EWSO365: Fix duplicate detection for malformed Message-ID bracket variants#43811
Merged
EWSO365: Fix duplicate detection for malformed Message-ID bracket variants#43811
Conversation
Contributor
🤖 AI-Powered Code Review AvailableYou can leverage AI-powered code review to assist with this PR! Available Commands:
|
Coverage Report
|
||||||||||||||||||||||||||||||
almog2296
added
ready-for-pipeline-running
marketplace-ai-reviewer
removed
the
ready-for-ai-review
Contributor
|
🤖 Analysis started. Please wait for results... |
Contributor
🤖 AI Review DisclaimerThis review was generated by an AI-powered tool and may contain inaccuracies. Please be advised, and we extend our sincere apologies for any inconvenience this may cause. |
Contributor
marketplace-ai-reviewer
left a comment
marketplace-ai-reviewer
left a comment
There was a problem hiding this comment.
Hi there! Thanks for your contribution to the Microsoft Exchange Online pack. I've reviewed the changes and found a couple of minor issues to address. Specifically, the pack metadata is missing the mandatory created key and the 'Microsoft' keyword, and there is a small typo in the integration's docstring. Thanks again, and let me know if you need any help with these!
Additionally, please address the following file-level notes:
Packs/MicrosoftExchangeOnline/pack_metadata.json: - The vendor name 'Microsoft' is missing from thekeywordslist.- The mandatory key
createdis missing from the pack metadata.
@noydavidi, @JudahSchwartz please review and approve the results generated by the AI Reviewer by responding 👍 on this comment.
Contributor
|
Validate summary Verdict: PR can be force merged from validate perspective? ✅ |
Shellyber
reviewed
Apr 14, 2026
MosheEichler
pushed a commit
that referenced
this pull request
Apr 14, 2026
…iants (#43811) * unitets + dedup function modify * fix is_item_duplicate comments * add release notes * add release notes * fix is_item_duplicate comments * fix after ai review * add debug messages
barryyosi-panw
pushed a commit
that referenced
this pull request
Apr 14, 2026
…iants (#43811) * unitets + dedup function modify * fix is_item_duplicate comments * add release notes * add release notes * fix is_item_duplicate comments * fix after ai review * add debug messages
MosheEichler
added a commit
that referenced
this pull request
Apr 16, 2026
…43855) * fixes * RN * Ruff fixes * pre-commit fixes * CRTX-240216 - Enhancement - msft_azure_ad_raw (#43786) * update xif * update xif with sign-in log enhancements and release notes * fix: add missing location field to msft_azure_ad_raw schema * Core api bug (#43725) * added the retry mechanism * added rn * fix * Apply suggestions from code review Co-authored-by: merit-maita <49760643+merit-maita@users.noreply.github.com> --------- Co-authored-by: Kamal Qarain <45042524+kamalq97@users.noreply.github.com> * TelemtryCortexRunScriptOnEndpoint (#43472) * TelemtryCortexRunScriptOnEndpoint * rn * ai reviwer * RN * Fixed for F5 ASM cs3 field and improving ipv4/6 implementation (#43845) * fixed cs3 fields * fixed ipv4 and ipv6 fields * added release notes * removed alter * CIAC-16216 - marketplacev2 content items should show in platform (#43808) * CIAC-16216 * CIAC-16216 * Update 1_0_1.md * Update docker image * Update readme files * Add docker update to release notes * Add docker update to release notes * XSUP-66843_add_azure_resourceGraph_gov_support (#43805) * XSUP-66843_add_azure_resourceGraph_gov_support * ai review update * doc review and fixes * empty commit * cr fixes * fix adf comment handling (#43813) * fix adf comment handling * RN * unittests * fix ai review * fix * docker image * fix RN * Bump pack from version Jira to 3.3.28. --------- Co-authored-by: Content Bot <bot@demisto.com> * Fix Crtx 232255 (#43713) * Fix caps in owner file * licensing fix * RN * Address CR * Bump pack from version CortexXDR to 6.3.14. * Fix secrets detection issue in CortexXDRIR_test.py * Fix validations * Address CR * Address CR * Docker