diff --git a/intezer_static.py b/intezer_static.py index ba8dcc1..56a0ab0 100644 --- a/intezer_static.py +++ b/intezer_static.py @@ -250,14 +250,19 @@ def execute(self, request: ServiceRequest) -> None: request.result = result return - if main_api_result.get("verdict") in Verdicts.NOT_SUPPORTED_VERDICTS.value: + verdict = main_api_result.get("verdict") + if verdict in Verdicts.NOT_SUPPORTED_VERDICTS.value: self.log.debug(f"Unsupported file type: {request.file_type}") request.result = result return - elif main_api_result.get("verdict") == AnalysisStatusCode.FAILED.value: + elif verdict == AnalysisStatusCode.FAILED.value: self.log.warning("The Intezer server is not feeling well :(") request.result = result return + elif verdict in Verdicts.TRUSTED_VERDICTS.value: + self.log.debug(f"The verdict was {verdict}. No need to report it.") + request.result = result + return analysis_id = main_api_result["analysis_id"] @@ -281,7 +286,7 @@ def execute(self, request: ServiceRequest) -> None: # Setting heuristic here to avoid FPs if main_kv_section.subsections: - self._set_heuristic_by_verdict(main_kv_section, main_api_result["verdict"]) + self._set_heuristic_by_verdict(main_kv_section, verdict) if main_kv_section.subsections or main_kv_section.heuristic: result.add_section(main_kv_section) @@ -339,8 +344,6 @@ def _set_heuristic_by_verdict( result_section.set_heuristic(1) elif verdict in Verdicts.SUSPICIOUS_VERDICTS.value: result_section.set_heuristic(2) - elif verdict in Verdicts.TRUSTED_VERDICTS.value: - self.log.debug(f"The verdict was {verdict}. Can we do something with this?") def _process_iocs( self, diff --git a/tests/test_intezer_static.py b/tests/test_intezer_static.py index a966c49..2565b8c 100755 --- a/tests/test_intezer_static.py +++ b/tests/test_intezer_static.py @@ -320,6 +320,9 @@ def test_execute(sample, intezer_static_class_instance, dummy_api_interface_clas mocker.patch.object(ALIntezerApi, "get_latest_analysis", return_value={"verdict": "failed"}) intezer_static_class_instance.execute(service_request) + mocker.patch.object(ALIntezerApi, "get_latest_analysis", return_value={"verdict": "trusted"}) + intezer_static_class_instance.execute(service_request) + @staticmethod def test_get_analysis_metadata(intezer_static_class_instance, dummy_api_interface_class, mocker): from intezer_static import ALIntezerApi