Merging next to main for release 2.5.1 (#18)

* Remove semgrep workflow file

* 'convert readme.html to manual_readme_content.md'

* fix for message attachment type

* release notes

* licensing fix

* Update README.md

* removed error print duplicated

* Bumped up the version of googleworkspaceforgmail from 2.5.0 to 2.5.1

* Release notes for version 2.5.1

* Release notes for version 2.5.1

---------

Co-authored-by: splunk-soar-connectors-admin <admin@splunksoar>
Co-authored-by: Michał Posłuszny <mposluszny@splunk.com>
Co-authored-by: mposluszny-splunk <150343546+mposluszny-splunk@users.noreply.github.com>
Co-authored-by: root <root@splunksoar>

LICENSE

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright (c) 2017-2023 Splunk Inc.
+   Copyright (c) 2017-2024 Splunk Inc.
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

README.md

@@ -2,11 +2,11 @@
 # G Suite for GMail
 
 Publisher: Splunk  
-Connector Version: 2.5.0  
+Connector Version: 2.5.1  
 Product Vendor: Google  
 Product Name: GMail  
 Product Version Supported (regex): ".\*"  
-Minimum Product Version: 6.0.0  
+Minimum Product Version: 6.1.1  
 
 Integrates with G Suite for various investigative and containment actions
 

__init__.py

@@ -1,6 +1,6 @@
 # File: __init__.py
 #
-# Copyright (c) 2017-2023 Splunk Inc.
+# Copyright (c) 2017-2024 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

gsgmail.json

@@ -10,16 +10,16 @@
     "package_name": "phantom_gsgmail",
     "product_vendor": "Google",
     "product_name": "GMail",
-    "min_phantom_version": "6.0.0",
+    "min_phantom_version": "6.1.1",
     "fips_compliant": true,
     "python_version": "3",
     "latest_tested_versions": [
         "Cloud, May 26, 2023"
     ],
-    "app_version": "2.5.0",
+    "app_version": "2.5.1",
     "product_version_regex": ".*",
-    "license": "Copyright (c) 2017-2023 Splunk Inc.",
-    "utctime_updated": "2022-01-25T00:07:36.000000Z",
+    "license": "Copyright (c) 2017-2024 Splunk Inc.",
+    "utctime_updated": "2024-03-18T08:57:36.000000Z",
     "pip_dependencies": {
         "wheel": [
             {
@@ -1369,4 +1369,4 @@
             }
         ]
     }
-}
+}

gsgmail_connector.py

@@ -1,6 +1,6 @@
 # File: gsgmail_connector.py
 #
-# Copyright (c) 2017-2023 Splunk Inc.
+# Copyright (c) 2017-2024 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -259,7 +259,7 @@ def _parse_multipart_msg(self, action_result, msg, email_details, extract_attach
 
         email_details['email_headers'] = []
         for part in msg.walk():
-            type = part.get_content_type()
+            part_type = part.get_content_type()
             headers = self._get_email_headers_from_part(part)
             # split out important headers (for output table rendering)
             if headers.get('to'):
@@ -274,13 +274,13 @@ def _parse_multipart_msg(self, action_result, msg, email_details, extract_attach
             disp = str(part.get('Content-Disposition'))
             file_name = part.get_filename()
             # look for plain text parts, but skip attachments
-            if type == 'text/plain' and 'attachment' not in disp:
+            if part_type == 'text/plain' and 'attachment' not in disp:
                 charset = part.get_content_charset() or 'utf8'
                 # decode the base64 unicode bytestring into plain text
                 plain_body = part.get_payload(decode=True).decode(encoding=charset, errors="ignore")
                 # Add to list of plan text bodies
                 plain_bodies.append(plain_body)
-            if type == 'text/html' and 'attachment' not in disp:
+            if part_type == 'text/html' and 'attachment' not in disp:
                 charset = part.get_content_charset() or 'utf8'
                 # decode the base64 unicode bytestring into plain text
                 html_body = part.get_payload(decode=True).decode(encoding=charset, errors="ignore")
@@ -289,11 +289,15 @@ def _parse_multipart_msg(self, action_result, msg, email_details, extract_attach
             elif file_name and extract_attachments:
                 attach_resp = None
                 try:
+                    if part_type.startswith("message/"):
+                        content = part.get_payload(0).as_string()
+                    else:
+                        content = part.get_payload(decode=True)
                     # Create vault item with attachment payload
-                    attach_resp = Vault.create_attachment(part.get_payload(decode=True), container_id=container_id, file_name=file_name)
+                    attach_resp = Vault.create_attachment(content, container_id=container_id, file_name=file_name)
                 except Exception as e:
                     message = self._get_error_message_from_exception(e)
-                    self.error_print('Unable to add attachment: {} Error: {}').format(str(file_name), message)
+                    return action_result.set_status(phantom.APP_ERROR, f"Unable to add attachment: {file_name} Error: {message}")
                 if attach_resp.get('succeeded'):
                     # Create vault artifact
                     artifact = {
@@ -460,7 +464,7 @@ def _handle_get_email(self, param):
                     email_details_resp['parsed_plain_body'] = msg.get_payload(decode=True).decode(encoding=charset, errors="ignore")
                 except Exception as e:
                     message = self._get_error_message_from_exception(e)
-                    self.error_print("Unable to add email body: {}").format(message)
+                    self.error_print(f"Unable to add email body: {message}")
 
