From bd3fa3ea07d73b60519c5df2b85e7360518cc413 Mon Sep 17 00:00:00 2001 From: chrisr3d Date: Fri, 13 Nov 2020 15:46:41 +0100 Subject: [PATCH] chg: [cpe] Added default limit to the results - Results returned by CVE-search are sorted by cvss score and limited in number to avoid potential massive amount of data retuned back to MISP. - Users can overwrite the default limit with the configuration already present as optional, and can also set the limit to 0 to get the full list of results --- misp_modules/modules/expansion/cpe.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/misp_modules/modules/expansion/cpe.py b/misp_modules/modules/expansion/cpe.py index bf6f7b6..83cbc46 100644 --- a/misp_modules/modules/expansion/cpe.py +++ b/misp_modules/modules/expansion/cpe.py @@ -13,6 +13,7 @@ moduleinfo = { } moduleconfig = ["custom_API_URL", "limit"] cveapi_url = 'https://cvepremium.circl.lu/api/query' +DEFAULT_LIMIT = 10 class VulnerabilitiesParser(): @@ -99,19 +100,18 @@ def handler(q=False): attribute = request['attribute'] if attribute.get('type') != 'cpe': return {'error': 'Wrong input attribute type.'} - url = check_url(request['config']['custom_API_URL']) if request['config'].get('custom_API_URL') else cveapi_url + config = request['config'] + url = check_url(config['custom_API_URL']) if config.get('custom_API_URL') else cveapi_url + limit = int(config['limit']) if config.get('limit') else DEFAULT_LIMIT params = { "retrieve": "cves", "dict_filter": { "vulnerable_configuration": attribute['value'] - } + }, + "limit": limit, + "sort": "cvss", + "sort_dir": "DESC" } - if request['config'].get('limit'): - params.update({ - "limit": int(request['config']['limit']), - "sort": "cvss", - "sort_dir": "DESC" - }) response = requests.post(url, json=params) if response.status_code == 200: vulnerabilities = response.json()['data']