From 8c2bbaa13c48b3489cab3accb57003627b7bf4f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Mon, 11 Nov 2019 14:28:12 +0100 Subject: [PATCH 01/33] new: Get Database Schema Diagnostic Fix #492 --- pymisp/aping.py | 4 ++++ tests/testlive_comprehensive.py | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/pymisp/aping.py b/pymisp/aping.py index d5fb2327b..e36cd0183 100644 --- a/pymisp/aping.py +++ b/pymisp/aping.py @@ -179,6 +179,10 @@ def restart_workers(self): response = self._prepare_request('POST', f'/servers/restartWorkers') return self._check_response(response, expect_json=True) + def db_schema_diagnostic(self): + response = self._prepare_request('GET', f'/servers/dbSchemaDiagnostic') + return self._check_response(response, expect_json=True) + def toggle_global_pythonify(self): self.global_pythonify = not self.global_pythonify diff --git a/tests/testlive_comprehensive.py b/tests/testlive_comprehensive.py index 5e02d77b9..db6394414 100644 --- a/tests/testlive_comprehensive.py +++ b/tests/testlive_comprehensive.py @@ -1561,6 +1561,10 @@ def test_search_logs(self): self.assertEqual(entry.action, 'edit') r = self.admin_misp_connector.update_user({'email': 'testusr@user.local'}, self.test_usr) + def test_db_schema(self): + diag = self.admin_misp_connector.db_schema_diagnostic() + self.assertEqual(diag['actual_db_version'], diag['expected_db_version'], diag) + def test_live_acl(self): missing_acls = self.admin_misp_connector.remote_acl() self.assertEqual(missing_acls, [], msg=missing_acls) From c5dfa9b5090de50d782f1903455a4d4b604c072e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Mon, 11 Nov 2019 16:39:17 +0100 Subject: [PATCH 02/33] new: Test cases for restricted tags Fix #483 --- pymisp/aping.py | 5 +++-- tests/testlive_comprehensive.py | 22 ++++++++++++++++++++++ 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/pymisp/aping.py b/pymisp/aping.py index e36cd0183..6fa340431 100644 --- a/pymisp/aping.py +++ b/pymisp/aping.py @@ -2027,7 +2027,6 @@ def delete_user_setting(self, user_setting: str, user: Union[MISPUser, int, str, response = self._prepare_request('POST', f'user_settings/delete', data=query) return self._check_response(response, expect_json=True) - # ## END User Settings ### # ## BEGIN Global helpers ### @@ -2049,12 +2048,14 @@ def change_sharing_group_on_entity(self, misp_entity: AbstractMISP, sharing_grou raise PyMISPError('The misp_entity must be MISPEvent, MISPObject or MISPAttribute') - def tag(self, misp_entity: Union[AbstractMISP, str], tag: str, local: bool=False): + def tag(self, misp_entity: Union[AbstractMISP, str], tag: Union[MISPTag, int, str], local: bool=False): """Tag an event or an attribute. misp_entity can be a UUID""" if 'uuid' in misp_entity: uuid = misp_entity.uuid else: uuid = misp_entity + if isinstance(tag, MISPTag): + tag = tag.name to_post = {'uuid': uuid, 'tag': tag, 'local': local} response = self._prepare_request('POST', 'tags/attachTagToObject', data=to_post) return self._check_response(response, expect_json=True) diff --git a/tests/testlive_comprehensive.py b/tests/testlive_comprehensive.py index db6394414..39d74b5f0 100644 --- a/tests/testlive_comprehensive.py +++ b/tests/testlive_comprehensive.py @@ -1166,12 +1166,32 @@ def test_tags(self): self.assertFalse(non_exportable_tag.exportable) first = self.create_simple_event() first.attributes[0].add_tag('non-exportable tag') + # Add tag restricted to an org + tag = MISPTag() + tag.name = f'restricted to org {self.test_org.id}' + tag.org_id = self.test_org.id + tag_org_restricted = self.admin_misp_connector.add_tag(tag, pythonify=True) + self.assertEqual(tag_org_restricted.org_id, tag.org_id) + # Add tag restricted to a user + tag.name = f'restricted to user {self.test_usr.id}' + tag.user_id = self.test_usr.id + tag_user_restricted = self.admin_misp_connector.add_tag(tag, pythonify=True) + self.assertEqual(tag_user_restricted.user_id, tag.user_id) try: first = self.user_misp_connector.add_event(first) self.assertFalse(first.attributes[0].tags) first = self.admin_misp_connector.get_event(first, pythonify=True) # Reference: https://github.com/MISP/MISP/issues/1394 self.assertFalse(first.attributes[0].tags) + # Reference: https://github.com/MISP/PyMISP/issues/483 + r = self.delegate_user_misp_connector.tag(first, tag_org_restricted) + self.assertEqual(r['errors'][1]['message'], 'Invalid Tag. This