fix: Correct isBlacklisted() return logic in OTX module #758
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
fix: Correct inverted return values in isBlacklisted() function The isBlacklisted() function had inverted logic - it returned False when a value was found in the blacklist and True when not found. This caused all non-blacklisted results to be filtered out throughout the module. Fixed by correcting the return values: - Returns True when value is found in blacklist (was False) - Returns False when value is not in blacklist (was True) This fixes enrichment failures in: - IP passive DNS lookups (getIP function) - Hash malware domain lookups (getHash function) - Domain enrichment (getDomain function) Tested with IP address passive DNS enrichment and confirmed hostnames are now returned correctly from the OTX API.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Fixed a bug in the OTX module where the
isBlacklisted()function had inverted return values, preventing the module from returning valid enrichment results.Issue
The
isBlacklisted()function returnedFalsewhen a value was found in the blacklist andTruewhen not found. This caused all non-blacklisted results to be filtered out across the entire module.Impact
Changes
Corrected the
isBlacklisted()function return values:Truewhen value is found in blacklist (wasFalse)Falsewhen value is not in blacklist (wasTrue)Testing
Tested with IP address
193.24.123.207using the OTX API. Confirmed that passive DNS hostnames are now correctly returned instead of empty results.Example
Before fix:
{"results": []}After fix: Returns 100+ passive DNS hostnames associated with the IP