Fix geomodel alert and update mozdef-util (#1614)

mozilla · Apr 29, 2020 · 7ef21bc · 7ef21bc
1 parent f246cc3
commit 7ef21bc
Show file tree

Hide file tree

Showing 6 changed files with 547 additions and 34 deletions.
diff --git a/alerts/geomodel/factors.py b/alerts/geomodel/factors.py
@@ -67,6 +67,7 @@ def factor(alert: Alert) -> Enhancement:
         asn_pairs = [
             (asn_info[i], asn_info[i + 1])
             for i in range(len(asn_info) - 1)
+            if asn_info[i] is not None and asn_info[i + 1] is not None
         ]
         asn_hops = [
             pair

diff --git a/mozdef_util/HISTORY.rst b/mozdef_util/HISTORY.rst
@@ -108,4 +108,9 @@ Add is_ip utility function
 3.0.4 (2019-09-19)
 ------------------
 
-* Added SubnetMatch query model
+* Added SubnetMatch query models
+
+3.0.5 (2020-04-29)
+------------------
+
+* Rewrite dict2List to improve correctness and generality
diff --git a/mozdef_util/mozdef_util/utilities/dict2List.py b/mozdef_util/mozdef_util/utilities/dict2List.py
@@ -1,33 +1,21 @@
-def dict2List(inObj):
-    '''given a dictionary, potentially with multiple sub dictionaries
-       return a list of the dict keys and values
+from datetime import datetime
+
+
+def dict2List(value):
+    '''Convert dictionaries into a list of keys and values,
+    with strings in lowercase and datetimes converted to isoformat.
     '''
-    if isinstance(inObj, dict):
-        for key, value in inObj.items():
-            if isinstance(value, dict):
-                for d in dict2List(value):
-                    yield d
-            elif isinstance(value, list):
-                yield key.lower()
-                for l in dict2List(value):
-                    yield l
-            else:
-                yield key.lower()
-                if isinstance(value, str):
-                    yield value.lower()
-                else:
-                    yield value
-    elif isinstance(inObj, list):
-        for v in inObj:
-            if isinstance(v, str):
-                yield v.lower()
-            elif isinstance(v, list):
-                for l in dict2List(v):
-                    yield l
-            elif isinstance(v, dict):
-                for l in dict2List(v):
-                    yield l
-            else:
-                yield v
+
+    if isinstance(value, dict):
+        for key, val in value.items():
+            yield from dict2List(key)
+            yield from dict2List(val)
+    elif isinstance(value, (list, tuple)):
+        for val in value:
+            yield from dict2List(val)
+    elif isinstance(value, datetime):
+        yield value.isoformat()
+    elif isinstance(value, str):
+        yield value.lower()
     else:
-        yield ''
+        yield value
diff --git a/mozdef_util/setup.py b/mozdef_util/setup.py
@@ -58,6 +58,6 @@
     test_suite='tests',
     tests_require=[],
     url='https://github.com/mozilla/MozDef/tree/master/lib',
-    version='3.0.4',
+    version='3.0.5',
     zip_safe=False,
 )
diff --git a/requirements.txt b/requirements.txt
@@ -20,7 +20,7 @@ ipwhois==0.15.0
 jmespath==0.9.3
 kombu==4.1.0
 mozdef-client==1.0.11
-mozdef-util==3.0.4
+mozdef-util==3.0.5
 netaddr==0.7.19
 oauth2client==1.4.12
 pyOpenSSL==18.0.0