PAPP-33723

- add additional validation on sender email to not include restricted terms in domain
splunk-soar-connectors · Apr 26, 2024 · 4f0be1c · 4f0be1c
1 parent 746a9ff
commit 4f0be1c
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 4 deletions.
diff --git a/smtp.json b/smtp.json
@@ -135,11 +135,11 @@
             "read_only": false,
             "parameters": {
                 "from": {
-                    "description": "From field",
+                    "description": "Sender Address, domain can not include 'phantom', 'splunk', or 'cisco'",
                     "data_type": "string",
                     "order": 0,
                     "contains": [
-                        "email"
+                        "sender_email"
                     ],
                     "primary": true
                 },
@@ -404,12 +404,12 @@
             "read_only": false,
             "parameters": {
                 "from": {
-                    "description": "From field",
+                    "description": "Sender Address, domain can not include 'phantom', 'splunk', or 'cisco'",
                     "data_type": "string",
                     "order": 0,
                     "primary": true,
                     "contains": [
-                        "email"
+                        "sender_email"
                     ]
                 },
                 "to": {

diff --git a/smtp_connector.py b/smtp_connector.py
@@ -78,6 +78,7 @@ def initialize(self):
         # action_result = self.add_action_result(ActionResult())
 
         self.set_validator('email', self._validate_email)
+        self.set_validator('sender_email', self._validate_sender_email)
 
         return phantom.APP_SUCCESS
 
@@ -232,6 +233,21 @@ def _validate_integer(self, action_result, parameter, key, allow_zero=False):
 
         return phantom.APP_SUCCESS, parameter
 
+    def _validate_sender_email(self, input_data):
+        # SMTP only supports a single email as the sender
+        if ',' in input_data or ';' in input_data:
+            return False
+
+        # sender emails also have additional restriction
+        # to not include splunk related terms in the domain name
+        restricted_domains = ["splunk", "cisco", "phantom"]
+        domain = input_data.split("@")[-1]
+
+        if any(restricted_domain in domain for restricted_domain in restricted_domains):
+            return False
+
+        return self._validate_email(input_data)
+
     def _validate_email(self, input_data):
         # validations are always tricky things, making it 100% foolproof, will take a
         # very complicated regex, even multiple regexes and each could lead to a bug that
@@ -246,6 +262,8 @@ def _validate_email(self, input_data):
             emails = input_data.split(',')
         elif ';' in input_data:
             emails = input_data.split(';')
+        else:
+            emails = [input_data]
 
         for email in emails:
             if not ph_utils.is_email(email.strip()):