From 909efc1e4247722959ec75bbd261e12a8ac694d2 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 18 Mar 2016 07:51:13 +0100 Subject: [PATCH] CVE hover expansion module An hover module is a module returning a JSON that can be used as hover element in the MISP UI. --- modules/expansion/cve.py | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100755 modules/expansion/cve.py diff --git a/modules/expansion/cve.py b/modules/expansion/cve.py new file mode 100755 index 00000000..486cb17d --- /dev/null +++ b/modules/expansion/cve.py @@ -0,0 +1,36 @@ +import json +import requests + +misperrors = {'error': 'Error'} +mispattributes = {'input': ['vulnerability'], 'output': ['']} +moduleinfo = {'version': '0.1', 'author': 'Alexandre Dulaunoy', 'description': 'An expansion hover module to expand information about CVE id.', 'module-type': 'hover'} +moduleconfig = [] +cveapi_url = 'https://cve.circl.lu/api/cve/' + + +def handler(q=False): + if q is False: + return False + print (q) + request = json.loads(q) + if not request.get('vulnerability'): + misperrors['error'] = 'Vulnerability id missing' + return misperrors + + r = requests.get(cveapi_url+request.get('vulnerability')) + if r.status_code == 200: + vulnerability = json.loads(r.text) + else: + misperrors['error'] = 'cve.circl.lu API not accessible' + return misperrors['error'] + + return vulnerability + + +def introspection(): + return mispattributes + + +def version(): + moduleinfo['config'] = moduleconfig + return moduleinfo