Merge pull request #27 from splunk-soar-connectors/next

Merging next to main for release 3.2.0
splunk-soar-connectors · Jun 5, 2024 · 9df479d · 9df479d
2 parents 746a9ff + 0c4aaa0
commit 9df479d
Show file tree

Hide file tree

Showing 10 changed files with 45 additions and 31 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
 -   repo: https://github.com/phantomcyber/dev-cicd-tools
-    rev: v1.16
+    rev: v1.18
     hooks:
     -   id: org-hook
     -   id: package-app-dependencies

diff --git a/NOTICE b/NOTICE
@@ -1,5 +1,5 @@
 Splunk SOAR SMTP
-Copyright (c) 2016-2023 Splunk Inc.
+Copyright (c) 2016-2024 Splunk Inc.
 
 Third-party Software Attributions:
 
@@ -9,8 +9,3 @@ License: MIT
 Copyright 2004-2017 Leonard Richardson
 Copyright 2004-2019 Leonard Richardson
 Copyright 2018 Isaac Muse
-
-Library: requests
-Version: 2.25.0
-License: Apache 2.0
-Kenneth Reitz
diff --git a/README.md b/README.md
@@ -2,16 +2,16 @@
 # SMTP
 
 Publisher: Splunk  
-Connector Version: 3.1.1  
+Connector Version: 3.2.0  
 Product Vendor: Generic  
 Product Name: SMTP  
 Product Version Supported (regex): ".\*"  
-Minimum Product Version: 6.1.1  
+Minimum Product Version: 6.2.1  
 
 This app provides the ability to send email using SMTP
 
 [comment]: # " File: README.md"
-[comment]: # "  Copyright (c) 2016-2023 Splunk Inc."
+[comment]: # "  Copyright (c) 2016-2024 Splunk Inc."
 [comment]: # ""
 [comment]: # "  Licensed under Apache 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt)"
 [comment]: # ""
@@ -307,7 +307,7 @@ Some points to note: <ul> <li>Only files present in the <b>vault</b> can be atta
 #### Action Parameters
 PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
 --------- | -------- | ----------- | ---- | --------
-**from** |  optional  | From field | string |  `email` 
+**from** |  optional  | Sender Address, domain can not include 'phantom', 'splunk', or 'cisco' | string |  `email` 
 **to** |  required  | List of recipients email addresses | string |  `email` 
 **cc** |  optional  | List of recipients email addresses to include on cc line | string |  `email` 
 **bcc** |  optional  | List of recipients email addresses to include on bcc line | string |  `email` 
@@ -367,7 +367,7 @@ If the <b>from</b> parameter is not provided, then the action will consider the
 #### Action Parameters
 PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
 --------- | -------- | ----------- | ---- | --------
-**from** |  optional  | From field | string |  `email` 
+**from** |  optional  | Sender Address, domain can not include 'phantom', 'splunk', or 'cisco' | string |  `email` 
 **to** |  required  | List of recipients email addresses | string |  `email` 
 **cc** |  optional  | List of recipients email addresses to include on cc line | string |  `email` 
 **bcc** |  optional  | List of recipients email addresses to include on bcc line | string |  `email` 

diff --git a/manual_readme_content.md b/manual_readme_content.md
@@ -1,5 +1,5 @@
 [comment]: # " File: README.md"
-[comment]: # "  Copyright (c) 2016-2023 Splunk Inc."
+[comment]: # "  Copyright (c) 2016-2024 Splunk Inc."
 [comment]: # ""
 [comment]: # "  Licensed under Apache 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt)"
 [comment]: # ""

