Browse Source

fix: Avoiding various modules to fail with uncritical issues

- Avoiding securitytrails to fail with an unavailable
  feature for free accounts
- Avoiding urlhaus to fail with input attribute
  fields that are not critical for the query and
  results
- Avoiding VT modules to fail when a certain
  resource does not exist in the dataset
pull/352/head
chrisr3d 2 years ago
parent
commit
d4eb88c66a
No known key found for this signature in database GPG Key ID: 6BBED1B63A6D639F
  1. 3
      misp_modules/modules/expansion/securitytrails.py
  2. 2
      misp_modules/modules/expansion/urlhaus.py
  3. 13
      misp_modules/modules/expansion/virustotal.py
  4. 11
      misp_modules/modules/expansion/virustotal_public.py

3
misp_modules/modules/expansion/securitytrails.py

@ -93,9 +93,6 @@ def handle_domain(api, domain, misperrors):
if status_ok:
if r:
result_filtered['results'].extend(r)
else:
misperrors['error'] = misperrors['error'] + ' Error whois result'
return misperrors
time.sleep(1)
r, status_ok = expand_history_ipv4_ipv6(api, domain)

2
misp_modules/modules/expansion/urlhaus.py

@ -60,7 +60,7 @@ class PayloadQuery(URLhaus):
def query_api(self):
hash_type = self.attribute.type
file_object = MISPObject('file')
if self.attribute.event_id != '0':
if hasattr(self.attribute, 'object_id') and hasattr(self.attribute, 'event_id') and self.attribute.event_id != '0':
file_object.id = self.attribute.object_id
response = requests.post(self.url, data={'{}_hash'.format(hash_type): self.attribute.value}).json()
other_hash_type = 'md5' if hash_type == 'sha256' else 'sha256'

13
misp_modules/modules/expansion/virustotal.py

@ -172,12 +172,13 @@ class VirusTotalParser(object):
return attribute.uuid
def parse_vt_object(self, query_result):
vt_object = MISPObject('virustotal-report')
vt_object.add_attribute('permalink', type='link', value=query_result['permalink'])
detection_ratio = '{}/{}'.format(query_result['positives'], query_result['total'])
vt_object.add_attribute('detection-ratio', type='text', value=detection_ratio)
self.misp_event.add_object(**vt_object)
return vt_object.uuid
if query_result['response_code'] == 1:
vt_object = MISPObject('virustotal-report')
vt_object.add_attribute('permalink', type='link', value=query_result['permalink'])
detection_ratio = '{}/{}'.format(query_result['positives'], query_result['total'])
vt_object.add_attribute('detection-ratio', type='text', value=detection_ratio)
self.misp_event.add_object(**vt_object)
return vt_object.uuid
def parse_error(status_code):

11
misp_modules/modules/expansion/virustotal_public.py

@ -56,11 +56,12 @@ class VirusTotalParser():
self.misp_event.add_object(**domain_ip_object)
def parse_vt_object(self, query_result):
vt_object = MISPObject('virustotal-report')
vt_object.add_attribute('permalink', type='link', value=query_result['permalink'])
detection_ratio = '{}/{}'.format(query_result['positives'], query_result['total'])
vt_object.add_attribute('detection-ratio', type='text', value=detection_ratio)
self.misp_event.add_object(**vt_object)
if query_result['response_code'] == 1:
vt_object = MISPObject('virustotal-report')
vt_object.add_attribute('permalink', type='link', value=query_result['permalink'])
detection_ratio = '{}/{}'.format(query_result['positives'], query_result['total'])
vt_object.add_attribute('detection-ratio', type='text', value=detection_ratio)
self.misp_event.add_object(**vt_object)
def get_query_result(self, query_type):
params = {query_type: self.attribute.value, 'apikey': self.apikey}

Loading…
Cancel
Save