chg: [cpe] Added default limit to the results

- Results returned by CVE-search are sorted by
  cvss score and limited in number to avoid
  potential massive amount of data retuned back
  to MISP.
- Users can overwrite the default limit with the
  configuration already present as optional, and
  can also set the limit to 0 to get the full list
  of results
pull/447/head
chrisr3d 2020-11-13 15:46:41 +01:00
parent 2a25cda026
commit bd3fa3ea07
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
1 changed files with 8 additions and 8 deletions

View File

@ -13,6 +13,7 @@ moduleinfo = {
}
moduleconfig = ["custom_API_URL", "limit"]
cveapi_url = 'https://cvepremium.circl.lu/api/query'
DEFAULT_LIMIT = 10
class VulnerabilitiesParser():
@ -99,19 +100,18 @@ def handler(q=False):
attribute = request['attribute']
if attribute.get('type') != 'cpe':
return {'error': 'Wrong input attribute type.'}
url = check_url(request['config']['custom_API_URL']) if request['config'].get('custom_API_URL') else cveapi_url
config = request['config']
url = check_url(config['custom_API_URL']) if config.get('custom_API_URL') else cveapi_url
limit = int(config['limit']) if config.get('limit') else DEFAULT_LIMIT
params = {
"retrieve": "cves",
"dict_filter": {
"vulnerable_configuration": attribute['value']
}
},
"limit": limit,
"sort": "cvss",
"sort_dir": "DESC"
}
if request['config'].get('limit'):
params.update({
"limit": int(request['config']['limit']),
"sort": "cvss",
"sort_dir": "DESC"
})
response = requests.post(url, json=params)
if response.status_code == 200:
vulnerabilities = response.json()['data']