MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #173 from m3047/master 

Add exception blocks for query errors.
pull/177/head
Alexandre Dulaunoy 2018-03-10 13:53:58 +01:00 committed by GitHub
parent a2ebcdb358 d0f618b648
commit 7a8aacb986
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 27 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
misp_modules/modules/expansion/farsight_passivedns.py
View File

@ -1,5 +1,5 @@
import json import json
from ._dnsdb_query.dnsdb_query import DnsdbClient from ._dnsdb_query.dnsdb_query import DnsdbClient, QueryError
misperrors = {'error': 'Error'} misperrors = {'error': 'Error'}
@ -41,6 +41,7 @@ def handler(q=False):
def lookup_name(client, name): def lookup_name(client, name):
try:
res = client.query_rrset(name) # RRSET = entries in the left-hand side of the domain name related labels res = client.query_rrset(name) # RRSET = entries in the left-hand side of the domain name related labels
for item in res: for item in res:
if item.get('rrtype') in ['A', 'AAAA', 'CNAME']: if item.get('rrtype') in ['A', 'AAAA', 'CNAME']:
@ -50,17 +51,25 @@ def lookup_name(client, name):
for i in item.get('rdata'): for i in item.get('rdata'):
# grab email field and replace first dot by @ to convert to an email address # grab email field and replace first dot by @ to convert to an email address
yield(i.split(' ')[1].rstrip('.').replace('.', '@', 1)) yield(i.split(' ')[1].rstrip('.').replace('.', '@', 1))
# res = client.query_rdata_name(name) # RDATA = entries on the right-hand side of the domain name related labels except QueryError as e:
# for item in res: pass
# if item.get('rrtype') in ['A', 'AAAA', 'CNAME']:
# yield(item.get('rrname').rstrip('.')) try:
res = client.query_rdata_name(name) # RDATA = entries on the right-hand side of the domain name related labels
for item in res:
if item.get('rrtype') in ['A', 'AAAA', 'CNAME']:
yield(item.get('rrname').rstrip('.'))
except QueryError as e:
pass
def lookup_ip(client, ip): def lookup_ip(client, ip):
try:
res = client.query_rdata_ip(ip) res = client.query_rdata_ip(ip)
for item in res: for item in res:
print(item)
yield(item['rrname'].rstrip('.')) yield(item['rrname'].rstrip('.'))
except QueryError as e:
pass
def introspection(): def introspection():