MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

fix: [variodbs] Properly handling the exploit results when there is more that 10 results 

- We keep querying the VARIoT db API with the link
  of the next content until there is no next result
pull/590/head
Christian Studer 2022-10-24 16:18:22 +02:00
parent b964b5e2a6
commit 38a6dc810e
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
misp_modules/modules/expansion/variotdbs.py
View File

@ -73,7 +73,7 @@ class VariotdbsParser:
return {'results': results} return {'results': results}
def parse_exploit_information(self, query_results): def parse_exploit_information(self, query_results):
for exploit in query_results['results']: for exploit in query_results:
exploit_object = MISPObject('exploit') exploit_object = MISPObject('exploit')
exploit_object.add_attribute('exploitdb-id', exploit['edb_id']) exploit_object.add_attribute('exploitdb-id', exploit['edb_id'])
for feature, relation in self.exploit_mapping.items(): for feature, relation in self.exploit_mapping.items():
@ -187,8 +187,17 @@ def handler(q=False):
if r.status_code == 200: if r.status_code == 200:
exploit_results = r.json() exploit_results = r.json()
if exploit_results: if exploit_results:
parser.parse_exploit_information(exploit_results) parser.parse_exploit_information(exploit_results['results'])
empty = False empty = False
if exploit_results['next'] is not None:
while(1):
exploit_results = requests.get(exploit_results['next'], headers=headers)
if exploit_results.status_code != 200:
break
exploit_results = exploit_results.json()
parser.parse_exploit_information(exploit_results['results'])
if exploit_results['next'] is None:
break
else: else:
return {'error': 'Error while querying the variotdbs API.'} return {'error': 'Error while querying the variotdbs API.'}
if empty: if empty: