Handle no threat verdict

OPSWAT · Aug 7, 2024 · c79bb44 · c79bb44
1 parent 01d52af
commit c79bb44
Show file tree

Hide file tree

Showing 4 changed files with 2,819 additions and 4 deletions.
diff --git a/metadefender_sandbox_result.py b/metadefender_sandbox_result.py
@@ -10,6 +10,7 @@
 FINAL_VERDICT_HEURISTIC_ID = {
     "benign": 1,
     "informational": 3,
+    "no_threat": 3,
     "unknown": 5,
     "suspicious": 7,
     "likely_malicious": 9,
@@ -19,6 +20,7 @@
 SIGNALS_HEURISTIC_ID = {
     "benign": 2,
     "informational": 4,
+    "no_threat": 4,
     "unknown": 6,
     "suspicious": 8,
     "likely_malicious": 10,

diff --git a/service_manifest.yml b/service_manifest.yml
@@ -20,7 +20,7 @@ enabled: true
 uses_metadata: true
 
 # -1000: safe
-# 0 - 299: informational
+# 0 - 299: no_threat/informational
 # 300 - 699: suspicious
 # 700 - 999: highly suspicious
 # >= 1000: malicious
@@ -36,15 +36,15 @@ heuristics:
     heur_id: 2
     name: Benign threat indicators
     score: -1000
-  - description: MetaDefender Sandbox determined that the file is informational/no threat.
+  - description: MetaDefender Sandbox determined that the file is no threat/informational.
     filetype: "*"
     heur_id: 3
     name: MetaDefender Sandbox verdict is no threat.
     score: 150
-  - description: MetaDefender Sandbox signal group is informational/no threat.
+  - description: MetaDefender Sandbox signal group is no threat/informational.
     filetype: "*"
     heur_id: 4
-    name: Informational threat indicators
+    name: No threat indicators
     score: 150
   - description: MetaDefender Sandbox determined that the file is unknown.
     filetype: "*"

diff --git a/tests/metadefender_sandbox_test.py b/tests/metadefender_sandbox_test.py
@@ -94,6 +94,31 @@ def test_parse_compact_result_informational():
         }
         assert target == compact_result
 
+    @staticmethod
+    def test_parse_compact_result_no_threat():
+        raw_response = (
+            (util_load_json("no_threat.json"))
+            .get("reports", {})
+            .get("357042f5-bbf9-4486-b7c4-351495a94a13", {})
+        )
+        compact_result = metadefender_sandbox_result.parse_compact_result(
+            raw_response,
+            "357042f5-bbf9-4486-b7c4-351495a94a13",
+            "66b3763be7dbbbdfcd0a6a96",
+        )
+        target = {
+            "Verdict": "NO_THREAT",
+            "Name": "gabi_bogre.png",
+            "File Magic": "image/png",
+            "SHA-256": "b280719e9f2dd010260e6a023e0d69c64fbee8b6cbb8669c722a1da8142d3325",
+            "Report ID": "357042f5-bbf9-4486-b7c4-351495a94a13",
+            "Submission ID": "66b3763be7dbbbdfcd0a6a96",
+            "Submission Date": "08/07/2024, 13:27:26",
+            "Tags": ["png"],
+            "MITRE Techniques": [],
+        }
+        assert target == compact_result
+
     @staticmethod
     def test_parse_compact_result_badfile2():
         raw_response = (