search

certtools / intelmq

IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
https://docs.intelmq.org/latest/
GNU Affero General Public License v3.0
975 stars 296 forks source link

'NoneType' object is not iterable #1603

Closed chappi6 closed 4 years ago

chappi6 commented 4 years ago

I am currently writing a new Parser which iterates through a json dict. After reaching the last entry of the dict i get this message. 

Bot has found a problem.
Traceback (most recent call last):
  File "/opt/intelmq/venv36/lib64/python3.6/site-packages/intelmq/lib/bot.py", line 267, in start
    self.process()
  File "/opt/intelmq/venv36/lib64/python3.6/site-packages/intelmq/lib/bot.py", line 942, in process
    for line in self.parse(report):
TypeError: 'NoneType' object is not iterable

My bot looks like this: 

def parse_line(self, report):
self.logger.info('Bot start processing.')
raw_report = utils.base64_decode(report.get("raw"))
jsondict = json.loads(raw_report)

for line in jsondict:
                                event = self.new_event(report)
                                cat = line["c"]
                                self.logger.info(cat)
                                self.logger.info(line["d"])
                                if cat is 'Malware Zero Day' or 'Malware':
                                        event.add('classification.type' ,'malware')
                                        event.add('source.fqdn' ,line["d"])
                                elif cat is 'Phising':
                                        event.add('classification.type' ,'phising')
                                        event.add('source.fqdn' ,line["d"])
                                elif cat is 'New Cracked Site' or 'Cracked Site':
                                        event.add('classification.type' ,'infected-system')
                                        event.add('source.fqdn' ,line["d"])
                                elif cat is 'Command and Control Traffic':
                                        event.add('classification.type' ,'c2server')
                                        event.add('source.fqdn' ,line["d"])
                                else:
                                        self.logger.info("Ungeparste message line['c']")
ghost commented 4 years ago

What is the input message?

chappi6 commented 4 years ago

The message looks like this: 

 [{"c": "Command and Control Traffic", "d": "sloveni.info"}, ....... ,{"c": "Malware Zero Day", "d": "go.xsuad.com"}]
chappi6 commented 4 years ago

today I have seen an other error message . So it seems that I just forgot to one parameter for parse_line .