mirror of https://github.com/MISP/misp-modules
fix: [variotdbs] Fixed some typos, missing imports, and some issues in the main parsing process
parent
baa52f5ab9
commit
98031beeae
|
@ -18,7 +18,8 @@ __all__ = ['cuckoo_submit', 'vmray_submit', 'bgpranking', 'circl_passivedns', 'c
|
||||||
'assemblyline_submit', 'assemblyline_query', 'ransomcoindb', 'malwarebazaar',
|
'assemblyline_submit', 'assemblyline_query', 'ransomcoindb', 'malwarebazaar',
|
||||||
'lastline_query', 'lastline_submit', 'sophoslabs_intelix', 'cytomic_orion', 'censys_enrich',
|
'lastline_query', 'lastline_submit', 'sophoslabs_intelix', 'cytomic_orion', 'censys_enrich',
|
||||||
'trustar_enrich', 'recordedfuture', 'html_to_markdown', 'socialscan', 'passive-ssh',
|
'trustar_enrich', 'recordedfuture', 'html_to_markdown', 'socialscan', 'passive-ssh',
|
||||||
'qintel_qsentry', 'mwdb', 'hashlookup', 'mmdb_lookup', 'ipqs_fraud_and_risk_scoring', 'clamav', 'jinja_template_rendering','hyasinsight']
|
'qintel_qsentry', 'mwdb', 'hashlookup', 'mmdb_lookup', 'ipqs_fraud_and_risk_scoring',
|
||||||
|
'clamav', 'jinja_template_rendering','hyasinsight', 'variotdbs']
|
||||||
|
|
||||||
|
|
||||||
minimum_required_fields = ('type', 'uuid', 'value')
|
minimum_required_fields = ('type', 'uuid', 'value')
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
import json
|
import json
|
||||||
import requests
|
import requests
|
||||||
from . import check_input_attribute, standard_error_message
|
from . import check_input_attribute, standard_error_message
|
||||||
from pymisp import MISPEvent, MISPObject
|
from pymisp import MISPAttribute, MISPEvent, MISPObject
|
||||||
|
|
||||||
misperrors = {'error': 'Error'}
|
misperrors = {'error': 'Error'}
|
||||||
mispattributes = {'input': ['vulnerability'], 'format': 'misp_standard'}
|
mispattributes = {'input': ['vulnerability'], 'format': 'misp_standard'}
|
||||||
|
@ -31,7 +31,7 @@ class VariotdbsParser:
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def misp_attribute(self) -> MISPAttribute:
|
def misp_attribute(self) -> MISPAttribute:
|
||||||
return self.__attribute
|
return self.__misp_attribute
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def misp_event(self) -> MISPEvent:
|
def misp_event(self) -> MISPEvent:
|
||||||
|
@ -65,13 +65,14 @@ class VariotdbsParser:
|
||||||
query_results[feature]['data']
|
query_results[feature]['data']
|
||||||
)
|
)
|
||||||
if query_results.get('configurations', {}).get('data'):
|
if query_results.get('configurations', {}).get('data'):
|
||||||
for node in query_results['configurations']['data']['nodes']:
|
for configuration in query_results['configurations']['data']:
|
||||||
for cpe_match in node['cpe_match']:
|
for node in configuration['nodes']:
|
||||||
if cpe_match['vulnerable']:
|
for cpe_match in node['cpe_match']:
|
||||||
vulnerability_object.add_attribute(
|
if cpe_match['vulnerable']:
|
||||||
'vulnerable-configuration',
|
vulnerability_object.add_attribute(
|
||||||
cpe_match['cpe23Uri']
|
'vulnerable-configuration',
|
||||||
)
|
cpe_match['cpe23Uri']
|
||||||
|
)
|
||||||
if query_results.get('cvss', {}).get('data'):
|
if query_results.get('cvss', {}).get('data'):
|
||||||
cvss = {}
|
cvss = {}
|
||||||
for cvss_data in query_results['cvss']['data']:
|
for cvss_data in query_results['cvss']['data']:
|
||||||
|
@ -129,15 +130,19 @@ def handler(q=False):
|
||||||
headers = {'Content-Type': 'application/json'}
|
headers = {'Content-Type': 'application/json'}
|
||||||
if request.get('config', {}).get('API_key'):
|
if request.get('config', {}).get('API_key'):
|
||||||
headers['Authorization'] = f"Token {request['config']['API_key']}"
|
headers['Authorization'] = f"Token {request['config']['API_key']}"
|
||||||
|
empty = True
|
||||||
|
parser = VariotdbsParser(attribute)
|
||||||
r = requests.get(f"{variotdbs_url}/vuln/{attribute['value']}/", headers=headers)
|
r = requests.get(f"{variotdbs_url}/vuln/{attribute['value']}/", headers=headers)
|
||||||
if r.status_code == 200:
|
if r.status_code == 200:
|
||||||
query_results = r.json()
|
vulnerability_results = r.json()
|
||||||
if not query_results:
|
if vulnerability_results:
|
||||||
return {'error': 'Empty results'}
|
parser.parse_vulnerability_information(vulnerability_results)
|
||||||
|
empty = False
|
||||||
else:
|
else:
|
||||||
return {'error': 'Error while querying the variotdbs API.'}
|
if r.reason != 'Not found':
|
||||||
parser = VariotdbsParser(attribute, query_results)
|
return {'error': 'Error while querying the variotdbs API.'}
|
||||||
parser.parse_vulnerability_information()
|
if empty:
|
||||||
|
return {'error': 'Empty results'}
|
||||||
return parser.get_results()
|
return parser.get_results()
|
||||||
|
|
||||||
|
|
||||||
|
@ -147,4 +152,4 @@ def introspection():
|
||||||
|
|
||||||
def version():
|
def version():
|
||||||
moduleinfo['config'] = moduleconfig
|
moduleinfo['config'] = moduleconfig
|
||||||
return moduleconfig
|
return moduleinfo
|
||||||
|
|
Loading…
Reference in New Issue