image * Fix validations * fix validation * rn * Bump pack from version CortexXDR to 6.3.15. * rn * Apply suggestion from @kobymeir Co-authored-by: Koby Meir <kobymeir@users.noreply.github.com> * Update Packs/CortexXDR/ReleaseNotes/6_3_15.md Co-authored-by: Arad Carmi <62752352+AradCarmi@users.noreply.github.com> * rn * RN --------- Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: Koby Meir <kobymeir@users.noreply.github.com> Co-authored-by: Arad Carmi <62752352+AradCarmi@users.noreply.github.com> * EWSO365: Fix duplicate detection for malformed Message-ID bracket variants (#43811) * unitets + dedup function modify * fix is_item_duplicate comments * add release notes * add release notes * fix is_item_duplicate comments * fix after ai review * add debug messages * UnEscapeURLs: Fixed truncating URLs issue (#43830) * the fix * RN * fix validation * Update UnEscapeURLs.yml * Add Superna Zero Trust integration pack (#43826) * Add Superna Zero Trust integration pack (#43685) * Add Superna Zero Trust integration pack New partner pack for ransomware response automation: - Critical path snapshot creation - User NAS lockout/unlock capabilities - HTTP 429 error handling for rate limiting - 4 automated playbooks with integration availability checks - Complete documentation and playbook screenshots Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Address PR review feedback for Superna Zero Trust pack Unit Tests: - Renamed snapshot_cmd -> snapshot_critical_paths_command - Renamed lockout_cmd -> lockout_user_command - Renamed unlock_cmd -> unlock_user_command - Updated main() dispatch to use new function names - Fixed SupernaZeroTrust_test.py: Client init now uses api_key= (not headers=) - Fixed test assertions to match actual outputs structure (outputs_prefix, outputs keys) Integration YAML (SupernaZeroTrust.yml): - Added sectionorder: [Connect] to satisfy ST111 - Updated dockerimage from demisto/python3:3.10.13.86272 to demisto/python3:3.12.13.7444307 (DO106) New File: - Created SupernaZeroTrust_description.md with prerequisites, API key instructions, and parameter table (DS104) Documentation: - Rewrote Integrations/SupernaZeroTrust/README.md with full command documentation including arguments, context outputs, and examples for all 3 commands (RM110) - Rewrote Packs/SupernaZeroTrust/README.md with full pack overview, use cases, contents table, configuration, and support info (RM104) Pack Metadata: - Fixed categories: replaced "Incident Response" (invalid) with "Endpoint" (PA103) Validation: - Added ignore=BA129 to .pack-ignore for superna-zt-lockout-user and superna-zt-unlock-user compliance policy warnings, as recommended by maintainers (BA129) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Fix ST111 validation, unit test trailing slash, and suppress RM104/RM110 - ST111: Added section: Connect to all 4 parameters in SupernaZeroTrust.yml (base_url, credentials, insecure, proxy) - Unit test: Fixed test_client_initialization trailing slash assertion to use rstrip('/') for compatibility across demisto-sdk versions - RM104/RM110: Added ignores to .pack-ignore (suppressible warnings) Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: Kamal Qarain <45042524+kamalq97@users.noreply.github.com> * Fix pre-commit issues --------- Co-authored-by: Andrew MacKay <andrew.mackay@superna.net> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: Kamal Qarain <45042524+kamalq97@users.noreply.github.com> Co-authored-by: Kamal Qarain <kqarain@paloaltonetworks.com> * fix validate * Add parameter * ruff fixes --------- Co-authored-by: akshotiamit-pa <aakshoti@paloaltonetworks.com> Co-authored-by: merit-maita <49760643+merit-maita@users.noreply.github.com> Co-authored-by: Kamal Qarain <45042524+kamalq97@users.noreply.github.com> Co-authored-by: hyaffe839 <hyaffe@paloaltonetworks.com> Co-authored-by: sharonfi99 <147984773+sharonfi99@users.noreply.github.com> Co-authored-by: dtroushinsky <dtroushinsky@paloaltonetworks.com> Co-authored-by: