chg: [cve] Updated module to use the Vulnerability Lookup API

- API available at https://cve.circl.lu
2024-12-19 17:06:29 +01:00 · 2024-12-19 17:06:29 +01:00 · 9d492af227
parent a2d2682eaf
commit 9d492af227
1 changed files with 27 additions and 31 deletions
--- a/misp_modules/modules/expansion/cve.py
+++ b/misp_modules/modules/expansion/cve.py
@ -1,51 +1,48 @@
 import json
 import requests
+from . import check_input_attribute, standard_error_message
+from ._vulnerability_parser.vulnerability_parser import VulnerabilityLookupParser

 misperrors = {'error': 'Error'}
-mispattributes = {'input': ['vulnerability'], 'output': ['text']}
+mispattributes = {'input': ['vulnerability'], 'format': 'misp_standard'}
 moduleinfo = {
-    'version': '0.4',
+    'version': '2',
    'author': 'Alexandre Dulaunoy',
    'description': 'An expansion hover module to expand information about CVE id.',
-    'module-type': ['hover'],
+    'module-type': ['expansion', 'hover'],
    'name': 'CVE Lookup',
-    'logo': 'cve.png',
+    'logo': 'vulnerability_lookyp.png',
    'requirements': [],
-    'features': 'The module takes a vulnerability attribute as input and queries the CIRCL CVE search API to get information about the vulnerability as it is described in the list of CVEs.',
-    'references': ['https://vulnerability.circl.lu/', 'https://cve.mitre.org/'],
+    'features': 'The module takes a vulnerability attribute as input and queries Vulnerability Lookup to get additional information based on the Vulnerability ID.',
+    'references': ['https://cve.circl.lu/', 'https://cve.mitre.org/'],
    'input': 'Vulnerability attribute.',
-    'output': 'Text giving information about the CVE related to the Vulnerability.',
+    'output': 'Additional information on the vulnerability, gathered from the Vulnerability Lookup API.',
 }
-moduleconfig = ["custom_API"]
-cveapi_url = 'https://vulnerability.circl.lu/api/cve/'
-
-
-def check_url(url):
-    return "{}/".format(url) if not url.endswith('/') else url
+api_url = 'https://cve.circl.lu'


 def handler(q=False):
    if q is False:
        return False
    request = json.loads(q)
-    if not request.get('vulnerability'):
-        misperrors['error'] = 'Vulnerability id missing'
-        return misperrors
-
-    api_url = check_url(request['config']['custom_API']) if request.get('config') and request['config'].get('custom_API') else cveapi_url
-    r = requests.get("{}{}".format(api_url, request.get('vulnerability')))
-    if r.status_code == 200:
-        vulnerability = json.loads(r.text)
-        try:
-            summary = vulnerability['containers']['cna']['descriptions'][0]['value']
-        except Exception:
-            summary = 'Non existing CVE'
+    if not check_input_attribute(request.get('attribute', {})):
+        return {
+            'error': f'{standard_error_message}, which should contain '
+                     'at least a type, a value and an UUID.'
+        }
+    attribute = request['attribute']
+    if attribute.get('type') != 'vulnerability':
+        return {'error': 'The attribute type should be "vulnerability".'}
+    lookup = requests.get(f"{api_url}/api/vulnerability/{attribute['value']}")
+    if lookup.status_code == 200:
+        vulnerability = lookup.json()
+        if not vulnerability:
+            return {'error': 'Non existing vulnerability ID.'}
    else:
-        misperrors['error'] = 'API not accessible'
-        return misperrors['error']
-
-    r = {'results': [{'types': mispattributes['output'], 'values': summary}]}
-    return r
+        return {'error': 'Vulnerability Lookup API not accessible.'}
+    parser = VulnerabilityLookupParser(attribute, api_url)
+    parser.parser_lookup_result(vulnerability)
+    return parser.get_results()


 def introspection():
@ -53,5 +50,4 @@ def introspection():


 def version():
-    moduleinfo['config'] = moduleconfig
    return moduleinfo