ProofPointPS - New Actions Addded#951
Conversation
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request significantly expands the functionality of the ProofPointPS integration by introducing a suite of new actions for managing quarantined emails. Additionally, it refactors the core architecture to improve modularity and maintainability, ensuring the integration follows current development standards. These changes enhance the overall capability of the integration to handle complex security workflows. Highlights
New Features🧠 You can now enable Memory (public preview) to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. Footnotes
|
There was a problem hiding this comment.
Code Review
This pull request upgrades the ProofPointPS integration to version 8.0, introducing several new actions to manage quarantined emails (Search, Release, Delete, Resubmit, Move, Forward, and Download) and refactoring existing actions (Enrich Entities and Ping) to use a new base action class and API client. The review feedback highlights a copy-paste error in the Enrich Entities output message, style guide violations regarding Ping action output formats, path handling using pathlib.Path in the Download action, and missing JSON result examples. Additionally, the reviewer recommends adding a unit test suite and avoiding generic exceptions in the Delete action.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
|
❌ Integration Tests Failed Click to view the full report🧩 proof_point_ps
❌ Failed Teststests/test_actions/test_enrich_entities.py::TestEnrichEntities::test_enrich_host_success |
|
❌ Integration Tests Failed Click to view the full report🧩 proof_point_ps
❌ Failed Teststests/test_actions/test_enrich_entities.py::TestEnrichEntities::test_enrich_host_success |
1dbe3bd to
79593cb
Compare
|
❌ Integration Tests Failed Click to view the full report🧩 proof_point_ps
❌ Failed Teststests/test_actions/test_enrich_entities.py::TestEnrichEntities::test_enrich_host_success |
79593cb to
c851e71
Compare
|
❌ Integration Tests Failed Click to view the full report🧩 proof_point_ps
❌ Failed Teststests/test_actions/test_enrich_entities.py::TestEnrichEntities::test_enrich_host_success |
c851e71 to
1285f7d
Compare
|
❌ Integration Tests Failed Click to view the full report🧩 proof_point_ps
❌ Failed Teststests/test_actions/test_enrich_entities.py::TestEnrichEntities::test_enrich_host_success |
1285f7d to
e40ea46
Compare
|
❌ Integration Tests Failed Click to view the full report🧩 proof_point_ps
❌ Failed Teststests/test_actions/test_enrich_entities.py::TestEnrichEntities::test_enrich_host_success |
e40ea46 to
83fb451
Compare
|
/gemini review |
|
Warning Gemini encountered an error creating the review. You can try again by commenting |
|
/gemini review |
|
Warning Gemini encountered an error creating the review. You can try again by commenting |
a0c164d to
cfe6491
Compare
|
/gemini review |
|
Warning Gemini encountered an error creating the review. You can try again by commenting |
KrishnaSharma06
left a comment
There was a problem hiding this comment.
SecOps Code Re-Review: Most comments are resolved. Just one remaining type incompatibility issue causing mypy to fail.
|
❌ Integration Tests Failed Click to view the full report🧩 proof_point_ps
❌ Failed Teststests/test_actions/test_delete_quarantined_email.py::TestDeleteQuarantinedEmail::test_delete_success |
|
❌ Integration Tests Failed Click to view the full report🧩 proof_point_ps
❌ Failed Teststests/test_actions/test_delete_quarantined_email.py::TestDeleteQuarantinedEmail::test_delete_success |
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request upgrades the Proofpoint Email Protection (ProofPointPS) integration to version 8.0, refactoring the codebase to use a modular core API client and adding seven new actions for managing quarantined emails, complete with HTML widgets and unit tests. The code review identified several important issues: a potential AttributeError in the API client when parsing non-dictionary JSON responses, dead exception-handling code in the download action due to incorrect inheritance ordering, and silent failures in the delete action when handling multiple GUIDs. Additionally, the reviewer pointed out style guide violations regarding the mandatory soar_sdk.* namespace for SDK imports and the requirement that successful queries with empty results must return a successful execution state.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
AmitJ98
left a comment
There was a problem hiding this comment.
Code Review Feedback
Overall, the PR is well-structured and introduces useful actions for managing quarantined emails. However, there are a few significant issues related to performance and code duplication that should be addressed:
1. Inefficient Search/Validation by GUID (Major Performance Issue)
In several places, the code fetches up to 30 days of emails (for sender *) and filters them locally in Python instead of passing the guid to the Proofpoint API. This will cause slow execution, large memory usage, potential timeouts, and missed records if the API truncates the result set (due to limits).
Affected Files:
content/response_integrations/google/proof_point_ps/core/base_action.py(_validate_folder_and_guids)content/response_integrations/google/proof_point_ps/core/api_client.py(get_record_by_guid)content/response_integrations/google/proof_point_ps/actions/search_quarantined_emails.py(Local filtering forguidandmsgid)content/response_integrations/google/proof_point_ps/actions/delete_quarantined_email.py(Duplicated logic)
Recommendation:
Since api_client.search() already accepts guid and msgid as parameters, you should pass these directly to the API in your search calls. For example, instead of fetching all emails in a folder and iterating through them, you should query the specific guid:
records = self.api_client.search(guid=guid, folder=folder_name)In search_quarantined_emails.py, ensure that self.params.guid and self.params.msgid are passed to self.api_client.search() rather than filtering the list in Python afterwards.
2. Code Duplication
The delete_quarantined_email.py action contains a nearly exact inline copy of the _validate_folder_and_guids logic that is already implemented in base_action.py.
Recommendation:
Refactor delete_quarantined_email.py to use self._validate_folder_and_guids(guids, folder_name) directly, just as move_quarantined_email.py and forward_quarantined_email.py do.
3. Brittle Error Handling
In actions like delete_quarantined_email.py, forward_quarantined_email.py, and move_quarantined_email.py, the error handling checks strings like:
if "deletedfolder" in str(e):Recommendation:
If the Proofpoint API modifies its error message text, these checks will break. If the API provides specific status codes or error identifiers in the JSON response, it is much safer to rely on those rather than substring matches of the error message text.
Proofpoint PS FR for new actions.
Bug ID: b/509660833
Checklist:
Please ensure you have completed the following items before submitting your PR.
This helps us review your contribution faster and more efficiently.
General Checks:
Open-Source Specific Checks:
For Google Team Members and Reviewers Only: