Refactor/date limit soc feedback command

[tomaskukk]

Contributing to Cortex XSOAR Content

Make sure to register your contribution by filling the contribution registration form

The Pull Request will be reviewed only after the contribution registration form is filled.

Status

• In Progress
• Ready
• In Hold - (Reason for hold)

Related Issues

fixes: No issue

Description

Added date parsing for the threat_feedback_reported_at_limit field which is used as an argument in a command. This allows users to pass the value in user-friendly formats.

Must have

• Tests
• Documentation

[content-bot]

Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @sapirshuker will know the proposed changes are ready to be reviewed.
For your convenience, here is a link to the contributions SLAs document.

[content-bot]

Hi @tomaskukk, thanks for contributing to the XSOAR marketplace. To receive credit for your generous contribution please follow this link.

[sapirshuker]

Hi @tomaskukk ,
Thank you for your contribution!
Good work :)
Please see my suggestions.
In addition please fix the pre-commit issues.
Please feel free to reach out to me with any questions - I'm available here or on slack :)
Thanks again

[sapirshuker]

Suggested change

	- Added support for more flexible date formats in the `threat_feedback_reported_at_limit` argument.
	- Added support for more flexible date formats in the *threat_feedback_reported_at_limit* argument in the ***hoxhunt-incident-soc-feedback-send*** command.

[sapirshuker]

You have the same functionality in the CommonServerPython timestamp_to_datestring and date_to_timestamp
These methods already exist, you can make use of them.

[tomaskukk]

The date_to_timestamp returns the date as int (so probably epoch unix timestamp), and timestamp_to_datestring takes in the date as int or str, so I would need to parse the datetime to int / str first.

Would using the built in strftime be okay here so no need to do extra conversions?

[sapirshuker]

According to the docs, timestamp_to_datestring parse timestamp (milliseconds) to a date string and takes str or int, str such as "1541494441222" and int such as 1541494441222
So you need to use date_to_timestamp in order to convert the date to milliseconds and timestamp_to_datestring in order to convert the milliseconds to iso format. Another way is to use date.isoformat()

[tomaskukk]

Hey @sapirshuker, I fixed the documentation suggestion and commented on the other comment. Pre-commit is passing now (the validation passed locally without issues but raised issues on CI, even with newest demisto-sdk version 🤔).

Should be good to be reviewed again!

[content-bot]

For the Reviewer: Trigger build request has been accepted for this contribution PR.

[content-bot]

For the Reviewer: Successfully created a pipeline in GitLab with url: https://gitlab.xdr.pan.local/xdr/cortex-content/content/-/pipelines/2604160

[sapirshuker]

Please add the section header to the to the beginning of the file

[tomaskukk]

Sure! (this was formatting work of demisto-sdk format)

[CLAassistant]

All committers have signed the CLA.

[sapirshuker]

Hi, thank you for your contribution! Did you notice the comment I wrote in response to your question? If not, I will write it again regarding the use of existing functions to convert the date to the requested format. Thank you! Waiting for your response.

[sapirshuker]

According to the docs, timestamp_to_datestring parse timestamp (milliseconds) to a date string and takes str or int, str such as "1541494441222" and int such as 1541494441222
So you need to use date_to_timestamp in order to convert the date to milliseconds and timestamp_to_datestring in order to convert the milliseconds to iso format. Another way is to use date.isoformat()

[tomaskukk]

Sorry I missed this comment completely earlier. I will fix it now!

[tomaskukk]

Done, used the date.isoformat!

[content-bot]

For the Reviewer: Trigger build request has been accepted for this contribution PR.

[content-bot]

For the Reviewer: Successfully created a pipeline in GitLab with url: https://gitlab.xdr.pan.local/xdr/cortex-content/content/-/pipelines/2625584

[content-bot]

For the Reviewer: Trigger build request has been accepted for this contribution PR.

[content-bot]

For the Reviewer: Successfully created a pipeline in GitLab with url: https://gitlab.xdr.pan.local/xdr/cortex-content/content/-/pipelines/2625588

[sapirshuker]

Hi @tomaskukk , thank you very much for the change, the contribution, and your patience. Working with dates can be frustrating and there are edge cases that need to be considered. While the contribution is short, we need to ensure that we are not causing bugs. We can schedule a meeting together to think about the solution together.

[sapirshuker]

We need to add this change to the readme file.

[tomaskukk]

Good point!

[sapirshuker]

Let's only change what's necessary for the command you want to modify (hoxhunt-incident-soc-feedback-send) to avoid from unwanted impacting on users.

[sapirshuker]

Let's only change what's necessary for the command you want to modify (hoxhunt-incident-soc-feedback-send) to avoid from unwanted impacting on users.

[sapirshuker]

Let's only change what's necessary for the command you want to modify (hoxhunt-incident-soc-feedback-send) to avoid from unwanted impacting on users.

[sapirshuker]

I tested your use case with the following code:

date_utc=dateparser.parse("2024-10-30T08:37:42.359Z") (as mentioned in the yml)
print(date_utc) >> 2024-10-30 08:37:42.359000+00:00
print(date_utc.isoformat(timespec='milliseconds')) >> 2024-10-30T08:37:42.359+00:00
print(date_utc.isoformat(timespec='milliseconds')+'Z') >> 2024-10-30T08:37:42.359+00:00Z

I don't think this is the wanted result, Please let me know if I'm wrong.
In addition when executing:
date_utc=dateparser.parse("7 days")
I get the result according to my timezone and you add "Z" to the output from "format_date_to_iso_string"
method meaning UTC so the the conversion is incorrect (What was also present before the change you made in the function format_date_to_iso_string in order to use the isoformat function).
Maybe let's figure out together what the use case and what we should do.
We can try and see if using the function arg_to_datetime can solve the problem for us.

[tomaskukk]

Good catch, it is not indeed the result we want. Seems like the unit tests didn't catch this, which I was relying in. I wonder if it would just be safest to use the custom formatting function that we already had in place, as in the original version of the pull request, as it's proven to work? Is there a specific reason we can't use that, which is proven at this point.

I did not go with the date_to_timestamp and timestamp_to_datestring functions because they lost milliseconds in the process.

[sapirshuker]

@tomaskukk
I saw your original solution but as I wrote, when you are executing:
date_utc=dateparser.parse("7 days")
You get the time in the current time zone, for example my timezone is GMT+2 the time now is 2025-03-05 13:41:10.382902
When executing date_utc=dateparser.parse("7 days") we get 2025-02-25 13:41:10.382902
Then print(date_utc.strftime('%Y-%m-%dT%H:%M:%S.%f')[:-3] + 'Z') as your original version you get >> 2025-02-25T13:41:10.382Z
mean the same time in UTC, I don't think this is the wanted result, Please let me know if I'm wrong.

date_7_days=dateparser.parse("7 Days") print(date_7_days) >>2025-02-25 13:41:10.382902 print(date_7_days.strftime('%Y-%m-%dT%H:%M:%S.%f')[:-3] + 'Z') >> 2025-02-25T13:41:10.382Z

[sapirshuker]

Hey @tomaskukk,
We have additional function from common server python named arg_to_datetime
Please check if this meets your need.

[tomaskukk]

Yeah that makes sense, I didn't realize in the beginning that the motivation of the comment was the timezone related issue 👍

I'll see and fix it (alongside the other comments)!