fix: Avoiding various modules to fail with uncritical issues

- Avoiding securitytrails to fail with an unavailable
  feature for free accounts
- Avoiding urlhaus to fail with input attribute
  fields that are not critical for the query and
  results
- Avoiding VT modules to fail when a certain
  resource does not exist in the dataset
new_module
chrisr3d 2019-10-30 16:34:15 +01:00
parent 393b33d02d
commit d4eb88c66a
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
4 changed files with 14 additions and 15 deletions

View File

@ -93,9 +93,6 @@ def handle_domain(api, domain, misperrors):
if status_ok: if status_ok:
if r: if r:
result_filtered['results'].extend(r) result_filtered['results'].extend(r)
else:
misperrors['error'] = misperrors['error'] + ' Error whois result'
return misperrors
time.sleep(1) time.sleep(1)
r, status_ok = expand_history_ipv4_ipv6(api, domain) r, status_ok = expand_history_ipv4_ipv6(api, domain)

View File

@ -60,7 +60,7 @@ class PayloadQuery(URLhaus):
def query_api(self): def query_api(self):
hash_type = self.attribute.type hash_type = self.attribute.type
file_object = MISPObject('file') file_object = MISPObject('file')
if self.attribute.event_id != '0': if hasattr(self.attribute, 'object_id') and hasattr(self.attribute, 'event_id') and self.attribute.event_id != '0':
file_object.id = self.attribute.object_id file_object.id = self.attribute.object_id
response = requests.post(self.url, data={'{}_hash'.format(hash_type): self.attribute.value}).json() response = requests.post(self.url, data={'{}_hash'.format(hash_type): self.attribute.value}).json()
other_hash_type = 'md5' if hash_type == 'sha256' else 'sha256' other_hash_type = 'md5' if hash_type == 'sha256' else 'sha256'

View File

@ -172,12 +172,13 @@ class VirusTotalParser(object):
return attribute.uuid return attribute.uuid
def parse_vt_object(self, query_result): def parse_vt_object(self, query_result):
vt_object = MISPObject('virustotal-report') if query_result['response_code'] == 1:
vt_object.add_attribute('permalink', type='link', value=query_result['permalink']) vt_object = MISPObject('virustotal-report')
detection_ratio = '{}/{}'.format(query_result['positives'], query_result['total']) vt_object.add_attribute('permalink', type='link', value=query_result['permalink'])
vt_object.add_attribute('detection-ratio', type='text', value=detection_ratio) detection_ratio = '{}/{}'.format(query_result['positives'], query_result['total'])
self.misp_event.add_object(**vt_object) vt_object.add_attribute('detection-ratio', type='text', value=detection_ratio)
return vt_object.uuid self.misp_event.add_object(**vt_object)
return vt_object.uuid
def parse_error(status_code): def parse_error(status_code):

View File

@ -56,11 +56,12 @@ class VirusTotalParser():
self.misp_event.add_object(**domain_ip_object) self.misp_event.add_object(**domain_ip_object)
def parse_vt_object(self, query_result): def parse_vt_object(self, query_result):
vt_object = MISPObject('virustotal-report') if query_result['response_code'] == 1:
vt_object.add_attribute('permalink', type='link', value=query_result['permalink']) vt_object = MISPObject('virustotal-report')
detection_ratio = '{}/{}'.format(query_result['positives'], query_result['total']) vt_object.add_attribute('permalink', type='link', value=query_result['permalink'])
vt_object.add_attribute('detection-ratio', type='text', value=detection_ratio) detection_ratio = '{}/{}'.format(query_result['positives'], query_result['total'])
self.misp_event.add_object(**vt_object) vt_object.add_attribute('detection-ratio', type='text', value=detection_ratio)
self.misp_event.add_object(**vt_object)
def get_query_result(self, query_type): def get_query_result(self, query_type):
params = {query_type: self.attribute.value, 'apikey': self.apikey} params = {query_type: self.attribute.value, 'apikey': self.apikey}