Merge pull request #134 from CybercentreCanada/update/more-fp-tlds

Adding more FP TLDs
CybercentreCanada · Feb 8, 2024 · 2dc3b27 · 2dc3b27
2 parents 6696abe + 42f9387
commit 2dc3b27
Showing 1 changed file with 10 additions and 8 deletions.
diff --git a/assemblyline_service_utilities/common/dynamic_service_helper.py b/assemblyline_service_utilities/common/dynamic_service_helper.py
@@ -94,7 +94,7 @@
 # The following lists of domains and top-level domains are used for finding false-positives
 # when extracting domains from text blobs
 COMMON_FP_DOMAINS = ["example.com"]
-COMMON_FP_TLDS_THAT_ARE_FILE_EXTS = [".dot", ".js", ".one", ".pub", ".py", ".sh", ".zip"]
+COMMON_FP_TLDS_THAT_ARE_FILE_EXTS = [".dot", ".js", ".one", ".ps", ".pub", ".py", ".sh", ".win", ".zip"]
 COMMON_FP_TLDS_THAT_ARE_JS_COMMANDS = [
     ".as",
     ".author",
@@ -873,14 +873,16 @@ def as_primitives(self) -> Dict[str, Any]:
         :return: The dictionary representation of the object
         """
         return {
-            key: value
-            if (
-                not isinstance(value, Process)
-                and not isinstance(value, ObjectID)
-                and not isinstance(value, NetworkDNS)
-                and not isinstance(value, NetworkHTTP)
+            key: (
+                value
+                if (
+                    not isinstance(value, Process)
+                    and not isinstance(value, ObjectID)
+                    and not isinstance(value, NetworkDNS)
+                    and not isinstance(value, NetworkHTTP)
+                )
+                else value.as_primitives()
             )
-            else value.as_primitives()
             for key, value in self.__dict__.items()
         }