mirror of https://github.com/MISP/misp-modules
fix: [cpe] Typos and variable name issues fixed + Making the module available in MISP
parent
410aaaeb28
commit
88c8d9077c
|
@ -5,8 +5,8 @@ import sys
|
||||||
sys.path.append('{}/lib'.format('/'.join((os.path.realpath(__file__)).split('/')[:-3])))
|
sys.path.append('{}/lib'.format('/'.join((os.path.realpath(__file__)).split('/')[:-3])))
|
||||||
|
|
||||||
__all__ = ['cuckoo_submit', 'vmray_submit', 'bgpranking', 'circl_passivedns', 'circl_passivessl',
|
__all__ = ['cuckoo_submit', 'vmray_submit', 'bgpranking', 'circl_passivedns', 'circl_passivessl',
|
||||||
'countrycode', 'cve', 'cve_advanced', 'dns', 'btc_steroids', 'domaintools', 'eupi', 'eql',
|
'countrycode', 'cve', 'cve_advanced', 'cpe', 'dns', 'btc_steroids', 'domaintools', 'eupi',
|
||||||
'farsight_passivedns', 'ipasn', 'passivetotal', 'sourcecache', 'virustotal',
|
'eql', 'farsight_passivedns', 'ipasn', 'passivetotal', 'sourcecache', 'virustotal',
|
||||||
'whois', 'shodan', 'reversedns', 'geoip_asn', 'geoip_city', 'geoip_country', 'wiki', 'iprep',
|
'whois', 'shodan', 'reversedns', 'geoip_asn', 'geoip_city', 'geoip_country', 'wiki', 'iprep',
|
||||||
'threatminer', 'otx', 'threatcrowd', 'vulndb', 'crowdstrike_falcon',
|
'threatminer', 'otx', 'threatcrowd', 'vulndb', 'crowdstrike_falcon',
|
||||||
'yara_syntax_validator', 'hashdd', 'onyphe', 'onyphe_full', 'rbl',
|
'yara_syntax_validator', 'hashdd', 'onyphe', 'onyphe_full', 'rbl',
|
||||||
|
|
|
@ -1,19 +1,21 @@
|
||||||
import json
|
import json
|
||||||
import requests
|
import requests
|
||||||
from . import check_input_attribute, standard_error_message
|
from . import check_input_attribute, standard_error_message
|
||||||
|
from pymisp import MISPEvent, MISPObject
|
||||||
|
|
||||||
misperrors = {'error': 'Error'}
|
misperrors = {'error': 'Error'}
|
||||||
mispattributes = {'input': ['vulnerability'], 'format': 'misp_standard'}
|
mispattributes = {'input': ['cpe'], 'format': 'misp_standard'}
|
||||||
moduleinfo = {
|
moduleinfo = {
|
||||||
'version': '1',
|
'version': '1',
|
||||||
'author': 'Christian Studer',
|
'author': 'Christian Studer',
|
||||||
'description': 'An expansion module to enrich a CPE attribute with the related vulnerabilities.',
|
'description': 'An expansion module to enrich a CPE attribute with its related vulnerabilities.',
|
||||||
'module-type': ['expansion', 'hover']
|
'module-type': ['expansion', 'hover']
|
||||||
}
|
}
|
||||||
moduleconfig = ["custom_API_URL"]
|
moduleconfig = ["custom_API_URL", "limit"]
|
||||||
|
cveapi_url = 'https://cve.circl.lu/api/cvefor/'
|
||||||
|
|
||||||
|
|
||||||
class VulnerabilityParser():
|
class VulnerabilitiesParser():
|
||||||
def __init__(self, attribute, api_url):
|
def __init__(self, attribute, api_url):
|
||||||
self.attribute = attribute
|
self.attribute = attribute
|
||||||
self.api_url = api_url
|
self.api_url = api_url
|
||||||
|
@ -60,7 +62,7 @@ class VulnerabilityParser():
|
||||||
for feature in ('id', 'summary', 'Modified', 'Published', 'cvss'):
|
for feature in ('id', 'summary', 'Modified', 'Published', 'cvss'):
|
||||||
if vulnerability.get(feature):
|
if vulnerability.get(feature):
|
||||||
attribute = {'value': vulnerability[feature]}
|
attribute = {'value': vulnerability[feature]}
|
||||||
atttribute.update(self.vulnerability_mapping[feature])
|
attribute.update(self.vulnerability_mapping[feature])
|
||||||
vulnerability_object.add_attribute(**attribute)
|
vulnerability_object.add_attribute(**attribute)
|
||||||
if vulnerability.get('Published'):
|
if vulnerability.get('Published'):
|
||||||
vulnerability_object.add_attribute(**{
|
vulnerability_object.add_attribute(**{
|
||||||
|
@ -81,7 +83,7 @@ class VulnerabilityParser():
|
||||||
|
|
||||||
def get_result(self):
|
def get_result(self):
|
||||||
event = json.loads(self.misp_event.to_json())
|
event = json.loads(self.misp_event.to_json())
|
||||||
results = {key: event[key] for key in ('Attribute', 'Object') if (key in event and event[key])}
|
results = {key: event[key] for key in ('Attribute', 'Object')}
|
||||||
return {'results': results}
|
return {'results': results}
|
||||||
|
|
||||||
|
|
||||||
|
@ -98,10 +100,11 @@ def handler(q=False):
|
||||||
attribute = request['attribute']
|
attribute = request['attribute']
|
||||||
if attribute.get('type') != 'cpe':
|
if attribute.get('type') != 'cpe':
|
||||||
return {'error': 'Wrong input attribute type.'}
|
return {'error': 'Wrong input attribute type.'}
|
||||||
if not request.get('config') or not request['config'].get('custom_API_URL'):
|
api_url = check_url(request['config']['custom_API_URL']) if request['config'].get('custom_API_URL') else cveapi_url
|
||||||
return {'error': 'Missing API URL'}
|
url = f"{api_url}{attribute['value']}"
|
||||||
api_url = check_url(request['config']['custom_API_URL'])
|
if request['config'].get('limit'):
|
||||||
response = requests.get("{}{}".format(api_url, attribute['value']))
|
url = f"{url}/{request['config']['limit']}"
|
||||||
|
response = requests.get(url)
|
||||||
if response.status_code == 200:
|
if response.status_code == 200:
|
||||||
vulnerabilities = response.json()
|
vulnerabilities = response.json()
|
||||||
if not vulnerabilities:
|
if not vulnerabilities:
|
||||||
|
|
Loading…
Reference in New Issue