From 83999d6402030fa5b78630f49cdf1f5d65db5e82 Mon Sep 17 00:00:00 2001
From: Sebdraven <slarinier@gmail.com>
Date: Fri, 22 Jun 2018 15:57:52 +0200
Subject: [PATCH] add domain expansion

---
 misp_modules/modules/expansion/onyphe_full.py | 42 ++++++++++++++-----
 1 file changed, 32 insertions(+), 10 deletions(-)

diff --git a/misp_modules/modules/expansion/onyphe_full.py b/misp_modules/modules/expansion/onyphe_full.py
index 9e7ae8c..39f3d42 100644
--- a/misp_modules/modules/expansion/onyphe_full.py
+++ b/misp_modules/modules/expansion/onyphe_full.py
@@ -49,13 +49,36 @@ def handler(q=False):
         else:
             misperrors['error'] = "Unsupported attributes type"
             return misperrors
-
-
     else:
         return False
 
 
 def handle_domain(api, domain, misperrors):
+    result_filtered = {"results": []}
+
+    r, status_ok = expand_pastries(api, misperrors, domain=domain)
+
+    if status_ok:
+        result_filtered['results'].extend(r)
+    else:
+        misperrors['error'] = 'Error pastries result'
+        return misperrors
+
+    r, status_ok = expand_datascan(api, misperrors, domain=domain)
+
+    if status_ok:
+        result_filtered['results'].extend(r)
+    else:
+        misperrors['error'] = 'Error datascan result '
+        return misperrors
+
+    r, status_ok = expand_threatlist(api, misperrors, domain=domain)
+
+    if status_ok:
+        result_filtered['results'].extend(r)
+    else:
+        misperrors['error'] = 'Error threat list'
+        return misperrors
     pass
 
 
@@ -271,19 +294,18 @@ def expand_forward(api, ip, misperror):
 def expand_pastries(api, misperror, **kwargs):
     status_ok = False
     r = []
-    ip = None
-    domain = None
+
+    query = None
     result = None
     urls_pasties = []
     domains = []
     ips = []
     if 'ip' in kwargs:
-        ip = kwargs.get('ip')
-        result = api.pastries(ip)
-
+        query = kwargs.get('ip')
     if 'domain' in kwargs:
-        domain = kwargs.get('domain')
-        result = api.pastries(domain)
+        query = kwargs.get('domain')
+
+    api.pastries(query)
 
     if result['status'] =='ok':
         status_ok = True
@@ -302,7 +324,7 @@ def expand_pastries(api, misperror, **kwargs):
         r.append({'types': ['url'],
                   'values': urls_pasties,
                   'categories': ['External analysis'],
-                  'comment':'URLs of pasties where %s has found' % ip})
+                  'comment':'URLs of pasties where %s has found' % query})
         r.append({'types': ['domain'], 'values': list(set(domains)),
                   'categories': ['Network activity'],
                   'comment': 'Domains found in pasties of Onyphe'})