Fix CS Falcon TPB and add them to nightly tests (demisto#42842)

* Add passing test to nightly

* Possible fix to unzip file

* Fix unzip to allow for spaces in entryID

* Add retrieve file to nightly

* Update conf.json

* revert file exclusion changes

* RN

* Trigger AI Reviewer

* Bump pack from version CommonScripts to 1.20.76.

* Add UT

* ruff

* Remove danny fried from owner file

---------

Co-authored-by: Content Bot <Content-Bot@users.noreply.github.com>
Co-authored-by: Content Bot <bot@demisto.com>

Author: 3 people

Packs/CommonScripts/ReleaseNotes/1_20_76.md

@@ -0,0 +1,6 @@
+
+#### Scripts
+
+##### UnzipFile
+
+- Fixed an issue where UnzipFile would crash if input had spaces.

Packs/CommonScripts/Scripts/UnzipFile/UnzipFile.py

@@ -1,5 +1,4 @@
 import os
-import shlex
 import shutil
 import sys
 import zipfile as z
@@ -124,10 +123,10 @@ def extract_using_unrar(file_path, dir_path, password=None):
     :param password: password if the zip file is encrypted
     """
     if password:
-        cmd = f"unrar x -p{password} {file_path} {dir_path}"
+        cmd = ["unrar", "x", f"-p{password}", file_path, dir_path]
     else:
-        cmd = f"unrar x -p- {file_path} {dir_path}"
-    process = Popen(shlex.split(cmd), stdout=PIPE, stderr=PIPE)
+        cmd = ["unrar", "x", "-p-", file_path, dir_path]
+    process = Popen(cmd, stdout=PIPE, stderr=PIPE)
     # process = Popen([cmd], shell=True, stdout=PIPE, stderr=PIPE)
     stdout, stderr = process.communicate()
     stdout = str(stdout)
@@ -141,13 +140,13 @@ def extract_using_unrar(file_path, dir_path, password=None):
 
 def extract_using_tarfile(file_path: str, dir_path: str, file_name: str) -> str:
     if ".tar.gz" in file_name:
-        cmd = f"tar -xzvf {file_path} -C {dir_path}"
+        cmd = ["tar", "-xzvf", file_path, "-C", dir_path]
     elif file_name.endswith(".tar"):
-        cmd = f"tar -xf {file_path} -C {dir_path}"
+        cmd = ["tar", "-xf", file_path, "-C", dir_path]
     else:
-        cmd = ""
+        cmd = []
         demisto.debug(f"{file_name=} didn't match any condition. {cmd=}")
-    process = Popen(shlex.split(cmd), stdout=PIPE, stderr=PIPE)
+    process = Popen(cmd, stdout=PIPE, stderr=PIPE)
     stdout, stderr = process.communicate()
     stdout = str(stdout)
     if stderr:
@@ -161,8 +160,8 @@ def extract_using_7z(file_path, dir_path, password=None):
     :param dir_path: directory that the file will be extract to
     :param password: password if the zip file is encrypted
     """
-    cmd = f"7z x -p{password} -o{dir_path} {file_path}"
-    process = Popen(shlex.split(cmd), stdout=PIPE, stderr=PIPE)
+    cmd = ["7z", "x", f"-p{password}", f"-o{dir_path}", file_path]
+    process = Popen(cmd, stdout=PIPE, stderr=PIPE)
     # process = Popen([cmd], shell=True, stdout=PIPE, stderr=PIPE)
     stdout, stderr = process.communicate()
     stdout = str(stdout)

Packs/CommonScripts/Scripts/UnzipFile/UnzipFile_test.py

@@ -240,7 +240,7 @@ def test_archive_with_slash_in_path():
 
 @pytest.fixture
 def mock_popen():
-    with patch('UnzipFile.Popen') as mock:
+    with patch("UnzipFile.Popen") as mock:
         yield mock
 
 
@@ -263,7 +263,7 @@ def test_extract_with_errors_in_stdout(mock_popen):
     mock_process = MagicMock()
     mock_process.communicate.return_value = (
         b"Hello_World_Errors.yml\nHello_World.yml",  # stdout
-        b""  # stderr (no error)
+        b"",  # stderr (no error)
     )
 
     # Mock the Popen constructor to return our mock process
@@ -282,3 +282,35 @@ def test_extract_with_errors_in_stdout(mock_popen):
     assert "Hello_World.yml" in result
 
 
+def test_unzip_with_space_in_path(mocker):
+    """
+    Given
+    - A zip file path with spaces
+    - empty folder _dir
+    When
+    - run extract on that zip file
+    Then
+    - ensure the command passed to Popen is a list and contains the path correctly (not split)
+    """
+    import UnzipFile as unzip
+
+    # Given
+    zip_path = "/path/to/directory with spaces/test.zip"
+    zipped_file_object = {"name": "test.zip", "path": zip_path}
+    _dir = "/tmp/extract_dir"
+
+    # Mock Popen
+    mock_popen = mocker.patch.object(unzip, "Popen")
+    mock_process = MagicMock()
+    mock_process.communicate.return_value = (b"", b"")
+    mock_popen.return_value = mock_process
+
+    # When
+    extract(zipped_file_object, _dir, zip_tool="7z")
+
+    # Then
+    args, _ = mock_popen.call_args
+    cmd_list = args[0]
+
+    assert isinstance(cmd_list, list)
+    assert zip_path in cmd_list

Packs/CommonScripts/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Common Scripts",
     "description": "Frequently used scripts pack.",
     "support": "xsoar",
-    "currentVersion": "1.20.75",
+    "currentVersion": "1.20.76",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Tests/conf.json

@@ -6399,6 +6399,9 @@
         "Whois A new layout implemented with python-whois service",
         "Detonate URL - WildFire-v2 - Test",
         "CrowdStrike Falcon Basic Test",
+        "Test Playbook - CrowdStrike Falcon - Get Endpoint Forensics Data",
+        "Test Playbook - CrowdStrike Falcon - Retrieve File",
+        "Test Playbook - CrowdStrike Falcon Malware - Verify Containment Actions",
         "TestDemistoRestAPI",
         "Test XDR Playbook execute script commands",
         "Test XDR Playbook quarantine file command",