Inconsistent Threat Verdict Handling in storage-file-intel Extension

[hakumizuki]

Description

I am a user of the https://extensions.dev/extensions/pangea/storage-file-intel extension.

Upon reviewing the source code, it appears that the extension handles the threat verdict from https://extensions.dev/extensions/pangea/storage-file-intel. Specifically, it seems to treat only "unknown" as non-malicious, while other verdicts are considered malware.

However, when uploading certain files, the results from reversinglabs occasionally yield a "benign" verdict. In such cases, the extension incorrectly categorizes the file as malware.

How to reproduce?

When executing the API at https://pangea.cloud/docs/api/file-intel/?config=pci_dc3jso4ym5yluo4ilgeys72ig3ssdphj&focus=file-intel with the parameters hash_type = sha256 and file_hash = 1728e91d05d45eb5a4773a545961340a930b3dbe540165afc963f9bfa073bdca, the following unexpected result is obtained:

{
  "request_id": "prq_gjkegsofttwdlebr5flykgw76ylabyco",
  "request_time": "2023-12-04T03:07:13.620368Z",
  "response_time": "2023-12-04T03:07:14.015585Z",
  "status": "Success",
  "summary": "Hash was found: benign with score 0",
  "result": {
    "data": {
      "category": [
        ""
      ],
      "score": 0,
      "verdict": "benign"
    }
  }
}

Expected Behavior

When the threat verdict is "benign," the extension should exhibit the same behavior as when the verdict is "unknown."
The corresponding code is https://github.com/pangeacyber/pangea-extensions-firebase/blob/main/storage-file-intel/functions/src/index.ts#L133-L141

Additional Information

Extension URL: https://extensions.dev/extensions/pangea/storage-file-intel