From eab4b170703b458f16eb94bb0615c5eebb4e3fd7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Tue, 24 Jan 2023 15:23:59 +0100 Subject: [PATCH] fix: Avoid exceptions when the submission is a file --- lookyloo/modules/fox.py | 2 ++ lookyloo/modules/misp.py | 15 ++++++++++----- lookyloo/modules/riskiq.py | 2 ++ lookyloo/modules/urlscan.py | 3 +++ 4 files changed, 17 insertions(+), 5 deletions(-) diff --git a/lookyloo/modules/fox.py b/lookyloo/modules/fox.py index 6a56267c..5c35f102 100644 --- a/lookyloo/modules/fox.py +++ b/lookyloo/modules/fox.py @@ -60,6 +60,8 @@ class FOX(): ''' if not self.available: raise ConfigError('FOX not available, probably no API key') + if url.startswith('file'): + return {'error': 'FOX does not support files.'} if self.autosubmit: # submit is allowed and we either force it, or it's just allowed diff --git a/lookyloo/modules/misp.py b/lookyloo/modules/misp.py index 5fffc35a..5a931df8 100644 --- a/lookyloo/modules/misp.py +++ b/lookyloo/modules/misp.py @@ -166,15 +166,19 @@ class MISP(): directly to a MISP instance and it will create an event.''' public_domain = get_config('generic', 'public_domain') event = MISPEvent() - event.info = f'Lookyloo Capture ({cache.url})' + if cache.url.startswith('file'): + filename = cache.url.rsplit('/', 1)[-1] + event.info = f'Lookyloo Capture ({filename})' + else: + event.info = f'Lookyloo Capture ({cache.url})' + initial_url = URLObject(cache.url) + initial_url.comment = 'Submitted URL' + self.__misp_add_ips_to_URLObject(initial_url, cache.tree.root_hartree.hostname_tree) + lookyloo_link: MISPAttribute = event.add_attribute('link', f'https://{public_domain}/tree/{cache.uuid}') # type: ignore if not is_public_instance: lookyloo_link.distribution = 0 - initial_url = URLObject(cache.url) - initial_url.comment = 'Submitted URL' - self.__misp_add_ips_to_URLObject(initial_url, cache.tree.root_hartree.hostname_tree) - redirects: List[URLObject] = [] for nb, url in enumerate(cache.redirects): if url == cache.url: @@ -183,6 +187,7 @@ class MISP(): obj.comment = f'Redirect {nb}' self.__misp_add_ips_to_URLObject(obj, cache.tree.root_hartree.hostname_tree) redirects.append(obj) + if redirects: redirects[-1].comment = f'Last redirect ({nb})' diff --git a/lookyloo/modules/riskiq.py b/lookyloo/modules/riskiq.py index cdc402d9..885b1abe 100644 --- a/lookyloo/modules/riskiq.py +++ b/lookyloo/modules/riskiq.py @@ -83,6 +83,8 @@ class RiskIQ(): return {'error': 'Module not available'} if auto_trigger and not self.allow_auto_trigger: return {'error': 'Auto trigger not allowed on module'} + if cache.url.startswith('file'): + return {'error': 'RiskIQ does not support files.'} if cache.redirects: hostname = urlparse(cache.redirects[-1]).hostname diff --git a/lookyloo/modules/urlscan.py b/lookyloo/modules/urlscan.py index 0107fe6f..eb5a5cb5 100644 --- a/lookyloo/modules/urlscan.py +++ b/lookyloo/modules/urlscan.py @@ -118,6 +118,9 @@ class UrlScan(): if not self.available: raise ConfigError('UrlScan not available, probably no API key') + if capture_info.url.startswith('file'): + return {'error': 'URLScan does not support files.'} + url_storage_dir = get_cache_directory( self.storage_dir_urlscan, f'{capture_info.url}{capture_info.user_agent}{capture_info.referer}',