2.3.3

gjanders · gjanders · commit c998d11c5f27 · 2021-06-25T18:47:21.000+10:00
- Minor update to license file
- The field `.decrypt_failure__` is not only output when there is an error (previously always output)
- If the emit function is ommitted, the output now defaults to 'decrypted' as the field name
diff --git a/README.md b/README.md
@@ -25,6 +25,7 @@ The following example will transform the sourcetype field into its hex represent
 
 `... | decrypt field=sourcetype hex() emit('sourcetype')`
 Note: Fields must be output via the emit function. The input field is not modified in place.
+If the emit function is not mentioned, an emit('decrypted') is automatically added so the data is output
 
 # Arguments
 ## field
@@ -161,7 +162,9 @@ Shannon Davis (Splunk)
 
 # Release Notes
 ## 2.3.3
-Minor update to license file
+- Minor update to license file
+- The field `.decrypt_failure__` is not only output when there is an error (previously always output)
+- If the emit function is ommitted, the output now defaults to 'decrypted' as the field name
 
 ## 2.3.2
 Fork of version 2.3.1 of DECRYPT app from SplunkBase (under MIT license)
diff --git a/app.manifest b/app.manifest
@@ -5,7 +5,7 @@
     "id": {
       "group": null,
       "name": "decrypt2",
-      "version": "2.3.2"
+      "version": "2.3.3"
     },
     "author": [
       {
diff --git a/bin/decrypt.py b/bin/decrypt.py
@@ -33,8 +33,6 @@ def stream(self, records):
 
             except Exception as e:
                 exception_string = str(e)
-
-            finally:
                 record[".decrypt_failure__"] = exception_string 
 
             yield record
diff --git a/bin/lib/decryptlib.py b/bin/lib/decryptlib.py
@@ -265,10 +265,15 @@ def getargs(g):
     return args
 
 def parsestmt(s):
+    # always emit the decrypted value even if not requested
+    if s.find("emit(") == -1:
+        s = s + " emit('decrypted') "
+
     try:
         g = Tokenizer(s)
     except:
         raise Exception("syntax error") 
+
     for toknum, tokval, _, _, _ in g:
         cmd = None
 
@@ -327,4 +332,3 @@ def parsestmt(s):
 
         else:
             raise Exception("'%s' is not a recognized command" % cmd)
-
diff --git a/default/app.conf b/default/app.conf
@@ -12,5 +12,5 @@ is_visible = false
 [launcher]
 author = Gareth Anderson 
 description = A library of common routines to analyze malware and data exfiltration communications (based on the work of Michael Zalewski).
-version = 2.3.2
+version = 2.3.3
 

Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,7 @@`
`5`	`5`	`"id": {`
`6`	`6`	`"group": null,`
`7`	`7`	`"name": "decrypt2",`
`8`		`- "version": "2.3.2"`
	`8`	`+ "version": "2.3.3"`
`9`	`9`	`},`
`10`	`10`	`"author": [`
`11`	`11`	`{`