tag can only be set by a fixed organisation.') + r = self.user_misp_connector.tag(first, tag_org_restricted) + self.assertEqual(r['name'], f'Global tag {tag_org_restricted.name}({tag_org_restricted.id}) successfully attached to Event({first.id}).') + r = self.pub_misp_connector.tag(first.attributes[0], tag_user_restricted) + self.assertEqual(r['errors'][1]['message'], 'Invalid Tag. This tag can only be set by a fixed user.') + r = self.user_misp_connector.tag(first.attributes[0], tag_user_restricted) + self.assertEqual(r['name'], f'Global tag {tag_user_restricted.name}({tag_user_restricted.id}) successfully attached to Attribute({first.attributes[0].id}).') finally: # Delete event self.admin_misp_connector.delete_event(first) @@ -1181,6 +1201,8 @@ def test_tags(self): self.assertEqual(response['message'], 'Tag deleted.') response = self.admin_misp_connector.delete_tag(non_exportable_tag) self.assertEqual(response['message'], 'Tag deleted.') + response = self.admin_misp_connector.delete_tag(tag_org_restricted) + response = self.admin_misp_connector.delete_tag(tag_user_restricted) def test_add_event_with_attachment_object_controller(self): first = self.create_simple_event() From 8163f8dd1d29c8f191ce0a36c79cd2519556ae35 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Fri, 15 Nov 2019 13:33:06 +0100 Subject: [PATCH 03/33] new: Validate object templates fix https://github.com/MISP/misp-objects/issues/199 --- tests/test_mispevent.py | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/tests/test_mispevent.py b/tests/test_mispevent.py index c0e44b11e..c8ad63ca1 100644 --- a/tests/test_mispevent.py +++ b/tests/test_mispevent.py @@ -5,6 +5,7 @@ import json import sys from io import BytesIO +import glob from pymisp import MISPEvent, MISPSighting, MISPTag from pymisp.exceptions import InvalidMISPObject @@ -291,6 +292,26 @@ def test_userdefined_object(self): ref_json = json.load(f) self.assertEqual(self.mispevent.to_json(sort_keys=True, indent=2), json.dumps(ref_json, sort_keys=True, indent=2)) + @unittest.skipIf(sys.version_info < (3, 6), 'Not supported on python < 3.6') + def test_object_templates(self): + me = MISPEvent() + for template in glob.glob(str(me.misp_objects_path / '*' / 'definition.json')): + with open(template) as f: + t_json = json.load(f) + if 'requiredOneOf' in t_json: + obj_relations = set(t_json['attributes'].keys()) + subset = set(t_json['requiredOneOf']).issubset(obj_relations) + self.assertTrue(subset, f'{t_json["name"]}') + if 'required' in t_json: + obj_relations = set(t_json['attributes'].keys()) + subset = set(t_json['required']).issubset(obj_relations) + self.assertTrue(subset, f'{t_json["name"]}') + for obj_relation, entry in t_json['attributes'].items(): + self.assertTrue(entry['misp-attribute'] in me.describe_types['types']) + if 'categories' in entry: + subset = set(entry['categories']).issubset(me.describe_types['categories']) + self.assertTrue(subset, f'{t_json["name"]} - {obj_relation}') + if __name__ == '__main__': unittest.main() From c81e844556229c0748cabbcac4f4929e83e5f156 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Fri, 15 Nov 2019 13:35:01 +0100 Subject: [PATCH 04/33] chg: Bump dependencies --- Pipfile.lock | 420 +++++++++++++++++++++++++++++---------------------- 1 file changed, 242 insertions(+), 178 deletions(-) diff --git a/Pipfile.lock b/Pipfile.lock index becc122e5..cfdb5faf0 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -18,14 +18,15 @@ "default": { "attrs": { "hashes": [ - "sha256:ec20e7a4825331c1b5ebf261d111e16fa9612c1f7a5e1f884f12bd53a664dfd2", - "sha256:f913492e1663d3c36f502e5e9ba6cd13cf19d7fab50aa13239e420fef95e1396" + "sha256:08a96c641c3a74e44eb59afb61a24f2cb9f4d7188748e76ba4bb5edfa3cb7d1c", + "sha256:f7b7ce16570fe9965acd6d30101a28f62fb4a7f9e926b3bbc9b61f8b04247e72" ], - "version": "==19.2.0" + "version": "==19.3.0" }, "beautifulsoup4": { "hashes": [ "sha256:5279c36b4b2ec2cb4298d723791467e3000e5384a43ea0cdf5d45207c7e97169", + "sha256:6135db2ba678168c07950f9a16c4031822c6f4aec75a65e0a97bc5ca09789931", "sha256:dcdef580e18a76d54002088602eba453eec38ebbcafafeaabd8cab12b6155d57" ], "version": "==4.8.1" @@ -46,17 +47,17 @@ }, "decorator": { "hashes": [ - "sha256:86156361c50488b84a3f148056ea716ca587df2f0de1d34750d35c21312725de", - "sha256:f069f3a01830ca754ba5258fde2278454a0b5b79e0d7f5c13b3b97e57d4acff6" + "sha256:54c38050039232e1db4ad7375cfce6748d7b41c29e95a081c8a6d2c30364a2ce", + "sha256:5d19b92a3c8f7f101c8dd86afd86b0f061a8ce4540ab8cd401fa2542756bce6d" ], - "version": "==4.4.0" + "version": "==4.4.1" }, "deprecated": { "hashes": [ - "sha256:a515c4cf75061552e0284d123c3066fbbe398952c87333a92b8fc3dd8e4f9cc1", - "sha256:b07b414c8aac88f60c1d837d21def7e83ba711052e03b3cbaff27972567a8f8d" + "sha256:408038ab5fdeca67554e8f6742d1521cd3cd0ee0ff9d47f29318a4f4da31c308", + "sha256:8b6a5aa50e482d8244a62e5582b96c372e87e3a28e8b49c316e46b95c76a611d" ], - "version": "==1.2.6" + "version": "==1.2.7" }, "idna": { "hashes": [ @@ -65,12 +66,19 @@ ], "version": "==2.8" }, + "importlib-metadata": { + "hashes": [ + "sha256:aa18d7378b00b40847790e7c27e11673d7fed219354109d0e7b9e5b25dc3ad26", + "sha256:d5f18a79777f3aa179c145737780282e27b508fc8fd688cb17c7a813e8bd39af" + ], + "version": "==0.23" + }, "jsonschema": { "hashes": [ - "sha256:5f9c0a719ca2ce14c5de2fd350a64fd2d13e8539db29836a86adc990bb1a068f", - "sha256:8d4a2b7b6c2237e0199c8ea1a6d3e05bf118e289ae2b9d7ba444182a2959560d" + "sha256:2fa0684276b6333ff3c0b1b27081f4b2305f0a36cf702a23db50edb141893c3f", + "sha256:94c0a13b4a0616458b42529091624e66700a17f847453e52279e35509a5b7631" ], - "version": "==3.0.2" + "version": "==3.1.1" }, "lief": { "hashes": [ @@ -89,36 +97,47 @@ ], "version": "==0.10.0.dev0" }, + "more-itertools": { + "hashes": [ + "sha256:409cd48d4db7052af495b09dec721011634af3753ae1ef92d2b32f73a745f832", + "sha256:92b8c4b06dac4f0611c0729b2f2ede52b2e1bac1ab48f089c7ddc12e26bb60c4" + ], + "version": "==7.2.0" + }, "pillow": { "hashes": [ - "sha256:00fdeb23820f30e43bba78eb9abb00b7a937a655de7760b2e09101d63708b64e", - "sha256:01f948e8220c85eae1aa1a7f8edddcec193918f933fb07aaebe0bfbbcffefbf1", - "sha256:08abf39948d4b5017a137be58f1a52b7101700431f0777bec3d897c3949f74e6", - "sha256:099a61618b145ecb50c6f279666bbc398e189b8bc97544ae32b8fcb49ad6b830", - "sha256:2c1c61546e73de62747e65807d2cc4980c395d4c5600ecb1f47a650c6fa78c79", - "sha256:2ed9c4f694861642401f27dc3cb99772be67cd190e84845c749dae0a06c3bfae", - "sha256:338581b30b908e111be578f0297255f6b57a51358cd16fa0e6f664c9a1f88bff", - "sha256:38c7d48a21cd06fdeee93987147b9b1c55b73b4cfcbf83240568bfbd5adee447", - "sha256:43fd026f613c8e48a25eba1a92f4d2ad7f3903c95d8c33a11611a7717d2ab654", - "sha256:4548236844327a718ce3bb182ab32a16fa2050c61e334e959f554cac052fb0df", - "sha256:5090857876c58885cfa388dc649e5db30aae98a068c26f3fd0ac9d7d9a4d9572", - "sha256:5bbba34f97a26a93f5e8dec469ca4ddd712451418add43da946dbaed7f7a98d2", - "sha256:65a28969a025a0eb4594637b6103201dc4ed2a9508bdab56ac33e43e3081c404", - "sha256:892bb52b70bd5ea9dbbc3ac44f38e84f5a04e9d8b1bff48159d96cb795b81159", - "sha256:8a9becd5cbd5062f973bcd2e7bc79483af310222de112b6541f8af1f93a3cc42", - "sha256:972a7aaeb7c4a2795b52eef52ee991ef040b31009f36deca6207a986607b55f3", - "sha256:97b119c436bfa96a92ac2ca525f7025836d4d4e64b1c9f9eff8dbaf3ff1d86f3", - "sha256:9ba37698e242223f8053cc158f130aee046a96feacbeab65893dbe94f5530118", - "sha256:b1b0e1f626a0f079c0d3696db70132fb1f29aa87c66aecb6501a9b8be64ce9f7", - "sha256:c14c1224fd1a5be2733530d648a316974dbbb3c946913562c6005a76f21ca042", - "sha256:c79a8546c48ae6465189e54e3245a97ddf21161e33ff7eaa42787353417bb2b6", - "sha256:ceb76935ac4ebdf6d7bc845482a4450b284c6ccfb281e34da51d510658ab34d8", - "sha256:e22bffaad04b4d16e1c091baed7f2733fc1ebb91e0c602abf1b6834d17158b1f", - "sha256:ec883b8e44d877bda6f94a36313a1c6063f8b1997aa091628ae2f34c7f97c8d5", - "sha256:f1baa54d50ec031d1a9beb89974108f8f2c0706f49798f4777df879df0e1adb6", - "sha256:f53a5385932cda1e2c862d89460992911a89768c65d176ff8c50cddca4d29bed" - ], - "version": "==6.2.0" + "sha256:047d9473cf68af50ac85f8ee5d5f21a60f849bc17d348da7fc85711287a75031", + "sha256:0f66dc6c8a3cc319561a633b6aa82c44107f12594643efa37210d8c924fc1c71", + "sha256:12c9169c4e8fe0a7329e8658c7e488001f6b4c8e88740e76292c2b857af2e94c", + "sha256:248cffc168896982f125f5c13e9317c059f74fffdb4152893339f3be62a01340", + "sha256:27faf0552bf8c260a5cee21a76e031acaea68babb64daf7e8f2e2540745082aa", + "sha256:285edafad9bc60d96978ed24d77cdc0b91dace88e5da8c548ba5937c425bca8b", + "sha256:384b12c9aa8ef95558abdcb50aada56d74bc7cc131dd62d28c2d0e4d3aadd573", + "sha256:38950b3a707f6cef09cd3cbb142474357ad1a985ceb44d921bdf7b4647b3e13e", + "sha256:4aad1b88933fd6dc2846552b89ad0c74ddbba2f0884e2c162aa368374bf5abab", + "sha256:4ac6148008c169603070c092e81f88738f1a0c511e07bd2bb0f9ef542d375da9", + "sha256:4deb1d2a45861ae6f0b