DomainTools Expert Bot (initial version) #1004
Conversation
Codecov Report
@@ Coverage Diff @@
## develop #1004 +/- ##
===========================================
+ Coverage 75.8% 78.06% +2.26%
===========================================
Files 216 223 +7
Lines 9108 9136 +28
Branches 1215 0 -1215
===========================================
+ Hits 6904 7132 +228
- Misses 1920 2004 +84
+ Partials 284 0 -284
Continue to review full report at Codecov.
|
aaronkaplan
force-pushed
the
domaintools-expert
branch
11 times, most recently
from
e848623
to
5972061
Compare
aaronkaplan
force-pushed
the
domaintools-expert
branch
from
5972061
to
5348b39
Compare
|
pls review |
| score = self.domaintools_get_score(event.get(key_fqdn)) | ||
| if score is not None: | ||
| extra["domaintools_score"] = score | ||
| event.add("extra", extra) |
There was a problem hiding this comment.
This fails if extra is already present, with force it would overwrite existing data
|
|
||
| try: | ||
| score = resp['risk_score'] | ||
| except exceptions.NotFoundException: |
There was a problem hiding this comment.
you can use except (exceptions.NotFoundException, exceptions.BadRequestException)
|
|
||
| def domaintools_get_score(self, fqdn): | ||
| score = None | ||
| if fqdn: |
There was a problem hiding this comment.
That's already checked in the process() method
| except exceptions.NotFoundException: | ||
| score = None | ||
| except exceptions.BadRequestException: | ||
| score = None |
There was a problem hiding this comment.
If nothing is returned explicitly, the return value is None anyway
| "extra": '{"domaintools_score": 0}', | ||
| "time.observation": "2015-01-01T00:00:00+00:00" | ||
| } | ||
| NONEXISTING_INPUT = {"__type": "Event", |
There was a problem hiding this comment.
Actually the lib raises the BadRequestException for this test which is not equivalent to 'not existing', but the result is similar.
| @classmethod | ||
| def set_bot(self): | ||
| self.bot_reference = DomaintoolsExpertBot | ||
| self.sysconfig = {'user': 'mkendrick_first2017', 'password': 'c0e4e-e2527-dc6af-824a4-229d5'} |
| self.logger.info("Loading Domaintools expert.") | ||
| if (not API): | ||
| self.logger.exception("need to have the domaintools API installed. See https://github.com/domaintools/python_api") | ||
| self.stop() |
There was a problem hiding this comment.
Wrong usage of logger.exception. It prints the traceback of a fromerly catched exception.
Replace both lines with raise ValueError("your error message"). The bot class performs the stop itself.
| self.logger.exception("need to have the domaintools API installed. See https://github.com/domaintools/python_api") | ||
| self.stop() | ||
| if (not self.parameters.user): | ||
| self.logger.exception("need to specify user for domaintools expert in runtime.conf. Exiting") |
There was a problem hiding this comment.
Missing dot at end of line. And you can remove the "Exiting", that's done by the bot class.
| score = resp['risk_score'] | ||
| except exceptions.NotFoundException: | ||
| score = None | ||
| except exceptions.BadRequestException: |
There was a problem hiding this comment.
Is a bad request really the same as no result? Just raise the error, so the bot can retry.
ghost
removed their assignment
Done |
|
Do you want to work on these issues or should I revise this bot? |
I did some work on this one. Waiting confirmation from @aaronkaplan |
SYNchroACK
changed the title
Applied improvements on DomainTools Expert
ghost
self-assigned this
|
I don't have an API key, so can't test this at the moment |
|
Closing because of inactivity. Please reopen if needed. |
ghost
closed this
|
definitely needed. Reopening. |
ghost
marked this pull request as draft
|
Is this PR still being worked on? |
ghost
removed their assignment
demo of how to use the domaintools expert to fetch scoring for a domain