Generic Webhook enhancements (#27478) (#27596)

* Added request header information to the rawJSON output.
Restructures the rawJSON output to include header and body details.

* Updated Release notes and pack_metadata.json

* Updated Release notes.

* Updated Release notes.

* Updated Release notes. Updated docker version.

* Adjusted raw_json output.
Aligned README.md and release note.

* Updated Docker Image

* Update Packs/GenericWebhook/ReleaseNotes/1_0_25.md



* Remove Authorization header details.

* Updated Known_Words in .pack-ignore

* Fixed header_name

* fixed secret_header

---------

Co-authored-by: Martin Ohl <[email protected]>
Co-authored-by: michal-dagan <[email protected]>

Packs/GenericWebhook/.pack-ignore

@@ -1,3 +1,6 @@
 [file:GenericWebhook.yml]
 ignore=BA124
 
+[known_words]
+Webhook
+rawJSON

Packs/GenericWebhook/Integrations/GenericWebhook/GenericWebhook.py

@@ -1,3 +1,4 @@
+import json
 from collections import deque
 from copy import copy
 from secrets import compare_digest
@@ -56,11 +57,14 @@ async def handle_post(
         credentials: HTTPBasicCredentials = Depends(basic_auth),
         token: APIKey = Depends(token_auth)
 ):
+    header_name = None
+    request_headers = dict(request.headers)
+
     credentials_param = demisto.params().get('credentials')
+
     if credentials_param and (username := credentials_param.get('identifier')):
         password = credentials_param.get('password', '')
         auth_failed = False
-        header_name = None
         if username.startswith('_header'):
             header_name = username.split(':')[1]
             token_auth.model.name = header_name
@@ -70,14 +74,18 @@ async def handle_post(
                                    and compare_digest(credentials.password, password))):
             auth_failed = True
         if auth_failed:
-            request_headers = dict(request.headers)
             secret_header = (header_name or 'Authorization').lower()
             if secret_header in request_headers:
                 request_headers[secret_header] = '***'
             demisto.debug(f'Authorization failed - request headers {request_headers}')
             return Response(status_code=status.HTTP_401_UNAUTHORIZED, content='Authorization failed.')
 
+    secret_header = (header_name or 'Authorization').lower()
+    request_headers.pop(secret_header, None)
+
     raw_json = incident.raw_json or await request.json()
+    raw_json['headers'] = request_headers
+
     incident = {
         'name': incident.name or 'Generic webhook triggered incident',
         'type': incident.type or demisto.params().get('incidentType'),

Packs/GenericWebhook/Integrations/GenericWebhook/GenericWebhook.yml

@@ -56,7 +56,7 @@ display: Generic Webhook
 name: Generic Webhook
 script:
   commands: []
-  dockerimage: demisto/fastapi:1.0.0.43666
+  dockerimage: demisto/fastapi:1.0.0.63688
   feed: false
   isfetch: false
   longRunning: true

Packs/GenericWebhook/Integrations/GenericWebhook/README.md

@@ -31,12 +31,12 @@ The examples below assume you invoke the integration via the server HTTPS endpoi
 ## Usage
 The Generic Webhook integration accepts POST HTTP queries, with the following optional fields in the request body:
 
-| **Field** | **Type** | **Description** |
-| --- | --- | --- |
-| name | string | Name of the incident to be created. |
-| type | string | Type of the incident to be created. If not provided, the value of the integration parameter ***Incident type*** will be used.  |
-| occurred | string | Date the incident occurred in ISO-8601 format. If not provided, the trigger time will be used. |
-| raw_json | object | Details of the incident to be created. For example, `{"field1":"value1","field2":"value2"}` |
+| **Field** | **Type** | **Description**                                                                                                                                                                   |
+| --- | --- |-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| name | string | Name of the incident to be created.                                                                                                                                               |
+| type | string | Type of the incident to be created. If not provided, the value of the integration parameter ***Incident type*** will be used.                                                     |
+| occurred | string | Date the incident occurred in ISO-8601 format. If not provided, the trigger time will be used.                                                                                    |
+| raw_json | object | Details of the incident to be created. Headers can be found in a seperate key. For example, `{"field1":"value1","field2":"value2","headers": {"header_field3": "header_value3"}}` |
 
 For example, the following triggers the webhook using cURL:
 

Packs/GenericWebhook/ReleaseNotes/1_0_25.md

@@ -0,0 +1,6 @@
+#### Integrations
+
+##### Generic Webhook
+
+- Updated the output to include a separate key for the request headers inside the rawJSON field.
+- Updated the Docker image to: *demisto/fastapi:1.0.0.63688*.

Packs/GenericWebhook/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Generic Webhook",
     "description": "The Generic Webhook integration is used to create incidents on event triggers.",
     "support": "xsoar",
-    "currentVersion": "1.0.24",
+    "currentVersion": "1.0.25",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",