12ea0a786a03d19d29edcc7e05775b85ec2877cb54c5e", + "sha256:59aa2c124df72cc75ed72c8d6005c442d4685691a30c55321e00ed915ad1a291", + "sha256:5a47d2123a9ec86660fe0e8d0ebf0aa6bc6a17edc63f338b73ea20ba11713f12", + "sha256:5cc901c2ab9409b4b7ac7b5bcc3e86ac14548627062463da0af3b6b7c555a871", + "sha256:6c1db03e8dff7b9f955a0fb9907eb9ca5da75b5ce056c0c93d33100a35050281", + "sha256:7ce80c0a65a6ea90ef9c1f63c8593fcd2929448613fc8da0adf3e6bfad669d08", + "sha256:809c19241c14433c5d6135e1b6c72da4e3b56d5c865ad5736ab99af8896b8f41", + "sha256:83792cb4e0b5af480588601467c0764242b9a483caea71ef12d22a0d0d6bdce2", + "sha256:846fa202bd7ee0f6215c897a1d33238ef071b50766339186687bd9b7a6d26ac5", + "sha256:9f5529fc02009f96ba95bea48870173426879dc19eec49ca8e08cd63ecd82ddb", + "sha256:a423c2ea001c6265ed28700df056f75e26215fd28c001e93ef4380b0f05f9547", + "sha256:ac4428094b42907aba5879c7c000d01c8278d451a3b7cccd2103e21f6397ea75", + "sha256:b1ae48d87f10d1384e5beecd169c77502fcc04a2c00a4c02b85f0a94b419e5f9", + "sha256:bf4e972a88f8841d8fdc6db1a75e0f8d763e66e3754b03006cbc3854d89f1cb1", + "sha256:c6414f6aad598364aaf81068cabb077894eb88fed99c6a65e6e8217bab62ae7a", + "sha256:c710fcb7ee32f67baf25aa9ffede4795fd5d93b163ce95fdc724383e38c9df96", + "sha256:c7be4b8a09852291c3c48d3c25d1b876d2494a0a674980089ac9d5e0d78bd132", + "sha256:c9e5ffb910b14f090ac9c38599063e354887a5f6d7e6d26795e916b4514f2c1a", + "sha256:e0697b826da6c2472bb6488db4c0a7fa8af0d52fa08833ceb3681358914b14e5", + "sha256:e9a3edd5f714229d41057d56ac0f39ad9bdba6767e8c888c951869f0bdd129b0" + ], + "version": "==6.2.1" }, "pydeep": { "hashes": [ @@ -139,20 +158,20 @@ "pymispwarninglists": { "editable": true, "git": "https://github.com/MISP/PyMISPWarningLists.git", - "ref": "8a47f8b7f723a268e5a6b5420fe4b873e4fd6a0b" + "ref": "1257a2e378ffb9f3dfcc4a0e83bde4ae1b040c83" }, "pyrsistent": { "hashes": [ - "sha256:34b47fa169d6006b32e99d4b3c4031f155e6e68ebcc107d6454852e8e0ee6533" + "sha256:eb6545dbeb1aa69ab1fb4809bfbf5a8705e44d92ef8fc7c2361682a47c46c778" ], - "version": "==0.15.4" + "version": "==0.15.5" }, "python-dateutil": { "hashes": [ - "sha256:7e6584c74aeed623791615e26efd690f29817a27c73085b78e4bad02493df2fb", - "sha256:c89805f6f4d64db21ed966fda138f8a5ed7a4fdbc1a8ee329ce1b74e3c74da9e" + "sha256:73ebfe9dbf22e832286dafa60473e4cd239f8592f699aa5adaf10050e6e1823c", + "sha256:75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a" ], - "version": "==2.8.0" + "version": "==2.8.1" }, "python-magic": { "hashes": [ @@ -163,31 +182,36 @@ }, "reportlab": { "hashes": [ - "sha256:06b7c7436fa6d4844c7637161f3297c7a96240f35622ab2d219e4fd8387c0ab2", - "sha256:0a5acf67bd9812e38ed84be8994c07a8136b0a8f4c14a1c66c9c73a9567a9a44", - "sha256:1c8ca145d03e3c620866b06febb241b179197b58fb07454fbc8e9d6184cdcc93", - "sha256:2f8d785660ee316874c86abad345633ce8c652e88e03ae8a10f1fdadc72fd23d", - "sha256:4869d342352c92a812ce40555ef2a9cfbd722390d67fe61f1d6ec770e9ca41a3", - "sha256:493e0dcd9c085d46acf4fe3f00f941e562490a74b651409039a0dee2a0d76555", - "sha256:4e606e3ee9345e68cd205022d526250ad2a1164eea8f1e29d77d6ad08631b0ba", - "sha256:5bf91bae8995db91650fda658129c268515358b756fd16c0261a9dd641df1856", - "sha256:6df0730f8f715aa12333bd6d2a72eea3a989381451861186d9b5e71889454ac7", - "sha256:7195c6ea096d10c91cc470f9f0ced3ad74470d9c0fd97923b5e764597dd13671", - "sha256:7431c979e2b498e8e20abf458f360a451717d76c3c1bd49d1fc5697d3504f8e5", - "sha256:7f7f70a8d4b573d1ff65a81415b4b6ed9545630f381dff4a69307640e09d381d", - "sha256:9945433667a46f054d1125b4ca86fe9ee31feb254728b38242e9a6008c135efe", - "sha256:b1cdbfc1fd54ac947b9f0114e00ab94e945db679f1e03357a3c00f3a85e73eea", - "sha256:bf149847a2fd8f24b788a8abbf97a2b9a73edc5b1bd719384b786eb84bcad15e", - "sha256:ce514bfce2bf3e302f52aba9929fe3ac7d918cfea2f5d3e30bf9dac9658bf094", - "sha256:d243d4c8cf1a7e78b734c03628b684ec5de25df1f02ccea2e10fbd217430cb72", - "sha256:d4bee20f52b8c3c477dc780780654cafcfc0eb34d8d6960c13a34a444b431f09", - "sha256:e730529bd1f62034c50f70a2b05fadbf7d1402d39ff69c9dc63db066d0ef8a46", - "sha256:eb54ecfbf1abe6134073b7b35fd40442c4cd81bb9a5bee1a3038b8867b721bfb", - "sha256:f18ec70f5ee6a78b3bb4361e55f3a5ef34eb253f1e72fba76f29f0d680cd446f", - "sha256:f6be66f69198dcd04a79faa6052f756d35643496321858f06931c7b1ed9833ab", - "sha256:fc5c23a53fbd97b8aab4968c8548ce5cea4a54a26b4f8c1e6835df7adb8d0fe2" - ], - "version": "==3.5.28" + "sha256:149f0eeb4ea716441638b05fd6d3667d32f1463f3eac50b63e100a73a5533cdd", + "sha256:1aa9a2e1a87749db265b592ad25e498b39f70fce9f53a012cdf69f74259b6e43", + "sha256:1f5ce489adb2db2862249492e6367539cfa65b781cb06dcf13363dc52219be7e", + "sha256:23b28ba1784a6c52a926c075abd9f396d03670e71934b24db5ff684f8b870e0f", + "sha256:3d3de0f4facdd7e3c56ecbc55733a958b86c35a8e7ba6066c7b1ba383e282f58", + "sha256:484d346b8f463ba2ddaf6d365c6ac5971cd062528b6d5ba68cac02b9435366c5", + "sha256:4da2467def21f2e20720b21f6c18e7f7866720a955c716b990e94e3979fe913f", + "sha256:5ebdf22daee7d8e630134d94f477fe6abd65a65449d4eec682a7b458b5249604", + "sha256:655a1b68be18a73fec5233fb5d81f726b4db32269e487aecf5b6853cca926d86", + "sha256:6c535a304888dafe50c2c24d4924aeefc11e0542488ee6965f6133d415e86bbc", + "sha256:7560ef655ac6448bb257fd34bfdfb8d546f9c7c0900ed8963fb8509f75e8ca80", + "sha256:7a1c2fa3e6310dbe47efee2020dc0f25be7a75ff09a8fedc4a87d4397f3810c1", + "sha256:817c344b9aa53b5bfc2f58ff82111a1e85ca4c8b68d1add088b547360a6ebcfa", + "sha256:81d950e398d6758aeaeeb267aa1a62940735414c980f77dd0a270cef1782a43d", + "sha256:83ef44936ef4e9c432d62bc2b72ec8d772b87af319d123e827a72e9b6884c851", + "sha256:9f975adc2c7a236403f0bc91d7a3916e644e47b1f1e3990325f15e73b83581ec", + "sha256:a5ca59e2b7e70a856de6db9dadd3e11a1b3b471c999585284d5c1d479c01cf5d", + "sha256:ad2cf5a673c05fae9e91e987994b95205c13c5fa55d7393cf8b06f9de6f92990", + "sha256:b8c3d76276372f87b7c8ff22065dbc072cca5ffb06ba0267edc298df7acf942d", + "sha256:b93f7f908e916d9413dd8c04da1ccb3977e446803f59078424decdc0de449133", + "sha256:c0ecd0af92c759edec0d24ba92f4a18c28d4a19229ae7c8249f94e82f3d76288", + "sha256:c9e38eefc90a02c072a87a627ff66b2d67c23f6f82274d2aa7fb28e644e8f409", + "sha256:ca2a1592d2e181a04372d0276ee847308ea206dfe7c86fe94769e7ac126e6e85", + "sha256:ce1dfc9beec83e66250ca3afaf5ddf6b9a3ce70a30a9526dec7c6bec3266baf1", + "sha256:d3550c90751132b26b72a78954905974f33b1237335fbe0d8be957f9636c376a", + "sha256:e35a574f4e5ec0fdd5dc354e74ec143d853abd7f76db435ffe2a57d0161a22eb", + "sha256:ee5cafca6ef1a38fef8cbf3140dd2198ad1ee82331530b546039216ef94f93cb", + "sha256:fa1c969176cb3594a785c6818bcb943ebd49453791f702380b13a35fa23b385a" + ], + "version": "==3.5.32" }, "requests": { "hashes": [ @@ -198,24 +222,24 @@ }, "six": { "hashes": [ - "sha256:3350809f0555b11f552448330d0b52d5f24c91a322ea4a15ef22629740f3761c", - "sha256:d16a0141ec1a18405cd4ce8b4613101da75da0e9a7aec5bdd4fa804d0e0eba73" + "sha256:1f1b7d42e254082a9db6279deae68afb421ceba6158efa6131de7b3003ee93fd", + "sha256:30f610279e8b2578cab6db20741130331735c781b56053c59c4076da27f06b66" ], - "version": "==1.12.0" + "version": "==1.13.0" }, "soupsieve": { "hashes": [ - "sha256:605f89ad5fdbfefe30cdc293303665eff2d188865d4dbe4eb510bba1edfbfce3", - "sha256:b91d676b330a0ebd5b21719cb6e9b57c57d433671f65b9c28dd3461d9a1ed0b6" + "sha256:bdb0d917b03a1369ce964056fc195cfdff8819c40de04695a80bc813c3cfa1f5", + "sha256:e2c1c5dee4a1c36bcb790e0fabd5492d874b8ebd4617622c4f6a731701060dda" ], - "version": "==1.9.4" + "version": "==1.9.5" }, "urllib3": { "hashes": [ - "sha256:3de946ffbed6e6746608990594d08faac602528ac7015ac28d33cee6a45b7398", - "sha256:9a107b99a5393caf59c7aa3c1249c16e6879447533d0887f4336dde834c7be86" + "sha256:a8a318824cc77d1fd4b2bec2ded92646630d7fe8619497b142c84a9e6f5a7293", + "sha256:f3c5fd51747d450d4dcf6f923c81f78f811aab8205fda64b0aba34a4e48b0745" ], - "version": "==1.25.6" + "version": "==1.25.7" }, "validators": { "hashes": [ @@ -228,6 +252,13 @@ "sha256:565a021fd19419476b9362b05eeaa094178de64f8361e44468f9e9d7843901e1" ], "version": "==1.11.2" + }, + "zipp": { + "hashes": [ + "sha256:3718b1cbcd963c7d4c5511a8240812904164b7f381b647143a89d3b98f9bcd8e", + "sha256:f06903e9f1f43b12d371004b4ac7b06ab39a44adc747266928ae6debfa7b3335" + ], + "version": "==0.6.0" } }, "develop": { @@ -240,10 +271,10 @@ }, "attrs": { "hashes": [ - "sha256:ec20e7a4825331c1b5ebf261d111e16fa9612c1f7a5e1f884f12bd53a664dfd2", - "sha256:f913492e1663d3c36f502e5e9ba6cd13cf19d7fab50aa13239e420fef95e1396" + "sha256:08a96c641c3a74e44eb59afb61a24f2cb9f4d7188748e76ba4bb5edfa3cb7d1c", + "sha256:f7b7ce16570fe9965acd6d30101a28f62fb4a7f9e926b3bbc9b61f8b04247e72" ], - "version": "==19.2.0" + "version": "==19.3.0" }, "babel": { "hashes": [ @@ -255,6 +286,7 @@ "beautifulsoup4": { "hashes": [ "sha256:5279c36b4b2ec2cb4298d723791467e3000e5384a43ea0cdf5d45207c7e97169", + "sha256:6135db2ba678168c07950f9a16c4031822c6f4aec75a65e0a97bc5ca09789931", "sha256:dcdef580e18a76d54002088602eba453eec38ebbcafafeaabd8cab12b6155d57" ], "version": "==4.8.1" @@ -349,17 +381,17 @@ }, "decorator": { "hashes": [ - "sha256:86156361c50488b84a3f148056ea716ca587df2f0de1d34750d35c21312725de", - "sha256:f069f3a01830ca754ba5258fde2278454a0b5b79e0d7f5c13b3b97e57d4acff6" + "sha256:54c38050039232e1db4ad7375cfce6748d7b41c29e95a081c8a6d2c30364a2ce", + "sha256:5d19b92a3c8f7f101c8dd86afd86b0f061a8ce4540ab8cd401fa2542756bce6d" ], - "version": "==4.4.0" + "version": "==4.4.1" }, "deprecated": { "hashes": [ - "sha256:a515c4cf75061552e0284d123c3066fbbe398952c87333a92b8fc3dd8e4f9cc1", - "sha256:b07b414c8aac88f60c1d837d21def7e83ba711052e03b3cbaff27972567a8f8d" + "sha256:408038ab5fdeca67554e8f6742d1521cd3cd0ee0ff9d47f29318a4f4da31c308", + "sha256:8b6a5aa50e482d8244a62e5582b96c372e87e3a28e8b49c316e46b95c76a611d" ], - "version": "==1.2.6" + "version": "==1.2.7" }, "docopt": { "hashes": [ @@ -389,6 +421,13 @@ ], "version": "==1.1.0" }, + "importlib-metadata": { + "hashes": [ + "sha256:aa18d7378b00b40847790e7c27e11673d7fed219354109d0e7b9e5b25dc3ad26", + "sha256:d5f18a79777f3aa179c145737780282e27b508fc8fd688cb17c7a813e8bd39af" + ], + "version": "==0.23" + }, "jinja2": { "hashes": [ "sha256:74320bb91f31270f9551d46522e33af46a80c3d619f4a4bf42b3164d30b5911f", @@ -398,10 +437,10 @@ }, "jsonschema": { "hashes": [ - "sha256:5f9c0a719ca2ce14c5de2fd350a64fd2d13e8539db29836a86adc990bb1a068f", - "sha256:8d4a2b7b6c2237e0199c8ea1a6d3e05bf118e289ae2b9d7ba444182a2959560d" + "sha256:2fa0684276b6333ff3c0b1b27081f4b2305f0a36cf702a23db50edb141893c3f", + "sha256:94c0a13b4a0616458b42529091624e66700a17f847453e52279e35509a5b7631" ], - "version": "==3.0.2" + "version": "==3.1.1" }, "lief": { "hashes": [ @@ -460,6 +499,13 @@ "index": "pypi", "version": "==0.55.0" }, + "more-itertools": { + "hashes": [ + "sha256:409cd48d4db7052af495b09dec721011634af3753ae1ef92d2b32f73a745f832", + "sha256:92b8c4b06dac4f0611c0729b2f2ede52b2e1bac1ab48f089c7ddc12e26bb60c4" + ], + "version": "==7.2.0" + }, "neobolt": { "hashes": [ "sha256:56b86b8b2c3facdd54589e60ecd22e0234d6f40645ab2e2cf87ef0cd79df20af" @@ -490,34 +536,38 @@ }, "pillow": { "hashes": [ - "sha256:00fdeb23820f30e43bba78eb9abb00b7a937a655de7760b2e09101d63708b64e", - "sha256:01f948e8220c85eae1aa1a7f8edddcec193918f933fb07aaebe0bfbbcffefbf1", - "sha256:08abf39948d4b5017a137be58f1a52b7101700431f0777bec3d897c3949f74e6", - "sha256:099a61618b145ecb50c6f279666bbc398e189b8bc97544ae32b8fcb49ad6b830", - "sha256:2c1c61546e73de62747e65807d2cc4980c395d4c5600ecb1f47a650c6fa78c79", - "sha256:2ed9c4f694861642401f27dc3cb99772be67cd190e84845c749dae0a06c3bfae", - "sha256:338581b30b908e111be578f0297255f6b57a51358cd16fa0e6f664c9a1f88bff", - "sha256:38c7d48a21cd06fdeee93987147b9b1c55b73b4cfcbf83240568bfbd5adee447", - "sha256:43fd026f613c8e48a25eba1a92f4d2ad7f3903c95d8c33a11611a7717d2ab654", - "sha256:4548236844327a718ce3bb182ab32a16fa2050c61e334e959f554cac052fb0df", - "sha256:5090857876c58885cfa388dc649e5db30aae98a068c26f3fd0ac9d7d9a4d9572", - "sha256:5bbba34f97a26a93f5e8dec469ca4ddd712451418add43da946dbaed7f7a98d2", - "sha256:65a28969a025a0eb4594637b6103201dc4ed2a9508bdab56ac33e43e3081c404", - "sha256:892bb52b70bd5ea9dbbc3ac44f38e84f5a04e9d8b1bff48159d96cb795b81159", - "sha256:8a9becd5cbd5062f973bcd2e7bc79483af310222de112b6541f8af1f93a3cc42", - "sha256:972a7aaeb7c4a2795b52eef52ee991ef040b31009f36deca6207a986607b55f3", - "sha256:97b119c436bfa96a92ac2ca525f7025836d4d4e64b1c9f9eff8dbaf3ff1d86f3", - "sha256:9ba37698e242223f8053cc158f130aee046a96feacbeab65893dbe94f5530118", - "sha256:b1b0e1f626a0f079c0d3696db70132fb1f29aa87c66aecb6501a9b8be64ce9f7", - "sha256:c14c1224fd1a5be2733530d648a316974dbbb3c946913562c6005a76f21ca042", - "sha256:c79a8546c48ae6465189e54e3245a97ddf21161e33ff7eaa42787353417bb2b6", - "sha256:ceb76935ac4ebdf6d7bc845482a4450b284c6ccfb281e34da51d510658ab34d8", - "sha256:e22bffaad04b4d16e1c091baed7f2733fc1ebb91e0c602abf1b6834d17158b1f", - "sha256:ec883b8e44d877bda6f94a36313a1c6063f8b1997aa091628ae2f34c7f97c8d5", - "sha256:f1baa54d50ec031d1a9beb89974108f8f2c0706f49798f4777df879df0e1adb6", - "sha256:f53a5385932cda1e2c862d89460992911a89768c65d176ff8c50cddca4d29bed" - ], - "version": "==6.2.0" + "sha256:047d9473cf68af50ac85f8ee5d5f21a60f849bc17d348da7fc85711287a75031", + "sha256:0f66dc6c8a3cc319561a633b6aa82c44107f12594643efa37210d8c924fc1c71", + "sha256:12c9169c4e8fe0a7329e8658c7e488001f6b4c8e88740e76292c2b857af2e94c", + "sha256:248cffc168896982f125