masulin97 <masulin@paloaltonetworks.com> Co-authored-by: inbalapt1 <164751454+inbalapt1@users.noreply.github.com> Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: Tal Zichlinsky <35036457+talzich@users.noreply.github.com> Co-authored-by: Koby Meir <kobymeir@users.noreply.github.com> Co-authored-by: Arad Carmi <62752352+AradCarmi@users.noreply.github.com> Co-authored-by: almog2296 <alabudi@paloaltonetworks.com> Co-authored-by: Israel Lappe <79846863+ilappe@users.noreply.github.com> Co-authored-by: Content Bot <55035720+content-bot@users.noreply.github.com> Co-authored-by: Andrew MacKay <andrew.mackay@superna.net> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: Kamal Qarain <kqarain@paloaltonetworks.com>
mcvic1rj
pushed a commit
to mcvic1rj/xsoar-content
that referenced
this pull request
Apr 16, 2026
…iants (demisto#43811) * unitets + dedup function modify * fix is_item_duplicate comments * add release notes * add release notes * fix is_item_duplicate comments * fix after ai review * add debug messages
mcvic1rj
pushed a commit
to mcvic1rj/xsoar-content
that referenced
this pull request
Apr 16, 2026
…emisto#43855) * fixes * RN * Ruff fixes * pre-commit fixes * CRTX-240216 - Enhancement - msft_azure_ad_raw (demisto#43786) * update xif * update xif with sign-in log enhancements and release notes * fix: add missing location field to msft_azure_ad_raw schema * Core api bug (demisto#43725) * added the retry mechanism * added rn * fix * Apply suggestions from code review Co-authored-by: merit-maita <49760643+merit-maita@users.noreply.github.com> --------- Co-authored-by: Kamal Qarain <45042524+kamalq97@users.noreply.github.com> * TelemtryCortexRunScriptOnEndpoint (demisto#43472) * TelemtryCortexRunScriptOnEndpoint * rn * ai reviwer * RN * Fixed for F5 ASM cs3 field and improving ipv4/6 implementation (demisto#43845) * fixed cs3 fields * fixed ipv4 and ipv6 fields * added release notes * removed alter * CIAC-16216 - marketplacev2 content items should show in platform (demisto#43808) * CIAC-16216 * CIAC-16216 * Update 1_0_1.md * Update docker image * Update readme files * Add docker update to release notes * Add docker update to release notes * XSUP-66843_add_azure_resourceGraph_gov_support (demisto#43805) * XSUP-66843_add_azure_resourceGraph_gov_support * ai review update * doc review and fixes * empty commit * cr fixes * fix adf comment handling (demisto#43813) * fix adf comment handling * RN * unittests * fix ai review * fix * docker image * fix RN * Bump pack from version Jira to 3.3.28. --------- Co-authored-by: Content Bot <bot@demisto.com> * Fix Crtx 232255 (demisto#43713) * Fix caps in owner file * licensing fix * RN * Address CR * Bump pack from version CortexXDR to 6.3.14. * Fix secrets detection issue in CortexXDRIR_test.py * Fix validations * Address CR * Address CR * Docker image * Fix validations * fix validation * rn * Bump pack from version CortexXDR to 6.3.15. * rn * Apply suggestion from @kobymeir Co-authored-by: Koby Meir <kobymeir@users.noreply.github.com> * Update Packs/CortexXDR/ReleaseNotes/6_3_15.md Co-authored-by: Arad Carmi <62752352+AradCarmi@users.noreply.github.com> * rn * RN --------- Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: Koby Meir <kobymeir@users.noreply.github.com> Co-authored-by: Arad Carmi <62752352+AradCarmi@users.noreply.github.com> * EWSO365: Fix duplicate detection for malformed Message-ID bracket variants (demisto#43811) * unitets + dedup function modify * fix is_item_duplicate comments * add release notes * add release notes * fix is_item_duplicate comments * fix after ai review * add debug messages * UnEscapeURLs: Fixed truncating URLs issue (demisto#43830) * the fix * RN * fix validation * Update UnEscapeURLs.yml * Add Superna Zero Trust integration pack (demisto#43826) * Add Superna Zero Trust integration pack (demisto#43685) * Add Superna Zero Trust integration pack New partner pack for ransomware response automation: - Critical path snapshot creation - User NAS