mirror of https://github.com/MISP/misp-modules
fix: Avoiding various modules to fail with uncritical issues
- Avoiding securitytrails to fail with an unavailable feature for free accounts - Avoiding urlhaus to fail with input attribute fields that are not critical for the query and results - Avoiding VT modules to fail when a certain resource does not exist in the datasetpull/603/head
parent
393b33d02d
commit
d4eb88c66a
|
@ -93,9 +93,6 @@ def handle_domain(api, domain, misperrors):
|
|||
if status_ok:
|
||||
if r:
|
||||
result_filtered['results'].extend(r)
|
||||
else:
|
||||
misperrors['error'] = misperrors['error'] + ' Error whois result'
|
||||
return misperrors
|
||||
|
||||
time.sleep(1)
|
||||
r, status_ok = expand_history_ipv4_ipv6(api, domain)
|
||||
|
|
|
@ -60,7 +60,7 @@ class PayloadQuery(URLhaus):
|
|||
def query_api(self):
|
||||
hash_type = self.attribute.type
|
||||
file_object = MISPObject('file')
|
||||
if self.attribute.event_id != '0':
|
||||
if hasattr(self.attribute, 'object_id') and hasattr(self.attribute, 'event_id') and self.attribute.event_id != '0':
|
||||
file_object.id = self.attribute.object_id
|
||||
response = requests.post(self.url, data={'{}_hash'.format(hash_type): self.attribute.value}).json()
|
||||
other_hash_type = 'md5' if hash_type == 'sha256' else 'sha256'
|
||||
|
|
|
@ -172,12 +172,13 @@ class VirusTotalParser(object):
|
|||
return attribute.uuid
|
||||
|
||||
def parse_vt_object(self, query_result):
|
||||
vt_object = MISPObject('virustotal-report')
|
||||
vt_object.add_attribute('permalink', type='link', value=query_result['permalink'])
|
||||
detection_ratio = '{}/{}'.format(query_result['positives'], query_result['total'])
|
||||
vt_object.add_attribute('detection-ratio', type='text', value=detection_ratio)
|
||||
self.misp_event.add_object(**vt_object)
|
||||
return vt_object.uuid
|
||||
if query_result['response_code'] == 1:
|
||||
vt_object = MISPObject('virustotal-report')
|
||||
vt_object.add_attribute('permalink', type='link', value=query_result['permalink'])
|
||||
detection_ratio = '{}/{}'.format(query_result['positives'], query_result['total'])
|
||||
vt_object.add_attribute('detection-ratio', type='text', value=detection_ratio)
|
||||
self.misp_event.add_object(**vt_object)
|
||||
return vt_object.uuid
|
||||
|
||||
|
||||
def parse_error(status_code):
|
||||
|
|
|
@ -56,11 +56,12 @@ class VirusTotalParser():
|
|||
self.misp_event.add_object(**domain_ip_object)
|
||||
|
||||
def parse_vt_object(self, query_result):
|
||||
vt_object = MISPObject('virustotal-report')
|
||||
vt_object.add_attribute('permalink', type='link', value=query_result['permalink'])
|
||||
detection_ratio = '{}/{}'.format(query_result['positives'], query_result['total'])
|
||||
vt_object.add_attribute('detection-ratio', type='text', value=detection_ratio)
|
||||
self.misp_event.add_object(**vt_object)
|
||||
if query_result['response_code'] == 1:
|
||||
vt_object = MISPObject('virustotal-report')
|
||||
vt_object.add_attribute('permalink', type='link', value=query_result['permalink'])
|
||||
detection_ratio = '{}/{}'.format(query_result['positives'], query_result['total'])
|
||||
vt_object.add_attribute('detection-ratio', type='text', value=detection_ratio)
|
||||
self.misp_event.add_object(**vt_object)
|
||||
|
||||
def get_query_result(self, query_type):
|
||||
params = {query_type: self.attribute.value, 'apikey': self.apikey}
|
||||
|
|
Loading…
Reference in New Issue