From 38a6dc810e8a6f3882a4a6977a130e851d049fb0 Mon Sep 17 00:00:00 2001
From: Christian Studer <christian.studer@circl.lu>
Date: Mon, 24 Oct 2022 16:18:22 +0200
Subject: [PATCH] fix: [variodbs] Properly handling the exploit results when
 there is more that 10 results

- We keep querying the VARIoT db API with the link
  of the next content until there is no next result
---
 misp_modules/modules/expansion/variotdbs.py | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/misp_modules/modules/expansion/variotdbs.py b/misp_modules/modules/expansion/variotdbs.py
index 9b67d88..0f6202a 100644
--- a/misp_modules/modules/expansion/variotdbs.py
+++ b/misp_modules/modules/expansion/variotdbs.py
@@ -73,7 +73,7 @@ class VariotdbsParser:
         return {'results': results}
 
     def parse_exploit_information(self, query_results):
-        for exploit in query_results['results']:
+        for exploit in query_results:
             exploit_object = MISPObject('exploit')
             exploit_object.add_attribute('exploitdb-id', exploit['edb_id'])
             for feature, relation in self.exploit_mapping.items():
@@ -187,8 +187,17 @@ def handler(q=False):
     if r.status_code == 200:
         exploit_results = r.json()
         if exploit_results:
-            parser.parse_exploit_information(exploit_results)
+            parser.parse_exploit_information(exploit_results['results'])
             empty = False
+        if exploit_results['next'] is not None:
+            while(1):
+                exploit_results = requests.get(exploit_results['next'], headers=headers)
+                if exploit_results.status_code != 200:
+                    break
+                exploit_results = exploit_results.json()
+                parser.parse_exploit_information(exploit_results['results'])
+                if exploit_results['next'] is None:
+                    break
     else:
         return {'error': 'Error while querying the variotdbs API.'}
     if empty: