Race condition when analyzers try to add sketch attributes

[tomchop]

I am unsure where the problem lies, but I'll describe my situation:

The Intelligence attribute that is set by the yetiindicator.py analyzer is of the form {'data': []} where the list is a list of IOCs.

When the analyzer runs on multiple timelines, it fetches the attribute from the database (initializing it if it's nonexistent) and then appends values to this 'data' key, before saving it, with overwrite=True.

It seems that in some cases, instead of overwriting the value, it appends another {'data': []} object to the attribute value. (attribute values support lists, but this analyzer uses a list of 1 item)

Reproducing this is somehow involved:

• Setup a working Yeti instance, document 1 malware entity with 1 regex indicator (that will match events in a sketch)
• Upload multiple (i've tried with 3) timelines to a sketch (where you expect some indicator matches in at least 2 timelines)
• Run the Yeti malware indicators analyzer on all timelines

In some cases, the sketch intelligence attribute will be set to [{'data': []}, {'data': []}] instead of just [{'data': []}]. The former will break the UI and the analyzer flow (pending the merge of #3113, which makes the analyzer sort of self-healing)