lockout/unlock capabilities - HTTP 429 error handling for rate limiting - 4 automated playbooks with integration availability checks - Complete documentation and playbook screenshots Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Address PR review feedback for Superna Zero Trust pack Unit Tests: - Renamed snapshot_cmd -> snapshot_critical_paths_command - Renamed lockout_cmd -> lockout_user_command - Renamed unlock_cmd -> unlock_user_command - Updated main() dispatch to use new function names - Fixed SupernaZeroTrust_test.py: Client init now uses api_key= (not headers=) - Fixed test assertions to match actual outputs structure (outputs_prefix, outputs keys) Integration YAML (SupernaZeroTrust.yml): - Added sectionorder: [Connect] to satisfy ST111 - Updated dockerimage from demisto/python3:3.10.13.86272 to demisto/python3:3.12.13.7444307 (DO106) New File: - Created SupernaZeroTrust_description.md with prerequisites, API key instructions, and parameter table (DS104) Documentation: - Rewrote Integrations/SupernaZeroTrust/README.md with full command documentation including arguments, context outputs, and examples for all 3 commands (RM110) - Rewrote Packs/SupernaZeroTrust/README.md with full pack overview, use cases, contents table, configuration, and support info (RM104) Pack Metadata: - Fixed categories: replaced "Incident Response" (invalid) with "Endpoint" (PA103) Validation: - Added ignore=BA129 to .pack-ignore for superna-zt-lockout-user and superna-zt-unlock-user compliance policy warnings, as recommended by maintainers (BA129) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Fix ST111 validation, unit test trailing slash, and suppress RM104/RM110 - ST111: Added section: Connect to all 4 parameters in SupernaZeroTrust.yml (base_url, credentials, insecure, proxy) - Unit test: Fixed test_client_initialization trailing slash assertion to use rstrip('/') for compatibility across demisto-sdk versions - RM104/RM110: Added ignores to .pack-ignore (suppressible warnings) Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: Kamal Qarain <45042524+kamalq97@users.noreply.github.com> * Fix pre-commit issues --------- Co-authored-by: Andrew MacKay <andrew.mackay@superna.net> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: Kamal Qarain <45042524+kamalq97@users.noreply.github.com> Co-authored-by: Kamal Qarain <kqarain@paloaltonetworks.com> * fix validate * Add parameter * ruff fixes --------- Co-authored-by: akshotiamit-pa <aakshoti@paloaltonetworks.com> Co-authored-by: merit-maita <49760643+merit-maita@users.noreply.github.com> Co-authored-by: Kamal Qarain <45042524+kamalq97@users.noreply.github.com> Co-authored-by: hyaffe839 <hyaffe@paloaltonetworks.com> Co-authored-by: sharonfi99 <147984773+sharonfi99@users.noreply.github.com> Co-authored-by: dtroushinsky <dtroushinsky@paloaltonetworks.com> Co-authored-by: masulin97 <masulin@paloaltonetworks.com> Co-authored-by: inbalapt1 <164751454+inbalapt1@users.noreply.github.com> Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: Tal Zichlinsky <35036457+talzich@users.noreply.github.com> Co-authored-by: Koby Meir <kobymeir@users.noreply.github.com> Co-authored-by: Arad Carmi <62752352+AradCarmi@users.noreply.github.com> Co-authored-by: almog2296 <alabudi@paloaltonetworks.com> Co-authored-by: Israel Lappe <79846863+ilappe@users.noreply.github.com> Co-authored-by: Content Bot <55035720+content-bot@users.noreply.github.com> Co-authored-by: Andrew MacKay <andrew.mackay@superna.net> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: Kamal Qarain <kqarain@paloaltonetworks.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes: XSUP-66564
Description
Extended
is_item_duplicateto check all four bracket forms of Message-IDs (id,<id>,id>,<id) to prevent duplicate incidents caused by inconsistent EWS formatting across fetches. Added unit tests for the new variants.Some vendor send email with non RFC compliant format (only one
>for example) which caused theis_item_duplicateto miss it.