From 648c6414c3fba06874231919d7d8074664019c99 Mon Sep 17 00:00:00 2001 From: Hannah Ward Date: Wed, 8 Mar 2017 16:35:03 +0000 Subject: [PATCH] fix: Use the proper formatting method and not the horrible % one --- misp_modules/modules/expansion/threatminer.py | 40 +++++++++---------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/misp_modules/modules/expansion/threatminer.py b/misp_modules/modules/expansion/threatminer.py index 9b41c79..1a4be50 100755 --- a/misp_modules/modules/expansion/threatminer.py +++ b/misp_modules/modules/expansion/threatminer.py @@ -10,11 +10,11 @@ mispattributes = {'input': ['hostname', 'domain', 'ip-src', 'ip-dst', 'md5', 'sh } # possible module-types: 'expansion', 'hover' or both -moduleinfo = {'version': '2', 'author': 'Hannah Ward', - 'description': 'Get information from virustotal', +moduleinfo = {'version': '1', 'author': 'KX499', + 'description': 'Get information from ThreatMiner', 'module-type': ['expansion']} -desc = '%s: Threatminer - %s' +desc = '{}: Threatminer - {}' def handler(q=False): @@ -66,25 +66,25 @@ def get_domain(q): if not emails: continue for em_type, email in emails.items(): - ret.append({'types': ['whois-registrant-email'], 'values': [email], 'comment': desc % (q, 'whois')}) + ret.append({'types': ['whois-registrant-email'], 'values': [email], 'comment': desc.format(q, 'whois')}) if flag == 2: #pdns ip = result.get('ip') if ip: - ret.append({'types': ['ip-src', 'ip-dst'], 'values': [ip], 'comment': desc % (q, 'pdns')}) + ret.append({'types': ['ip-src', 'ip-dst'], 'values': [ip], 'comment': desc.format(q, 'pdns')}) if flag == 3: #uri uri = result.get('uri') if uri: - ret.append({'types': ['url'], 'values': [uri], 'comment': desc % (q, 'uri')}) + ret.append({'types': ['url'], 'values': [uri], 'comment': desc.format(q, 'uri')}) if flag == 4: #samples if type(result) is str: - ret.append({'types': ['sha256'], 'values': [result], 'comment': desc % (q, 'samples')}) + ret.append({'types': ['sha256'], 'values': [result], 'comment': desc.format(q, 'samples')}) if flag == 5: #subdomains if type(result) is str: - ret.append({'types': ['domain'], 'values': [result], 'comment': desc % (q, 'subdomain')}) + ret.append({'types': ['domain'], 'values': [result], 'comment': desc.format(q, 'subdomain')}) if flag == 6: #reports link = result.get('URL') if link: - ret.append({'types': ['url'], 'values': [link], 'comment': desc % (q, 'report')}) + ret.append({'types': ['url'], 'values': [link], 'comment': desc.format(q, 'report')}) return ret @@ -105,25 +105,25 @@ def get_ip(q): if not emails: continue for em_type, email in emails.items(): - ret.append({'types': ['whois-registrant-email'], 'values': [email], 'comment': desc % (q, 'whois')}) + ret.append({'types': ['whois-registrant-email'], 'values': [email], 'comment': desc.format(q, 'whois')}) if flag == 2: #pdns ip = result.get('ip') if ip: - ret.append({'types': ['ip-src', 'ip-dst'], 'values': [ip], 'comment': desc % (q, 'pdns')}) + ret.append({'types': ['ip-src', 'ip-dst'], 'values': [ip], 'comment': desc.format(q, 'pdns')}) if flag == 3: #uri uri = result.get('uri') if uri: - ret.append({'types': ['url'], 'values': [uri], 'comment': desc % (q, 'uri')}) + ret.append({'types': ['url'], 'values': [uri], 'comment': desc.format(q, 'uri')}) if flag == 4: #samples if type(result) is str: - ret.append({'types': ['sha256'], 'values': [result], 'comment': desc % (q, 'samples')}) + ret.append({'types': ['sha256'], 'values': [result], 'comment': desc.format(q, 'samples')}) if flag == 5: #ssl if type(result) is str: - ret.append({'types': ['x509-fingerprint-sha1'], 'values': [result], 'comment': desc % (q, 'ssl')}) + ret.append({'types': ['x509-fingerprint-sha1'], 'values': [result], 'comment': desc.format(q, 'ssl')}) if flag == 6: #reports link = result.get('URL') if link: - ret.append({'types': ['url'], 'values': [link], 'comment': desc % (q, 'report')}) + ret.append({'types': ['url'], 'values': [link], 'comment': desc.format(q, 'report')}) return ret @@ -142,25 +142,25 @@ def get_hash(q): if flag == 1: #meta (filename) name = result.get('file_name') if name: - ret.append({'types': ['filename'], 'values': [name], 'comment': desc % (q, 'file')}) + ret.append({'types': ['filename'], 'values': [name], 'comment': desc.format(q, 'file')}) if flag == 3: #network domains = result.get('domains') for dom in domains: if dom.get('domain'): - ret.append({'types': ['domain'], 'values': [dom['domain']], 'comment': desc % (q, 'network')}) + ret.append({'types': ['domain'], 'values': [dom['domain']], 'comment': desc.format(q, 'network')}) hosts = result.get('hosts') for h in hosts: if type(h) is str: - ret.append({'types': ['ip-src', 'ip-dst'], 'values': [h], 'comment': desc % (q, 'network')}) + ret.append({'types': ['ip-src', 'ip-dst'], 'values': [h], 'comment': desc.format(q, 'network')}) if flag == 6: #detections detections = result.get('av_detections') for d in detections: if d.get('detection'): - ret.append({'types': ['text'], 'values': [d['detection']], 'comment': desc % (q, 'detection')}) + ret.append({'types': ['text'], 'values': [d['detection']], 'comment': desc.format(q, 'detection')}) if flag == 7: #report if type(result) is str: - ret.append({'types': ['sha256'], 'values': [result], 'comment': desc % (q, 'report')}) + ret.append({'types': ['sha256'], 'values': [result], 'comment': desc.format(q, 'report')}) return ret