fix: Avoiding various modules to fail with uncritical issues

- Avoiding securitytrails to fail with an unavailable
  feature for free accounts
- Avoiding urlhaus to fail with input attribute
  fields that are not critical for the query and
  results
- Avoiding VT modules to fail when a certain
  resource does not exist in the dataset

misp_modules/modules/expansion/securitytrails.py

@@ -93,9 +93,6 @@ def handle_domain(api, domain, misperrors):
     if status_ok:
         if r:
             result_filtered['results'].extend(r)
-    else:
-        misperrors['error'] = misperrors['error'] + ' Error whois result'
-        return misperrors
 
     time.sleep(1)
     r, status_ok = expand_history_ipv4_ipv6(api, domain)

misp_modules/modules/expansion/urlhaus.py

@@ -60,7 +60,7 @@ class PayloadQuery(URLhaus):
     def query_api(self):
         hash_type = self.attribute.type
         file_object = MISPObject('file')
-        if self.attribute.event_id != '0':
+        if hasattr(self.attribute, 'object_id') and hasattr(self.attribute, 'event_id') and self.attribute.event_id != '0':
             file_object.id = self.attribute.object_id
         response = requests.post(self.url, data={'{}_hash'.format(hash_type): self.attribute.value}).json()
         other_hash_type = 'md5' if hash_type == 'sha256' else 'sha256'

misp_modules/modules/expansion/virustotal.py

@@ -172,12 +172,13 @@ class VirusTotalParser(object):
         return attribute.uuid
 
     def parse_vt_object(self, query_result):
-        vt_object = MISPObject('virustotal-report')
-        vt_object.add_attribute('permalink', type='link', value=query_result['permalink'])
-        detection_ratio = '{}/{}'.format(query_result['positives'], query_result['total'])
-        vt_object.add_attribute('detection-ratio', type='text', value=detection_ratio)
-        self.misp_event.add_object(**vt_object)
-        return vt_object.uuid
+        if query_result['response_code'] == 1:
+            vt_object = MISPObject('virustotal-report')
+            vt_object.add_attribute('permalink', type='link', value=query_result['permalink'])
+            detection_ratio = '{}/{}'.format(query_result['positives'], query_result['total'])
+            vt_object.add_attribute('detection-ratio', type='text', value=detection_ratio)
+            self.misp_event.add_object(**vt_object)
+            return vt_object.uuid
 
 
 def parse_error(status_code):

misp_modules/modules/expansion/virustotal_public.py

@@ -56,11 +56,12 @@ class VirusTotalParser():
         self.misp_event.add_object(**domain_ip_object)
 
     def parse_vt_object(self, query_result):
-        vt_object = MISPObject('virustotal-report')
-        vt_object.add_attribute('permalink', type='link', value=query_result['permalink'])
-        detection_ratio = '{}/{}'.format(query_result['positives'], query_result['total'])
-        vt_object.add_attribute('detection-ratio', type='text', value=detection_ratio)
-        self.misp_event.add_object(**vt_object)
+        if query_result['response_code'] == 1:
+            vt_object = MISPObject('virustotal-report')
+            vt_object.add_attribute('permalink', type='link', value=query_result['permalink'])
+            detection_ratio = '{}/{}'.format(query_result['positives'], query_result['total'])
+            vt_object.add_attribute('detection-ratio', type='text', value=detection_ratio)
+            self.misp_event.add_object(**vt_object)
 
     def get_query_result(self, query_type):
         params = {query_type: self.attribute.value, 'apikey': self.apikey}