search

mlsecproject / combine

Tool to gather Threat Intelligence indicators from publicly available sources
https://www.mlsecproject.org/
GNU General Public License v3.0
652 stars 179 forks source link

Set dnsdb to None if we don't have an API key #97

Closed krmaxwell closed 9 years ago

krmaxwell commented 9 years ago

Otherwise we get a bunch of HTTP Error 403: forbidden errors from requesting with an invalid API key.

alexcpsec commented 9 years ago

I like the spirit, but I would implement this differently:

1) I would make the dnsdb_query.DnsdbClient(server, api) function itself validate the API key and server with a test query (idk, google.com). If the test fails, either the server is bad or the api key is bad, so you should return None.

2) Your check for dnsdb = None is actually taking off ALL the enrichments, not just the dnsdb part. So maybe the solution is have the enrich_IPv4 check for the None object and just "null out" the data related to dnsdb IPv4 enrichments

krmaxwell commented 9 years ago

Ready for testing again.

alexcpsec commented 9 years ago

@technoskald this is :shipit: for me.