diff --git a/checker/dnsbl.go b/checker/dnsbl.go index 34fa68a..f34b7e6 100644 --- a/checker/dnsbl.go +++ b/checker/dnsbl.go @@ -93,9 +93,7 @@ var DefaultDNSBLZones = []DNSBLZone{ func (s *dnsblSource) Query(ctx context.Context, domain, registered string, opts sdk.CheckerOptions) []SourceResult { zones := zonesFromOptions(opts) if registered == "" || len(zones) == 0 { - return []SourceResult{{ - SourceID: s.ID(), SourceName: s.Name(), Enabled: false, - }} + return disabledResult(s.ID(), s.Name()) } out := make([]SourceResult, len(zones)) diff --git a/checker/malwarebazaar.go b/checker/malwarebazaar.go index 1627e6a..9e1af6b 100644 --- a/checker/malwarebazaar.go +++ b/checker/malwarebazaar.go @@ -48,7 +48,7 @@ func (*malwareBazaarSource) Options() SourceOptions { func (s *malwareBazaarSource) Query(ctx context.Context, domain, registered string, opts sdk.CheckerOptions) []SourceResult { authKey := stringOpt(opts, "malwarebazaar_auth_key") if !sdk.GetBoolOption(opts, "enable_malwarebazaar", true) || registered == "" || authKey == "" { - return []SourceResult{{SourceID: s.ID(), SourceName: s.Name(), Enabled: false}} + return disabledResult(s.ID(), s.Name()) } res := SourceResult{ @@ -129,10 +129,7 @@ func (s *malwareBazaarSource) Query(ctx context.Context, domain, registered stri } func (*malwareBazaarSource) Evaluate(r SourceResult) (bool, string) { - if r.Enabled && r.Error == "" && len(r.Evidence) > 0 { - return true, SeverityWarn - } - return false, "" + return evidenceEval(r, SeverityWarn) } func (*malwareBazaarSource) Diagnose(res SourceResult) Diagnosis { diff --git a/checker/openphish.go b/checker/openphish.go index 66dc08e..e175f73 100644 --- a/checker/openphish.go +++ b/checker/openphish.go @@ -47,7 +47,7 @@ func (*openPhishSource) Options() SourceOptions { func (s *openPhishSource) Query(ctx context.Context, domain, registered string, opts sdk.CheckerOptions) []SourceResult { if !sdk.GetBoolOption(opts, "enable_openphish", true) || registered == "" { - return []SourceResult{{SourceID: s.ID(), SourceName: s.Name(), Enabled: false}} + return disabledResult(s.ID(), s.Name()) } urls, size, fetched, err := s.cache.lookup(ctx, registered) @@ -70,10 +70,7 @@ func (s *openPhishSource) Query(ctx context.Context, domain, registered string, } func (*openPhishSource) Evaluate(r SourceResult) (bool, string) { - if r.Enabled && r.Error == "" && len(r.Evidence) > 0 { - return true, SeverityCrit - } - return false, "" + return evidenceEval(r, SeverityCrit) } func (*openPhishSource) Diagnose(res SourceResult) Diagnosis { diff --git a/checker/phishtank.go b/checker/phishtank.go index 6208360..d3505b4 100644 --- a/checker/phishtank.go +++ b/checker/phishtank.go @@ -54,7 +54,7 @@ func (*phishTankSource) Options() SourceOptions { func (s *phishTankSource) Query(ctx context.Context, domain, registered string, opts sdk.CheckerOptions) []SourceResult { if !sdk.GetBoolOption(opts, "enable_phishtank", true) || registered == "" { - return []SourceResult{{SourceID: s.ID(), SourceName: s.Name(), Enabled: false}} + return disabledResult(s.ID(), s.Name()) } if ttlRaw, ok := sdk.GetOption[string](opts, "phishtank_refresh_hours"); ok && ttlRaw != "" { @@ -82,10 +82,7 @@ func (s *phishTankSource) Query(ctx context.Context, domain, registered string, } func (*phishTankSource) Evaluate(r SourceResult) (bool, string) { - if r.Enabled && r.Error == "" && len(r.Evidence) > 0 { - return true, SeverityCrit - } - return false, "" + return evidenceEval(r, SeverityCrit) } func (*phishTankSource) Diagnose(res SourceResult) Diagnosis { diff --git a/checker/safebrowsing.go b/checker/safebrowsing.go index be489a7..f04ec70 100644 --- a/checker/safebrowsing.go +++ b/checker/safebrowsing.go @@ -54,7 +54,7 @@ func (*safeBrowsingSource) Options() SourceOptions { func (s *safeBrowsingSource) Query(ctx context.Context, domain, registered string, opts sdk.CheckerOptions) []SourceResult { apiKey := stringOpt(opts, "google_safe_browsing_api_key") if apiKey == "" { - return []SourceResult{{SourceID: s.ID(), SourceName: s.Name(), Enabled: false}} + return disabledResult(s.ID(), s.Name()) } if registered == "" { return []SourceResult{{SourceID: s.ID(), SourceName: s.Name(), Enabled: true}} @@ -142,10 +142,7 @@ func (s *safeBrowsingSource) Query(ctx context.Context, domain, registered strin } func (*safeBrowsingSource) Evaluate(r SourceResult) (bool, string) { - if r.Enabled && r.Error == "" && len(r.Evidence) > 0 { - return true, SeverityCrit - } - return false, "" + return evidenceEval(r, SeverityCrit) } func (*safeBrowsingSource) Diagnose(res SourceResult) Diagnosis { diff --git a/checker/source.go b/checker/source.go index cc8b15e..03f47fc 100644 --- a/checker/source.go +++ b/checker/source.go @@ -152,6 +152,20 @@ func Sources() []Source { return out } +// disabledResult returns the standard "source is disabled" sentinel slice. +func disabledResult(id, name string) []SourceResult { + return []SourceResult{{SourceID: id, SourceName: name, Enabled: false}} +} + +// evidenceEval is the common Evaluate body: listed when there is at least +// one Evidence entry and no error. +func evidenceEval(r SourceResult, severity string) (bool, string) { + if r.Enabled && r.Error == "" && len(r.Evidence) > 0 { + return true, severity + } + return false, "" +} + // EvaluateResult looks up the source that produced r from the registry // and delegates to its Evaluate method. Returns (false, "") when the // source is not found — a safe default that never promotes a stale diff --git a/checker/threatfox.go b/checker/threatfox.go index 67fae49..4df96fa 100644 --- a/checker/threatfox.go +++ b/checker/threatfox.go @@ -48,7 +48,7 @@ func (*threatFoxSource) Options() SourceOptions { func (s *threatFoxSource) Query(ctx context.Context, domain, registered string, opts sdk.CheckerOptions) []SourceResult { authKey := stringOpt(opts, "threatfox_auth_key") if !sdk.GetBoolOption(opts, "enable_threatfox", true) || registered == "" || authKey == "" { - return []SourceResult{{SourceID: s.ID(), SourceName: s.Name(), Enabled: false}} + return disabledResult(s.ID(), s.Name()) } res := SourceResult{ @@ -135,10 +135,7 @@ func (s *threatFoxSource) Query(ctx context.Context, domain, registered string, } func (*threatFoxSource) Evaluate(r SourceResult) (bool, string) { - if r.Enabled && r.Error == "" && len(r.Evidence) > 0 { - return true, SeverityCrit - } - return false, "" + return evidenceEval(r, SeverityCrit) } func (*threatFoxSource) Diagnose(res SourceResult) Diagnosis { diff --git a/checker/urlhaus.go b/checker/urlhaus.go index 9d9341e..1bac676 100644 --- a/checker/urlhaus.go +++ b/checker/urlhaus.go @@ -67,7 +67,7 @@ type urlhausURL struct { func (s *urlhausSource) Query(ctx context.Context, domain, registered string, opts sdk.CheckerOptions) []SourceResult { authKey := stringOpt(opts, "urlhaus_auth_key") if !sdk.GetBoolOption(opts, "enable_urlhaus", true) || registered == "" || authKey == "" { - return []SourceResult{{SourceID: s.ID(), SourceName: s.Name(), Enabled: false}} + return disabledResult(s.ID(), s.Name()) } res := SourceResult{SourceID: s.ID(), SourceName: s.Name(), Enabled: true} @@ -147,10 +147,7 @@ func (s *urlhausSource) Query(ctx context.Context, domain, registered string, op } func (*urlhausSource) Evaluate(r SourceResult) (bool, string) { - if r.Enabled && r.Error == "" && len(r.Evidence) > 0 { - return true, SeverityCrit - } - return false, "" + return evidenceEval(r, SeverityCrit) } func (*urlhausSource) Diagnose(res SourceResult) Diagnosis { diff --git a/checker/virustotal.go b/checker/virustotal.go index bbd946e..14d1132 100644 --- a/checker/virustotal.go +++ b/checker/virustotal.go @@ -60,7 +60,7 @@ type vtVendorVerdict struct { func (s *virusTotalSource) Query(ctx context.Context, domain, registered string, opts sdk.CheckerOptions) []SourceResult { apiKey := stringOpt(opts, "virustotal_api_key") if apiKey == "" { - return []SourceResult{{SourceID: s.ID(), SourceName: s.Name(), Enabled: false}} + return disabledResult(s.ID(), s.Name()) } if registered == "" { return []SourceResult{{SourceID: s.ID(), SourceName: s.Name(), Enabled: true}}