From a233c08830ee1bcfa4f229906d54250b0260a201 Mon Sep 17 00:00:00 2001
From: Wes Lambert <wlambertts@gmail.com>
Date: Thu, 12 May 2022 19:02:02 +0000
Subject: [PATCH] Update logic to handle indicators that are not present in
 database.

---
 .../sensoroni/files/analyzers/pulsedive/pulsedive.py | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/salt/sensoroni/files/analyzers/pulsedive/pulsedive.py b/salt/sensoroni/files/analyzers/pulsedive/pulsedive.py
index 719d760e6..fd9e0072f 100644
--- a/salt/sensoroni/files/analyzers/pulsedive/pulsedive.py
+++ b/salt/sensoroni/files/analyzers/pulsedive/pulsedive.py
@@ -14,7 +14,7 @@ def checkConfigRequirements(conf):
 
 
 def buildReq(conf, artifactType, artifactValue):
-    indicatorTypes = ["domain", "hash", "ip" "url"]
+    indicatorTypes = ["domain", "hash", "ip", "url"]
     if artifactType in indicatorTypes:
         url = conf['base_url'] + '/info.php'
         params = {"key": conf["api_key"], "indicator": artifactValue}
@@ -53,19 +53,17 @@ def prepareResults(raw):
                 for r in raw['results']:
                     risk = r['risk']
                     classified.append(classification.get(risk))
-        else:
+        elif "risk" in raw:
             classified.append(classification.get(raw['risk']))
-
+        elif "error" in raw and raw["error"] == "Indicator not found.":
+            classified.append("no_results")
     if classified.count('malicious') > 0:
         summary = "malicious"
         status = "threat"
     elif classified.count('suspicious') > 0:
         summary = "suspicious"
         status = "caution"
-    elif classified.count('harmless') > 0:
-        summary = "harmless"
-        status = "ok"
-    elif classified.count('none') > 0:
+    elif classified.count('harmless') or classified.count('none') > 0:
         summary = "harmless"
         status = "ok"
     elif classified.count('unknown') > 0: