merged main changes into bugfix PR

splunk-soar-connectors · Jun 10, 2024 · f2402fa · f2402fa
2 parents a6b3745 + 9df479d
commit f2402fa
Show file tree

Hide file tree

Showing 8 changed files with 39 additions and 20 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,11 +1,11 @@
 repos:
 -   repo: https://github.com/phantomcyber/dev-cicd-tools
-    rev: v1.16
+    rev: v1.18
     hooks:
     -   id: org-hook
     -   id: package-app-dependencies
 -   repo: https://github.com/Yelp/detect-secrets
-    rev: v1.4.0
+    rev: v1.5.0
     hooks:
     -   id: detect-secrets
         args: ['--no-verify', '--exclude-files', '^smtp.json$']
diff --git a/README.md b/README.md
@@ -6,7 +6,7 @@ Connector Version: 3.3.0
 Product Vendor: Generic  
 Product Name: SMTP  
 Product Version Supported (regex): ".\*"  
-Minimum Product Version: 6.2.0  
+Minimum Product Version: 6.2.1  
 
 This app provides the ability to send email using SMTP
 
@@ -307,7 +307,7 @@ Some points to note: <ul> <li>Only files present in the <b>vault</b> can be atta
 #### Action Parameters
 PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
 --------- | -------- | ----------- | ---- | --------
-**from** |  optional  | From field | string |  `email` 
+**from** |  optional  | Sender Address, domain can not include 'phantom', 'splunk', or 'cisco' | string |  `email` 
 **to** |  required  | List of recipients email addresses | string |  `email` 
 **cc** |  optional  | List of recipients email addresses to include on cc line | string |  `email` 
 **bcc** |  optional  | List of recipients email addresses to include on bcc line | string |  `email` 
@@ -367,7 +367,7 @@ If the <b>from</b> parameter is not provided, then the action will consider the
 #### Action Parameters
 PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
 --------- | -------- | ----------- | ---- | --------
-**from** |  optional  | From field | string |  `email` 
+**from** |  optional  | Sender Address, domain can not include 'phantom', 'splunk', or 'cisco' | string |  `email` 
 **to** |  required  | List of recipients email addresses | string |  `email` 
 **cc** |  optional  | List of recipients email addresses to include on cc line | string |  `email` 
 **bcc** |  optional  | List of recipients email addresses to include on bcc line | string |  `email` 

diff --git a/release_notes/3.2.0.md b/release_notes/3.2.0.md
@@ -0,0 +1 @@
+* Added restrictions for `splunk`, `phantom` and `cisco` domains for 'from' field in **send email** and **send htmlemail** actions
diff --git a/smtp.json b/smtp.json
@@ -11,7 +11,7 @@
     "product_vendor": "Generic",
     "product_name": "SMTP",
     "product_version_regex": ".*",
-    "min_phantom_version": "6.2.0",
+    "min_phantom_version": "6.2.1",
     "rest_handler": "request_handler.handle_request",
     "license": "Copyright (c) 2016-2024 Splunk Inc.",
     "logo": "logo_splunk.svg",
@@ -135,7 +135,7 @@
             "read_only": false,
             "parameters": {
                 "from": {
-                    "description": "From field",
+                    "description": "Sender Address, domain can not include 'phantom', 'splunk', or 'cisco'",
                     "data_type": "string",
                     "order": 0,
                     "contains": [
@@ -404,7 +404,7 @@
             "read_only": false,
             "parameters": {
                 "from": {
-                    "description": "From field",
+                    "description": "Sender Address, domain can not include 'phantom', 'splunk', or 'cisco'",
                     "data_type": "string",
                     "order": 0,
                     "primary": true,
@@ -701,10 +701,6 @@
     ],
     "pip39_dependencies": {
         "wheel": [
-            {
-                "module": "beautifulsoup4",
-                "input_file": "wheels/py3/beautifulsoup4-4.9.1-py3-none-any.whl"
-            },
             {
                 "module": "bleach",
                 "input_file": "wheels/py3/bleach-6.0.0-py3-none-any.whl"
@@ -713,14 +709,6 @@
                 "module": "bleach_allowlist",
                 "input_file": "wheels/shared/bleach_allowlist-1.0.3-py2.py3-none-any.whl"
             },
-            {
-                "module": "six",
-                "input_file": "wheels/shared/six-1.16.0-py2.py3-none-any.whl"
-            },
-            {
-                "module": "soupsieve",
-                "input_file": "wheels/py3/soupsieve-2.5-py3-none-any.whl"
-            },
             {
                 "module": "tinycss2",
                 "input_file": "wheels/py3/tinycss2-1.1.1-py3-none-any.whl"

