From 55c957170d7746d588d717f949364d6554c8753a Mon Sep 17 00:00:00 2001
From: weslambert <wlambertts@gmail.com>
Date: Fri, 15 Dec 2023 09:00:31 -0500
Subject: [PATCH] Reduce complexity

---
 .../analyzers/malwarebazaar/malwarebazaar.py  | 38 ++++++++-----------
 1 file changed, 15 insertions(+), 23 deletions(-)

diff --git a/salt/sensoroni/files/analyzers/malwarebazaar/malwarebazaar.py b/salt/sensoroni/files/analyzers/malwarebazaar/malwarebazaar.py
index 1297898e5..7ec484338 100644
--- a/salt/sensoroni/files/analyzers/malwarebazaar/malwarebazaar.py
+++ b/salt/sensoroni/files/analyzers/malwarebazaar/malwarebazaar.py
@@ -75,29 +75,21 @@ def prepareResults(raw):
         # gauge vendors to determine an approximation of status, normalized to a value out of 100
         # only updates score if it finds a higher indicator value
         score = 0
-        if 'vxCube' in vendor_data:
-            score = int(vendor_data['vxCube']['maliciousness'])
-
-        if 'Triage' in vendor_data:
-            score = int(vendor_data['Triage']['score'])*10 if int(
-                vendor_data['Triage']['score'])*10 > score else score
-
-        if 'DocGuard' in vendor_data:
-            score = int(vendor_data['DocGuard']['alertlevel'])*10 if int(
-                vendor_data['DocGuard']['alertlevel'])*10 > score else score
-
-        if 'YOROI_YOMI' in vendor_data:
-            score = int(float(vendor_data['YOROI_YOMI']['score']))*100 if int(
-                float(vendor_data['YOROI_YOMI']['score']))*100 > score else score
-
-        if 'Inquest' in vendor_data and vendor_data['Inquest']['verdict'] == 'MALICIOUS':
-            score = 100 if 100 > score else score
-
-        if 'ReversingLabs' in vendor_data and vendor_data['ReversingLabs']['status'] == 'MALICIOUS':
-            score = 100 if 100 > score else score
-
-        if 'Spamhaus_HBL' in vendor_data and vendor_data['Spamhaus_HBL'][0]['detection'] == 'MALICIOUS':
-            score = 100 if 100 > score else score
+        vendor_info_list = [
+            ('vxCube', 'maliciousness', int),
+            ('Triage', 'score', lambda x: int(x) * 10),
+            ('DocGuard', 'alertlevel', lambda x: int(x) * 10),
+            ('YOROI_YOMI', 'score', lambda x: int(float(x)) * 100),
+            ('Inquest', 'verdict', lambda x: 100 if x == 'MALICIOUS' else 0),
+            ('ReversingLabs', 'status', lambda x: 100 if x == 'MALICIOUS' else 0),
+            ('Spamhaus_HBL', 'detection', lambda x: 100 if x == 'MALICIOUS' else 0),
+        ]
+        for vendor, key, transform in vendor_info_list:
+            if vendor in vendor_data and key in vendor_data[vendor]:
+                value = vendor_data[vendor][key]
+                score = max(score, transform(value))
+        # Ensure score is at least 0 (or some default value)
+        score = max(score, 0)
 
         # compute status
         if score >= 75 or isInJson(raw, 'MALICIOUS'.lower()):