intelmq icon indicating copy to clipboard operation
intelmq copied to clipboard
verified publisher icon certtools

Shadowserver updates

Open monoidic opened this issue 4 years ago • 4 comments

This PR:

  • adds support for the IPv6 variants of the telnet and Poodle feeds from Shadowserver
  • makes the tag attribute of some feeds to the extra.tag field of the corresponding event if it can contain non-constant data, e.g plex for the SSDP feed rather than ssdp, or a supplementary iot tag for the FTP and telnet feeds or vpn for FREAK
  • adds tests for the v6 variants of the feeds + fixes test_broken, which was broken by the addition of the new optional extra.tag field

monoidic avatar Nov 24 '21 12:11 monoidic

Looks good semantically. If someone can verify the correctness and ~donates a changelog line~ (fixed), this is ready for merge.

makes the tag attribute of some feeds to the extra.tag field of the corresponding event if it can contain non-constant data, e.g plex for the SSDP feed rather than ssdp, or a supplementary iot tag for the FTP and telnet feeds or vpn for FREAK

IIRC all fields which were not mapped explicitly, are saved in extra implicitly. So this changes "just" makes it explicit. https://github.com/certtools/intelmq/blob/7ebb8e16d821c372a44b077dd18a151c07f75807/intelmq/bots/parsers/shadowserver/parser.py#L202-L209

sebix avatar Nov 26 '21 09:11 sebix

Codecov Report

Merging #2124 (467a36d) into develop (7ebb8e1) will increase coverage by 0.03%. The diff coverage is 100.00%.

@@             Coverage Diff             @@
##           develop    #2124      +/-   ##
===========================================
+ Coverage    75.94%   75.98%   +0.03%     
===========================================
  Files          440      442       +2     
  Lines        23624    23662      +38     
  Branches      3153     3439     +286     
===========================================
+ Hits         17941    17979      +38     
  Misses        4952     4952              
  Partials       731      731
Impacted Files Coverage Δ
intelmq/bots/parsers/shadowserver/_config.py 98.73% <ø> (ø)
...lmq/tests/bots/parsers/shadowserver/test_broken.py 100.00% <100.00%> (ø)
...bots/parsers/shadowserver/test_scan6_ssl_poodle.py 100.00% <100.00%> (ø)
...sts/bots/parsers/shadowserver/test_scan6_telnet.py 100.00% <100.00%> (ø)

codecov-commenter avatar Nov 29 '21 07:11 codecov-commenter

@elsif2 for review

sebix avatar Jul 01 '22 15:07 sebix

The above changes are superseded by #2143.

elsif2 avatar Jul 01 '22 15:07 elsif2

@elsif2 Reminder on this PR as well.

sebix avatar Aug 22 '22 10:08 sebix

Thank you for your contribution. This PR has been obsoleted by recent updates. All Shadowserver reports are now supported in the current develop branch and will be included in the 3.1.0 release.

elsif2 avatar Aug 22 '22 14:08 elsif2