From a233c08830ee1bcfa4f229906d54250b0260a201 Mon Sep 17 00:00:00 2001
From: Wes Lambert <wlambertts@gmail.com>
Date: Thu, 12 May 2022 19:02:02 +0000
Subject: [PATCH 1/2] Update logic to handle indicators that are not present in
 database.

---
 .../sensoroni/files/analyzers/pulsedive/pulsedive.py | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/salt/sensoroni/files/analyzers/pulsedive/pulsedive.py b/salt/sensoroni/files/analyzers/pulsedive/pulsedive.py
index 719d760e6..fd9e0072f 100644
--- a/salt/sensoroni/files/analyzers/pulsedive/pulsedive.py
+++ b/salt/sensoroni/files/analyzers/pulsedive/pulsedive.py
@@ -14,7 +14,7 @@ def checkConfigRequirements(conf):
 
 
 def buildReq(conf, artifactType, artifactValue):
-    indicatorTypes = ["domain", "hash", "ip" "url"]
+    indicatorTypes = ["domain", "hash", "ip", "url"]
     if artifactType in indicatorTypes:
         url = conf['base_url'] + '/info.php'
         params = {"key": conf["api_key"], "indicator": artifactValue}
@@ -53,19 +53,17 @@ def prepareResults(raw):
                 for r in raw['results']:
                     risk = r['risk']
                     classified.append(classification.get(risk))
-        else:
+        elif "risk" in raw:
             classified.append(classification.get(raw['risk']))
-
+        elif "error" in raw and raw["error"] == "Indicator not found.":
+            classified.append("no_results")
     if classified.count('malicious') > 0:
         summary = "malicious"
         status = "threat"
     elif classified.count('suspicious') > 0:
         summary = "suspicious"
         status = "caution"
-    elif classified.count('harmless') > 0:
-        summary = "harmless"
-        status = "ok"
-    elif classified.count('none') > 0:
+    elif classified.count('harmless') or classified.count('none') > 0:
         summary = "harmless"
         status = "ok"
     elif classified.count('unknown') > 0:

From 3dc266cfa93c6d1539e10a28038076e560ce0f10 Mon Sep 17 00:00:00 2001
From: Wes Lambert <wlambertts@gmail.com>
Date: Thu, 12 May 2022 19:02:41 +0000
Subject: [PATCH 2/2] Add test for when indicator is not found

---
 salt/sensoroni/files/analyzers/pulsedive/pulsedive_test.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/salt/sensoroni/files/analyzers/pulsedive/pulsedive_test.py b/salt/sensoroni/files/analyzers/pulsedive/pulsedive_test.py
index 47b60efdd..e76a3c979 100644
--- a/salt/sensoroni/files/analyzers/pulsedive/pulsedive_test.py
+++ b/salt/sensoroni/files/analyzers/pulsedive/pulsedive_test.py
@@ -104,6 +104,13 @@ class TestVirusTotalMethods(unittest.TestCase):
         self.assertEqual(results["summary"], "harmless")
         self.assertEqual(results["status"], "ok")
 
+    def test_prepareResults_indicator_not_Found(self):
+        raw = {"error": "Indicator not found."}
+        results = pulsedive.prepareResults(raw)
+        self.assertEqual(results["response"], raw)
+        self.assertEqual(results["summary"], "no_results")
+        self.assertEqual(results["status"], "ok")
+
     def test_prepareResults_error(self):
         raw = {}
         results = pulsedive.prepareResults(raw)