             action_result.add_data(email_details_resp)
 

gsgmail_consts.py

@@ -1,6 +1,6 @@
 # File: gsgmail_consts.py
 #
-# Copyright (c) 2017-2023 Splunk Inc.
+# Copyright (c) 2017-2024 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

gsgmail_get_email.html

@@ -10,7 +10,7 @@
 {% block widget_content %} <!-- Main Start Block -->
 
 <!-- File: gsgmail_get_email.html
-    Copyright (c) 2017-2023 Splunk Inc.
+    Copyright (c) 2017-2024 Splunk Inc.
     Licensed under the Apache License, Version 2.0 (the "License");
     you may not use this file except in compliance with the License.
     You may obtain a copy of the License at

gsgmail_list_users.html

@@ -10,7 +10,7 @@
 {% block widget_content %} <!-- Main Start Block -->
 
 <!-- File: gsgmail_list_users.html
-    Copyright (c) 2017-2023 Splunk Inc.
+    Copyright (c) 2017-2024 Splunk Inc.
     Licensed under the Apache License, Version 2.0 (the "License");
     you may not use this file except in compliance with the License.
     You may obtain a copy of the License at

gsgmail_process_email.py

@@ -1,6 +1,6 @@
 # File: gsgmail_process_email.py
 #
-# Copyright (c) 2017-2023 Splunk Inc.
+# Copyright (c) 2017-2024 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

gsgmail_view.py

@@ -1,6 +1,6 @@
 # File: gsgmail_view.py
 #
-# Copyright (c) 2017-2023 Splunk Inc.
+# Copyright (c) 2017-2024 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

manual_readme_content.md

@@ -0,0 +1,73 @@
+[comment]: # " File: README.md"
+[comment]: # "  Copyright (c) 2017-2023 Splunk Inc."
+[comment]: # ""
+[comment]: # "  Licensed under Apache 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt)"
+[comment]: # ""
+### Service Account
+
+This app requires a pre-configured service account to operate. Please follow the procedure outlined
+at [this link](https://support.google.com/a/answer/7378726?hl=en) to create a service account.  
+The following APIs will need to be enabled:
+
+-   AdminSDK
+-   GMail API
+
+At the end of the creation process, the admin console should ask you to save the config as a JSON
+file. Copy the contents of the JSON file in the clipboard and paste it as the value of the
+**key_json** asset configuration parameter.
+
+### Scopes
+
+Once the service account has been created and APIs enabled, the next step is to configure scopes on
+these APIs to allow the App to access them. Every action requires different scopes to operate, these
+are listed in the action documentation.  
+To enable scopes please complete the following steps:
+
+-   Go to your G Suite domain's [Admin console.](http://admin.google.com/)
+-   Select **Security** from the list of controls. If you don't see **Security** listed, select
+    **Show More** , then select **Security** from the list of controls. If you can't see the
+    controls, make sure you're signed in as an administrator for the domain.
+-   Select **API controls** in the **Access and data control** section.
+-   Select **MANAGE DOMAIN WIDE DELEGATIONS** in the **Domain wide delegation** section.
+-   Select **Add new** in the API clients section
+-   In the **Client ID** field enter the service account's **Client ID** . You can find your service
+    account's client ID in the [Service accounts credentials
+    page](https://console.developers.google.com/apis/credentials) or the service account JSON file
+    (key named **client_id** ).
+-   In the **One or More API Scopes** field enter the list of scopes that you wish to grant access
+    to the App. For example, to enable all the scopes required by this app enter:
+    https://mail.google.com/, https://www.googleapis.com/auth/admin.directory.user.readonly,
+    https://www.googleapis.com/auth/gmail.readonly
+-   Click **Authorize** .
+
+### On-Poll
+
+-   API provides created time of the email and gmail searches based on the received time of the
+    email.
+
+-   Use the large container numbers in asset to avoid any kind of data loss for emails which
+    received at the same time.
+
+      
+      
+      
+    **Configuration:**  
+
+<!-- -->
+
+-   label - To fetch the emails from the given folder name (default - all folders).  
+    **Note:-** Reply email in the email thread would not be ingested if you provide a specific label
+    in the configuration (eg. Inbox). It will ingest the reply email only if you leave the label
+    configuration parameter empty.  
+-   ingest_manner - To select the oldest first or newest first preference for ingestion (default -
+    oldest first).
+-   first_run_max_emails - Maximum containers to poll for the first scheduled polling (default -
+    1000).
+-   max_containers - Maximum containers to poll after the first scheduled poll completes (default -
+    100).
+-   extract_attachments - Extract all the attachments included in emails.
+-   download_eml_attachments - Downloads the EML file attached with the mail.
+-   extract_urls - Extracts the URLs present in the emails.
+-   extract_ips - Extracts the IP addresses present in the emails.
+-   extract_domains - Extract the domain names present in the emails.
+-   extract_hashes - Extract the hashes present in the emails (MD5).

release_notes/2.5.1.md

@@ -0,0 +1 @@
+* Fixed downloading `message/` attachment types [PAPP-33372]