fix: Various fixes about typo, variable names, data types and so on

2019-07-12 10:59:19 +02:00 · 2019-07-12 10:59:19 +02:00 · d9b03a7aa5
parent f862a14ce6
commit d9b03a7aa5
1 changed files with 23 additions and 15 deletions
--- a/misp_modules/modules/expansion/virustotal_public.py
+++ b/misp_modules/modules/expansion/virustotal_public.py
@ -7,7 +7,7 @@ mispattributes = {'input': ['hostname', 'domain', "ip-src", "ip-dst", "md5", "sh
                  'format': 'misp_standard'}
 moduleinfo = {'version': '1', 'author': 'Christian Studer',
              'description': 'Get information from virustotal public API v2.',
-              'module_type': ['expansion', 'hover']}
+              'module-type': ['expansion', 'hover']}

 moduleconfig = ['apikey']

@ -27,15 +27,21 @@ class VirusTotalParser():
        results = {key: event[key] for key in ('Attribute', 'Object') if (key in event and event[key])}
        return {'results': results}

-    def parse_detected_urls(detected_urls):
+    def parse_detected_urls(self, detected_urls):
        for url in detected_urls:
-            self.misp_event.add_attribute('url', url)
+            value = url['url'] if isinstance(url, dict) else url
+            self.misp_event.add_attribute('url', value)

    def parse_resolutions(self, resolutions, subdomains=None):
        domain_ip_object = MISPObject('domain-ip')
-        domain_ip_object.add_attribute('ip', type='ip-dst', value=self.attribute.value)
+        if self.attribute.type == 'domain':
+            domain_ip_object.add_attribute('domain', type='domain', value=self.attribute.value)
+            attribute_type, relation, key = ('ip-dst', 'ip', 'ip_address')
+        else:
+            domain_ip_object.add_attribute('ip', type='ip-dst', value=self.attribute.value)
+            attribute_type, relation, key = ('domain', 'domain', 'hostname')
        for resolution in resolutions:
-            domain_ip_object.add_attribute('domain', type='domain', value=resolution['hostname'])
+            domain_ip_object.add_attribute(relation, type=attribute_type, value=resolution[key])
        if subdomains:
            for subdomain in subdomains:
                attribute = MISPAttribute()
@ -48,7 +54,7 @@ class VirusTotalParser():
        vt_object = MISPObject('virustotal-report')
        vt_object.add_attribute('permalink', type='link', value=query_result['permalink'])
        detection_ratio = '{}/{}'.format(query_result['positives'], query_result['total'])
-        vt_object.add_object('detection-ratio', type='text', value=detection_ratio)
+        vt_object.add_attribute('detection-ratio', type='text', value=detection_ratio)
        self.misp_event.add_object(**vt_object)

    def query_result(self, query_type):
@ -67,9 +73,11 @@ class DomainQuery(VirusTotalParser):
        whois = 'whois'
        for feature in ('undetected_referrer_samples', 'detected_referrer_samples'):
            for sample in query_result[feature]:
-                self.misp_event.add_attribute(has_type, sample[hash_type])
+                self.misp_event.add_attribute(hash_type, sample[hash_type])
        if query_result.get(whois):
-            self.misp_event.add_attribute(whois, query_result[whois])
+            whois_object = MISPObject(whois)
+            whois_object.add_attribute('text', type='text', value=query_result[whois])
+            self.misp_event.add_object(**whois_object)
        self.parse_resolutions(query_result['resolutions'], query_result['subdomains'])
        self.parse_detected_urls(query_result['detected_urls'])
        for domain in query_result['domain_siblings']:
@ -85,11 +93,11 @@ class HashQuery(VirusTotalParser):
    def parse_report(self, query_result):
        file_attributes = []
        for hash_type in ('md5', 'sha1', 'sha256'):
-            if query_request.get(hash_type):
+            if query_result.get(hash_type):
                file_attributes.append({'type': hash_type, 'object_relation': hash_type,
-                                        'value': query_request[hash_type]})
+                                        'value': query_result[hash_type]})
        if file_attributes:
-            file_object = MISPOBject('file')
+            file_object = MISPObject('file')
            for attribute in file_attributes:
                file_object.add_attribute(**attribute)
            self.misp_event.add_object(**file_object)
@ -105,13 +113,13 @@ class IpQuery(VirusTotalParser):
    def parse_report(self, query_result):
        if query_result.get('asn'):
            asn_mapping = {'network': ('ip-src', 'subnet-announced'),
-                           'country': {'text', 'country'}}
+                           'country': ('text', 'country')}
            asn_object = MISPObject('asn')
            asn_object.add_attribute('asn', type='AS', value=query_result['asn'])
            for key, value in asn_mapping.items():
-                if query.get(key):
-                    attribute_type, relation = asn_mapping[key]
-                    asn_object.add_attribute(relation, type=attribute_type, value=value)
+                if query_result.get(key):
+                    attribute_type, relation = value
+                    asn_object.add_attribute(relation, type=attribute_type, value=query_result[key])
            self.misp_event.add_object(**asn_object)
        self.parse_detected_urls(query_result['detected_urls'])
        if query_result.get('resolutions'):