Fixed a bug regarding the 'platform' kv-pair value 'all'

2020-10-31 11:13:30 +01:00 · 2020-10-31 11:13:30 +01:00 · cd5b71ea9f
parent 54d0259565
commit cd5b71ea9f
2 changed files with 14 additions and 15 deletions
--- a/generic.py
+++ b/generic.py
@ -1107,7 +1107,7 @@ def get_platform_from_yaml(yaml_content):
        platform = [platform]
    platform = [p.lower() for p in platform if p is not None]

-    if platform == ['all']:
+    if 'all' in platform:
        platform = list(PLATFORMS.values())
    else:
        valid_platform_list = []
--- a/health.py
+++ b/health.py
@ -94,23 +94,22 @@ def check_health_data_sources(filename, ds_content, health_is_called, no_print=F
    ATT&CK Platform is not part of the EQL search result
    :return: False if no errors have been found, otherwise True
    """
-    from generic import get_applicable_data_sources_platform
+    from generic import get_applicable_data_sources_platform, get_platform_from_yaml
    has_error = False

-    platform = ds_content.get('platform', None)
+    platform = get_platform_from_yaml(ds_content)

    if not src_eql:
-        if platform != 'all' and platform != ['all']:
-            if isinstance(platform, str):
-                platform = [platform]
-            if platform is None or len(platform) == 0 or platform == '':
-                platform = ['empty']
-            for p in platform:
-                if p.lower() not in PLATFORMS.keys():
-                    has_error = _print_error_msg(
-                        '[!] EMPTY or INVALID value for \'platform\' within the data source admin. '
-                        'file: %s (should be value(s) of: [%s] or all)' % (p, ', '.join(list(PLATFORMS.values()))),
-                        health_is_called)
+        if isinstance(platform, str):
+            platform = [platform]
+        if platform is None or len(platform) == 0 or platform == '':
+            platform = ['empty']
+        for p in platform:
+            if p.lower() not in PLATFORMS.keys():
+                has_error = _print_error_msg(
+                    '[!] EMPTY or INVALID value for \'platform\' within the data source admin. '
+                    'file: %s (should be value(s) of: [%s] or all)' % (p, ', '.join(list(PLATFORMS.values()))),
+                    health_is_called)

        ds_list = [kv['data_source_name'].lower() for kv in ds_content['data_sources']]

@ -275,7 +274,7 @@ def _check_health_techniques(filename, technique_content, health_is_called):
        for p in platform:
            if p.lower() not in PLATFORMS.keys():
                has_error = _print_error_msg(
-                    '[!] EMPTY or INVALID value for \'platform\' within the data source admin. '
+                    '[!] EMPTY or INVALID value for \'platform\' within the technique admin. '
                    'file: %s (should be value(s) of: [%s] or all)' % (p, ', '.join(list(PLATFORMS.values()))),
                    health_is_called)