fix(intel471_v2): catch UnauthorizedException for unentitled report streams (#6778)#6786
Conversation
…treams When a verity471 account lacks entitlement to a report type (e.g. geopol_report), the API returns a 401 UnauthorizedException that was not caught, causing an ERROR traceback every interval. Now catches the exception in the stream's main loop and logs a warning instead, allowing other report types to continue working. Fixes OpenCTI-Platform#6778
Contributor License AgreementHey @muhamedfazalps! Thank you for your contribution to Filigran! Before we can merge this pull request, we need you to sign our Contributor License Agreement (CLA). Why do we need a CLA?The CLA helps protect both you and Filigran. It ensures that:
How to signYou can sign the CLA using either of these methods:
Once signed, this comment will be automatically updated. ❌ CLA not signed yet This is an automated message from the Filigran CLA Bot. If you have questions, please contact the maintainers. |
Filigran-Automation
changed the title
There was a problem hiding this comment.
Pull request overview
This PR addresses noisy recurring ERROR tracebacks in the intel471_v2 connector when using the verity471 backend and running a report stream that the configured account is not entitled to access. It introduces a backend-specific Unauthorized exception type into the client wrapper and handles it in the stream polling loop by logging a warning instead of letting the exception propagate.
Changes:
- Catch backend-specific unauthorized exceptions in the stream polling loop and log a warning.
- Extend
ClientWrapperto expose anunauthorized_exceptiontype per backend (with a no-op dummy for backends without entitlement checks). - Add a local dummy exception type for “no unauthorized exception” backends.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| external-import/intel471_v2/src/intel471/streams/core/base.py | Catches unauthorized errors during API polling and logs a warning instead of raising. |
| external-import/intel471_v2/src/intel471/exceptions.py | Adds a dummy exception type for backends without entitlement checks. |
| external-import/intel471_v2/src/intel471/backend.py | Adds unauthorized_exception to ClientWrapper and populates it per backend. |
| except self.client_wrapper.unauthorized_exception: | ||
| self.helper.log_warning( | ||
| f"{self.__class__.__name__} is not entitled to {self.label} on " | ||
| f"{self.client_wrapper.backend_name}. Skipping." | ||
| ) |
maximerafaillac
added
partner
…rvals Address Copilot review feedback: the previous fix logged the same warning every scheduled interval for an unentitled stream because nothing prevented the next run from retrying the API call. Add a per-instance _unauthorized flag that: - Is set to True on the first UnauthorizedException - Short-circuits get_bundles() on subsequent runs (early return) - Produces exactly one warning per stream lifetime instead of one per interval
Problem
With the verity471 backend and reports enabled, a report-type stream whose account lacks entitlement to that type logs a full ERROR stack trace every interval.
Fix
Fixes #6778
If this helps, consider buying me a coffee! https://buymeacoffee.com/muhamedfazalps