Fix feed misp bug (#27748)

* commit * fix bug in FeedMISP * add RN * fix UT and update docker * update RN * fix UT * Update 1_0_23.md minor TW edits * commit --------- Co-authored-by: julieschwartz18 <[email protected]>
demisto · Jun 27, 2023 · 898f9e6 · 898f9e6
1 parent 6d0e708
commit 898f9e6
Show file tree

Hide file tree

Showing 5 changed files with 80 additions and 9 deletions.
diff --git a/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.py b/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.py
@@ -348,10 +348,7 @@ def fetch_indicators(client: Client,
                      feed_tags: Optional[List],
                      limit: int = -1,
                      is_fetch: bool = True) -> List[Dict]:
-    if query:
-        params_dict = clean_user_query(query)
-    else:
-        params_dict = build_params_dict(tags, attribute_type)
+    params_dict = clean_user_query(query) if query else build_params_dict(tags, attribute_type)
 
     response = client.search_query(params_dict)
     indicators_iterator = build_indicators_iterator(response, url)
@@ -485,7 +482,7 @@ def update_indicator_fields(indicator_obj: Dict[str, Any], tlp_color: Optional[s
     if tlp_color:
         indicator_obj['fields']['trafficlightprotocol'] = tlp_color
 
-    if tags:
+    if tags or feed_tags:
         handle_tags_fields(indicator_obj, tags, feed_tags)
 
     if 'md5' in raw_type or 'sha1' in raw_type or 'sha256' in raw_type:

diff --git a/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.yml b/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.yml
@@ -159,7 +159,7 @@ script:
   script: '-'
   type: python
   subtype: python3
-  dockerimage: demisto/python3:3.10.11.61265
+  dockerimage: demisto/python3:3.10.12.63474
 fromversion: 5.5.0
 tests:
 - MISPfeed Test

diff --git a/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP_test.py b/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP_test.py
@@ -4,13 +4,14 @@
 
 from CommonServerPython import DemistoException, ThreatIntel
 from FeedMISP import clean_user_query, build_indicators_iterator, \
-    handle_file_type_fields, get_galaxy_indicator_type, build_indicators_from_galaxies, update_indicators_iterator
+    handle_file_type_fields, get_galaxy_indicator_type, build_indicators_from_galaxies, update_indicators_iterator, \
+    update_indicator_fields
 
 
 def test_build_indicators_iterator_success():
     """
      Given
-         - A list of attributes returned from MISP
+        - A list of attributes returned from MISP
      When
          - Attributes are well formed
      Then
@@ -370,3 +371,70 @@ def test_update_indicators_iterator_indicators_before_timestamp_different_query(
     mocker.patch.object(demisto, 'getLastRun', return_value={'timestamp': '4', 'params': old_query})
     added_indicators_iterator = update_indicators_iterator(indicators_iterator, query, True)
     assert added_indicators_iterator == indicators_iterator
+
+
+@pytest.mark.parametrize(
+    "indicator, feed_tags, expected_calls",
+    [
+        (
+            {
+                "value": "some_value",
+                "type": "IP",
+                "service": "MISP",
+                "fields": {},
+                "rawJSON": {
+                    "value": {
+                        "Tag": [
+                            {
+                                "name": 'misp-galaxy:mitre-attack-pattern="Some Value - R1234"',
+                            }
+                        ]
+                    }
+                },
+            },
+            None,
+            1,
+        ),
+        (
+            {
+                "value": "some_value",
+                "type": "IP",
+                "service": "MISP",
+                "fields": {},
+                "rawJSON": {"value": {}},
+            },
+            ["test", "test2"],
+            1,
+        ),
+        (
+            {
+                "value": "some_value",
+                "type": "IP",
+                "service": "MISP",
+                "fields": {},
+                "rawJSON": {"value": {}},
+            },
+            None,
+            0,
+        ),
+    ],
+)
+def test_update_indicator_fields(
+    mocker, indicator: dict, feed_tags: list | None, expected_calls: int
+):
+    """
+    Given:
+        - indicator and feed_tags argument
+    When:
+        - the update_indicator_fields function runs
+    Then:
+        - Ensure the update_indicator_fields function is called
+          if the feed_tags argument is passed even though the indicator has no tag.
+        - Ensure the update_indicator_fields function is called when the indicator has tag.
+        - Ensure the update_indicator_fields function is not called
+          when the indicator has no tag and no feed_tags argument is sent.
+    """
+    handle_tags_fields_mock = mocker.patch("FeedMISP.handle_tags_fields")
+
+    update_indicator_fields(indicator, None, "test", feed_tags)
+    assert handle_tags_fields_mock.call_count == expected_calls
diff --git a/Packs/FeedMISP/ReleaseNotes/1_0_23.md b/Packs/FeedMISP/ReleaseNotes/1_0_23.md
@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### MISP Feed
+- Fixed an issue where the ***fetch-indicators*** command did not tag according to the *Tags* parameter if the indicator did not have a tag.
+- Updated the Docker image to: *demisto/python3:3.10.12.63474*.
diff --git a/Packs/FeedMISP/pack_metadata.json b/Packs/FeedMISP/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "MISP Feed",
     "description": "Indicators feed from MISP",
     "support": "xsoar",
-    "currentVersion": "1.0.22",
+    "currentVersion": "1.0.23",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",