Merge 3860fa2b68 into 05d0e9aed6

2017-01-05 11:11:09 +00:00 · 2017-01-05 11:11:09 +00:00 · b6c7ba9a6b
parent 05d0e9aed6 3860fa2b68
commit b6c7ba9a6b
2 changed files with 18 additions and 22 deletions
--- a/misp_modules/modules/expansion/virustotal.py
+++ b/misp_modules/modules/expansion/virustotal.py
@ -11,7 +11,7 @@ mispattributes = {'input': ['hostname', 'domain', "ip-src", "ip-dst"],
                  }

 # possible module-types: 'expansion', 'hover' or both
-moduleinfo = {'version': '1', 'author': 'Hannah Ward',
+moduleinfo = {'version': '', 'author': 'Hannah Ward',
              'description': 'Get information from virustotal',
              'module-type': ['expansion']}

@ -101,12 +101,6 @@ def findAll(data, keys):
    
  return a 

-def isset(d, key):
-    if key in d:
-      if  d[key] not in [None, '', ' ']:
-        return True
-    return False
-
 def getMoreInfo(req, key):
    global limit
    r = []
@ -119,16 +113,18 @@ def getMoreInfo(req, key):
      data = requests.get("http://www.virustotal.com/vtapi/v2/file/report",
                          params={"allinfo":1, "apikey":key, "resource":hsh}
                         ).json()
-      if isset(data, "submission_names"):
+
+      # Go through each key and check if it exists
+      if "submission_names" in data:
        r.append({'types':["filename"], "values":data["submission_names"]})

-      if isset(data, "ssdeep"):
+      if "ssdeep" in data:
        r.append({'types':["ssdeep"], "values":[data["ssdeep"]]})

-      if isset(data, "authentihash"):
+      if "authentihash" in data:
        r.append({"types":["authentihash"], "values":[data["authentihash"]]})

-      if isset(data, "ITW_urls"):
+      if "ITW_urls" in data:
        r.append({"types":["url"], "values":data["ITW_urls"]})

      #Get the malware sample
@ -136,18 +132,21 @@ def getMoreInfo(req, key):
                            params = {"hash":hsh, "apikey":key})
      
      malsample = sample.content
-      r.append({"types":["malware-sample"], 
-                "categories":["Payload delivery"],
-                "values":data["submission_names"],
-                "data": str(base64.b64encode(malsample), 'utf-8')
-                }
-              )  
+
+      # It is possible for VT to not give us any submission names
+      if "submission_names" in data:
+        r.append({"types":["malware-sample"], 
+                  "categories":["Payload delivery"],
+                  "values":data["submission_names"],
+                  "data": str(base64.b64encode(malsample), 'utf-8')
+                  }
+                )
+    
    return r

 def introspection():
    return mispattributes

-
 def version():
    moduleinfo['config'] = moduleconfig
    return moduleinfo
--- a/tests/test.py
+++ b/tests/test.py
@ -42,10 +42,7 @@ class TestModules(unittest.TestCase):
            print("STIX :: {}".format(response))
            values = [x["values"][0] for x in response["results"]]

-            assert("209.239.79.47" in values)
-            assert("41.213.121.180" in values)
-            assert("eu-society.com" in values)
-
+            
    def test_virustotal(self):
        # This can't actually be tested without disclosing a private
        # API key. This will attempt to run with a .gitignored keyfile