CVE hover expansion module

An hover module is a module returning a JSON that can be used as hover element in the MISP UI.
2016-03-18 07:51:13 +01:00 · 2016-03-18 07:51:13 +01:00 · 909efc1e42
parent c469681b68
commit 909efc1e42
1 changed files with 36 additions and 0 deletions
--- a/modules/expansion/cve.py
+++ b/modules/expansion/cve.py
@ -0,0 +1,36 @@
+import json
+import requests
+
+misperrors = {'error': 'Error'}
+mispattributes = {'input': ['vulnerability'], 'output': ['']}
+moduleinfo = {'version': '0.1', 'author': 'Alexandre Dulaunoy', 'description': 'An expansion hover module to expand information about CVE id.', 'module-type': 'hover'}
+moduleconfig = []
+cveapi_url = 'https://cve.circl.lu/api/cve/'
+
+
+def handler(q=False):
+    if q is False:
+        return False
+    print (q)
+    request = json.loads(q)
+    if not request.get('vulnerability'):
+        misperrors['error'] = 'Vulnerability id missing'
+        return misperrors
+
+    r = requests.get(cveapi_url+request.get('vulnerability'))
+    if r.status_code == 200:
+        vulnerability = json.loads(r.text)
+    else:
+        misperrors['error'] = 'cve.circl.lu API not accessible'
+        return misperrors['error']
+
+    return vulnerability
+
+
+def introspection():
+    return mispattributes
+
+
+def version():
+    moduleinfo['config'] = moduleconfig
+    return moduleinfo