Merge branch 'maintenance' into develop

certtools · Aug 30, 2021 · ce7ebca · ce7ebca
2 parents eaaaeb2 + 6634984
commit ce7ebca
Show file tree

Hide file tree

Showing 6 changed files with 56 additions and 7 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -90,6 +90,8 @@ CHANGELOG
  - Update filename mapping for changed filename of feed "Accessible-MSRDPUDP" (PR#2060 by abr4xc).
 
 #### Experts
+- `intelmq.bots.experts.gethostbyname.expert`: Handle numeric values for the `gaierrors_to_ignore` parameter (PR#2073 by Sebastian Wagner, fixes #2072).
+- `intelmq.bots.experts.filter.expert`: Fix handling of empty-string parameters `not_after` and `not_before` (PR#2075 by Sebastian Wagner, fixes #2074).
 
 #### Outputs
 - `intelmq.bots.outputs.mcafee.output_esm_ip`: Fix access to parameters, the bot wrongly used `self.parameters` (by Sebastian Wagner).

diff --git a/docs/dev/data-format.rst b/docs/dev/data-format.rst
@@ -156,8 +156,11 @@ The taxonomy can be automatically added by the taxonomy expert bot based on the
 
 In the "other" taxonomy, several types are not in the RSIT, but this taxonomy is intentionally extensible.
 
-Meaning of source, destination and local values for each classification type and possible identifiers. The identifier is often a normalized malware name, grouping many variants.
-+Examples of the meaning of the *source* and *destination* fields for each classification type and possible identifiers are shown here. Usually the main information is in the *source* fields. The identifier is often a normalized malware name, grouping many variants.
+Meaning of source and destination identities
+--------------------------------------------
+
+Meaning of source and destination identities for each classification type and possible ``classification.identifier`` meanings and usages. The identifier is often a normalized malware name, grouping many variants or the affected network protocol.
+Examples of the meaning of the *source* and *destination* fields for each classification type and possible identifiers are shown here. Usually the main information is in the *source* fields. The identifier is often a normalized malware name, grouping many variants.
 
 ======================= ================================================ ========================== ===========================
  Type Source Destination Possible identifiers

diff --git a/intelmq/bots/experts/filter/expert.py b/intelmq/bots/experts/filter/expert.py
@@ -43,9 +43,9 @@ def parse_timeattr(self, time_attr):
  return absolute
 
  def init(self):
- if self.not_after is not None:
+ if self.not_after:
  self.not_after = self.parse_timeattr(self.not_after)
- if self.not_before is not None:
+ if self.not_before:
  self.not_before = self.parse_timeattr(self.not_before)
 
  self.filter = True

diff --git a/intelmq/bots/experts/gethostbyname/expert.py b/intelmq/bots/experts/gethostbyname/expert.py
@@ -24,6 +24,7 @@
 """
 import socket
 
+from typing import Tuple
 from intelmq.lib.bot import ExpertBot
 from intelmq.lib.harmonization import URL
 from intelmq.lib.exceptions import InvalidArgument
@@ -32,16 +33,17 @@
 class GethostbynameExpertBot(ExpertBot):
  """Resolve the IP address for the FQDN"""
  fallback_to_url: bool = True
- gaierrors_to_ignore = ()
+ gaierrors_to_ignore: Tuple[int] = ()
  overwrite: bool = False
 
  def init(self):
  ignore = self.gaierrors_to_ignore
  if not ignore: # for null/None/empty lists or strings
  ignore = ()
  elif not isinstance(ignore, (list, tuple)):
- ignore = ignore.split(',')
- # otherwise a string
+ # convert to str to support int-input, e.g. a single value
+ ignore = str(ignore).split(',')
+ # otherwise an iterable (list)
  ignore = tuple(x.strip() for x in ignore)
  # check if every element is an integer:
  for x in ignore:

diff --git a/intelmq/tests/bots/experts/filter/test_empty_string_parameters.py b/intelmq/tests/bots/experts/filter/test_empty_string_parameters.py
@@ -0,0 +1,36 @@
+# SPDX-FileCopyrightText: 2021 Sebastian Wagner
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+# -*- coding: utf-8 -*-
+
+import unittest
+
+import intelmq.lib.test as test
+from intelmq.bots.experts.filter.expert import FilterExpertBot
+from .test_extra import EXAMPLE_INPUT
+
+
+class TestFilterExpertBot(test.BotTestCase, unittest.TestCase):
+ """
+ A TestCase for FilterExpertBot.
+ """
+
+ @classmethod
+ def set_bot(cls):
+ cls.bot_reference = FilterExpertBot
+ cls.input_message = EXAMPLE_INPUT
+ cls.sysconfig = {'filter_key': 'source.asn',
+ 'filter_value': '',
+ 'filter_action': 'drop',
+ 'not_before': '',
+ 'not_after': ''}
+
+ def test_empty_string_parameters(self):
+ self.run_bot()
+ # we actually only need to check if the bot does not fail
+ self.assertMessageEqual(0, EXAMPLE_INPUT)
+
+
+if __name__ == '__main__': # pragma: no cover
+ unittest.main()
diff --git a/intelmq/tests/bots/experts/gethostbyname/test_expert.py b/intelmq/tests/bots/experts/gethostbyname/test_expert.py
@@ -95,6 +95,12 @@ def test_existing_overwrite(self):
  self.run_bot(parameters={'overwrite': True})
  self.assertMessageEqual(0, EXAMPLE_OUTPUT)
 
+ def test_gaierrors_int(self):
+ """ Test an int value of gaierrors_to_ignore, as the manager automatically converts a single value to int. """
+ self.input_message = EXAMPLE_INPUT
+ self.run_bot(parameters={'gaierrors_to_ignore': -3})
+ # We only need to check for no errors
+
 
 if __name__ == '__main__': # pragma: no cover
  unittest.main()