Merge pull request demisto#6 from qmasters-ltd/feature/attachment

Feature - Retrieve alert attachments
CyberInt · May 11, 2021 · 6ad4ab4 · 6ad4ab4
2 parents ebc78df + 410527d
commit 6ad4ab4
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 14 deletions.
diff --git a/Integrations/Cyberint/Cyberint.py b/Integrations/Cyberint/Cyberint.py
@@ -397,9 +397,6 @@ def create_fetch_incident_attachment(raw_response: Response, attachment_file_nam
 
     attachment_name = get_attachment_name(attachment_file_name)
     file_result = fileResult(filename=attachment_name, data=raw_response.content)
-    # check for error
-    if file_result["Type"] == EntryType.ERROR:
-        demisto.error(f'file result type error {file_result["Contents"]}')
 
     return {
         "path": file_result["FileID"],
@@ -507,6 +504,11 @@ def fetch_incidents(client: Client, last_run: Dict[str, int],
                         attachments.append(tmp_attachment)
 
         alert["attachments"] = attachments
+        alert_csv_id = alert.get('alert_data', {}).get('csv', {}).get('id', '')
+        if alert_csv_id:
+            extracted_csv_data = extract_data_from_csv_stream(client, alert_id,  # type: ignore
+                                                              alert_csv_id)
+            alert['alert_data']['csv'] = extracted_csv_data
 
         incident = {
             'name': f'Cyberint alert {alert_id}: {alert_title}',
@@ -517,12 +519,6 @@ def fetch_incidents(client: Client, last_run: Dict[str, int],
         }
         incidents.append(incident)
 
-        alert_csv_id = alert.get('alert_data', {}).get('csv', {}).get('id', '')
-        if alert_csv_id:
-            extracted_csv_data = extract_data_from_csv_stream(client, alert_id,  # type: ignore
-                                                              alert_csv_id)
-            alert['alert_data']['csv'] = extracted_csv_data
-
     if incidents:
         #  Update the time for the next fetch so that there won't be duplicates.
         last_incident_time = incidents[0].get('occurred', '')

diff --git a/Integrations/Cyberint/Cyberint_test.py b/Integrations/Cyberint/Cyberint_test.py
@@ -210,8 +210,15 @@ def test_extract_data_from_csv_stream(requests_mock):
 
 def test_cyberint_alerts_analysis_report_command(requests_mock):
     """
-    Adddd docs
-
+        Scenario: Retrieve expert analysis report.
+        Given:
+         - User has provided valid credentials and arguments.
+        When:
+         - A alerts-analysis-report is called and there analysis report reference in the response.
+        Then:
+         - Ensure that the return ContentsFormat of the file is 'text'.
+         - Ensure that the return Type is file.
+         - Ensure the name of the file.
     """
     from Cyberint import Client, cyberint_alerts_get_analysis_report_command
 
@@ -227,9 +234,16 @@ def test_cyberint_alerts_analysis_report_command(requests_mock):
 
 def test_cyberint_alerts_get_attachment_command(requests_mock):
     """
-    Add docs
-
-    """
+         Scenario: Retrieve alert attachment.
+         Given:
+          - User has provided valid credentials and arguments.
+         When:
+          - A alerts-get-attachment called and there attachments reference in the response.
+         Then:
+          - Ensure that the return ContentsFormat of the file is 'text'.
+          - Ensure that the return Type is file.
+          - Ensure the name of the file.
+     """
     from Cyberint import Client, cyberint_alerts_get_attachment_command
 
     png_content_mock = open('test_data/attachment_file_mock.png', 'rb')