fixed bug with form_powershell_command (demisto#38655)

drezvani · web-flow · commit b60fafb8b37c · 2025-02-24T10:47:22.000+02:00
* fixed bug with form_powershell_command

* added release notes

* added pack-ignore on unrelated warning
diff --git a/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py b/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py
@@ -2459,7 +2459,7 @@ def form_powershell_command(unescaped_string: str) -> str:
         else:
             escaped_string += char
 
-    return f"powershell -Command '{escaped_string}'"
+    return f"powershell -Command \"{escaped_string}\""
 
 
 def run_script_execute_commands_command(client: CoreClient, args: Dict) -> CommandResults:
diff --git a/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule_test.py b/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule_test.py
@@ -24,17 +24,17 @@
 POWERSHELL_COMMAND_CASES = [
     pytest.param(
         "Write-Output 'Hello, world, it`s me!'",
-        "powershell -Command 'Write-Output ''Hello, world, it`s me!'''",
+        "powershell -Command \"Write-Output ''Hello, world, it`s me!''\"",
         id='Hello World message',
     ),
     pytest.param(
         r"New-Item -Path 'C:\Users\User\example.txt' -ItemType 'File'",
-        "powershell -Command 'New-Item -Path ''C:\\Users\\User\\example.txt'' -ItemType ''File'''",
+        "powershell -Command \"New-Item -Path ''C:\\Users\\User\\example.txt'' -ItemType ''File''\"",
         id='New file in path with backslashes',
     ),
     pytest.param(
         "$message = 'This is a test with special chars: `&^%$#@!'; Write-Output $message",
-        "powershell -Command '$message = ''This is a test with special chars: `&^%$#@!''; Write-Output $message'",
+        "powershell -Command \"$message = ''This is a test with special chars: `&^%$#@!''; Write-Output $message\"",
         id='Special characters message',
     ),
     pytest.param(
@@ -46,11 +46,11 @@
             "$sessionId = $sessionInfo[2]; if ($users -contains $username) { logoff $sessionId } } }"
         ),
         (
-            "powershell -Command '$users = @(JohnDoe) -split '';''; query user | Select-Object -Skip 1 | "
+            "powershell -Command \"$users = @(JohnDoe) -split '';''; query user | Select-Object -Skip 1 | "
             "ForEach-Object { $sessionInfo = $_ -split ''\\s+'' | "
             "Where-Object { $_ -ne '''' -and $_ -notlike ''Disc'' }; "
             "if ($sessionInfo.Length -ge 6) { $username = $sessionInfo[0].TrimStart(''>''); "
-            "$sessionId = $sessionInfo[2]; if ($users -contains $username) { logoff $sessionId } } }'"
+            "$sessionId = $sessionInfo[2]; if ($users -contains $username) { logoff $sessionId } } }\""
         ),
         id='End RDP session for users',
     ),
diff --git a/Packs/Core/ReleaseNotes/3_2_25.md b/Packs/Core/ReleaseNotes/3_2_25.md
@@ -0,0 +1,10 @@
+
+#### Integrations
+
+##### Indicators detection
+
+- Updated the Cortex Core - fixed bug with powershell commands on *!core-run-script-execute-commands*.
+
+##### Investigation & Response
+
+- Updated the Cortex Core - fixed bug with powershell commands on *!core-run-script-execute-commands*.
diff --git a/Packs/Core/pack_metadata.json b/Packs/Core/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Core - Investigation and Response",
     "description": "Automates incident response",
     "support": "xsoar",
-    "currentVersion": "3.2.24",
+    "currentVersion": "3.2.25",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",
diff --git a/Packs/CortexXDR/ReleaseNotes/6_2_13.md b/Packs/CortexXDR/ReleaseNotes/6_2_13.md
@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### Palo Alto Networks Cortex XDR - Investigation and Response
+
+- Updated the Cortex XDR - fixed bug with powershell commands on *!core-run-script-execute-commands*.
diff --git a/Packs/CortexXDR/pack_metadata.json b/Packs/CortexXDR/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Cortex XDR by Palo Alto Networks",
     "description": "Automates Cortex XDR incident response, and includes custom Cortex XDR incident views and layouts to aid analyst investigations.",
     "support": "xsoar",
-    "currentVersion": "6.2.12",
+    "currentVersion": "6.2.13",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",
diff --git a/Packs/ctf01/.pack-ignore b/Packs/ctf01/.pack-ignore
@@ -22,3 +22,6 @@ CTF
 # GR103 is temporary, see CIAC-11705
 [file:playbook-Cortex_XDR_Alerts_Handling_CTF.yml]
 ignore=GR103,GR107
+
+[file:README.md]
+ignore=RM108
diff --git a/Packs/ctf01/ReleaseNotes/1_0_38.md b/Packs/ctf01/ReleaseNotes/1_0_38.md
@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### Cortex XDR - IR CTF
+
+- Updated the Cortex XDR - fixed bug with powershell commands on *!core-run-script-execute-commands*.
diff --git a/Packs/ctf01/pack_metadata.json b/Packs/ctf01/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Capture The Flag - 01",
     "description": "XSOAR's Capture the flag (CTF)",
     "support": "xsoar",
-    "currentVersion": "1.0.37",
+    "currentVersion": "1.0.38",
     "serverMinVersion": "8.2.0",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
