Merge pull request #41 from CybercentreCanada/handle_uri_files

Handle uri files

netrep/netrep.py

@@ -11,6 +11,7 @@
 from assemblyline.odm.base import IP_ONLY_REGEX
 from assemblyline_v4_service.common.api import ServiceAPIError
 from assemblyline_v4_service.common.base import ServiceBase
+from assemblyline_v4_service.common.request import ServiceRequest
 from assemblyline_v4_service.common.result import Heuristic, Result, ResultSection, ResultTableSection, TableRow
 
 from netrep.utils.network import NETWORK_IOC_TYPES, url_analysis
@@ -69,7 +70,7 @@ def _load_rules(self) -> None:
         else:
             self.log.warning("Reputation list missing. Service will only perform typosquatting detection..")
 
-    def execute(self, request):
+    def execute(self, request: ServiceRequest):
         result = Result()
 
         # Gather existing network tags from AL
@@ -89,6 +90,9 @@ def execute(self, request):
         email_domains = {email.split("@", 1)[-1] for email in email_addresses}
         iocs["domain"] = list(set(iocs["domain"]) - email_domains)
 
+        if request.file_type.startswith("uri/"):
+            iocs["uri"].append(request.task.fileinfo.uri_info.uri)
+
         # Filter out URIs that are emails prefixed by http/s
         # (commonly tagged by OLETools but causes phishing heuristic to be raised because of '@')
         def filter_out_http_emails(x):