updated validation logic

splunk-soar-connectors · May 6, 2024 · 03e01e6 · 03e01e6
1 parent 315b560
commit 03e01e6
Show file tree

Hide file tree

Showing 11 changed files with 38 additions and 39 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
 -   repo: https://github.com/phantomcyber/dev-cicd-tools
-    rev: v1.16
+    rev: v1.18
     hooks:
     -   id: org-hook
     -   id: package-app-dependencies

diff --git a/LICENSE b/LICENSE
@@ -198,4 +198,4 @@
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
-   limitations under the License.
+   limitations under the License.
diff --git a/NOTICE b/NOTICE
@@ -1,5 +1,5 @@
 Splunk SOAR SMTP
-Copyright (c) 2016-2023 Splunk Inc.
+Copyright (c) 2016-2024 Splunk Inc.
 
 Third-party Software Attributions:
 
@@ -9,8 +9,3 @@ License: MIT
 Copyright 2004-2017 Leonard Richardson
 Copyright 2004-2019 Leonard Richardson
 Copyright 2018 Isaac Muse
-
-Library: requests
-Version: 2.25.0
-License: Apache 2.0
-Kenneth Reitz
diff --git a/README.md b/README.md
@@ -11,7 +11,7 @@ Minimum Product Version: 6.1.1
 This app provides the ability to send email using SMTP
 
 [comment]: # " File: README.md"
-[comment]: # "  Copyright (c) 2016-2023 Splunk Inc."
+[comment]: # "  Copyright (c) 2016-2024 Splunk Inc."
 [comment]: # ""
 [comment]: # "  Licensed under Apache 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt)"
 [comment]: # ""
@@ -307,7 +307,7 @@ Some points to note: <ul> <li>Only files present in the <b>vault</b> can be atta
 #### Action Parameters
 PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
 --------- | -------- | ----------- | ---- | --------
-**from** |  optional  | Sender Address, domain can not include 'phantom', 'splunk', or 'cisco' | string |  `sender_email` 
+**from** |  optional  | Sender Address, domain can not include 'phantom', 'splunk', or 'cisco' | string |  `email` 
 **to** |  required  | List of recipients email addresses | string |  `email` 
 **cc** |  optional  | List of recipients email addresses to include on cc line | string |  `email` 
 **bcc** |  optional  | List of recipients email addresses to include on bcc line | string |  `email` 
@@ -324,7 +324,7 @@ action_result.parameter.attachments | string |  `vault id`  |   ab2b2ccfba08ea53
 action_result.parameter.bcc | string |  `email`  |   [email protected] 
 action_result.parameter.body | string |  |   Test body 
 action_result.parameter.cc | string |  `email`  |   [email protected] 
-action_result.parameter.from | string |  `sender_email`  |   [email protected] 
+action_result.parameter.from | string |  `email`  |   [email protected] 
 action_result.parameter.headers | string |  |   {"Subject": "Test1", "To": "[email protected]"} 
 action_result.parameter.subject | string |  |   Test 
 action_result.parameter.to | string |  `email`  |   [email protected] 
@@ -367,7 +367,7 @@ If the <b>from</b> parameter is not provided, then the action will consider the
 #### Action Parameters
 PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
 --------- | -------- | ----------- | ---- | --------
-**from** |  optional  | Sender Address, domain can not include 'phantom', 'splunk', or 'cisco' | string |  `sender_email` 
+**from** |  optional  | Sender Address, domain can not include 'phantom', 'splunk', or 'cisco' | string |  `email` 
 **to** |  required  | List of recipients email addresses | string |  `email` 
 **cc** |  optional  | List of recipients email addresses to include on cc line | string |  `email` 
 **bcc** |  optional  | List of recipients email addresses to include on bcc line | string |  `email` 
@@ -404,7 +404,7 @@ action_result.parameter.content_id2 | string |  |
 action_result.parameter.content_id3 | string |  |  
 action_result.parameter.content_id4 | string |  |  
 action_result.parameter.content_id5 | string |  |  
-action_result.parameter.from | string |  `sender_email`  |   [email protected] 
+action_result.parameter.from | string |  `email`  |   [email protected] 
 action_result.parameter.headers | string |  |   {"Subject": "Test1", "To": "[email protected]"} 
 action_result.parameter.html_body | string |  |   <html><h2>HTML heading</h2><body>HTML body.</body></html> 
 action_result.parameter.subject | string |  |   Test 

diff --git a/manual_readme_content.md b/manual_readme_content.md
@@ -1,5 +1,5 @@
 [comment]: # " File: README.md"
-[comment]: # "  Copyright (c) 2016-2023 Splunk Inc."
+[comment]: # "  Copyright (c) 2016-2024 Splunk Inc."
 [comment]: # ""
 [comment]: # "  Licensed under Apache 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt)"
 [comment]: # ""

diff --git a/release_notes/unreleased.md b/release_notes/unreleased.md
@@ -1 +1,2 @@
 **Unreleased**
+* Added restrictions for `splunk`, `phantom` and `cisco` domains for 'from' input in **send email** and **send htmlemail**
diff --git a/smtp.json b/smtp.json
@@ -5,21 +5,21 @@
     "publisher": "Splunk",
     "type": "email",
     "main_module": "smtp_connector.py",
-    "app_version": "3.1.1",
+    "app_version": "3.2.0",
     "utctime_updated": "2024-03-06T13:04:08.000000Z",
     "package_name": "phantom_smtp",
     "product_vendor": "Generic",
     "product_name": "SMTP",
     "product_version_regex": ".*",
-    "min_phantom_version": "6.1.1",
+    "min_phantom_version": "6.2.0",
     "rest_handler": "request_handler.handle_request",
     "license": "Copyright (c) 2016-2024 Splunk Inc.",
     "logo": "logo_splunk.svg",
     "logo_dark": "logo_splunk_dark.svg",
     "python_version": "3",
     "fips_compliant": true,
     "latest_tested_versions": [
-        "smtp.gmail.com, smtp.office365.com September 26, 2023"
+        "smtp.gmail.com, smtp.office365.com May 6, 2024"
     ],
     "configuration": {
         "server": {
@@ -139,7 +139,7 @@
                     "data_type": "string",
                     "order": 0,
                     "contains": [
-                        "sender_email"
+                        "email"
                     ],
                     "primary": true
                 },
@@ -253,7 +253,7 @@
                     "data_path": "action_result.parameter.from",
                     "data_type": "string",
                     "contains": [
-                        "sender_email"
+                        "email"
                     ],
                     "example_values": [
                         "[email protected]"
@@ -409,7 +409,7 @@
                     "order": 0,
                     "primary": true,
                     "contains": [
-                        "sender_email"
+                        "email"
                     ]
                 },
                 "to": {
@@ -614,7 +614,7 @@
                     "data_path": "action_result.parameter.from",
                     "data_type": "string",
                     "contains": [
-                        "sender_email"
+                        "email"
                     ],
                     "example_values": [
                         "[email protected]"
@@ -701,10 +701,6 @@
     ],
     "pip39_dependencies": {
         "wheel": [
-            {
-                "module": "beautifulsoup4",
-                "input_file": "wheels/py3/beautifulsoup4-4.9.1-py3-none-any.whl"
-            },
             {
                 "module": "bleach",
                 "input_file": "wheels/py3/bleach-6.0.0-py3-none-any.whl"
@@ -713,14 +709,6 @@
                 "module": "bleach_allowlist",
                 "input_file": "wheels/shared/bleach_allowlist-1.0.3-py2.py3-none-any.whl"
             },
-            {
-                "module": "six",
-                "input_file": "wheels/shared/six-1.16.0-py2.py3-none-any.whl"
-            },
-            {
-                "module": "soupsieve",
-                "input_file": "wheels/py3/soupsieve-2.5-py3-none-any.whl"
-            },
             {
                 "module": "tinycss2",
                 "input_file": "wheels/py3/tinycss2-1.1.1-py3-none-any.whl"
@@ -731,4 +719,4 @@
             }
         ]
     }
-}
+}
diff --git a/smtp_connector.py b/smtp_connector.py
@@ -78,7 +78,6 @@ def initialize(self):
         # action_result = self.add_action_result(ActionResult())
 
         self.set_validator('email', self._validate_email)
-        self.set_validator('sender_email', self._validate_sender_email)
 
         return phantom.APP_SUCCESS
 
@@ -233,20 +232,26 @@ def _validate_integer(self, action_result, parameter, key, allow_zero=False):
 
         return phantom.APP_SUCCESS, parameter
 
-    def _validate_sender_email(self, input_data):
+    def _validate_sender_email(self, action_result, input_data):
         # SMTP only supports a single email as the sender
         if ',' in input_data or ';' in input_data:
-            return False
+            return action_result.set_status(
+                phantom.APP_ERROR,
+                "SMTP only supports a single email for the 'from' field, please enter email in valid format."
+            )
 
         # sender emails also have additional restriction
         # to not include splunk related terms in the domain name
         restricted_domains = ["splunk", "cisco", "phantom"]
         domain = input_data.split("@")[-1]
 
         if any(restricted_domain in domain for restricted_domain in restricted_domains):
-            return False
+            return action_result.set_status(
+                phantom.APP_ERROR,
+                "The domain provided in email is restricted, please use a different email."
+            )
 
-        return self._validate_email(input_data)
+        return action_result.set_status(phantom.APP_SUCCESS)
 
     def _validate_email(self, input_data):
         # validations are always tricky things, making it 100% foolproof, will take a
@@ -818,6 +823,11 @@ def _send_email(self, param, action_result):
         sender_address = config.get('sender_address', config.get(phantom.APP_JSON_USERNAME))
         email_from = param.get(SMTP_JSON_FROM, sender_address)
 
+        # validate sender email
+        ret_val = self._validate_sender_email(action_result, email_from)
+        if phantom.is_fail(ret_val):
+            return action_result.get_status()
+
         encoding = config.get(SMTP_ENCODING, False)
         smtputf8 = config.get(SMTP_ALLOW_SMTPUTF8, False)
         body = param[SMTP_JSON_BODY]
@@ -1039,6 +1049,11 @@ def _handle_send_htmlemail(self, param):  # noqa: C901
         sender_address = config.get('sender_address', config.get(phantom.APP_JSON_USERNAME))
         email_from = param.get(SMTP_JSON_FROM, sender_address)
 
+        # validate sender email
+        ret_val = self._validate_sender_email(action_result, email_from)
+        if phantom.is_fail(ret_val):
+            return action_result.get_status()
+
         email_to = param['to']
         email_cc = param.get('cc')
         email_bcc = param.get('bcc')

diff --git a/wheels/py3/beautifulsoup4-4.9.1-py3-none-any.whl b/wheels/py3/beautifulsoup4-4.9.1-py3-none-any.whl
diff --git a/wheels/py3/soupsieve-2.5-py3-none-any.whl b/wheels/py3/soupsieve-2.5-py3-none-any.whl
diff --git a/wheels/shared/six-1.16.0-py2.py3-none-any.whl b/wheels/shared/six-1.16.0-py2.py3-none-any.whl
Original file line number	Diff line number	Diff line change
		@@ -1 +1,2 @@
		Unreleased
		* Added restrictions for `splunk`, `phantom` and `cisco` domains for 'from' input in send email and send htmlemail