misp-modules/misp_modules/modules/expansion/wiki.py

import json
from SPARQLWrapper import SPARQLWrapper, JSON

misperrors = {'error': 'Error'}
mispattributes = {'input': ['text'], 'output': ['text']}
moduleinfo = {
    'version': '0.2',
    'author': 'Roman Graf',
    'description': 'An expansion hover module to extract information from Wikidata to have additional information about particular term for analysis.',
    'module-type': ['hover'],
    'name': 'Wikidata Lookup',
    'logo': 'wikidata.png',
    'requirements': ['SPARQLWrapper python library'],
    'features': 'This module takes a text attribute as input and queries the Wikidata API. If the text attribute is clear enough to define a specific term, the API returns a wikidata link in response.',
    'references': ['https://www.wikidata.org'],
    'input': 'Text attribute.',
    'output': 'Text attribute.',
}
moduleconfig = []
# sample query text 'Microsoft' should provide Wikidata link https://www.wikidata.org/wiki/Q2283 in response
wiki_api_url = 'https://query.wikidata.org/bigdata/namespace/wdq/sparql'


def handler(q=False):
    if q is False:
        return False
    request = json.loads(q)
    if not request.get('text'):
        misperrors['error'] = 'Query text missing'
        return misperrors

    sparql = SPARQLWrapper(wiki_api_url, agent='Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36')
    query_string = \
        "SELECT ?item \n" \
        "WHERE { \n" \
        "?item rdfs:label\"" + request.get('text') + "\" @en \n" \
        "}\n"
    sparql.setQuery(query_string)
    sparql.setReturnFormat(JSON)
    results = sparql.query().convert()
    try:
        result = results["results"]["bindings"]
        summary = result[0]["item"]["value"] if result else 'No additional data found on Wikidata'
    except Exception as e:
        misperrors['error'] = 'wikidata API not accessible {}'.format(e)
        return misperrors['error']

    r = {'results': [{'types': mispattributes['output'], 'values': summary}]}
    return r


def introspection():
    return mispattributes


def version():
    moduleinfo['config'] = moduleconfig
    return moduleinfo
Added expansion for Wikidata. Analyst can query Wikidata by label to get additional information for particular term. 2016-10-07 12:57:01 +02:00			`import json`
			`from SPARQLWrapper import SPARQLWrapper, JSON`

			`misperrors = {'error': 'Error'}`
label replaced by text, which is existing attribute 2016-10-11 14:48:59 +02:00			`mispattributes = {'input': ['text'], 'output': ['text']}`
chg: [doc] Big doc revamp #680 2024-08-12 11:23:10 +02:00			`moduleinfo = {`
			`'version': '0.2',`
			`'author': 'Roman Graf',`
			`'description': 'An expansion hover module to extract information from Wikidata to have additional information about particular term for analysis.',`
			`'module-type': ['hover'],`
			`'name': 'Wikidata Lookup',`
			`'logo': 'wikidata.png',`
			`'requirements': ['SPARQLWrapper python library'],`
			`'features': 'This module takes a text attribute as input and queries the Wikidata API. If the text attribute is clear enough to define a specific term, the API returns a wikidata link in response.',`
			`'references': ['https://www.wikidata.org'],`
			`'input': 'Text attribute.',`
			`'output': 'Text attribute.',`
			`}`
Added expansion for Wikidata. Analyst can query Wikidata by label to get additional information for particular term. 2016-10-07 12:57:01 +02:00			`moduleconfig = []`
label replaced by text, which is existing attribute 2016-10-11 14:48:59 +02:00			`# sample query text 'Microsoft' should provide Wikidata link https://www.wikidata.org/wiki/Q2283 in response`
Added expansion for Wikidata. Analyst can query Wikidata by label to get additional information for particular term. 2016-10-07 12:57:01 +02:00			`wiki_api_url = 'https://query.wikidata.org/bigdata/namespace/wdq/sparql'`


			`def handler(q=False):`
			`if q is False:`
			`return False`
			`request = json.loads(q)`
label replaced by text, which is existing attribute 2016-10-11 14:48:59 +02:00			`if not request.get('text'):`
			`misperrors['error'] = 'Query text missing'`
Added expansion for Wikidata. Analyst can query Wikidata by label to get additional information for particular term. 2016-10-07 12:57:01 +02:00			`return misperrors`
fix: Make pep8 happy 2018-12-11 15:29:09 +01:00
fix: [wiki] Change User-Agent to avoid 403 error 2022-03-04 10:07:53 +01:00			`sparql = SPARQLWrapper(wiki_api_url, agent='Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36')`
Added expansion for Wikidata. Analyst can query Wikidata by label to get additional information for particular term. 2016-10-07 12:57:01 +02:00			`query_string = \`
fix: Make pep8 happy 2018-12-11 15:29:09 +01:00			`"SELECT ?item \n" \`
			`"WHERE { \n" \`
			`"?item rdfs:label\"" + request.get('text') + "\" @en \n" \`
			`"}\n"`
Added expansion for Wikidata. Analyst can query Wikidata by label to get additional information for particular term. 2016-10-07 12:57:01 +02:00			`sparql.setQuery(query_string)`
			`sparql.setReturnFormat(JSON)`
			`results = sparql.query().convert()`
			`try:`
fix: Handling cases where there is no result from the query 2019-10-08 13:28:23 +02:00			`result = results["results"]["bindings"]`
			`summary = result[0]["item"]["value"] if result else 'No additional data found on Wikidata'`
Added expansion for Wikidata. Analyst can query Wikidata by label to get additional information for particular term. 2016-10-07 12:57:01 +02:00			`except Exception as e:`
fix: Handling cases where there is no result from the query 2019-10-08 13:28:23 +02:00			`misperrors['error'] = 'wikidata API not accessible {}'.format(e)`
Added expansion for Wikidata. Analyst can query Wikidata by label to get additional information for particular term. 2016-10-07 12:57:01 +02:00			`return misperrors['error']`

			`r = {'results': [{'types': mispattributes['output'], 'values': summary}]}`
			`return r`


			`def introspection():`
			`return mispattributes`


			`def version():`
			`moduleinfo['config'] = moduleconfig`
			`return moduleinfo`