mirror of https://github.com/MISP/misp-modules
fix: [crowdsec] Fixed the module input handling
- Made the module an expansion module as it is the standard type, and `hover` usually is the option - Better input handling, checking now for the `attribute` field as the information of the full attribute is passed in misp standard format and not only its type and value - As for now only `v2` is supported as API version we removed the parameter to avoid confusion. It can be added back later when multiple versions are supportedpull/613/head
parent
88962aba19
commit
51cf8524ad
|
@ -1,17 +1,17 @@
|
||||||
import json
|
import json
|
||||||
|
|
||||||
from pymisp import MISPEvent, MISPObject
|
|
||||||
import pycountry
|
import pycountry
|
||||||
import requests
|
import requests
|
||||||
|
from . import check_input_attribute, standard_error_message
|
||||||
|
from pymisp import MISPEvent, MISPObject
|
||||||
|
|
||||||
mispattributes = {"input": ["ip-dst", "ip-src"], "output": ["text"]}
|
mispattributes = {"input": ["ip-dst", "ip-src"], "format": "misp_standard"}
|
||||||
moduleinfo = {
|
moduleinfo = {
|
||||||
"version": "1.0",
|
"version": "1.0",
|
||||||
"author": "Shivam Sandbhor <shivam@crowdsec.net>",
|
"author": "Shivam Sandbhor <shivam@crowdsec.net>",
|
||||||
"description": "Module to access CrowdSec CTI API.",
|
"description": "Module to access CrowdSec CTI API.",
|
||||||
"module-type": ["hover", "expansion"],
|
"module-type": ["hover", "expansion"],
|
||||||
}
|
}
|
||||||
moduleconfig = ["api_key", "api_version"]
|
moduleconfig = ["api_key"]
|
||||||
|
|
||||||
|
|
||||||
def handler(q=False):
|
def handler(q=False):
|
||||||
|
@ -25,18 +25,17 @@ def handler(q=False):
|
||||||
if not request["config"].get("api_key"):
|
if not request["config"].get("api_key"):
|
||||||
return {"error": "Missing CrowdSec API key"}
|
return {"error": "Missing CrowdSec API key"}
|
||||||
|
|
||||||
request["config"]["api_version"] = "v2"
|
if not request.get('attribute') or not check_input_attribute(request['attribute']):
|
||||||
|
return {'error': f'{standard_error_message}, which shoul contain at least a type, a value and an uuid.'}
|
||||||
|
|
||||||
if request["config"]["api_version"] == "v2":
|
if request['attribute'].get('type') not in mispattributes['input']:
|
||||||
return _handler_v2(request)
|
return {'error': f"Wrong input type. Please choose on of the following: {', '.join(mispattributes['input'])}"}
|
||||||
return {"error": f'API version {request["config"]["api_version"]} not supported'}
|
|
||||||
|
return _handler_v2(request)
|
||||||
|
|
||||||
|
|
||||||
def _handler_v2(request_data):
|
def _handler_v2(request_data):
|
||||||
if request_data.get("ip-dst"):
|
ip = request_data['attribute']['value']
|
||||||
ip = request_data.get("ip-dst")
|
|
||||||
elif request_data.get("ip-src"):
|
|
||||||
ip = request_data.get("ip-src")
|
|
||||||
|
|
||||||
crowdsec_cti = requests.get(
|
crowdsec_cti = requests.get(
|
||||||
f"https://cti.api.crowdsec.net/v2/smoke/{ip}",
|
f"https://cti.api.crowdsec.net/v2/smoke/{ip}",
|
||||||
|
|
Loading…
Reference in New Issue