misp-modules/misp_modules/modules/expansion/cve.py

import json
import requests

misperrors = {'error': 'Error'}
mispattributes = {'input': ['vulnerability'], 'output': ['text']}
moduleinfo = {
    'version': '0.4',
    'author': 'Alexandre Dulaunoy',
    'description': 'An expansion hover module to expand information about CVE id.',
    'module-type': ['hover'],
    'name': 'CVE Lookup',
    'logo': 'cve.png',
    'requirements': [],
    'features': 'The module takes a vulnerability attribute as input and queries the CIRCL CVE search API to get information about the vulnerability as it is described in the list of CVEs.',
    'references': ['https://vulnerability.circl.lu/', 'https://cve.mitre.org/'],
    'input': 'Vulnerability attribute.',
    'output': 'Text giving information about the CVE related to the Vulnerability.',
}
moduleconfig = ["custom_API"]
cveapi_url = 'https://vulnerability.circl.lu/api/cve/'


def check_url(url):
    return "{}/".format(url) if not url.endswith('/') else url


def handler(q=False):
    if q is False:
        return False
    request = json.loads(q)
    if not request.get('vulnerability'):
        misperrors['error'] = 'Vulnerability id missing'
        return misperrors

    api_url = check_url(request['config']['custom_API']) if request.get('config') and request['config'].get('custom_API') else cveapi_url
    r = requests.get("{}{}".format(api_url, request.get('vulnerability')))
    if r.status_code == 200:
        vulnerability = json.loads(r.text)
        try:
            summary = vulnerability['containers']['cna']['descriptions'][0]['value']
        except Exception:
            summary = 'Non existing CVE'
    else:
        misperrors['error'] = 'API not accessible'
        return misperrors['error']

    r = {'results': [{'types': mispattributes['output'], 'values': summary}]}
    return r


def introspection():
    return mispattributes


def version():
    moduleinfo['config'] = moduleconfig
    return moduleinfo
CVE hover expansion module An hover module is a module returning a JSON that can be used as hover element in the MISP UI. 2016-03-18 07:51:13 +01:00			`import json`
			`import requests`

			`misperrors = {'error': 'Error'}`
Return a text attribute for an hover only module 2016-03-24 21:44:15 +01:00			`mispattributes = {'input': ['vulnerability'], 'output': ['text']}`
chg: [doc] Big doc revamp #680 2024-08-12 11:23:10 +02:00			`moduleinfo = {`
			`'version': '0.4',`
			`'author': 'Alexandre Dulaunoy',`
			`'description': 'An expansion hover module to expand information about CVE id.',`
			`'module-type': ['hover'],`
			`'name': 'CVE Lookup',`
			`'logo': 'cve.png',`
			`'requirements': [],`
			`'features': 'The module takes a vulnerability attribute as input and queries the CIRCL CVE search API to get information about the vulnerability as it is described in the list of CVEs.',`
			`'references': ['https://vulnerability.circl.lu/', 'https://cve.mitre.org/'],`
			`'input': 'Vulnerability attribute.',`
			`'output': 'Text giving information about the CVE related to the Vulnerability.',`
			`}`
adding custom API Adding the possibility to have our own API server. 2019-09-17 11:07:23 +02:00			`moduleconfig = ["custom_API"]`
fix: [cve] fix CVE module to new vulnerability.circl.lu url 2024-08-09 09:53:14 +02:00			`cveapi_url = 'https://vulnerability.circl.lu/api/cve/'`
CVE hover expansion module An hover module is a module returning a JSON that can be used as hover element in the MISP UI. 2016-03-18 07:51:13 +01:00
fix: Making pep8 happy 2019-09-17 14:13:05 +02:00
adding custom API Adding the possibility to have our own API server. 2019-09-17 11:07:23 +02:00			`def check_url(url):`
			`return "{}/".format(url) if not url.endswith('/') else url`
CVE hover expansion module An hover module is a module returning a JSON that can be used as hover element in the MISP UI. 2016-03-18 07:51:13 +01:00
fix: Making pep8 happy 2019-09-17 14:13:05 +02:00
CVE hover expansion module An hover module is a module returning a JSON that can be used as hover element in the MISP UI. 2016-03-18 07:51:13 +01:00			`def handler(q=False):`
			`if q is False:`
			`return False`
			`request = json.loads(q)`
			`if not request.get('vulnerability'):`
			`misperrors['error'] = 'Vulnerability id missing'`
			`return misperrors`

fix: Travis tests should be happy now 2019-10-04 17:22:32 +02:00			`api_url = check_url(request['config']['custom_API']) if request.get('config') and request['config'].get('custom_API') else cveapi_url`
adding custom API Adding the possibility to have our own API server. 2019-09-17 11:07:23 +02:00			`r = requests.get("{}{}".format(api_url, request.get('vulnerability')))`
CVE hover expansion module An hover module is a module returning a JSON that can be used as hover element in the MISP UI. 2016-03-18 07:51:13 +01:00			`if r.status_code == 200:`
			`vulnerability = json.loads(r.text)`
fix: [cve] fix CVE module to new vulnerability.circl.lu url 2024-08-09 09:53:14 +02:00			`try:`
			`summary = vulnerability['containers']['cna']['descriptions'][0]['value']`
			`except Exception:`
fix: #137 when a CVE is not found, a return message is given 2017-10-21 19:52:19 +02:00			`summary = 'Non existing CVE'`
CVE hover expansion module An hover module is a module returning a JSON that can be used as hover element in the MISP UI. 2016-03-18 07:51:13 +01:00			`else:`
adding custom API Adding the possibility to have our own API server. 2019-09-17 11:07:23 +02:00			`misperrors['error'] = 'API not accessible'`
CVE hover expansion module An hover module is a module returning a JSON that can be used as hover element in the MISP UI. 2016-03-18 07:51:13 +01:00			`return misperrors['error']`

Return a text attribute for an hover only module 2016-03-24 21:44:15 +01:00			`r = {'results': [{'types': mispattributes['output'], 'values': summary}]}`
			`return r`
CVE hover expansion module An hover module is a module returning a JSON that can be used as hover element in the MISP UI. 2016-03-18 07:51:13 +01:00

			`def introspection():`
			`return mispattributes`


			`def version():`
			`moduleinfo['config'] = moduleconfig`
			`return moduleinfo`