From bd3fa3ea07d73b60519c5df2b85e7360518cc413 Mon Sep 17 00:00:00 2001
From: chrisr3d <chris.studer.68@gmail.com>
Date: Fri, 13 Nov 2020 15:46:41 +0100
Subject: [PATCH 1/2] chg: [cpe] Added default limit to the results

- Results returned by CVE-search are sorted by
  cvss score and limited in number to avoid
  potential massive amount of data retuned back
  to MISP.
- Users can overwrite the default limit with the
  configuration already present as optional, and
  can also set the limit to 0 to get the full list
  of results
---
 misp_modules/modules/expansion/cpe.py | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/misp_modules/modules/expansion/cpe.py b/misp_modules/modules/expansion/cpe.py
index bf6f7b6..83cbc46 100644
--- a/misp_modules/modules/expansion/cpe.py
+++ b/misp_modules/modules/expansion/cpe.py
@@ -13,6 +13,7 @@ moduleinfo = {
 }
 moduleconfig = ["custom_API_URL", "limit"]
 cveapi_url = 'https://cvepremium.circl.lu/api/query'
+DEFAULT_LIMIT = 10
 
 
 class VulnerabilitiesParser():
@@ -99,19 +100,18 @@ def handler(q=False):
     attribute = request['attribute']
     if attribute.get('type') != 'cpe':
         return {'error': 'Wrong input attribute type.'}
-    url = check_url(request['config']['custom_API_URL']) if request['config'].get('custom_API_URL') else cveapi_url
+    config = request['config']
+    url = check_url(config['custom_API_URL']) if config.get('custom_API_URL') else cveapi_url
+    limit = int(config['limit']) if config.get('limit') else DEFAULT_LIMIT
     params = {
         "retrieve": "cves",
         "dict_filter": {
             "vulnerable_configuration": attribute['value']
-        }
+        },
+        "limit": limit,
+        "sort": "cvss",
+        "sort_dir": "DESC"
     }
-    if request['config'].get('limit'):
-        params.update({
-            "limit": int(request['config']['limit']),
-            "sort": "cvss",
-            "sort_dir": "DESC"
-        })
     response = requests.post(url, json=params)
     if response.status_code == 200:
         vulnerabilities = response.json()['data']

From 32c0bf9ae28c3b0a5df16b458d5a0f6dd983491f Mon Sep 17 00:00:00 2001
From: chrisr3d <chris.studer.68@gmail.com>
Date: Fri, 13 Nov 2020 15:49:58 +0100
Subject: [PATCH 2/2] fix: [cpe] Fixed typo in vulnerable-configuration object
 relation fields

---
 misp_modules/modules/expansion/cpe.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/misp_modules/modules/expansion/cpe.py b/misp_modules/modules/expansion/cpe.py
index 83cbc46..600ff37 100644
--- a/misp_modules/modules/expansion/cpe.py
+++ b/misp_modules/modules/expansion/cpe.py
@@ -32,11 +32,11 @@ class VulnerabilitiesParser():
             },
             'vulnerable_configuration': {
                 'type': 'cpe',
-                'object_relation': 'vulnerable_configuration'
+                'object_relation': 'vulnerable-configuration'
             },
             'vulnerable_configuration_cpe_2_2': {
                 'type': 'cpe',
-                'object_relation': 'vulnerable_configuration'
+                'object_relation': 'vulnerable-configuration'
             },
             'Modified': {
                 'type': 'datetime',