chg: [cve] Updated module to use the Vulnerability Lookup API

- API available at https://cve.circl.lu

misp_modules/modules/expansion/cve.py

@@ -1,51 +1,48 @@
 import json
 import requests
+from . import check_input_attribute, standard_error_message
+from ._vulnerability_parser.vulnerability_parser import VulnerabilityLookupParser
 
 misperrors = {'error': 'Error'}
-mispattributes = {'input': ['vulnerability'], 'output': ['text']}
+mispattributes = {'input': ['vulnerability'], 'format': 'misp_standard'}
 moduleinfo = {
-    'version': '0.4',
+    'version': '2',
     'author': 'Alexandre Dulaunoy',
     'description': 'An expansion hover module to expand information about CVE id.',
-    'module-type': ['hover'],
+    'module-type': ['expansion', 'hover'],
     'name': 'CVE Lookup',
-    'logo': 'cve.png',
+    'logo': 'vulnerability_lookyp.png',
     'requirements': [],
-    'features': 'The module takes a vulnerability attribute as input and queries the CIRCL CVE search API to get information about the vulnerability as it is described in the list of CVEs.',
+    'features': 'The module takes a vulnerability attribute as input and queries Vulnerability Lookup to get additional information based on the Vulnerability ID.',
-    'references': ['https://vulnerability.circl.lu/', 'https://cve.mitre.org/'],
+    'references': ['https://cve.circl.lu/', 'https://cve.mitre.org/'],
     'input': 'Vulnerability attribute.',
-    'output': 'Text giving information about the CVE related to the Vulnerability.',
+    'output': 'Additional information on the vulnerability, gathered from the Vulnerability Lookup API.',
 }
-moduleconfig = ["custom_API"]
+api_url = 'https://cve.circl.lu'
-cveapi_url = 'https://vulnerability.circl.lu/api/cve/'
-
-
-def check_url(url):
-    return "{}/".format(url) if not url.endswith('/') else url
 
 
 def handler(q=False):
     if q is False:
         return False
     request = json.loads(q)
-    if not request.get('vulnerability'):
+    if not check_input_attribute(request.get('attribute', {})):
-        misperrors['error'] = 'Vulnerability id missing'
+        return {
-        return misperrors
+            'error': f'{standard_error_message}, which should contain '
-
+                     'at least a type, a value and an UUID.'
-    api_url = check_url(request['config']['custom_API']) if request.get('config') and request['config'].get('custom_API') else cveapi_url
+        }
-    r = requests.get("{}{}".format(api_url, request.get('vulnerability')))
+    attribute = request['attribute']
-    if r.status_code == 200:
+    if attribute.get('type') != 'vulnerability':
-        vulnerability = json.loads(r.text)
+        return {'error': 'The attribute type should be "vulnerability".'}
-        try:
+    lookup = requests.get(f"{api_url}/api/vulnerability/{attribute['value']}")
-            summary = vulnerability['containers']['cna']['descriptions'][0]['value']
+    if lookup.status_code == 200:
-        except Exception:
+        vulnerability = lookup.json()
-            summary = 'Non existing CVE'
+        if not vulnerability:
+            return {'error': 'Non existing vulnerability ID.'}
     else:
-        misperrors['error'] = 'API not accessible'
+        return {'error': 'Vulnerability Lookup API not accessible.'}
-        return misperrors['error']
+    parser = VulnerabilityLookupParser(attribute, api_url)
-
+    parser.parser_lookup_result(vulnerability)
-    r = {'results': [{'types': mispattributes['output'], 'values': summary}]}
+    return parser.get_results()
-    return r
 
 
 def introspection():
@@ -53,5 +50,4 @@ def introspection():
 
 
 def version():
-    moduleinfo['config'] = moduleconfig
     return moduleinfo