From 8b25af853f16e3c5f687b41eca771cba80507460 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Thu, 9 May 2024 17:32:29 +0200
Subject: [PATCH] fix: [virustotal] fix the typo for the VT link

Fix #644
Fix #595
---
 misp_modules/modules/expansion/virustotal.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/misp_modules/modules/expansion/virustotal.py b/misp_modules/modules/expansion/virustotal.py
index 29f0550..1b66afa 100644
--- a/misp_modules/modules/expansion/virustotal.py
+++ b/misp_modules/modules/expansion/virustotal.py
@@ -8,7 +8,7 @@ mispattributes = {'input': ['hostname', 'domain', "ip-src", "ip-dst", "md5", "sh
                   'format': 'misp_standard'}
 
 # possible module-types: 'expansion', 'hover' or both
-moduleinfo = {'version': '5', 'author': 'Hannah Ward',
+moduleinfo = {'version': '6', 'author': 'Hannah Ward',
               'description': 'Enrich observables with the VirusTotal v3 API',
               'module-type': ['expansion']}
 
@@ -51,7 +51,11 @@ class VirusTotalParser:
     def add_vt_report(self, report: vt.Object) -> str:
         analysis = report.get('last_analysis_stats')
         total = self.get_total_analysis(analysis, report.get('known_distributors'))
-        permalink = f'https://www.virustotal.com/gui/{report.type}/{report.id}'
+        if report.type == 'ip_address':
+            rtype = 'ip-address'
+        else:
+            rtype = report.type
+        permalink = f'https://www.virustotal.com/gui/{rtype}/{report.id}'
 
         vt_object = MISPObject('virustotal-report')
         vt_object.add_attribute('permalink', type='link', value=permalink)