mirror of https://github.com/MISP/misp-modules
chg: [cpe] Added default limit to the results
- Results returned by CVE-search are sorted by cvss score and limited in number to avoid potential massive amount of data retuned back to MISP. - Users can overwrite the default limit with the configuration already present as optional, and can also set the limit to 0 to get the full list of resultspull/447/head
parent
2a25cda026
commit
bd3fa3ea07
|
@ -13,6 +13,7 @@ moduleinfo = {
|
|||
}
|
||||
moduleconfig = ["custom_API_URL", "limit"]
|
||||
cveapi_url = 'https://cvepremium.circl.lu/api/query'
|
||||
DEFAULT_LIMIT = 10
|
||||
|
||||
|
||||
class VulnerabilitiesParser():
|
||||
|
@ -99,19 +100,18 @@ def handler(q=False):
|
|||
attribute = request['attribute']
|
||||
if attribute.get('type') != 'cpe':
|
||||
return {'error': 'Wrong input attribute type.'}
|
||||
url = check_url(request['config']['custom_API_URL']) if request['config'].get('custom_API_URL') else cveapi_url
|
||||
config = request['config']
|
||||
url = check_url(config['custom_API_URL']) if config.get('custom_API_URL') else cveapi_url
|
||||
limit = int(config['limit']) if config.get('limit') else DEFAULT_LIMIT
|
||||
params = {
|
||||
"retrieve": "cves",
|
||||
"dict_filter": {
|
||||
"vulnerable_configuration": attribute['value']
|
||||
}
|
||||
},
|
||||
"limit": limit,
|
||||
"sort": "cvss",
|
||||
"sort_dir": "DESC"
|
||||
}
|
||||
if request['config'].get('limit'):
|
||||
params.update({
|
||||
"limit": int(request['config']['limit']),
|
||||
"sort": "cvss",
|
||||
"sort_dir": "DESC"
|
||||
})
|
||||
response = requests.post(url, json=params)
|
||||
if response.status_code == 200:
|
||||
vulnerabilities = response.json()['data']
|
||||
|
|
Loading…
Reference in New Issue