Added malicious sites from the polish cert. (#2121)

* added handling of parsing errors

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

2 files changed, 26 insertions, 0 deletions

diff --git a/utils/malicious_sites_download.sh b/utils/malicious_sites_download.sh
new file mode 100755
index 000000000..44fc76fb2
--- /dev/null
+++ b/utils/malicious_sites_download.sh
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+set -e
+
+cd "$(dirname "${0}")" || exit 1
+. ./common.sh || exit 1
+
+# NDPI_PROTOCOL_CATEGORY_MALWARE = 100
+LIST=../lists/100_malware.list
+
+TMP=/tmp/mal.json
+ORIGIN="https://hole.cert.pl/domains/domains.json"
+
+
+printf '(1) Downloading file... %s\n' "${ORIGIN}"
+http_response=$(curl -s -o ${TMP} -w "%{http_code}" ${ORIGIN})
+check_http_response "${http_response}"
+is_file_empty "${TMP}"
+
+printf '%s\n' "(2) Processing Domains..."
+jq -r '.[] | select(.DeleteDate="")' < ${TMP} | sed -n 's/^[^"]*"DomainAddress": "\([^"]*\)".*$/\1/gp' >${LIST}
+
+rm -f "${TMP}"
+exit 0
diff --git a/utils/update_every_lists.sh b/utils/update_every_lists.sh
index 3f0f75adf..b988267d3 100755
--- a/utils/update_every_lists.sh
+++ b/utils/update_every_lists.sh
@@ -36,6 +36,8 @@ RETVAL=$(( RETVAL + $? ))
 
 ./gambling_sites_download.sh
 RETVAL=$(( RETVAL + $? ))
+./malicious_sites_download.sh
+RETVAL=$(( RETVAL + $? ))
 ./mullvad_ip_addresses_download.sh
 RETVAL=$(( RETVAL + $? ))
 ./protonvpn_ip_addresses_download.sh