mirror of https://github.com/MISP/misp-modules
fix: Avoid issues with the attribute value field name
- The module setup allows 'value1' as attribute value field name, but we want to make sure that users passing standard misp format with 'value' instead, will not have issues, as well as keeping the current setuppull/420/head
parent
3b7a5c4dc2
commit
3ab67b23b6
|
@ -113,12 +113,18 @@ def handler(q=False):
|
|||
if attribute['type'] not in misp_types_in:
|
||||
return {'error': 'Unsupported attribute type.'}
|
||||
client = SophosLabsApi(j['config']['client_id'], j['config']['client_secret'])
|
||||
if j['attribute']['type'] == "sha256":
|
||||
client.hash_lookup(j['attribute']['value1'])
|
||||
if j['attribute']['type'] in ['ip-dst', 'ip-src', 'ip']:
|
||||
client.ip_lookup(j["attribute"]["value1"])
|
||||
if j['attribute']['type'] in ['uri', 'url', 'domain', 'hostname']:
|
||||
client.url_lookup(j["attribute"]["value1"])
|
||||
mapping = {
|
||||
'sha256': 'hash_lookup',
|
||||
'ip-dst': 'ip_lookup',
|
||||
'ip-src': 'ip_lookup',
|
||||
'ip': 'ip_lookup',
|
||||
'uri': 'url_lookup',
|
||||
'url': 'url_lookup',
|
||||
'domain': 'url_lookup',
|
||||
'hostname': 'url_lookup'
|
||||
}
|
||||
attribute_value = attribute['value'] if 'value' in attribute else attribute['value1']
|
||||
getattr(client, mapping[attribute['type']])(attribute_value)
|
||||
return client.get_result()
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue