splunk-soar-connectors · ishans-crest · Jun 4, 2024 · Apr 26, 2024 · Apr 26, 2024 · Apr 26, 2024
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
 -   repo: https://github.com/phantomcyber/dev-cicd-tools
-    rev: v1.16
+    rev: v1.18
     hooks:
     -   id: org-hook
     -   id: package-app-dependencies

diff --git a/LICENSE b/LICENSE
@@ -198,4 +198,4 @@
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
-   limitations under the License.
+   limitations under the License.
diff --git a/NOTICE b/NOTICE
@@ -1,5 +1,5 @@
 Splunk SOAR SMTP
-Copyright (c) 2016-2023 Splunk Inc.
+Copyright (c) 2016-2024 Splunk Inc.
 
 Third-party Software Attributions:
 
@@ -9,8 +9,3 @@ License: MIT
 Copyright 2004-2017 Leonard Richardson
 Copyright 2004-2019 Leonard Richardson
 Copyright 2018 Isaac Muse
-
-Library: requests
-Version: 2.25.0
-License: Apache 2.0
-Kenneth Reitz
diff --git a/README.md b/README.md
@@ -2,16 +2,16 @@
 # SMTP
 
 Publisher: Splunk  
-Connector Version: 3.1.1  
+Connector Version: 3.2.0  
 Product Vendor: Generic  
 Product Name: SMTP  
 Product Version Supported (regex): ".\*"  
-Minimum Product Version: 6.1.1  
+Minimum Product Version: 6.2.1  
 
 This app provides the ability to send email using SMTP
 
 [comment]: # " File: README.md"
-[comment]: # "  Copyright (c) 2016-2023 Splunk Inc."
+[comment]: # "  Copyright (c) 2016-2024 Splunk Inc."
 [comment]: # ""
 [comment]: # "  Licensed under Apache 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt)"
 [comment]: # ""
@@ -307,7 +307,7 @@ Some points to note: <ul> <li>Only files present in the <b>vault</b> can be atta
 #### Action Parameters
 PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
 --------- | -------- | ----------- | ---- | --------
-**from** |  optional  | From field | string |  `email` 
+**from** |  optional  | Sender Address, domain can not include 'phantom', 'splunk', or 'cisco' | string |  `email` 
 **to** |  required  | List of recipients email addresses | string |  `email` 
 **cc** |  optional  | List of recipients email addresses to include on cc line | string |  `email` 
 **bcc** |  optional  | List of recipients email addresses to include on bcc line | string |  `email` 
@@ -367,7 +367,7 @@ If the <b>from</b> parameter is not provided, then the action will consider the
 #### Action Parameters
 PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
 --------- | -------- | ----------- | ---- | --------
-**from** |  optional  | From field | string |  `email` 
+**from** |  optional  | Sender Address, domain can not include 'phantom', 'splunk', or 'cisco' | string |  `email` 
 **to** |  required  | List of recipients email addresses | string |  `email` 
 **cc** |  optional  | List of recipients email addresses to include on cc line | string |  `email` 
 **bcc** |  optional  | List of recipients email addresses to include on bcc line | string |  `email` 

diff --git a/manual_readme_content.md b/manual_readme_content.md
@@ -1,5 +1,5 @@
 [comment]: # " File: README.md"
-[comment]: # "  Copyright (c) 2016-2023 Splunk Inc."
+[comment]: # "  Copyright (c) 2016-2024 Splunk Inc."
 [comment]: # ""
 [comment]: # "  Licensed under Apache 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt)"
 [comment]: # ""

diff --git a/release_notes/unreleased.md b/release_notes/unreleased.md
@@ -1 +1,2 @@
 **Unreleased**
+* Added restrictions for `splunk`, `phantom` and `cisco` domains for 'from' field in **send email** and **send htmlemail** actions
diff --git a/smtp.json b/smtp.json
@@ -5,21 +5,21 @@
     "publisher": "Splunk",
     "type": "email",
     "main_module": "smtp_connector.py",
-    "app_version": "3.1.1",
+    "app_version": "3.2.0",
     "utctime_updated": "2024-03-06T13:04:08.000000Z",
     "package_name": "phantom_smtp",
     "product_vendor": "Generic",
     "product_name": "SMTP",
     "product_version_regex": ".*",
-    "min_phantom_version": "6.1.1",
+    "min_phantom_version": "6.2.1",
     "rest_handler": "request_handler.handle_request",
     "license": "Copyright (c) 2016-2024 Splunk Inc.",
     "logo": "logo_splunk.svg",
     "logo_dark": "logo_splunk_dark.svg",
     "python_version": "3",
     "fips_compliant": true,
     "latest_tested_versions": [
-        "smtp.gmail.com, smtp.office365.com September 26, 2023"
+        "smtp.gmail.com, smtp.office365.com May 6, 2024"
     ],
     "configuration": {
         "server": {
@@ -135,7 +135,7 @@
             "read_only": false,
             "parameters": {
                 "from": {
-                    "description": "From field",
+                    "description": "Sender Address, domain can not include 'phantom', 'splunk', or 'cisco'",
                     "data_type": "string",
                     "order": 0,
                     "contains": [
@@ -404,7 +404,7 @@
             "read_only": false,
             "parameters": {
                 "from": {
-                    "description": "From field",
+                    "description": "Sender Address, domain can not include 'phantom', 'splunk', or 'cisco'",
                     "data_type": "string",
                     "order": 0,
                     "primary": true,
@@ -701,10 +701,6 @@
     ],
     "pip39_dependencies": {
         "wheel": [
-            {
-                "module": "beautifulsoup4",
-                "input_file": "wheels/py3/beautifulsoup4-4.9.1-py3-none-any.whl"
-            },
             {
                 "module": "bleach",
                 "input_file": "wheels/py3/bleach-6.0.0-py3-none-any.whl"
@@ -713,14 +709,6 @@
                 "module": "bleach_allowlist",
                 "input_file": "wheels/shared/bleach_allowlist-1.0.3-py2.py3-none-any.whl"
             },
-            {
-                "module": "six",
-                "input_file": "wheels/shared/six-1.16.0-py2.py3-none-any.whl"
-            },
-            {
-                "module": "soupsieve",
-                "input_file": "wheels/py3/soupsieve-2.5-py3-none-any.whl"
-            },
             {
                 "module": "tinycss2",
                 "input_file": "wheels/py3/tinycss2-1.1.1-py3-none-any.whl"
@@ -731,4 +719,4 @@
             }
         ]
     }
-}
+}
diff --git a/smtp_connector.py b/smtp_connector.py
@@ -232,6 +232,21 @@ def _validate_integer(self, action_result, parameter, key, allow_zero=False):
 
         return phantom.APP_SUCCESS, parameter
 
+    def _validate_sender_email(self, action_result, input_data):
+        # sender emails also have additional restriction
+        # to not include splunk related terms in the domain name
+        restricted_domains = ["splunk", "cisco", "phantom"]
+        domain = input_data.split("@")[-1].lower()
+
+        if any(restricted_domain in domain for restricted_domain in restricted_domains):
+            return action_result.set_status(
+                phantom.APP_ERROR,
+                "The domain provided in email is restricted (contains one of : splunk, cisco, phantom).\
+                    Please use a different email in the 'from' field."
+            )
+
+        return action_result.set_status(phantom.APP_SUCCESS)
+
     def _validate_email(self, input_data):
         # validations are always tricky things, making it 100% foolproof, will take a
         # very complicated regex, even multiple regexes and each could lead to a bug that
@@ -246,6 +261,8 @@ def _validate_email(self, input_data):
             emails = input_data.split(',')
         elif ';' in input_data:
             emails = input_data.split(';')
+        else:
+            emails = [input_data]
 
         for email in emails:
             if not ph_utils.is_email(email.strip()):
@@ -792,6 +809,7 @@ def _is_html(self, body):
         return False
 
     def _send_email(self, param, action_result):
+        action_id = self.get_action_identifier()
 
         # username = self.get_config()[phantom.APP_JSON_USERNAME]
         config = self.get_config()
@@ -800,6 +818,12 @@ def _send_email(self, param, action_result):
         sender_address = config.get('sender_address', config.get(phantom.APP_JSON_USERNAME))
         email_from = param.get(SMTP_JSON_FROM, sender_address)
 
+        # validate sender email if inputted as a parameter
+        if action_id != "test_connectivity" and param.get(SMTP_JSON_FROM):
+            ret_val = self._validate_sender_email(action_result, email_from)
+            if phantom.is_fail(ret_val):
+                return action_result.get_status()
+
         encoding = config.get(SMTP_ENCODING, False)
         smtputf8 = config.get(SMTP_ALLOW_SMTPUTF8, False)
         body = param[SMTP_JSON_BODY]
@@ -1021,6 +1045,12 @@ def _handle_send_htmlemail(self, param):  # noqa: C901
         sender_address = config.get('sender_address', config.get(phantom.APP_JSON_USERNAME))
         email_from = param.get(SMTP_JSON_FROM, sender_address)
 
+        # validate sender email if inputted as a parameter
+        if param.get(SMTP_JSON_FROM):
+            ret_val = self._validate_sender_email(action_result, email_from)
+            if phantom.is_fail(ret_val):
+                return action_result.get_status()
+
         email_to = param['to']
         email_cc = param.get('cc')
         email_bcc = param.get('bcc')

diff --git a/wheels/py3/beautifulsoup4-4.9.1-py3-none-any.whl b/wheels/py3/beautifulsoup4-4.9.1-py3-none-any.whl
diff --git a/wheels/py3/soupsieve-2.5-py3-none-any.whl b/wheels/py3/soupsieve-2.5-py3-none-any.whl
diff --git a/wheels/shared/six-1.16.0-py2.py3-none-any.whl b/wheels/shared/six-1.16.0-py2.py3-none-any.whl
Original file line number	Diff line number	Diff line change
		@@ -1 +1,2 @@
		Unreleased
		* Added restrictions for `splunk`, `phantom` and `cisco` domains for 'from' field in send email and send htmlemail actions