misp-modules/misp_modules/modules/expansion/ipasn.py

# -*- coding: utf-8 -*-

import json
from . import check_input_attribute, standard_error_message
from pyipasnhistory import IPASNHistory
from pymisp import MISPAttribute, MISPEvent, MISPObject

misperrors = {'error': 'Error'}
mispattributes = {'input': ['ip-src', 'ip-dst', 'ip'], 'format': 'misp_standard'}
moduleinfo = {'version': '0.3', 'author': 'Raphaël Vinot', 'description': 'Query an IP ASN history service (https://github.com/D4-project/IPASN-History?tab=readme-ov-file)', 'module-type': ['expansion', 'hover']}


def parse_result(attribute, values):
    event = MISPEvent()
    initial_attribute = MISPAttribute()
    initial_attribute.from_dict(**attribute)
    event.add_attribute(**initial_attribute)
    mapping = {'asn': ('AS', 'asn'), 'prefix': ('ip-src', 'subnet-announced')}
    for last_seen, response in values['response'].items():
        asn = MISPObject('asn')
        asn.add_attribute('last-seen', **{'type': 'datetime', 'value': last_seen})
        for feature, attribute_fields in mapping.items():
            attribute_type, object_relation = attribute_fields
            asn.add_attribute(object_relation, **{'type': attribute_type, 'value': response[feature]})
        asn.add_reference(initial_attribute.uuid, 'related-to')
        event.add_object(**asn)
    event = json.loads(event.to_json())
    return {key: event[key] for key in ('Attribute', 'Object')}


def handler(q=False):
    if q is False:
        return False
    request = json.loads(q)
    if not request.get('attribute') or not check_input_attribute(request['attribute']):
        return {'error': f'{standard_error_message}, which should contain at least a type, a value and an uuid.'}
    if request['attribute']['type'] not in mispattributes['input']:
        return {'error': 'Unsupported attribute type.'}
    if request['attribute']['type'] == 'ip':
        request['attribute']['type'] = 'ip-src'

    toquery = request['attribute']['value']

    ipasn = IPASNHistory()
    values = ipasn.query(toquery)

    if not values:
        misperrors['error'] = 'Unable to find the history of this IP'
        return misperrors
    return {'results': parse_result(request['attribute'], values)}


def introspection():
    return mispattributes


def version():
    return moduleinfo
Add IPASN history module 2016-05-01 12:09:33 +02:00			`# -- coding: utf-8 --`

			`import json`
add: Specific error message for misp_standard format expansion modules - Checking if the input format is respected and displaying an error message if it is not 2020-07-28 11:47:53 +02:00			`from . import check_input_attribute, standard_error_message`
chg: Use pipenv, update bgpranking/ipasn modules 2019-01-21 13:31:52 +01:00			`from pyipasnhistory import IPASNHistory`
chg: Making ipasn module return asn object(s) - Latest changes on the returned value as string broke the freetext parser, because no asn number could be parsed when we return the full json blob as a freetext attribute - Now returning asn object(s) with a reference to the initial attribute 2020-01-10 15:02:59 +01:00			`from pymisp import MISPAttribute, MISPEvent, MISPObject`
Add IPASN history module 2016-05-01 12:09:33 +02:00
			`misperrors = {'error': 'Error'}`
fix: [ipasn] add support for `ip` type 2024-06-06 09:54:20 +02:00			`mispattributes = {'input': ['ip-src', 'ip-dst', 'ip'], 'format': 'misp_standard'}`
			`moduleinfo = {'version': '0.3', 'author': 'Raphaël Vinot', 'description': 'Query an IP ASN history service (https://github.com/D4-project/IPASN-History?tab=readme-ov-file)', 'module-type': ['expansion', 'hover']}`
Add IPASN history module 2016-05-01 12:09:33 +02:00

chg: Making ipasn module return asn object(s) - Latest changes on the returned value as string broke the freetext parser, because no asn number could be parsed when we return the full json blob as a freetext attribute - Now returning asn object(s) with a reference to the initial attribute 2020-01-10 15:02:59 +01:00			`def parse_result(attribute, values):`
			`event = MISPEvent()`
			`initial_attribute = MISPAttribute()`
			`initial_attribute.from_dict(**attribute)`
			`event.add_attribute(**initial_attribute)`
			`mapping = {'asn': ('AS', 'asn'), 'prefix': ('ip-src', 'subnet-announced')}`
			`for last_seen, response in values['response'].items():`
			`asn = MISPObject('asn')`
			`asn.add_attribute('last-seen', **{'type': 'datetime', 'value': last_seen})`
			`for feature, attribute_fields in mapping.items():`
			`attribute_type, object_relation = attribute_fields`
			`asn.add_attribute(object_relation, **{'type': attribute_type, 'value': response[feature]})`
			`asn.add_reference(initial_attribute.uuid, 'related-to')`
			`event.add_object(**asn)`
			`event = json.loads(event.to_json())`
			`return {key: event[key] for key in ('Attribute', 'Object')}`


Add IPASN history module 2016-05-01 12:09:33 +02:00			`def handler(q=False):`
			`if q is False:`
			`return False`
			`request = json.loads(q)`
add: Specific error message for misp_standard format expansion modules - Checking if the input format is respected and displaying an error message if it is not 2020-07-28 11:47:53 +02:00			`if not request.get('attribute') or not check_input_attribute(request['attribute']):`
			`return {'error': f'{standard_error_message}, which should contain at least a type, a value and an uuid.'}`
			`if request['attribute']['type'] not in mispattributes['input']:`
			`return {'error': 'Unsupported attribute type.'}`
fix: [ipasn] add support for `ip` type 2024-06-06 09:54:20 +02:00			`if request['attribute']['type'] == 'ip':`
			`request['attribute']['type'] = 'ip-src'`

add: Specific error message for misp_standard format expansion modules - Checking if the input format is respected and displaying an error message if it is not 2020-07-28 11:47:53 +02:00			`toquery = request['attribute']['value']`
Add IPASN history module 2016-05-01 12:09:33 +02:00
chg: Use pipenv, update bgpranking/ipasn modules 2019-01-21 13:31:52 +01:00			`ipasn = IPASNHistory()`
			`values = ipasn.query(toquery)`
Fix again IPASN module 2016-05-04 12:52:01 +02:00
Add IPASN history module 2016-05-01 12:09:33 +02:00			`if not values:`
			`misperrors['error'] = 'Unable to find the history of this IP'`
			`return misperrors`
chg: Making ipasn module return asn object(s) - Latest changes on the returned value as string broke the freetext parser, because no asn number could be parsed when we return the full json blob as a freetext attribute - Now returning asn object(s) with a reference to the initial attribute 2020-01-10 15:02:59 +01:00			`return {'results': parse_result(request['attribute'], values)}`
Add IPASN history module 2016-05-01 12:09:33 +02:00

			`def introspection():`
			`return mispattributes`


			`def version():`
			`return moduleinfo`