diff --git a/smtp_connector.py b/smtp_connector.py
@@ -238,6 +238,21 @@ def _validate_integer(self, action_result, parameter, key, allow_zero=False):
 
         return phantom.APP_SUCCESS, parameter
 
+    def _validate_sender_email(self, action_result, input_data):
+        # sender emails also have additional restriction
+        # to not include splunk related terms in the domain name
+        restricted_domains = ["splunk", "cisco", "phantom"]
+        domain = input_data.split("@")[-1].lower()
+
+        if any(restricted_domain in domain for restricted_domain in restricted_domains):
+            return action_result.set_status(
+                phantom.APP_ERROR,
+                "The domain provided in email is restricted (contains one of : splunk, cisco, phantom).\
+                    Please use a different email in the 'from' field."
+            )
+
+        return action_result.set_status(phantom.APP_SUCCESS)
+
     def _validate_email(self, input_data):
         # validations are always tricky things, making it 100% foolproof, will take a
         # very complicated regex, even multiple regexes and each could lead to a bug that
@@ -252,6 +267,8 @@ def _validate_email(self, input_data):
             emails = input_data.split(',')
         elif ';' in input_data:
             emails = input_data.split(';')
+        else:
+            emails = [input_data]
 
         for email in emails:
             if not ph_utils.is_email(email.strip()):
@@ -803,6 +820,7 @@ def _is_html(self, body):
         return False
 
     def _send_email(self, param, action_result):
+        action_id = self.get_action_identifier()
 
         # username = self.get_config()[phantom.APP_JSON_USERNAME]
         config = self.get_config()
@@ -811,6 +829,12 @@ def _send_email(self, param, action_result):
         sender_address = config.get('sender_address', config.get(phantom.APP_JSON_USERNAME))
         email_from = param.get(SMTP_JSON_FROM, sender_address)
 
+        # validate sender email if inputted as a parameter
+        if action_id != "test_connectivity" and param.get(SMTP_JSON_FROM):
+            ret_val = self._validate_sender_email(action_result, email_from)
+            if phantom.is_fail(ret_val):
+                return action_result.get_status()
+
         encoding = config.get(SMTP_ENCODING, False)
         smtputf8 = config.get(SMTP_ALLOW_SMTPUTF8, False)
         body = param[SMTP_JSON_BODY]
@@ -1032,6 +1056,12 @@ def _handle_send_htmlemail(self, param):  # noqa: C901
         sender_address = config.get('sender_address', config.get(phantom.APP_JSON_USERNAME))
         email_from = param.get(SMTP_JSON_FROM, sender_address)
 
+        # validate sender email if inputted as a parameter
+        if param.get(SMTP_JSON_FROM):
+            ret_val = self._validate_sender_email(action_result, email_from)
+            if phantom.is_fail(ret_val):
+                return action_result.get_status()
+
         email_to = param['to']
         email_cc = param.get('cc')
         email_bcc = param.get('bcc')

diff --git a/wheels/py3/beautifulsoup4-4.9.1-py3-none-any.whl b/wheels/py3/beautifulsoup4-4.9.1-py3-none-any.whl
diff --git a/wheels/py3/soupsieve-2.5-py3-none-any.whl b/wheels/py3/soupsieve-2.5-py3-none-any.whl
diff --git a/wheels/shared/six-1.16.0-py2.py3-none-any.whl b/wheels/shared/six-1.16.0-py2.py3-none-any.whl