search

TheHive-Project / Cortex-Analyzers

Cortex Analyzers Repository
https://TheHive-Project.github.io/Cortex-Analyzers/
GNU Affero General Public License v3.0
423 stars 372 forks source link

[Bug] Fortiguard parser error #1228

Open ebdavison opened 9 months ago

ebdavison commented 9 months ago

Describe the bug Trying to run Fortiguard URL Categorizer and get the following error:

Traceback (most recent call last):
  File "/worker/Fortiguard/urlcategory.py", line 53, in <module>
    URLCategoryAnalyzer().run()
  File "/worker/Fortiguard/urlcategory.py", line 44, in run
    'category': category_match.group(1)
                ^^^^^^^^^^^^^^^^^^^^
AttributeError: 'NoneType' object has no attribute 'group'

To Reproduce Steps to reproduce the behavior:

  1. enable FortiGuard_URL_Category
  2. analyze URL

Expected behavior A category is returned from the analyzer.

Complementary information If applicable, add screenshots and any additional information that might help explain your problem.

Work environment

Possible solutions If applicable, indicate possible solutions to the problem.

Additional context Add any other context about the problem here.

scove commented 9 months ago

Think I see the issue here. Are you able to adjust the input and run it successfully on different URLs by any chance?

ebdavison commented 8 months ago

I think I can try a different URL. What is needed?

ghalib-bello commented 5 months ago

I delved further into the source of the error, and it seems to be because requests are being blocked by fortiguard, as a result the request output is <Response [403]>. Since the subsequent line in the code (category_match = re.search(pattern, req.text, flags=0)) erroneously assumes the request was successful (and not <Response [403]>), category_match ends up being None - hence the observed AttributeError above