Skip to content

Fix include_similar=false being treated as enabled in command_sequence endpoint. Closes #1270#1283

Closed
Vipeen-Kumar wants to merge 1 commit intoGreedyBear-Project:mainfrom
Vipeen-Kumar:fix-include-similar-boolean
Closed

Fix include_similar=false being treated as enabled in command_sequence endpoint. Closes #1270#1283
Vipeen-Kumar wants to merge 1 commit intoGreedyBear-Project:mainfrom
Vipeen-Kumar:fix-include-similar-boolean

Conversation

@Vipeen-Kumar
Copy link
Copy Markdown
Contributor

@Vipeen-Kumar Vipeen-Kumar commented Apr 23, 2026

This PR fixes a bug in the command_sequence endpoint where the include_similar parameter was evaluated based on its presence rather than its value. Previously, requests like ?include_similar=false would incorrectly trigger similar sequence expansion.

The parsing logic has been updated to explicitly check for a truthy value, aligning behavior with cowrie_session.py.

Additional tests were added to cover:

  • omitted parameter
  • include_similar=false
  • include_similar=true
  • case-insensitive values (TRUE, True)

Related issues

Closes #1270

Type of change

  • Bug fix (non-breaking change which fixes an issue).
  • New feature (non-breaking change which adds functionality).
  • Breaking change (fix or feature that would cause existing functionality to not work as expected).
  • Chore (refactoring, dependency updates, CI/CD changes, code cleanup, docs-only changes).

Checklist

Formalities

  • I have read and understood the rules about how to Contribute to this project.
  • I chose an appropriate title for the pull request.
  • My branch is based on develop.
  • The pull request is for the branch develop.
  • I have reviewed and verified any LLM-generated code included in this PR.

Docs and tests

  • I documented my code changes with docstrings and/or comments.
  • I have checked if my changes affect user-facing behavior described in the docs (not applicable).
  • Linter (Ruff) gave 0 errors.
  • I have added tests for the bug I solved.
  • All the tests gave 0 errors.

GUI changes

(Not applicable)

Copilot AI review requested due to automatic review settings April 23, 2026 01:36
Copilot AI reviewed Apr 23, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes boolean parsing for the include_similar query parameter in the command_sequence API so that include_similar=false (and other non-true values) no longer enable similar-sequence expansion, aligning behavior with the cowrie_session endpoint.

Changes:

  • Update command_sequence to treat include_similar as enabled only when its value is case-insensitive "true".
  • Add tests covering include_similar=false, include_similar=true, and case-insensitive "TRUE"/"True" behavior.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File Description
api/views/command_sequence.py Switches include_similar parsing from “presence-based” to explicit boolean "true" semantics.
tests/api/views/test_command_sequence_view.py Adds parameter-validation tests to prevent regressions in include_similar parsing/behavior.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread api/views/command_sequence.py
Comment on lines 47 to 49
observable = request.query_params.get("query")
include_similar = request.query_params.get("include_similar") is not None
include_similar = request.query_params.get("include_similar", "false").lower() == "true"
logger.info(f"Command Sequence view requested by {request.user} for {observable}")
Comment thread tests/api/views/test_command_sequence_view.py
Comment on lines +57 to +63
# # # # # Parameter Validation Tests # # # # #
def test_include_similar_false_value(self):
"""Test that include_similar=false behaves like missing include_similar."""
base_response = self.client.get("/api/command_sequence?query=140.246.171.141")
self.assertEqual(base_response.status_code, 200)

false_response = self.client.get("/api/command_sequence?query=140.246.171.141&include_similar=false")
Comment thread tests/api/views/test_command_sequence_view.py
Comment on lines +68 to +78
def test_include_similar_true_expands_results(self):
"""Test that include_similar=true returns a superset (or equal set) of base results."""
base_response = self.client.get("/api/command_sequence?query=140.246.171.141")
self.assertEqual(base_response.status_code, 200)
base_executed_by = set(base_response.data["executed_by"])

true_response = self.client.get("/api/command_sequence?query=140.246.171.141&include_similar=true")
self.assertEqual(true_response.status_code, 200)
true_executed_by = set(true_response.data["executed_by"])

self.assertTrue(base_executed_by.issubset(true_executed_by))
@regulartim regulartim closed this Apr 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

include_similar=false incorrectly enables similar expansion in command_sequence endpoint

3 participants

@Vipeen-Kumar @regulartim