[CreateNewInidcatorsOnly] escaped_value before calling findIndicators (…

…demisto#28803) * escaped_value * pre-commit * updated docker * added test * ruff * revert * added UT * pre-commit * Change `CreateNewIndicatorsOnly_test.py` from `LF` to `CRLF` * Change `CreateNewIndicatorsOnly_test.py` from `LF` to `CRLF` * Bump pack from version CommonScripts to 1.12.13. * updated docker * updated docker * crlf * crlf * crlf * Change `CreateNewIndicatorsOnly_test.py` from `LF` to `CRLF` --------- Co-authored-by: Michael Yochpaz <8832013+MichaelYochpaz@users.noreply.github.com> Co-authored-by: Content Bot <bot@demisto.com>
xsoar-contrib · Oct 5, 2023 · 391fbdb · 391fbdb
1 parent 57e375a
commit 391fbdb
Show file tree

Hide file tree

Showing 5 changed files with 52 additions and 13 deletions.
diff --git a/Packs/CommonScripts/ReleaseNotes/1_12_13.md b/Packs/CommonScripts/ReleaseNotes/1_12_13.md
@@ -0,0 +1,6 @@
+
+#### Scripts
+
+##### CreateNewIndicatorsOnly
+- Fixed an issue where the indicator_value was not properly escaped before being used in the 'findIndicators' command.
+- Updated the Docker image to: *demisto/python3:3.10.12.68300*.
diff --git a/Packs/CommonScripts/Scripts/CreateNewIndicatorsOnly/CreateNewIndicatorsOnly.py b/Packs/CommonScripts/Scripts/CreateNewIndicatorsOnly/CreateNewIndicatorsOnly.py
@@ -1,6 +1,6 @@
 import demistomock as demisto  # noqa: F401
 from CommonServerPython import *  # noqa: F401
-from typing import Any, Dict, List, Optional
+from typing import Any
 
 
 STATUS_NEW = 'new'
@@ -20,10 +20,11 @@ def normalize_indicator_value(indicator_value: Any) -> str:
 
 
 def add_new_indicator(indicator_value: Any,
-                      create_new_indicator_args: Dict[str, Any]) -> Dict[str, Any]:
+                      create_new_indicator_args: dict[str, Any]) -> dict[str, Any]:
     indicator_value = normalize_indicator_value(indicator_value)
+    escaped_indicator_value = indicator_value.replace('"', r'\"')
 
-    if indicators := execute_command('findIndicators', {'value': indicator_value}):
+    if indicators := execute_command('findIndicators', {'value': escaped_indicator_value}):
         indicator = indicators[0]
         indicator[KEY_CREATION_STATUS] = STATUS_EXISTING
     else:
@@ -50,8 +51,8 @@ def add_new_indicator(indicator_value: Any,
     return indicator
 
 
-def add_new_indicators(indicator_values: Optional[List[Any]],
-                       create_new_indicator_args: Dict[str, Any]) -> List[Dict[str, Any]]:
+def add_new_indicators(indicator_values: list[Any] | None,
+                       create_new_indicator_args: dict[str, Any]) -> list[dict[str, Any]]:
     return [add_new_indicator(indicator_value, create_new_indicator_args)
             for indicator_value in indicator_values or []]
 
@@ -62,9 +63,8 @@ def main():
 
         # Don't use argToList to make a list in order to accept an indicator including commas.
         # The `indicator_values` parameter doesn't support a comma separated list.
-        if indicator_values := args.get('indicator_values', []):
-            if not isinstance(indicator_values, list):
-                indicator_values = [indicator_values]
+        if (indicator_values := args.get('indicator_values', [])) and not isinstance(indicator_values, list):
+            indicator_values = [indicator_values]
 
         create_new_indicator_args = dict(args)
         create_new_indicator_args.pop('indicator_values', None)

