Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ValidationError: 1 validation error for URLReputationResult #141

Closed
joelwking opened this issue Sep 11, 2023 · 2 comments
Closed

ValidationError: 1 validation error for URLReputationResult #141

joelwking opened this issue Sep 11, 2023 · 2 comments

Comments

@joelwking
Copy link

Using: pangea-sdk 2.2.1

It appears the Python SDK may not be properly validating results for URLs that are not malicious.

from pangea.config import PangeaConfig
from pangea.services import UrlIntel
from pangea.tools import logger_set_pangea_config
config = PangeaConfig(domain='aws.us.pangea.cloud')
intel = UrlIntel("redacted", config=config, logger_name="intel")

## tftp://harry/vpn/ECTW/beta837-vpn-confg

params= dict(url="tftp://harry/vpn/ECTW/beta837-vpn-confg", provider='crowdstrike', verbose=True, raw=True)
>>> response = intel.reputation(**params)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/opt/pangea/lib/python3.10/site-packages/pangea/services/intel.py", line 685, in reputation
    return self.request.post("v1/reputation", URLReputationResult, data=input.dict(exclude_none=True))
  File "/opt/pangea/lib/python3.10/site-packages/pangea/request.py", line 114, in post
    pangea_response = PangeaResponse(requests_response, result_class=result_class)
  File "/opt/pangea/lib/python3.10/site-packages/pangea/response.py", line 122, in __init__
    self.result_class(**self.raw_result)
  File "/opt/pangea/lib/python3.10/site-packages/pydantic/main.py", line 341, in __init__
    raise validation_error
pydantic.error_wrappers.ValidationError: 1 validation error for URLReputationResult
data -> category
  none is not an allowed value (type=type_error.none.not_allowed)

http://113.235.101.11

>>> params= dict(url="http://113.235.101.11", provider='crowdstrike', verbose=True, raw=True)
>>> response = intel.reputation(**params)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/opt/pangea/lib/python3.10/site-packages/pangea/services/intel.py", line 685, in reputation
    return self.request.post("v1/reputation", URLReputationResult, data=input.dict(exclude_none=True))
  File "/opt/pangea/lib/python3.10/site-packages/pangea/request.py", line 114, in post
    pangea_response = PangeaResponse(requests_response, result_class=result_class)
  File "/opt/pangea/lib/python3.10/site-packages/pangea/response.py", line 122, in __init__
    self.result_class(**self.raw_result)
  File "/opt/pangea/lib/python3.10/site-packages/pydantic/main.py", line 341, in __init__
    raise validation_error
pydantic.error_wrappers.ValidationError: 1 validation error for URLReputationResult
data -> category
  none is not an allowed value (type=type_error.none.not_allowed)

http://113.235.101.11:54384

>>> params= dict(url="http://113.235.101.11:54384", provider='crowdstrike', verbose=True, raw=True)
>>> response = intel.reputation(**params)
>>> response.summary
'URL was found: malicious with score 100'
@joelwking
Copy link
Author

Issue has been resolved on backend side. Url Intel service return empty list and SDK should work as expected now. Please let us know if you still see the issue.

It works now:

  data:
    request_id: prq_rmfpij2prsfmw7a423ox5rvsa7ctc2pe
    request_time: '2023-09-11T20:37:37.145558Z'
    response_time: '2023-09-11T20:37:37.157947Z'
    result:
      data:
        category: []
        score: -1
        verdict: unknown
      parameters:
        provider: crowdstrike
        raw: true
        url: tftp://harry/vpn/ECTW/beta837-vpn-confg
        verbose: true
      raw_data:
        confidence: ''
        deleted: false
        domain_types: null
        indicator: tftp://harry/vpn/ECTW/beta837-vpn-confg
        ip_address_types: null
        kill_chains: null
        labels: null
        malware_families: null
        published: 0
        threat_types: null
        type: ''
        updated: 0
        vulnerabilities: null
    status: Success
    summary: Url was not found

@joelwking
Copy link
Author

Tested and working.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant