Merge pull request #9 from polarityio/develop

Fix hash lookups, bump dependencies
polarityio · Feb 2, 2024 · 69939b4 · 69939b4
2 parents d184eb7 + f48d303
commit 69939b4
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 14 deletions.
diff --git a/integration.js b/integration.js
@@ -181,13 +181,32 @@ function doIndicatorLookups(entityType, entityValues, options, cb) {
     }
     if (Array.isArray(result.body)) {
       result.body.forEach((indicatorResult) => {
-        const entityValue = get(indicatorResult, 'value.name', '').toLowerCase();
-        const entity = entityLookup.get(entityValue);
+        let entityValue = get(indicatorResult, 'value.name', '').toLowerCase();
+        let entity = entityLookup.get(entityValue);
         if (!entity) {
+          //The primary hash entity value returned from Analyst1 might not match with the hash value the user is
+          // specifically looking for.  The entity may have associated values that matches with the value
+          // being searched.  As an example, the user may be searching for a SHA256 hash value, but the Analyst1
+          // primary value for that SHA256 is a MD5.  This logic will ensure those results are still returned.
+          if (Array.isArray(indicatorResult.hashes)) {
+            const matchingHash = indicatorResult.hashes.find((hash) => {
+              return entityLookup.has(hash.value.toLowerCase());
+            });
+
+            if (matchingHash) {
+              const matchingHashLower = matchingHash.value.toLowerCase();
+
+              entityValue = matchingHashLower;
+              entity = entityLookup.get(matchingHashLower);
+            }
+          }
+
           // somehow the returned entity value does not match anything in our entity lookup so
           // we just skip it
-          Logger.error({ indicatorResult }, 'Indicator Result is missing `value.name`');
-          return;
+          if (!entity) {
+            Logger.error({ indicatorResult }, 'Indicator Result is missing `value.name`');
+            return;
+          }
         }
         entityLookup.delete(entityValue);
         const details = _getDetails(entity, indicatorResult, options);
@@ -462,7 +481,10 @@ function addEvidence(indicator, evidence, tlp, options, cb) {
       evidenceFileClassification: '',
       sourceId: options.evidenceSourceId,
       evidenceFile: {
-        value: Buffer.from(`Evidence for ${indicator}\nSubmitted from Polarity Analyst1 Integration\n\n${evidence}`, 'utf-8'),
+        value: Buffer.from(
+          `Evidence for ${indicator}\nSubmitted from Polarity Analyst1 Integration\n\n${evidence}`,
+          'utf-8'
+        ),
         options: {
           filename: `polarity-${+new Date()}.txt`,
           contentType: 'text/plain'
@@ -578,11 +600,11 @@ function validateOptions(options, cb) {
     });
   }
 
-  if(options.enableEvidenceSubmission.value === true &&
-      +options.evidenceSourceId.value <= -1){
+  if (options.enableEvidenceSubmission.value === true && +options.evidenceSourceId.value <= -1) {
     errors.push({
       key: 'evidenceSourceId',
-      message: 'Evidence source id must be set to a number greater than or equal to zero.  Delete the option value to specify an unknown source.'
+      message:
+        'Evidence source id must be set to a number greater than or equal to zero.  Delete the option value to specify an unknown source.'
     });
   }
 

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,10 +1,10 @@
 {
   "name": "analyst1",
-  "version": "3.5.4",
+  "version": "3.5.5",
   "main": "./integration.js",
   "private": true,
   "dependencies": {
-    "async": "^3.2.4",
+    "async": "^3.2.5",
     "lodash.groupby": "^4.6.0",
     "lodash.get": "^4.4.2",
     "postman-request": "^2.88.1-postman.33"