BUG: modify expert: fix setting non-string values

fixes #1460
certtools · Nov 11, 2019 · dd2d4c4 · dd2d4c4
1 parent 7d346f1
commit dd2d4c4
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 18 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -35,6 +35,7 @@ CHANGELOG
   - Save the `Tags` data as `source.geolocation.cc`.
 
 #### Experts
+- `intelmq.bots.experts.modify.expert`: Fix bug with setting non-string values (#1460).
 
 #### Outputs
 - `intelmq.bots.outputs.smtp`:

diff --git a/intelmq/bots/experts/modify/expert.py b/intelmq/bots/experts/modify/expert.py
@@ -96,9 +96,13 @@ def matches(self, identifier, event, condition):
 
     def apply_action(self, event, action, matches):
         for name, value in action.items():
-            event.add(name, value.format(msg=event,
-                                         matches={k: MatchGroupMapping(v)
-                                                  for (k, v) in matches.items()}),
+            try:
+                newvalue = value.format(msg=event,
+                                        matches={k: MatchGroupMapping(v)
+                                                 for (k, v) in matches.items()})
+            except AttributeError:  # value has ne format: int, bool etc
+                newvalue = value
+            event.add(name, newvalue,
                       overwrite=self.overwrite)
 
     def process(self):

diff --git a/intelmq/tests/bots/experts/modify/test_expert.py b/intelmq/tests/bots/experts/modify/test_expert.py
@@ -25,27 +25,29 @@
          {'source.port': 80, 'malware.name': 'zeus'},
          {'malware.name': 'xcodeghost'},
          {'malware.name': 'securityscorecard-someexample-value'},
-         {'malware.name': 'anyvalue'},
+         {'malware.name': 'anyvalue'},  # 5
+         {},
          {'source.tor_node': True},
          {'source.tor_node': False},
          {},
-         {'feed.accuracy': 5.22},
+         {'feed.accuracy': 5.22},  # 10
          {'feed.accuracy': 100},
-         {},
+         {'comment': 'integer value'},
          ]
 OUTPUT = [{'classification.identifier': 'feodo'},
           {'classification.identifier': 'foobar'},
           {'protocol.transport': 'tcp', 'protocol.application': 'http',
            'classification.identifier': 'zeus'},
           {'classification.identifier': 'xcodeghost'},
           {'classification.identifier': 'someexample-value'},
-          {'classification.identifier': 'anyvalue'},
+          {'classification.identifier': 'anyvalue'},  # 5
+          {'classification.type': 'vulnerable service'},
           {'event_description.text': 'This is a TOR node.'},
           {'event_description.text': 'This is not a TOR node.'},
           {'event_description.text': 'We don\'t know if this is a TOR node.'},
-          {'event_description.text': 'Accuracy is 10% or lower.'},
+          {'event_description.text': 'Accuracy is 10% or lower.'},  # 10
           {'event_description.text': 'Accuracy is the highest.'},
-          {'classification.type': 'vulnerable service'},
+          {'extra.test': 1, 'event_description.text': 'We don\'t know if this is a TOR node.'},
           ]
 for index in range(len(INPUT)):
     copy1 = EVENT_TEMPL.copy()
@@ -92,16 +94,16 @@ def test_conversion(self):
 
     def test_types(self):
         """
-        boolean etc
+        boolean, int etc
         """
         config_path = resource_filename('intelmq',
                                         'tests/bots/experts/modify/types.conf')
-        parameters = {'configuration_path': config_path}
-        self.input_message = INPUT[6:11]
-        self.allowed_warning_count = 1
-        self.prepare_bot(parameters=parameters)
-        self.run_bot(prepare=False, iterations=len(INPUT[6:11]))
-        for position, event_out in enumerate(OUTPUT[6:11]):
+        parameters = {'configuration_path': config_path,
+                      'overwrite': True}
+        self.input_message = INPUT[7:13]
+        self.run_bot(parameters=parameters,
+                     iterations=len(INPUT[7:13]))
+        for position, event_out in enumerate(OUTPUT[7:13]):
             self.assertMessageEqual(position, event_out)
 
     def test_overwrite(self):
@@ -110,10 +112,10 @@ def test_overwrite(self):
         """
         config_path = resource_filename('intelmq',
                                         'tests/bots/experts/modify/overwrite.conf')
-        self.input_message = EVENT_TEMPL
+        self.input_message = INPUT[6]
         self.allowed_warning_count = 1
         self.run_bot(parameters={'configuration_path': config_path})
-        self.assertMessageEqual(0, OUTPUT[11])
+        self.assertMessageEqual(0, OUTPUT[6])
 
     def test_overwrite_not(self):
         """

diff --git a/intelmq/tests/bots/experts/modify/types.conf b/intelmq/tests/bots/experts/modify/types.conf
@@ -43,5 +43,14 @@
         "then": {
             "event_description.text": "Accuracy is the highest."
         }
+    },
+    {
+        "rulename": "integer value",
+        "if": {
+            "comment": "integer value"
+        },
+        "then": {
+            "extra.test": 1
+        }
     }
 ]