diff --git a/release_notes/3.2.0.md b/release_notes/3.2.0.md
@@ -0,0 +1 @@
+* Added restrictions for `splunk`, `phantom` and `cisco` domains for 'from' field in **send email** and **send htmlemail** actions
diff --git a/smtp.json b/smtp.json
@@ -5,21 +5,21 @@
     "publisher": "Splunk",
     "type": "email",
     "main_module": "smtp_connector.py",
-    "app_version": "3.1.1",
+    "app_version": "3.2.0",
     "utctime_updated": "2024-03-06T13:04:08.000000Z",
     "package_name": "phantom_smtp",
     "product_vendor": "Generic",
     "product_name": "SMTP",
     "product_version_regex": ".*",
-    "min_phantom_version": "6.1.1",
+    "min_phantom_version": "6.2.1",
     "rest_handler": "request_handler.handle_request",
     "license": "Copyright (c) 2016-2024 Splunk Inc.",
     "logo": "logo_splunk.svg",
     "logo_dark": "logo_splunk_dark.svg",
     "python_version": "3",
     "fips_compliant": true,
     "latest_tested_versions": [
-        "smtp.gmail.com, smtp.office365.com September 26, 2023"
+        "smtp.gmail.com, smtp.office365.com May 6, 2024"
     ],
     "configuration": {
         "server": {
@@ -135,7 +135,7 @@
             "read_only": false,
             "parameters": {
                 "from": {
-                    "description": "From field",
+                    "description": "Sender Address, domain can not include 'phantom', 'splunk', or 'cisco'",
                     "data_type": "string",
                     "order": 0,
                     "contains": [
@@ -404,7 +404,7 @@
             "read_only": false,
             "parameters": {
                 "from": {
-                    "description": "From field",
+                    "description": "Sender Address, domain can not include 'phantom', 'splunk', or 'cisco'",
                     "data_type": "string",
                     "order": 0,
                     "primary": true,
@@ -701,10 +701,6 @@
     ],
     "pip39_dependencies": {
         "wheel": [
-            {
-                "module": "beautifulsoup4",
-                "input_file": "wheels/py3/beautifulsoup4-4.9.1-py3-none-any.whl"
-            },
             {
                 "module": "bleach",
                 "input_file": "wheels/py3/bleach-6.0.0-py3-none-any.whl"
@@ -713,14 +709,6 @@
                 "module": "bleach_allowlist",
                 "input_file": "wheels/shared/bleach_allowlist-1.0.3-py2.py3-none-any.whl"
             },
-            {
-                "module": "six",
-                "input_file": "wheels/shared/six-1.16.0-py2.py3-none-any.whl"
-            },
-            {
-                "module": "soupsieve",
-                "input_file": "wheels/py3/soupsieve-2.5-py3-none-any.whl"
-            },
             {
                 "module": "tinycss2",
                 "input_file": "wheels/py3/tinycss2-1.1.1-py3-none-any.whl"
@@ -731,4 +719,4 @@
             }
         ]
     }
-}
+}
diff --git a/smtp_connector.py b/smtp_connector.py
@@ -232,6 +232,21 @@ def _validate_integer(self, action_result, parameter, key, allow_zero=False):
 
         return phantom.APP_SUCCESS, parameter
 
+    def _validate_sender_email(self, action_result, input_data):
+        # sender emails also have additional restriction
+        # to not include splunk related terms in the domain name
+        restricted_domains = ["splunk", "cisco", "phantom"]
+        domain = input_data.split("@")[-1].lower()
+
+        if any(restricted_domain in domain for restricted_domain in restricted_domains):
+            return action_result.set_status(
+                phantom.APP_ERROR,
+                "The domain provided in email is restricted (contains one of : splunk, cisco, phantom).\
+                    Please use a different email in the 'from' field."
+            )
+
+        return action_result.set_status(phantom.APP_SUCCESS)
+
     def _validate_email(self, input_data):
         # validations are always tricky things, making it 100% foolproof, will take a
         # very complicated regex, even multiple regexes and each could lead to a bug that
@@ -246,6 +261,8 @@ def _validate_email(self, input_data):
             emails = input_data.split(',')
         elif ';' in input_data:
             emails = input_data.split(';')
+        else:
+            emails = [input_data]
 
         for email in emails:
             if not ph_utils.is_email(email.strip()):
@@ -792,6 +809,7 @@ def _is_html(self, body):
         return False
 
     def _send_email(self, param, action_result):
+        action_id = self.get_action_identifier()
 
         # username = self.get_config()[phantom.APP_JSON_USERNAME]
         config = self.get_config()
@@ -800,6 +818,12 @@ def _send_email(self, param, action_result):
         sender_address = config.get('sender_address', config.get(phantom.APP_JSON_USERNAME))
         email_from = param.get(SMTP_JSON_FROM, sender_address)
 
+        # validate sender email if inputted as a parameter
+        if action_id != "test_connectivity" and param.get(SMTP_JSON_FROM):
+            ret_val = self._validate_sender_email(action_result, email_from)
+            if phantom.is_fail(ret_val):
+                return action_result.get_status()
+
         encoding = config.get(SMTP_ENCODING, False)
         smtputf8 = config.get(SMTP_ALLOW_SMTPUTF8, False)
         body = param[SMTP_JSON_BODY]
@@ -1021,6 +1045,12 @@ def _handle_send_htmlemail(self, param):  # noqa: C901
         sender_address = config.get('sender_address', config.get(phantom.APP_JSON_USERNAME))
         email_from = param.get(SMTP_JSON_FROM, sender_address)
 
+        # validate sender email if inputted as a parameter
+        if param.get(SMTP_JSON_FROM):
+            ret_val = self._validate_sender_email(action_result, email_from)
+            if phantom.is_fail(ret_val):
+                return action_result.get_status()
+
         email_to = param['to']
         email_cc = param.get('cc')
         email_bcc = param.get('bcc')

diff --git a/wheels/py3/beautifulsoup4-4.9.1-py3-none-any.whl b/wheels/py3/beautifulsoup4-4.9.1-py3-none-any.whl
diff --git a/wheels/py3/soupsieve-2.5-py3-none-any.whl b/wheels/py3/soupsieve-2.5-py3-none-any.whl
diff --git a/wheels/shared/six-1.16.0-py2.py3-none-any.whl b/wheels/shared/six-1.16.0-py2.py3-none-any.whl