Farsight DNSDB - Added handling for 404 and 400 responses (#1675)

saharsabban · web-flow · commit c606a6131690 · 2018-06-28T15:01:16.000+03:00
* Added handling for 404 and 400 responses

graceful handling of no inforamaion found condition
Also improved humanreadable for results

* fix commonfields

fix commonfields

* Added test plybook for DNSDB

Farsight DNSDB test playbook
diff --git a/Integrations/integration-DNSDB.yml b/Integrations/integration-DNSDB.yml
@@ -114,7 +114,8 @@ script:
             head+=key+'|';
             line+='-|';
         }
-        var md=head+'\n'+line+'\n';
+        var md = '### Farsight DNSDB\n';
+        md+=head+'\n'+line+'\n';
         for (var i = 0; i<data.length; i++) {
             md += '|';
             for (key in keys) {
@@ -144,6 +145,10 @@ script:
             params.useproxy
 
         );
+        if (res.StatusCode == 404 || res.StatusCode == 400) {
+            //null is returned while 404 returns error that stops playbook
+            return null;
+        }
         if (res.StatusCode < 200 || res.StatusCode>299) {
             throw 'Error ' + res.StatusCode + '. ' + res.Status;
         }
@@ -181,6 +186,10 @@ script:
             parameters.time_last_after = args.time_last_after*-1;
         }
         var res= sendRequest(requestUrl,parameters);
+        if (res === null) {
+            md = '### Farsight DNSDB: No information found on ' + args.value;
+            return { ContentsFormat: formats.markdown, Type: entryTypes.note, Contents: md } ;
+        }
         var md = dataToMd(api,res.entries);
         return {Type: entryTypes.note, Contents: res, ContentsFormat: formats.json, HumanReadable: md};
     }
@@ -255,4 +264,5 @@ script:
     - name: time_last_after
       description: Filter results for entries seen for last time after (seconds)
     description: Lookup rrser records
-hidden: false
+  runonce: false
+releaseNotes: "Added error handling of 404/400 response and improved human readable output." 
diff --git a/TestPlaybooks/playbook-DNSDB-Test.yml b/TestPlaybooks/playbook-DNSDB-Test.yml
@@ -0,0 +1,138 @@
+id: DNSDBTest
+version: -1
+name: DNSDBTest
+starttaskid: "0"
+tasks:
+  "0":
+    id: "0"
+    taskid: f50ccca6-eb90-4d74-8299-c128a80ccba9
+    type: start
+    task:
+      id: f50ccca6-eb90-4d74-8299-c128a80ccba9
+      version: -1
+      name: ""
+      iscommand: false
+      brand: ""
+    nexttasks:
+      '#none#':
+      - "1"
+    reputationcalc: 0
+    separatecontext: false
+    view: |-
+      {
+        "position": {
+          "x": 265,
+          "y": 50
+        }
+      }
+  "1":
+    id: "1"
+    taskid: 5e24c48c-eb4e-44d4-8d41-21dacb7caa99
+    type: regular
+    task:
+      id: 5e24c48c-eb4e-44d4-8d41-21dacb7caa99
+      version: -1
+      name: DeleteContext
+      description: Delete field from context
+      scriptName: DeleteContext
+      type: regular
+      iscommand: false
+      brand: ""
+    nexttasks:
+      '#none#':
+      - "2"
+      - "5"
+    scriptarguments:
+      all:
+        simple: "yes"
+      key: {}
+    reputationcalc: 0
+    separatecontext: false
+    view: |-
+      {
+        "position": {
+          "x": 265,
+          "y": 195
+        }
+      }
+  "2":
+    id: "2"
+    taskid: f459f09b-4032-4b43-89c7-c104653fc831
+    type: regular
+    task:
+      id: f459f09b-4032-4b43-89c7-c104653fc831
+      version: -1
+      name: dnsdb-rrset
+      description: Check IP reputation (when information is available, returns a JSON
+        with details).  Uses all configured Threat Intelligence feeds
+      script: Farsight DNSDB_copy|||dnsdb-rrset
+      type: regular
+      iscommand: true
+      brand: Farsight DNSDB_copy
+    scriptarguments:
+      bailiwick: {}
+      limit:
+        simple: "10"
+      owner:
+        simple: google.*
+      rrtype: {}
+      time_first_after: {}
+      time_first_before: {}
+      time_last_after: {}
+      time_last_before: {}
+    reputationcalc: 0
+    separatecontext: false
+    view: |-
+      {
+        "position": {
+          "x": -196,
+          "y": 446
+        }
+      }
+  "5":
+    id: "5"
+    taskid: edcdf841-173b-4e52-87ce-6a13b3920b05
+    type: regular
+    task:
+      id: edcdf841-173b-4e52-87ce-6a13b3920b05
+      version: -1
+      name: dnsdb-rdata
+      script: Farsight DNSDB_copy|||dnsdb-rdata
+      type: regular
+      iscommand: true
+      brand: Farsight DNSDB_copy
+    scriptarguments:
+      limit:
+        simple: "10"
+      rrtype: {}
+      time_first_after: {}
+      time_first_before: {}
+      time_last_after: {}
+      time_last_before: {}
+      type:
+        simple: name
+      value:
+        simple: youtube.com
+    reputationcalc: 0
+    separatecontext: false
+    view: |-
+      {
+        "position": {
+          "x": 740,
+          "y": 432
+        }
+      }
+view: |-
+  {
+    "linkLabelsPosition": {},
+    "paper": {
+      "dimensions": {
+        "height": 491,
+        "width": 1316,
+        "x": -196,
+        "y": 50
+      }
+    }
+  }
+inputs: []
+outputs: []
diff --git a/Tests/conf.json b/Tests/conf.json
@@ -352,6 +352,11 @@
         }
     ],
     "skipped": [
+        {
+
+            "integrations": "Farsight DNSDB",
+            "playbookID": "DNSDBTest"
+        },
         {
             "integrations": "Cybereason",
             "playbookID": "Cybereason Test"

Original file line number	Diff line number	Diff line change
`@@ -352,6 +352,11 @@`
`352`	`352`	`}`
`353`	`353`	`],`
`354`	`354`	`"skipped": [`
	`355`	`+ {`
	`356`	`+`
	`357`	`+ "integrations": "Farsight DNSDB",`
	`358`	`+ "playbookID": "DNSDBTest"`
	`359`	`+ },`
`355`	`360`	`{`
`356`	`361`	`"integrations": "Cybereason",`
`357`	`362`	`"playbookID": "Cybereason Test"`