updated to geoip2 to support mmdb format

REQUIREMENTS

@@ -46,7 +46,7 @@ pdftotext==2.1.1
 pillow==6.0.0
 psutil==5.6.2
 pyeupi==1.0
-pygeoip==0.3.2
+geoip2==2.9.0
 pyparsing==2.4.0
 pypdns==1.4.1
 pypssl==2.1

misp_modules/modules/expansion/geoip_country.cfg

@@ -1,3 +1,2 @@
 [GEOIP]
-database = /opt/misp-modules/var/GeoIP.dat
-
+database = /opt/misp-modules/var/Geo2-Country.mmdb

misp_modules/modules/expansion/geoip_country.py

@@ -1,5 +1,5 @@
 import json
-import pygeoip
+import geoip2.database
 import sys
 import os
 import logging
@@ -17,15 +17,15 @@ misperrors = {'error': 'Error'}
 mispattributes = {'input': ['ip-src', 'ip-dst', 'domain|ip'], 'output': ['freetext']}
 
 # possible module-types: 'expansion', 'hover' or both
-moduleinfo = {'version': '0.1', 'author': 'Andreas Muehlemann',
-              'description': 'Query a local copy of Maxminds Geolite database',
+moduleinfo = {'version': '0.2', 'author': 'Andreas Muehlemann',
+              'description': 'Query a local copy of Maxminds Geolite database, updated for MMDB format',
               'module-type': ['expansion', 'hover']}
 
 try:
-    # get current db from http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
+    # get current db from https://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.tar.gz
     config = configparser.ConfigParser()
     config.read(os.path.join(os.path.dirname(os.path.abspath(__file__)), 'geoip_country.cfg'))
-    gi = pygeoip.GeoIP(config.get('GEOIP', 'database'))
+    gi = geoip2.database.Reader(config.get('GEOIP', 'database'))
     enabled = True
 except Exception:
     enabled = False
@@ -48,7 +48,7 @@ def handler(q=False):
     log.debug(toquery)
 
     try:
-        answer = gi.country_code_by_addr(toquery)
+        answer = (gi.country(toquery)).country.iso_code
     except Exception:
         misperrors['error'] = "GeoIP resolving error"
         return misperrors