MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

fix: [cpe] Typos and variable name issues fixed + Making the module available in MISP

pull/437/head
chrisr3d 2020-10-24 02:40:31 +02:00
parent 410aaaeb28
commit 88c8d9077c
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
2 changed files with 15 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
misp_modules/modules/expansion/__init__.py
View File

@ -5,8 +5,8 @@ import sys
sys.path.append('{}/lib'.format('/'.join((os.path.realpath(__file__)).split('/')[:-3])))
__all__ = ['cuckoo_submit', 'vmray_submit', 'bgpranking', 'circl_passivedns', 'circl_passivessl',
'countrycode', 'cve', 'cve_advanced', 'dns', 'btc_steroids', 'domaintools', 'eupi', 'eql',
'farsight_passivedns', 'ipasn', 'passivetotal', 'sourcecache', 'virustotal',
'countrycode', 'cve', 'cve_advanced', 'cpe', 'dns', 'btc_steroids', 'domaintools', 'eupi',
'eql', 'farsight_passivedns', 'ipasn', 'passivetotal', 'sourcecache', 'virustotal',
'whois', 'shodan', 'reversedns', 'geoip_asn', 'geoip_city', 'geoip_country', 'wiki', 'iprep',
'threatminer', 'otx', 'threatcrowd', 'vulndb', 'crowdstrike_falcon',
'yara_syntax_validator', 'hashdd', 'onyphe', 'onyphe_full', 'rbl',

23
misp_modules/modules/expansion/cpe.py
View File

@ -1,19 +1,21 @@
import json
import requests
from . import check_input_attribute, standard_error_message
from pymisp import MISPEvent, MISPObject
misperrors = {'error': 'Error'}
mispattributes = {'input': ['vulnerability'], 'format': 'misp_standard'}
mispattributes = {'input': ['cpe'], 'format': 'misp_standard'}
moduleinfo = {
'version': '1',
'author': 'Christian Studer',
'description': 'An expansion module to enrich a CPE attribute with the related vulnerabilities.',
'description': 'An expansion module to enrich a CPE attribute with its related vulnerabilities.',
'module-type': ['expansion', 'hover']
}
moduleconfig = ["custom_API_URL"]
moduleconfig = ["custom_API_URL", "limit"]
cveapi_url = 'https://cve.circl.lu/api/cvefor/'
class VulnerabilityParser():
class VulnerabilitiesParser():
def __init__(self, attribute, api_url):
self.attribute = attribute
self.api_url = api_url
@ -60,7 +62,7 @@ class VulnerabilityParser():
for feature in ('id', 'summary', 'Modified', 'Published', 'cvss'):
if vulnerability.get(feature):
attribute = {'value': vulnerability[feature]}
atttribute.update(self.vulnerability_mapping[feature])
attribute.update(self.vulnerability_mapping[feature])
vulnerability_object.add_attribute(**attribute)
if vulnerability.get('Published'):
vulnerability_object.add_attribute(**{
@ -81,7 +83,7 @@ class VulnerabilityParser():
def get_result(self):
event = json.loads(self.misp_event.to_json())
results = {key: event[key] for key in ('Attribute', 'Object') if (key in event and event[key])}
results = {key: event[key] for key in ('Attribute', 'Object')}
return {'results': results}
@ -98,10 +100,11 @@ def handler(q=False):
attribute = request['attribute']
if attribute.get('type') != 'cpe':
return {'error': 'Wrong input attribute type.'}
if not request.get('config') or not request['config'].get('custom_API_URL'):
return {'error': 'Missing API URL'}
api_url = check_url(request['config']['custom_API_URL'])
response = requests.get("{}{}".format(api_url, attribute['value']))
api_url = check_url(request['config']['custom_API_URL']) if request['config'].get('custom_API_URL') else cveapi_url
url = f"{api_url}{attribute['value']}"
if request['config'].get('limit'):
url = f"{url}/{request['config']['limit']}"
response = requests.get(url)
if response.status_code == 200:
vulnerabilities = response.json()
if not vulnerabilities: