From 3d5b686f2fe9ba87c2a9f648da3c81feb9d1a2c1 Mon Sep 17 00:00:00 2001
From: Iglocska <andras.iklody@gmail.com>
Date: Sun, 20 Mar 2016 10:55:39 +0100
Subject: [PATCH] Some changes to the sourcecache expansion

- return attachment or malware sample
---
 bin/misp-modules.py              |  2 +-
 modules/expansion/sourcecache.py | 17 ++++++++++++-----
 2 files changed, 13 insertions(+), 6 deletions(-)
 mode change 100644 => 100755 bin/misp-modules.py

diff --git a/bin/misp-modules.py b/bin/misp-modules.py
old mode 100644
new mode 100755
index 5b8dce8..99c3470
--- a/bin/misp-modules.py
+++ b/bin/misp-modules.py
@@ -45,7 +45,7 @@ modulesdir = '../modules/expansion'
 mhandlers = {}
 modules = []
 for module in os.listdir(modulesdir):
-    if ".py" not in module or ".pyc" in module:
+    if ".py" not in module or ".pyc" in module or ".py~" in module:
         continue
     if re.match("^\.", module):
         continue
diff --git a/modules/expansion/sourcecache.py b/modules/expansion/sourcecache.py
index 14d2ca5..eab6589 100755
--- a/modules/expansion/sourcecache.py
+++ b/modules/expansion/sourcecache.py
@@ -2,7 +2,7 @@ import json
 from url_archiver import url_archiver
 
 misperrors = {'error': 'Error'}
-mispattributes = {'input': ['link'], 'output': ['link']}
+mispattributes = {'input': ['link', 'url'], 'output': ['attachment', 'malware-sample']}
 moduleinfo = {'version': '0.1', 'author': 'Alexandre Dulaunoy', 'description': 'Module to cache web pages of analysis reports, OSINT sources. The module returns a link of the cached page.'}
 moduleconfig = ['archivepath']
 
@@ -17,16 +17,23 @@ def handler(q=False):
         archive_path = '/tmp/'
     if request.get('link'):
         tocache = request['link']
-        archiver = url_archiver.Archive(archive_path=archive_path)
-        archiver.fetch(url=tocache)
-        mispattributes['output'] = ['link']
+        data = __archiveLink(archive_path, tocache)
+        mispattributes['output'] = ['attachment']
+    elif request.get('url'):
+        tocache = request['url']
+        data = __archiveLink(archive_path, tocache)
+        mispattributes['output'] = ['malware-sample']
     else:
         misperrors['error'] = "Link is missing"
         return misperrors
-    r = {'results': [{'types': mispattributes['output'], 'values': tocache}]}
+    r = {'results': [{'types': mispattributes['output'], 'values': tocache, 'data': data}]}
     return r
 
 
+def __archiveLink(archive_path, tocache):
+    archiver = url_archiver.Archive(archive_path=archive_path)
+    return archiver.fetch(url=tocache)
+
 def introspection():
     return mispattributes