "SHA256": "sha256",
+            "SHA512": "sha512",
+            "SSDeep": "ssdeep",
+            "Size": 9580,
+            "Type": "PNG image data, 264 x 60, 8-bit/color RGBA, non-interlaced"
+        }]
+    expected = [('image_1.png', '35@119'), ('image_2.png', '36@119')]
+
+    assert expected == get_entry_id_list(attachments, files)
+
+
 FILES = [
     {
         "SHA256": "SHA256"
@@ -440,6 +534,7 @@ def side_effect_function(command, args):
             return EMAIL_THREADS
         elif command == "executeCommandAt":
             return True
+        return None
 
     from PreprocessEmail import create_thread_context
 

diff --git a/Packs/EmailCommunication/pack_metadata.json b/Packs/EmailCommunication/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Email Communication",
     "description": "Do you have to send multiple emails to end users? This content pack helps you streamline the process and automate updates, notifications and more.\n",
     "support": "xsoar",
-    "currentVersion": "2.0.26",
+    "currentVersion": "2.0.27",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "videos": [

@@ -1275,7 +1275,8 @@ def parse_incident_from_item(item, is_fetch):  # pragma: no cover
                                 # save attachment to incident
                                 incident['attachment'].append({
                                     'path': file_result['FileID'],
-                                    'name': get_attachment_name(attachment.name)
+                                    'name': get_attachment_name(attachment.name),
+                                    "description": FileAttachmentType.ATTACHED if not attachment.is_inline else ""
                                 })
                         except TypeError as e:
                             if str(e) != "must be string or buffer, not None":
@@ -1323,12 +1324,14 @@ def parse_incident_from_item(item, is_fetch):  # pragma: no cover
                             # save attachment to incident
                             incident['attachment'].append({
                                 'path': file_result['FileID'],
-                                'name': get_attachment_name(attachment.name) + ".eml"
+                                'name': get_attachment_name(attachment.name) + ".eml",
+                                "description": FileAttachmentType.ATTACHED if not attachment.is_inline else ""
                             })
 
                         else:
                             incident['attachment'].append({
-                                'name': get_attachment_name(attachment.name) + ".eml"
+                                'name': get_attachment_name(attachment.name) + ".eml",
+                                "description": FileAttachmentType.ATTACHED if not attachment.is_inline else ""
                             })
 
                     labels.append({'type': label_attachment_type, 'value': get_attachment_name(attachment.name)})

diff --git a/Packs/MicrosoftExchangeOnPremise/ReleaseNotes/2_1_2.md b/Packs/MicrosoftExchangeOnPremise/ReleaseNotes/2_1_2.md
@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### EWS v2
+
+- Fixed an issue in **Fetch incident** with inline image attachments in *PreprocessEmail* script by adding description field to attachments to distinguish file attachments from inline images.
diff --git a/Packs/MicrosoftExchangeOnPremise/pack_metadata.json b/Packs/MicrosoftExchangeOnPremise/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Microsoft Exchange On-Premise",
     "description": "Exchange Web Services",
     "support": "xsoar",
-    "currentVersion": "2.1.1",
+    "currentVersion": "2.1.2",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

@@ -2170,6 +2170,7 @@ def parse_incident_from_item(item):     # pragma: no cover
                             {
                                 "path": file_result["FileID"],
                                 "name": get_attachment_name(attachment.name),
+                                "description": FileAttachmentType.ATTACHED if not attachment.is_inline else "",
                             }
                         )
                 except TypeError as e:
@@ -2262,6 +2263,7 @@ def parse_incident_from_item(item):     # pragma: no cover
                         {
                             "path": file_result["FileID"],
                             "name": get_attachment_name(attachment.name, eml_extension=True),
+                            "description": FileAttachmentType.ATTACHED if not attachment.is_inline else "",
                         }
                     )
 

@@ -959,7 +959,7 @@ script:
   - description: Run this command if for some reason you need to rerun the authentication process.
     name: ews-auth-reset
     arguments: []
-  dockerimage: demisto/py3ews:1.0.0.88266
+  dockerimage: demisto/py3ews:1.0.0.91453
   isfetch: true
   script: ''
   subtype: python3

diff --git a/Packs/MicrosoftExchangeOnline/ReleaseNotes/1_3_1.md b/Packs/MicrosoftExchangeOnline/ReleaseNotes/1_3_1.md
@@ -0,0 +1,7 @@
+
+#### Integrations
+
+##### EWS O365
+
+- Fixed an issue in **Fetch incident** with inline image attachments in *PreprocessEmail* script by adding description field to attachments to distinguish file attachments from inline images.
+- Updated the Docker image to: *demisto/py3ews:1.0.0.91453*.
diff --git a/Packs/MicrosoftExchangeOnline/pack_metadata.json b/Packs/MicrosoftExchangeOnline/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Microsoft Exchange Online",
     "description": "Exchange Online and Office 365 (mail)",
     "support": "xsoar",
-    "currentVersion": "1.3.0",
+    "currentVersion": "1.3.1",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",