Skip to content

MS CTIP Azure feed invalid hostname filtering #2144

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jan 31, 2022
Merged

MS CTIP Azure feed invalid hostname filtering #2144

merged 4 commits into from
Jan 31, 2022

Conversation

@monoidic
Copy link
Contributor

@monoidic monoidic commented Jan 27, 2022

In some cases, the CTIP Azure feed payload JSON section contains an IP address in Payload.domain, which gets mapped into destination.fqdn, but IP addresses are not valid FQDNs and hence said events are dumped. This PR adds explicit FQDN validation for Payload.domain, discarding invalid values.

@sebix sebix added bug Indicates an unexpected problem or unintended behavior component: bots labels Jan 27, 2022
sebix
sebix requested changes Jan 27, 2022
View reviewed changes
@sebix sebix added this to the 3.1.0 milestone Jan 27, 2022
@monoidic @sebix
Add suggested change from sebix
fbf4e56 
Co-authored-by: Sebastian <sebix@sebix.at>
@codecov-commenter
Copy link

codecov-commenter commented Jan 27, 2022
edited
Loading

Codecov Report

Merging #2144 (ea749b4) into develop (6991597) will increase coverage by 0.00%.
The diff coverage is 100.00%.

@@           Coverage Diff            @@
##           develop    #2144   +/-   ##
========================================
  Coverage    75.93%   75.93%           
========================================
  Files          440      440           
  Lines        23630    23633    +3     
  Branches      3439     3441    +2     
========================================
+ Hits         17943    17946    +3     
  Misses        4956     4956           
  Partials       731      731
Impacted Files Coverage Δ
...s/bots/parsers/microsoft/test_parser_ctip_azure.py 100.00% <ø> (ø)
intelmq/bots/parsers/microsoft/parser_ctip.py 86.51% <100.00%> (+0.47%) ⬆️

@sebix sebix merged commit 169aab7 into certtools:develop Jan 31, 2022
@ClevenL ClevenL mentioned this pull request Apr 27, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sebix sebix sebix approved these changes

@waldbauer-certat waldbauer-certat waldbauer-certat approved these changes

Assignees

No one assigned

Labels

bug Indicates an unexpected problem or unintended behavior component: bots

Projects

None yet

Milestone

3.1.0

Development

Successfully merging this pull request may close these issues.

4 participants

@monoidic @codecov-commenter @sebix @waldbauer-certat