From 2ff48552e944c985ff39ecbadc4cccd8095f765b Mon Sep 17 00:00:00 2001
From: GMSDev <duxbury@gmsonide01.zpn.intel.com>
Date: Wed, 28 Sep 2016 15:02:18 -0500
Subject: [PATCH 1/2] Fixed flow bug where OA was only reading the first line
 of the ipranges file

---
 oa/flow/flow_oa.py | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/oa/flow/flow_oa.py b/oa/flow/flow_oa.py
index 6799126..08364e6 100644
--- a/oa/flow/flow_oa.py
+++ b/oa/flow/flow_oa.py
@@ -39,7 +39,7 @@ def _initialize_members(self,date,limit,logger):
         self._ipynb_path = None
         self._ingest_summary_path = None
         self._flow_scores = []
-        self._results_delimiter = '\t'
+        self._results_delimiter = ','
 
         # get app configuration.
         self._oni_conf = Util.get_oni_conf()  
@@ -164,7 +164,7 @@ def _add_network_context(self):
             dst_ip_index = self._conf["flow_score_fields"]["dstIP"]              
             
             # add networkcontext per connection.
-            ip_internal_ranges = filter(None,nc_ranges[0])    
+            ip_internal_ranges = filter(None,nc_ranges)     
             self._logger.info("Adding networkcontext to suspicious connections.")
             self._flow_scores = [ conn + [ self._is_ip_internal(conn[src_ip_index],ip_internal_ranges)]+[ self._is_ip_internal(conn[dst_ip_index],ip_internal_ranges)] for conn in flow_scores]
            
@@ -176,10 +176,14 @@ def _add_network_context(self):
         self._flow_scores.insert(0,flow_headers)
 
     def _is_ip_internal(self,ip, ranges):
+        result = 0
+        for row in ranges:
+            if Util.ip_to_int(ip) >= row[0] and Util.ip_to_int(ip) <= row[1]: 
+                result = 1
+                break
+        return result
 
-        if Util.ip_to_int(ip) >= ranges[0] and Util.ip_to_int(ip) <= ranges[1]: return 1
-        return 0
-
+        
     def _add_geo_localization(self):
 
         # use ipranges to see if the IPs are internals.         

From 2d7a8d0f0555288d1d5718be3f7167849eaabe3b Mon Sep 17 00:00:00 2001
From: GMSDev <duxbury@gmsonide01.zpn.intel.com>
Date: Wed, 28 Sep 2016 16:48:28 -0500
Subject: [PATCH 2/2] Rolling back the change in the file delimiter char

---
 oa/flow/flow_oa.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/oa/flow/flow_oa.py b/oa/flow/flow_oa.py
index 08364e6..33fd8c5 100644
--- a/oa/flow/flow_oa.py
+++ b/oa/flow/flow_oa.py
@@ -39,7 +39,7 @@ def _initialize_members(self,date,limit,logger):
         self._ipynb_path = None
         self._ingest_summary_path = None
         self._flow_scores = []
-        self._results_delimiter = ','
+        self._results_delimiter = '\t'
 
         # get app configuration.
         self._oni_conf = Util.get_oni_conf()