What happened
Right now, the MISP analyzer doesn’t properly handle filtering for unpublished events. Even if published=False is selected in the configuration, that value never actually makes it into the API request sent to MISP.
This happens because of the current check:
if self.published:
Since False evaluates to falsy in Python, the condition fails and the parameter gets skipped entirely. As a result, the request is sent without any published filter.
Environment
- OS: Linux
What did you expect to happen
Setting published=False should send {"published": False} to the MISP API. This allows analysts to specifically hunt for fresh, indicators that analysts may want to specifically query.
How to reproduce your issue
- Uncheck the published box in a MISP analyzer configuration.
- Run any analysis.
- Observe that the API call sent to MISP (line 100 of misp.py) contains no published parameter
because if self.published: evaluates to False and skips the assignment.
I’ve already tested a fix for this locally. I’d be happy to take this up and open a PR please assign it to me.
What happened
Right now, the MISP analyzer doesn’t properly handle filtering for unpublished events. Even if published=False is selected in the configuration, that value never actually makes it into the API request sent to MISP.
This happens because of the current check:
if self.published:Since False evaluates to falsy in Python, the condition fails and the parameter gets skipped entirely. As a result, the request is sent without any published filter.
Environment
What did you expect to happen
Setting published=False should send {"published": False} to the MISP API. This allows analysts to specifically hunt for fresh, indicators that analysts may want to specifically query.
How to reproduce your issue
because if self.published: evaluates to False and skips the assignment.
I’ve already tested a fix for this locally. I’d be happy to take this up and open a PR please assign it to me.