diff --git a/Packs/CommonScripts/Scripts/CreateNewIndicatorsOnly/CreateNewIndicatorsOnly.yml b/Packs/CommonScripts/Scripts/CreateNewIndicatorsOnly/CreateNewIndicatorsOnly.yml
@@ -69,7 +69,7 @@ outputs:
   type: string
 scripttarget: 0
 subtype: python3
-dockerimage: demisto/python3:3.10.12.63474
+dockerimage: demisto/python3:3.10.12.68300
 runas: DBotWeakRole
 fromversion: 6.5.0
 tests:

diff --git a/Packs/CommonScripts/Scripts/CreateNewIndicatorsOnly/CreateNewIndicatorsOnly_test.py b/Packs/CommonScripts/Scripts/CreateNewIndicatorsOnly/CreateNewIndicatorsOnly_test.py
@@ -17,7 +17,7 @@ def equals_object(obj1, obj2) -> bool:
     elif isinstance(obj1, list):
         # Compare lists (ignore order)
         list2 = list(obj2)
-        for i1, v1 in enumerate(obj1):
+        for _i1, v1 in enumerate(obj1):
             for i2, v2 in enumerate(list2):
                 if equals_object(v1, v2):
                     list2.pop(i2)
@@ -158,7 +158,7 @@ def __execute_command(cmd, args) -> Any:
 def test_some_indicators_exist_with_multiple_value(mocker):
     """
         Given:
-            Some of indicators existing in the threat intel are given to the 'indicator_values'.
+            Some indicators existing in the threat intel are given to the 'indicator_values'.
 
         When:
             Running the script
@@ -224,7 +224,7 @@ def __execute_command(cmd, args) -> Any:
 def test_some_indicators_are_excluded(mocker):
     """
         Given:
-            Some of indicators given to the 'indicator_values' are in the exclusion list.
+            Some indicators given to the 'indicator_values' are in the exclusion list.
 
         When:
             Running the script
@@ -375,3 +375,36 @@ def __execute_command(cmd, args) -> Any:
     results = demisto.results.call_args[0][0]
     assert '|ID|Score|CreationStatus|Type|Value' in results.get('HumanReadable')
     assert equals_object(expected_entry_context, results.get('EntryContext'))
+
+
+def test_findIndicators_called_with_escaped_quotes(mocker):
+    """
+    Given:
+        indicator_value = "(External):Test \"test2 test (unsigned)\""
+    When:
+        The 'add_new_indicator' function is called with the indicator_value = "(External):Test \"test2 test (unsigned)\""
+        (when the user runs in cli:!CreateNewIndicatorsOnlyTest indicator_values=`(External):Test "test2 test (unsigned)"`)
+    Then:
+        1. The 'execute_command' function should be called with the correct escaped value.
+        2. The 'add_new_indicator' function should return the expected result as a dictionary.
+    """
+    from CreateNewIndicatorsOnly import add_new_indicator
+    indicator_value = "(External):Test \"test2 test (unsigned)\""
+    expected_value = indicator_value.replace('"', r"\"")
+
+    def __execute_command(cmd, args) -> Any:
+        assert args == {'value': expected_value}
+        if cmd == 'findIndicators':
+            return [{
+                'id': '0',
+                'value': '(External):Test "test2 test (unsigned)"',
+                'score': 0,
+                'indicator_type': args.get('type', 'Unknown')
+            }]
+        return None
+
+    mocker.patch('CreateNewIndicatorsOnly.execute_command', side_effect=__execute_command)
+
+    result = add_new_indicator(indicator_value, {})
+    assert result == {'id': '0', 'value': '(External):Test "test2 test (unsigned)"',
+                      'score': 0, 'indicator_type': 'Unknown', 'CreationStatus': 'existing'}
diff --git a/Packs/CommonScripts/pack_metadata.json b/Packs/CommonScripts/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Common Scripts",
     "description": "Frequently used scripts pack.",
     "support": "xsoar",
-    "currentVersion": "1.12.12",
+    "currentVersion": "1.12.13",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",