ShadowServer parser attempts to download schema even if not configured

[kamil-certat]

The schema update call is included in the standard IntelMQ's crontab file in deb distribution. However, the parser does not check if there is any ShadowServer bot configured in the runtime. In a controlled environment it causes unnecessary alerts/errors.

The parser should follow the behaviour of other bots and check if there is any configured parser before attempting to download new schema.

[sebix]

@elsif2

[elsif2]

Proposed fix for parser.py:

Before:

            if config.update_schema():
                runtime_conf = utils.get_bots_settings()
                try:
                    ctl = IntelMQController()
                    for bot in runtime_conf:
                        if runtime_conf[bot]["module"] == __name__:
                            ctl.bot_reload(bot)

After:

            runtime_conf = utils.get_bots_settings()
            try:
                ctl = IntelMQController()
                for bot in runtime_conf:
                    if runtime_conf[bot]["module"] == __name__:
                        if config.update_schema():                            
                            ctl.bot_reload(bot)

[kamil-certat]

@elsif2 How would it work if there were multiple parser bots? If it doesn't download schema for every bot separately, then I think it looks great :)

[elsif2]

I believe each instance would have the same VAR_STATE_PATH location, so there would only be one copy.

[sebix]

I believe each instance would have the same VAR_STATE_PATH location, so there would only be one copy.

Spoiler: There's at least one large IntelMQ user which prefers to use a different path for the schema (VAR_STATE_PATH/shadowserver) to keep /var/lib/intelmq/bots organized, which I fully understand. So there might come a feature request to optionally use different schema path or change the default schema path soon.