lib/XML/IODEF/Simple/Plugin/Malware.pm

package XML::IODEF::Simple::Plugin::Malware;

use XML::IODEF::Simple::Plugin::Url;

sub prepare {
    my $class   = shift;
    my $info    = shift;

    return(0) unless($info->{'impact'});
    return(0) unless($info->{'impact'} =~ /(malware|exploit)/);

    # since malware url and malware sort of share this plugin
    # and url falls lower in the a-z pecking order
    # we use this as a work-around for that
    XML::IODEF::Simple::Plugin::Url->prepare($info);
    return(1);
}

sub convert {
    my $class = shift;
    my $info = shift;
    my $iodef = shift;

    unless($info->{'severity'}){
        # if we're talking about an actual piece of malware
        if($info->{'impact'} =~ /^(malware|binary)$/){
            $iodef->add('IncidentAssessmentImpactseverity','high');
        } else {
            # probably a malware url, which is less severe
            $iodef->add('IncidentAssessmentImpactseverity','medium');
        }
    }

    return($iodef);
}

1;

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)