mirror of https://github.com/MISP/misp-modules
add: New parameter to specify a custom CVE API to query
- Any API specified here must return the same format as the CIRCL CVE search one in order to be supported by the parsing functions, and ideally provide response to the same kind of requests (so the CWE search works as well)pull/334/head
parent
c019e4d997
commit
8d33d6c18c
|
@ -8,14 +8,15 @@ mispattributes = {'input': ['vulnerability'], 'format': 'misp_standard'}
|
||||||
moduleinfo = {'version': '1', 'author': 'Christian Studer',
|
moduleinfo = {'version': '1', 'author': 'Christian Studer',
|
||||||
'description': 'An expansion module to enrich a CVE attribute with the vulnerability information.',
|
'description': 'An expansion module to enrich a CVE attribute with the vulnerability information.',
|
||||||
'module-type': ['expansion', 'hover']}
|
'module-type': ['expansion', 'hover']}
|
||||||
moduleconfig = []
|
moduleconfig = ["custom_API"]
|
||||||
cveapi_url = 'https://cve.circl.lu/api/cve/'
|
cveapi_url = 'https://cve.circl.lu/api/cve/'
|
||||||
|
|
||||||
|
|
||||||
class VulnerabilityParser():
|
class VulnerabilityParser():
|
||||||
def __init__(self, attribute, vulnerability):
|
def __init__(self, attribute, vulnerability, api_url):
|
||||||
self.attribute = attribute
|
self.attribute = attribute
|
||||||
self.vulnerability = vulnerability
|
self.vulnerability = vulnerability
|
||||||
|
self.api_url = api_url
|
||||||
self.misp_event = MISPEvent()
|
self.misp_event = MISPEvent()
|
||||||
self.misp_event.add_attribute(**attribute)
|
self.misp_event.add_attribute(**attribute)
|
||||||
self.references = defaultdict(list)
|
self.references = defaultdict(list)
|
||||||
|
@ -81,7 +82,7 @@ class VulnerabilityParser():
|
||||||
def __parse_weakness(self, vulnerability_uuid):
|
def __parse_weakness(self, vulnerability_uuid):
|
||||||
attribute_type = 'text'
|
attribute_type = 'text'
|
||||||
cwe_string, cwe_id = self.vulnerability['cwe'].split('-')
|
cwe_string, cwe_id = self.vulnerability['cwe'].split('-')
|
||||||
cwes = requests.get(cveapi_url.replace('/cve/', '/cwe'))
|
cwes = requests.get(self.api_url.replace('/cve/', '/cwe'))
|
||||||
if cwes.status_code == 200:
|
if cwes.status_code == 200:
|
||||||
for cwe in cwes.json():
|
for cwe in cwes.json():
|
||||||
if cwe['id'] == cwe_id:
|
if cwe['id'] == cwe_id:
|
||||||
|
@ -96,6 +97,10 @@ class VulnerabilityParser():
|
||||||
break
|
break
|
||||||
|
|
||||||
|
|
||||||
|
def check_url(url):
|
||||||
|
return "{}/".format(url) if not url.endswith('/') else url
|
||||||
|
|
||||||
|
|
||||||
def handler(q=False):
|
def handler(q=False):
|
||||||
if q is False:
|
if q is False:
|
||||||
return False
|
return False
|
||||||
|
@ -104,7 +109,8 @@ def handler(q=False):
|
||||||
if attribute.get('type') != 'vulnerability':
|
if attribute.get('type') != 'vulnerability':
|
||||||
misperrors['error'] = 'Vulnerability id missing.'
|
misperrors['error'] = 'Vulnerability id missing.'
|
||||||
return misperrors
|
return misperrors
|
||||||
r = requests.get("{}{}".format(cveapi_url, attribute['value']))
|
api_url = check_url(request['config']['custom_API']) if request['config'].get('custom_API') else cveapi_url
|
||||||
|
r = requests.get("{}{}".format(api_url, attribute['value']))
|
||||||
if r.status_code == 200:
|
if r.status_code == 200:
|
||||||
vulnerability = r.json()
|
vulnerability = r.json()
|
||||||
if not vulnerability:
|
if not vulnerability:
|
||||||
|
@ -113,7 +119,7 @@ def handler(q=False):
|
||||||
else:
|
else:
|
||||||
misperrors['error'] = 'cve.circl.lu API not accessible'
|
misperrors['error'] = 'cve.circl.lu API not accessible'
|
||||||
return misperrors['error']
|
return misperrors['error']
|
||||||
parser = VulnerabilityParser(attribute, vulnerability)
|
parser = VulnerabilityParser(attribute, vulnerability, api_url)
|
||||||
parser.parse_vulnerability_information()
|
parser.parse_vulnerability_information()
|
||||||
return parser.get_result()
|
return parser.get_result()
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue