Merge pull request #8 from CybercentreCanada/update/trusted

Do not report if trusted
CybercentreCanada · May 25, 2022 · eece907 · eece907
2 parents 255b737 + 2c5fad4
commit eece907
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 5 deletions.
diff --git a/intezer_static.py b/intezer_static.py
@@ -250,14 +250,19 @@ def execute(self, request: ServiceRequest) -> None:
             request.result = result
             return
 
-        if main_api_result.get("verdict") in Verdicts.NOT_SUPPORTED_VERDICTS.value:
+        verdict = main_api_result.get("verdict")
+        if verdict in Verdicts.NOT_SUPPORTED_VERDICTS.value:
             self.log.debug(f"Unsupported file type: {request.file_type}")
             request.result = result
             return
-        elif main_api_result.get("verdict") == AnalysisStatusCode.FAILED.value:
+        elif verdict == AnalysisStatusCode.FAILED.value:
             self.log.warning("The Intezer server is not feeling well :(")
             request.result = result
             return
+        elif verdict in Verdicts.TRUSTED_VERDICTS.value:
+            self.log.debug(f"The verdict was {verdict}. No need to report it.")
+            request.result = result
+            return
 
         analysis_id = main_api_result["analysis_id"]
 
@@ -281,7 +286,7 @@ def execute(self, request: ServiceRequest) -> None:
 
         # Setting heuristic here to avoid FPs
         if main_kv_section.subsections:
-            self._set_heuristic_by_verdict(main_kv_section, main_api_result["verdict"])
+            self._set_heuristic_by_verdict(main_kv_section, verdict)
 
         if main_kv_section.subsections or main_kv_section.heuristic:
             result.add_section(main_kv_section)
@@ -339,8 +344,6 @@ def _set_heuristic_by_verdict(
             result_section.set_heuristic(1)
         elif verdict in Verdicts.SUSPICIOUS_VERDICTS.value:
             result_section.set_heuristic(2)
-        elif verdict in Verdicts.TRUSTED_VERDICTS.value:
-            self.log.debug(f"The verdict was {verdict}. Can we do something with this?")
 
     def _process_iocs(
         self,

diff --git a/tests/test_intezer_static.py b/tests/test_intezer_static.py
@@ -320,6 +320,9 @@ def test_execute(sample, intezer_static_class_instance, dummy_api_interface_clas
         mocker.patch.object(ALIntezerApi, "get_latest_analysis", return_value={"verdict": "failed"})
         intezer_static_class_instance.execute(service_request)
 
+        mocker.patch.object(ALIntezerApi, "get_latest_analysis", return_value={"verdict": "trusted"})
+        intezer_static_class_instance.execute(service_request)
+
     @staticmethod
     def test_get_analysis_metadata(intezer_static_class_instance, dummy_api_interface_class, mocker):
         from intezer_static import ALIntezerApi