From 9223d9f57e1a568a17209ce6c79fbc2613c28f86 Mon Sep 17 00:00:00 2001
From: Andrew Jung <100274701+ajung44@users.noreply.github.com>
Date: Thu, 1 Feb 2024 16:59:15 -0500
Subject: [PATCH 1/3] Fix bug where integration returns no result if the lookup
 value is not the indicator's primary value, and instead alternative value
 listed (#8)

Co-authored-by: Seok Jung <seok.jung@thops.io>
---
 integration.js | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/integration.js b/integration.js
index 5d0b3bd..6e39351 100644
--- a/integration.js
+++ b/integration.js
@@ -181,13 +181,27 @@ function doIndicatorLookups(entityType, entityValues, options, cb) {
     }
     if (Array.isArray(result.body)) {
       result.body.forEach((indicatorResult) => {
-        const entityValue = get(indicatorResult, 'value.name', '').toLowerCase();
-        const entity = entityLookup.get(entityValue);
+        let entityValue = get(indicatorResult, 'value.name', '').toLowerCase();
+        let entity = entityLookup.get(entityValue);
         if (!entity) {
+          //The primary entity value returned from Analyst1 might not match with the entity value user is specifically looking for
+          //The entity may have associated values that matches with the value being searched
+          if (indicatorResult.hashes) {
+            indicatorResult.hashes.forEach(hash => {
+              const hashValue = entityLookup.get(hash.value.toLowerCase());
+              if (hashValue) {
+                entityValue = hash.value.toLowerCase();
+                entity = hashValue;
+              }
+            })
+          }
+
           // somehow the returned entity value does not match anything in our entity lookup so
           // we just skip it
-          Logger.error({ indicatorResult }, 'Indicator Result is missing `value.name`');
-          return;
+          if (!entity) {
+            Logger.error({ indicatorResult }, 'Indicator Result is missing `value.name`');
+            return;
+          }
         }
         entityLookup.delete(entityValue);
         const details = _getDetails(entity, indicatorResult, options);

From e847f465d468b9c519a5fe7e85c97dcbf3a2b61d Mon Sep 17 00:00:00 2001
From: Ed <ed@polarity.io>
Date: Thu, 1 Feb 2024 22:25:50 -0500
Subject: [PATCH 2/3] Refactor hash search

---
 integration.js | 36 ++++++++++++++++++++++--------------
 1 file changed, 22 insertions(+), 14 deletions(-)

diff --git a/integration.js b/integration.js
index 6e39351..d914088 100644
--- a/integration.js
+++ b/integration.js
@@ -184,16 +184,21 @@ function doIndicatorLookups(entityType, entityValues, options, cb) {
         let entityValue = get(indicatorResult, 'value.name', '').toLowerCase();
         let entity = entityLookup.get(entityValue);
         if (!entity) {
-          //The primary entity value returned from Analyst1 might not match with the entity value user is specifically looking for
-          //The entity may have associated values that matches with the value being searched
-          if (indicatorResult.hashes) {
-            indicatorResult.hashes.forEach(hash => {
-              const hashValue = entityLookup.get(hash.value.toLowerCase());
-              if (hashValue) {
-                entityValue = hash.value.toLowerCase();
-                entity = hashValue;
-              }
-            })
+          //The primary hash entity value returned from Analyst1 might not match with the hash value the user is
+          // specifically looking for.  The entity may have associated values that matches with the value
+          // being searched.  As an example, the user may be searching for a SHA256 hash value, but the Analyst1
+          // primary value for that SHA256 is a MD5.  This logic will ensure those results are still returned.
+          if (Array.isArray(indicatorResult.hashes)) {
+            const matchingHash = indicatorResult.hashes.find((hash) => {
+              return entityLookup.has(hash.value.toLowerCase());
+            });
+
+            if (matchingHash) {
+              const matchingHashLower = matchingHash.value.toLowerCase();
+
+              entityValue = matchingHashLower;
+              entity = entityLookup.get(matchingHashLower);
+            }
           }
 
           // somehow the returned entity value does not match anything in our entity lookup so
@@ -476,7 +481,10 @@ function addEvidence(indicator, evidence, tlp, options, cb) {
       evidenceFileClassification: '',
       sourceId: options.evidenceSourceId,
       evidenceFile: {
-        value: Buffer.from(`Evidence for ${indicator}\nSubmitted from Polarity Analyst1 Integration\n\n${evidence}`, 'utf-8'),
+        value: Buffer.from(
+          `Evidence for ${indicator}\nSubmitted from Polarity Analyst1 Integration\n\n${evidence}`,
+          'utf-8'
+        ),
         options: {
           filename: `polarity-${+new Date()}.txt`,
           contentType: 'text/plain'
@@ -592,11 +600,11 @@ function validateOptions(options, cb) {
     });
   }
 
-  if(options.enableEvidenceSubmission.value === true &&
-      +options.evidenceSourceId.value <= -1){
+  if (options.enableEvidenceSubmission.value === true && +options.evidenceSourceId.value <= -1) {
     errors.push({
       key: 'evidenceSourceId',
-      message: 'Evidence source id must be set to a number greater than or equal to zero.  Delete the option value to specify an unknown source.'
+      message:
+        'Evidence source id must be set to a number greater than or equal to zero.  Delete the option value to specify an unknown source.'
     });
   }
 

From f48d30381b1672a2004663b2ca5e6145864d42b5 Mon Sep 17 00:00:00 2001
From: Ed <ed@polarity.io>
Date: Thu, 1 Feb 2024 22:25:59 -0500
Subject: [PATCH 3/3] Bump to 3.5.5 and update dependencies

---
 package-lock.json | 8 ++++----
 package.json      | 4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 2af3ef6..697ca6a 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "analyst1",
-  "version": "3.5.4",
+  "version": "3.5.5",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
@@ -58,9 +58,9 @@
       "integrity": "sha512-NfJ4UzBCcQGLDlQq7nHxH+tv3kyZ0hHQqF5BO6J7tNJeP5do1llPr8dZ8zHonfhAu0PHAdMkSo+8o0wxg9lZWw=="
     },
     "async": {
-      "version": "3.2.4",
-      "resolved": "https://registry.npmjs.org/async/-/async-3.2.4.tgz",
-      "integrity": "sha512-iAB+JbDEGXhyIUavoDl9WP/Jj106Kz9DEn1DPgYw5ruDn0e3Wgi3sKFm55sASdGBNOQB8F59d9qQ7deqrHA8wQ=="
+      "version": "3.2.5",
+      "resolved": "https://registry.npmjs.org/async/-/async-3.2.5.tgz",
+      "integrity": "sha512-baNZyqaaLhyLVKm/DlvdW051MSgO6b8eVfIezl9E5PqWxFgzLm/wQntEW4zOytVburDEr0JlALEpdOFwvErLsg=="
     },
     "asynckit": {
       "version": "0.4.0",
diff --git a/package.json b/package.json
index 84e2848..07f7965 100644
--- a/package.json
+++ b/package.json
@@ -1,10 +1,10 @@
 {
   "name": "analyst1",
-  "version": "3.5.4",
+  "version": "3.5.5",
   "main": "./integration.js",
   "private": true,
   "dependencies": {
-    "async": "^3.2.4",
+    "async": "^3.2.5",
     "lodash.groupby": "^4.6.0",
     "lodash.get": "^4.4.2",
     "postman-request": "^2.88.1-postman.33"