add option to exclude mass scanners to old APIs

api/views/feeds.py

@@ -25,6 +25,7 @@ def feeds(request, feed_type, attack_type, age, format_):
         attack_type (str): Type of attack (e.g., all, specific attack types).
         age (str): Age of the data to filter (e.g., recent, persistent).
         format_ (str): Desired format of the response (e.g., json, csv, txt).
+        exclude_mass_scanners (bool): query parameter flag to exclude IOCs that are known mass scanners.
 
     Returns:
         Response: The HTTP response with formatted IOC data.
@@ -33,6 +34,9 @@ def feeds(request, feed_type, attack_type, age, format_):
 
     feed_params = FeedRequestParams({"feed_type": feed_type, "attack_type": attack_type, "format_": format_})
     feed_params.set_legacy_age(age)
+    if request.query_params and "exclude_mass_scanners" in request.query_params:
+        feed_params.exclude_mass_scanners()
+
     valid_feed_types = get_valid_feed_types()
     iocs_queryset = get_queryset(request, feed_params, valid_feed_types)
     return feeds_response(iocs_queryset, feed_params, valid_feed_types)
@@ -55,6 +59,9 @@ def feeds_pagination(request):
     feed_params = FeedRequestParams(request.query_params)
     feed_params.format = "json"
     feed_params.set_legacy_age(request.query_params.get("age"))
+    if request.query_params and "exclude_mass_scanners" in request.query_params:
+        feed_params.exclude_mass_scanners()
+
     valid_feed_types = get_valid_feed_types()
     iocs_queryset = get_queryset(request, feed_params, valid_feed_types)
     paginator = CustomPageNumberPagination()

api/views/utils.py

@@ -70,6 +70,9 @@ def __init__(self, query_params: dict):
         self.paginate = query_params.get("paginate", "false").lower()
         self.format = query_params.get("format_", "json").lower()
 
+    def exclude_mass_scanners(self):
+        self.exclude_reputation.append("mass scanner")
+
     def set_legacy_age(self, age: str):
         """Translates legacy age specification into max_age and min_days_seen attributes
         and sets ordering accordingly.

tests/test_views.py

@@ -72,6 +72,12 @@ def test_200_general_feeds(self):
         self.assertEqual(response.json()["iocs"][0]["scanner"], True)
         self.assertEqual(response.json()["iocs"][0]["payload_request"], True)
 
+    def test_200_feeds_scanner_exclusion(self):
+        response = self.client.get("/api/feeds/heralding/all/recent.json?exclude_mass_scanners")
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.json()["license"], FEEDS_LICENSE)
+        self.assertEqual(len(response.json()["iocs"]), 0)
+
     def test_400_feeds(self):
         response = self.client.get("/api/feeds/test/all/recent.json")
         self.assertEqual(response.status_code, 400)
@@ -82,6 +88,11 @@ def test_200_feeds_pagination(self):
         self.assertEqual(response.json()["count"], 1)
         self.assertEqual(response.json()["total_pages"], 1)
 
+    def test_200_feeds_pagination_scanner_exclusion(self):
+        response = self.client.get("/api/feeds/?page_size=10&page=1&feed_type=all&attack_type=all&age=recent&exclude_mass_scanners")
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.json()["count"], 0)
+
     def test_400_feeds_pagination(self):
         response = self.client.get("/api/feeds/?page_size=10&page=1&feed_type=all&attack_type=test&age=recent")
         self.assertEqual(response.status_code, 400)