Merge pull request #22 from splunk-soar-connectors/sodle/PAPP-32449

microsoftwindowsremotemanagement: Bugfix - Use Vault API instead of filesystem to create attachments
splunk-soar-connectors · Dec 8, 2023 · d6c20a8 · d6c20a8
2 parents af5acfc + 90e3672
commit d6c20a8
Show file tree

Hide file tree

Showing 7 changed files with 22 additions and 21 deletions.
diff --git a/NOTICE b/NOTICE
@@ -1,5 +1,5 @@
 Splunk SOAR Windows Remote Management
-Copyright (c) 2018-2022 Splunk Inc.
+Copyright (c) 2018-2023 Splunk Inc.
 
 Third-party Software Attributions:
 

diff --git a/README.md b/README.md
@@ -2,17 +2,17 @@
 # Windows Remote Management
 
 Publisher: Splunk  
-Connector Version: 2.2.5  
+Connector Version: 2.2.6  
 Product Vendor: Microsoft  
 Product Name: Windows Remote Management  
 Product Version Supported (regex): ".\*"  
-Minimum Product Version: 5.5.0  
+Minimum Product Version: 6.1.1  
 
 This app integrates with the Windows Remote Management service to execute various actions
 
 [comment]: # ""
 [comment]: # "    File: README.md"
-[comment]: # "    Copyright (c) 2018-2022 Splunk Inc."
+[comment]: # "    Copyright (c) 2018-2023 Splunk Inc."
 [comment]: # "    "
 [comment]: # "    Licensed under Apache 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt)"
 [comment]: # ""

diff --git a/manual_readme_content.md b/manual_readme_content.md
@@ -1,6 +1,6 @@
 [comment]: # ""
 [comment]: # "    File: README.md"
-[comment]: # "    Copyright (c) 2018-2022 Splunk Inc."
+[comment]: # "    Copyright (c) 2018-2023 Splunk Inc."
 [comment]: # "    "
 [comment]: # "    Licensed under Apache 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt)"
 [comment]: # ""

diff --git a/parse_callbacks.py b/parse_callbacks.py
@@ -19,7 +19,6 @@
 # in any specific manner
 import base64
 import json
-import tempfile
 from builtins import str
 from collections import OrderedDict
 
@@ -453,13 +452,7 @@ def decodeb64_add_to_vault(action_result, response, container_id, file_name):
     b64string = response.std_out
 
     try:
-        if hasattr(Vault, 'create_attachment'):
-            resp = Vault.create_attachment(base64.b64decode(b64string), container_id, file_name=file_name)
-        else:
-            tmp_file = tempfile.NamedTemporaryFile(mode='wb', delete=False, dir='/opt/phantom/vault/tmp')
-            tmp_file.write(base64.b64decode(b64string))
-            tmp_file.close()
-            resp = Vault.add_attachment(tmp_file.name, container_id, file_name=file_name)
+        resp = Vault.create_attachment(base64.b64decode(b64string), container_id, file_name=file_name)
     except Exception as e:
         return action_result.set_status(
             phantom.APP_ERROR, "Error adding file to vault", e

diff --git a/release_notes/unreleased.md b/release_notes/unreleased.md
@@ -1 +1,6 @@
 **Unreleased**
+* Use the Vault API to create temporary files, instead of manual filesystem access [PAPP-32449]
+* Update `min_phantom_version` to 6.1.1
+* Remove `requests` dependency, using the one built into the platform instead
+* Suppress "progress" output from PowerShell, preventing actions from wrongly being marked as failed
+* Improve Unicode parsing to prevent errors
diff --git a/winrm.json b/winrm.json
@@ -10,11 +10,11 @@
     "product_version_regex": ".*",
     "publisher": "Splunk",
     "license": "Copyright (c) 2018-2023 Splunk Inc.",
-    "app_version": "2.2.5",
+    "app_version": "2.2.6",
     "utctime_updated": "2023-12-05T12:42:47.000000Z",
     "package_name": "phantom_winrm",
     "main_module": "winrm_connector.py",
-    "min_phantom_version": "5.5.0",
+    "min_phantom_version": "6.1.1",
     "fips_compliant": true,
     "python_version": "3",
     "latest_tested_versions": [
@@ -3339,10 +3339,6 @@
                 "module": "pywinrm",
                 "input_file": "wheels/shared/pywinrm-0.4.3-py2.py3-none-any.whl"
             },
-            {
-                "module": "requests",
-                "input_file": "wheels/py3/requests-2.31.0-py3-none-any.whl"
-            },
             {
                 "module": "requests_ntlm",
                 "input_file": "wheels/py3/requests_ntlm-1.2.0-py3-none-any.whl"
@@ -3365,4 +3361,4 @@
             }
         ]
     }
-}
+}
diff --git a/winrm_connector.py b/winrm_connector.py
@@ -346,6 +346,11 @@ def _run_ps(self, action_result, script, parse_callback=pc.basic, additional_dat
         if additional_data is None:
             additional_data = {}
         resp = None
+
+        if script is not None:
+            # Suppress the "progress" output that PowerShell sends to Standard Error
+            script = "$ProgressPreference = 'SilentlyContinue'; \n " + script
+
         try:
             if command_id:
                 if shell_id is None:
@@ -358,7 +363,7 @@ def _run_ps(self, action_result, script, parse_callback=pc.basic, additional_dat
                 if len(resp.std_err):
                     resp.std_err = self._session._clean_error_msg(resp.std_err)
                     if isinstance(resp.std_err, bytes):
-                        resp.std_err = resp.std_err.decode('UTF-8')
+                        resp.std_err = resp.std_err.decode('UTF-8', errors='backslashreplace')
             elif async_:
                 encoded_ps = b64encode(script.encode('utf_16_le')).decode('ascii')
                 shell_id = self._protocol.open_shell()
@@ -850,6 +855,8 @@ def _handle_create_applocker_policy(self, param):
                 self._sanitize_string(file_path), new_policy_str, set_policy_str
             ))
 
+        self.debug_print(ps_script)
+
         ret_val = self._run_ps(action_result, ps_script, parse_callback=pc.check_exit_no_data2)
         if phantom.is_fail(ret_val):
             return ret_val