Add log message in olletools script (#34488)

* overwrite check method * remove unnecessary import * add log wrapper * add log msg * RN * docker * rn * cr fix * fix RN message * capture all logs * fix UT
demisto · May 26, 2024 · d56b0ca · d56b0ca
1 parent 7569633
commit d56b0ca
Show file tree

Hide file tree

Showing 5 changed files with 38 additions and 13 deletions.
diff --git a/Packs/Oletools/ReleaseNotes/1_0_6.md b/Packs/Oletools/ReleaseNotes/1_0_6.md
@@ -0,0 +1,7 @@
+
+#### Scripts
+
+##### Oletools
+
+- Improved the message returned to the War Room when running the ***Oletools*** command with a corrupted file.
+- Updated the Docker image to: *demisto/parse-emails:1.0.0.95052*.
diff --git a/Packs/Oletools/Scripts/OletoolsScript/OletoolsScript.py b/Packs/Oletools/Scripts/OletoolsScript/OletoolsScript.py
@@ -1,15 +1,32 @@
 import demistomock as demisto  # noqa: F401
 from CommonServerPython import *  # noqa: F401
-import oletools.oleid
-from oletools.olevba import VBA_Parser
+
 import subprocess
-from oletools import crypto
 import os
 import hashlib
-# suppress logs from oletools
 import logging
-vba_logger = logging.getLogger("olevba")
-vba_logger.setLevel(logging.CRITICAL)
+
+
+class CustomHandler(logging.Handler):
+    def __init__(self):
+        super().__init__()
+        self.last_log_msg = None
+
+    def emit(self, record):
+        self.last_log_msg = record.msg
+
+    def get_last_log_msg(self):
+        return self.last_log_msg
+
+
+custom_handler = CustomHandler()
+root_logger = logging.getLogger()
+root_logger.addHandler(custom_handler)
+root_logger.setLevel(logging.DEBUG)
+
+# should be imported after adding log handler to the root logger
+from oletools import crypto, oleid  # noqa: E402
+from oletools.olevba import VBA_Parser  # noqa: E402
 
 
 class OleClient:
@@ -77,7 +94,7 @@ def replace_space_with_underscore(indicator: str):
         return indicator.replace(' ', '_')
 
     def oleid(self):
-        oid = oletools.oleid.OleID(self.processed_file_path)
+        oid = oleid.OleID(self.processed_file_path)
         indicators = oid.check()
         indicators_list = []
         dbot_score = None
@@ -208,7 +225,8 @@ def main():  # pragma: no cover
         ole_client = OleClient(file_info, ole_command, password=password, decoded=show_decoded)
         return_results(ole_client.run())
     except Exception as e:
-        return_error(f'The script failed with the following error:\n {e}')
+        return_error(f'The script failed with the following error:\n {e}'
+                     f'\n Logs form oletools:\n {custom_handler.get_last_log_msg()}')
 
 
 if __name__ in ('__builtin__', 'builtins', '__main__'):

diff --git a/Packs/Oletools/Scripts/OletoolsScript/OletoolsScript.yml b/Packs/Oletools/Scripts/OletoolsScript/OletoolsScript.yml
@@ -125,7 +125,7 @@ outputs:
 - contextPath: DBotScore.Score
   description: The actual score.
 subtype: python3
-dockerimage: demisto/parse-emails:1.0.0.87403
+dockerimage: demisto/parse-emails:1.0.0.95052
 tests:
 - No tests (auto formatted)
 fromversion: 6.5.0
diff --git a/Packs/Oletools/Scripts/OletoolsScript/OletoolsScript_test.py b/Packs/Oletools/Scripts/OletoolsScript/OletoolsScript_test.py
@@ -13,10 +13,10 @@ def test_oleid(caplog):
     ole_client = OleClient({
         'path': 'test_data/ActiveBarcode-Demo-Bind-Text.docm',
         'name': 'ActiveBarcode-Demo-Bind-Text.docm'}, 'oleid')
-    caplog.clear()
     cr = ole_client.run()
     assert cr.outputs == oleid_output
     assert cr.readable_output == read_file('test_data/oleid_readable.md')
+    caplog.clear()
 
 
 def test_oleobj():
@@ -32,20 +32,20 @@ def test_olevba(caplog):
     ole_client = OleClient({
         'path': 'test_data/ActiveBarcode-Demo-Bind-Text.docm',
         'name': 'ActiveBarcode-Demo-Bind-Text.docm'}, 'olevba')
-    caplog.clear()
     cr = ole_client.run()
     assert cr.outputs == olevba_otuput
     assert cr.readable_output == read_file('test_data/olevba_readable.md')
+    caplog.clear()
 
 
 def test_oleid_decrypted(caplog):
     ole_client = OleClient({
         'path': 'test_data/protected.docm',
         'name': 'ActiveBarcode-Demo-Bind-Text.docm'}, 'oleid', '123123')
-    caplog.clear()
     cr = ole_client.run()
     assert cr.outputs == oleid_decrypted_output
     assert cr.readable_output == read_file('test_data/oleid_decrypted_readable.md')
+    caplog.clear()
 
 
 @pytest.mark.parametrize('password, non_secret_password, returned_password',

diff --git a/Packs/Oletools/pack_metadata.json b/Packs/Oletools/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Oletools",
     "description": "Oletools pack allows performing some basic oletools commands from Cortex XSOAR. oletools is a tool to analyze Microsoft OLE2 files",
     "support": "xsoar",
-    "currentVersion": "1.0.5",
+    "currentVersion": "1.0.6",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",