f5c13e9317c059f74fffdb4152893339f3be62a01340", + "sha256:27faf0552bf8c260a5cee21a76e031acaea68babb64daf7e8f2e2540745082aa", + "sha256:285edafad9bc60d96978ed24d77cdc0b91dace88e5da8c548ba5937c425bca8b", + "sha256:384b12c9aa8ef95558abdcb50aada56d74bc7cc131dd62d28c2d0e4d3aadd573", + "sha256:38950b3a707f6cef09cd3cbb142474357ad1a985ceb44d921bdf7b4647b3e13e", + "sha256:4aad1b88933fd6dc2846552b89ad0c74ddbba2f0884e2c162aa368374bf5abab", + "sha256:4ac6148008c169603070c092e81f88738f1a0c511e07bd2bb0f9ef542d375da9", + "sha256:4deb1d2a45861ae6f0b12ea0a786a03d19d29edcc7e05775b85ec2877cb54c5e", + "sha256:59aa2c124df72cc75ed72c8d6005c442d4685691a30c55321e00ed915ad1a291", + "sha256:5a47d2123a9ec86660fe0e8d0ebf0aa6bc6a17edc63f338b73ea20ba11713f12", + "sha256:5cc901c2ab9409b4b7ac7b5bcc3e86ac14548627062463da0af3b6b7c555a871", + "sha256:6c1db03e8dff7b9f955a0fb9907eb9ca5da75b5ce056c0c93d33100a35050281", + "sha256:7ce80c0a65a6ea90ef9c1f63c8593fcd2929448613fc8da0adf3e6bfad669d08", + "sha256:809c19241c14433c5d6135e1b6c72da4e3b56d5c865ad5736ab99af8896b8f41", + "sha256:83792cb4e0b5af480588601467c0764242b9a483caea71ef12d22a0d0d6bdce2", + "sha256:846fa202bd7ee0f6215c897a1d33238ef071b50766339186687bd9b7a6d26ac5", + "sha256:9f5529fc02009f96ba95bea48870173426879dc19eec49ca8e08cd63ecd82ddb", + "sha256:a423c2ea001c6265ed28700df056f75e26215fd28c001e93ef4380b0f05f9547", + "sha256:ac4428094b42907aba5879c7c000d01c8278d451a3b7cccd2103e21f6397ea75", + "sha256:b1ae48d87f10d1384e5beecd169c77502fcc04a2c00a4c02b85f0a94b419e5f9", + "sha256:bf4e972a88f8841d8fdc6db1a75e0f8d763e66e3754b03006cbc3854d89f1cb1", + "sha256:c6414f6aad598364aaf81068cabb077894eb88fed99c6a65e6e8217bab62ae7a", + "sha256:c710fcb7ee32f67baf25aa9ffede4795fd5d93b163ce95fdc724383e38c9df96", + "sha256:c7be4b8a09852291c3c48d3c25d1b876d2494a0a674980089ac9d5e0d78bd132", + "sha256:c9e5ffb910b14f090ac9c38599063e354887a5f6d7e6d26795e916b4514f2c1a", + "sha256:e0697b826da6c2472bb6488db4c0a7fa8af0d52fa08833ceb3681358914b14e5", + "sha256:e9a3edd5f714229d41057d56ac0f39ad9bdba6767e8c888c951869f0bdd129b0" + ], + "version": "==6.2.1" }, "prompt-toolkit": { "hashes": [ @@ -529,17 +579,19 @@ }, "psutil": { "hashes": [ - "sha256:028a1ec3c6197eadd11e7b46e8cc2f0720dc18ac6d7aabdb8e8c0d6c9704f000", - "sha256:503e4b20fa9d3342bcf58191bbc20a4a5ef79ca7df8972e6197cc14c5513e73d", - "sha256:863a85c1c0a5103a12c05a35e59d336e1d665747e531256e061213e2e90f63f3", - "sha256:954f782608bfef9ae9f78e660e065bd8ffcfaea780f9f2c8a133bb7cb9e826d7", - "sha256:b6e08f965a305cd84c2d07409bc16fbef4417d67b70c53b299116c5b895e3f45", - "sha256:bc96d437dfbb8865fc8828cf363450001cb04056bbdcdd6fc152c436c8a74c61", - "sha256:cf49178021075d47c61c03c0229ac0c60d5e2830f8cab19e2d88e579b18cdb76", - "sha256:d5350cb66690915d60f8b233180f1e49938756fb2d501c93c44f8fb5b970cc63", - "sha256:eba238cf1989dfff7d483c029acb0ac4fcbfc15de295d682901f0e2497e6781a" + "sha256:021d361439586a0fd8e64f8392eb7da27135db980f249329f1a347b9de99c695", + "sha256:145e0f3ab9138165f9e156c307100905fd5d9b7227504b8a9d3417351052dc3d", + "sha256:348ad4179938c965a27d29cbda4a81a1b2c778ecd330a221aadc7bd33681afbd", + "sha256:3feea46fbd634a93437b718518d15b5dd49599dfb59a30c739e201cc79bb759d", + "sha256:474e10a92eeb4100c276d4cc67687adeb9d280bbca01031a3e41fb35dfc1d131", + "sha256:47aeb4280e80f27878caae4b572b29f0ec7967554b701ba33cd3720b17ba1b07", + "sha256:73a7e002781bc42fd014dfebb3fc0e45f8d92a4fb9da18baea6fb279fbc1d966", + "sha256:d051532ac944f1be0179e0506f6889833cf96e466262523e57a871de65a15147", + "sha256:dfb8c5c78579c226841908b539c2374da54da648ee5a837a731aa6a105a54c00", + "sha256:e3f5f9278867e95970854e92d0f5fe53af742a7fc4f2eba986943345bcaed05d", + "sha256:e9649bb8fc5cea1f7723af53e4212056a6f984ee31784c10632607f472dec5ee" ], - "version": "==5.6.3" + "version": "==5.6.5" }, "py2neo": { "hashes": [ @@ -572,23 +624,23 @@ }, "pyparsing": { "hashes": [ - "sha256:6f98a7b9397e206d78cc01df10131398f1c8b8510a2f4d97d9abd82e1aacdd80", - "sha256:d9338df12903bbf5d65a0e4e87c2161968b10d2e489652bb47001d82a9b028b4" + "sha256:20f995ecd72f2a1f4bf6b072b63b22e2eb457836601e76d6e5dfcd75436acc1f", + "sha256:4ca62001be367f01bd3e92ecbb79070272a9d4964dce6a48a82ff0b8bc7e683a" ], - "version": "==2.4.2" + "version": "==2.4.5" }, "pyrsistent": { "hashes": [ - "sha256:34b47fa169d6006b32e99d4b3c4031f155e6e68ebcc107d6454852e8e0ee6533" + "sha256:eb6545dbeb1aa69ab1fb4809bfbf5a8705e44d92ef8fc7c2361682a47c46c778" ], - "version": "==0.15.4" + "version": "==0.15.5" }, "python-dateutil": { "hashes": [ - "sha256:7e6584c74aeed623791615e26efd690f29817a27c73085b78e4bad02493df2fb", - "sha256:c89805f6f4d64db21ed966fda138f8a5ed7a4fdbc1a8ee329ce1b74e3c74da9e" + "sha256:73ebfe9dbf22e832286dafa60473e4cd239f8592f699aa5adaf10050e6e1823c", + "sha256:75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a" ], - "version": "==2.8.0" + "version": "==2.8.1" }, "python-magic": { "hashes": [ @@ -613,31 +665,36 @@ }, "reportlab": { "hashes": [ - "sha256:06b7c7436fa6d4844c7637161f3297c7a96240f35622ab2d219e4fd8387c0ab2", - "sha256:0a5acf67bd9812e38ed84be8994c07a8136b0a8f4c14a1c66c9c73a9567a9a44", - "sha256:1c8ca145d03e3c620866b06febb241b179197b58fb07454fbc8e9d6184cdcc93", - "sha256:2f8d785660ee316874c86abad345633ce8c652e88e03ae8a10f1fdadc72fd23d", - "sha256:4869d342352c92a812ce40555ef2a9cfbd722390d67fe61f1d6ec770e9ca41a3", - "sha256:493e0dcd9c085d46acf4fe3f00f941e562490a74b651409039a0dee2a0d76555", - "sha256:4e606e3ee9345e68cd205022d526250ad2a1164eea8f1e29d77d6ad08631b0ba", - "sha256:5bf91bae8995db91650fda658129c268515358b756fd16c0261a9dd641df1856", - "sha256:6df0730f8f715aa12333bd6d2a72eea3a989381451861186d9b5e71889454ac7", - "sha256:7195c6ea096d10c91cc470f9f0ced3ad74470d9c0fd97923b5e764597dd13671", - "sha256:7431c979e2b498e8e20abf458f360a451717d76c3c1bd49d1fc5697d3504f8e5", - "sha256:7f7f70a8d4b573d1ff65a81415b4b6ed9545630f381dff4a69307640e09d381d", - "sha256:9945433667a46f054d1125b4ca86fe9ee31feb254728b38242e9a6008c135efe", - "sha256:b1cdbfc1fd54ac947b9f0114e00ab94e945db679f1e03357a3c00f3a85e73eea", - "sha256:bf149847a2fd8f24b788a8abbf97a2b9a73edc5b1bd719384b786eb84bcad15e", - "sha256:ce514bfce2bf3e302f52aba9929fe3ac7d918cfea2f5d3e30bf9dac9658bf094", - "sha256:d243d4c8cf1a7e78b734c03628b684ec5de25df1f02ccea2e10fbd217430cb72", - "sha256:d4bee20f52b8c3c477dc780780654cafcfc0eb34d8d6960c13a34a444b431f09", - "sha256:e730529bd1f62034c50f70a2b05fadbf7d1402d39ff69c9dc63db066d0ef8a46", - "sha256:eb54ecfbf1abe6134073b7b35fd40442c4cd81bb9a5bee1a3038b8867b721bfb", - "sha256:f18ec70f5ee6a78b3bb4361e55f3a5ef34eb253f1e72fba76f29f0d680cd446f", - "sha256:f6be66f69198dcd04a79faa6052f756d35643496321858f06931c7b1ed9833ab", - "sha256:fc5c23a53fbd97b8aab4968c8548ce5cea4a54a26b4f8c1e6835df7adb8d0fe2" - ], - "version": "==3.5.28" + "sha256:149f0eeb4ea716441638b05fd6d3667d32f1463f3eac50b63e100a73a5533cdd", + "sha256:1aa9a2e1a87749db265b592ad25e498b39f70fce9f53a012cdf69f74259b6e43", + "sha256:1f5ce489adb2db2862249492e6367539cfa65b781cb06dcf13363dc52219be7e", + "sha256:23b28ba1784a6c52a926c075abd9f396d03670e71934b24db5ff684f8b870e0f", + "sha256:3d3de0f4facdd7e3c56ecbc55733a958b86c35a8e7ba6066c7b1ba383e282f58", + "sha256:484d346b8f463ba2ddaf6d365c6ac5971cd062528b6d5ba68cac02b9435366c5", + "sha256:4da2467def21f2e20720b21f6c18e7f7866720a955c716b990e94e3979fe913f", + "sha256:5ebdf22daee7d8e630134d94f477fe6abd65a65449d4eec682a7b458b5249604", + "sha256:655a1b68be18a73fec5233fb5d81f726b4db32269e487aecf5b6853cca926d86", + "sha256:6c535a304888dafe50c2c24d4924aeefc11e0542488ee6965f6133d415e86bbc", + "sha256:7560ef655ac6448bb257fd34bfdfb8d546f9c7c0900ed8963fb8509f75e8ca80", + "sha256:7a1c2fa3e6310dbe47efee2020dc0f25be7a75ff09a8fedc4a87d4397f3810c1", + "sha256:817c344b9aa53b5bfc2f58ff82111a1e85ca4c8b68d1add088b547360a6ebcfa", + "sha256:81d950e398d6758aeaeeb267aa1a62940735414c980f77dd0a270cef1782a43d", + "sha256:83ef44936ef4e9c432d62bc2b72ec8d772b87af319d123e827a72e9b6884c851", + "sha256:9f975adc2c7a236403f0bc91d7a3916e644e47b1f1e3990325f15e73b83581ec", + "sha256:a5ca59e2b7e70a856de6db9dadd3e11a1b3b471c999585284d5c1d479c01cf5d", + "sha256:ad2cf5a673c05fae9e91e987994b95205c13c5fa55d7393cf8b06f9de6f92990", + "sha256:b8c3d76276372f87b7c8ff22065dbc072cca5ffb06ba0267edc298df7acf942d", + "sha256:b93f7f908e916d9413dd8c04da1ccb3977e446803f59078424decdc0de449133", + "sha256:c0ecd0af92c759edec0d24ba92f4a18c28d4a19229ae7c8249f94e82f3d76288", + "sha256:c9e38eefc90a02c072a87a627ff66b2d67c23f6f82274d2aa7fb28e644e8f409", + "sha256:ca2a1592d2e181a04372d0276ee847308ea206dfe7c86fe94769e7ac126e6e85", + "sha256:ce1dfc9beec83e66250ca3afaf5ddf6b9a3ce70a30a9526dec7c6bec3266baf1", + "sha256:d3550c90751132b26b72a78954905974f33b1237335fbe0d8be957f9636c376a", + "sha256:e35a574f4e5ec0fdd5dc354e74ec143d853abd7f76db435ffe2a57d0161a22eb", + "sha256:ee5cafca6ef1a38fef8cbf3140dd2198ad1ee82331530b546039216ef94f93cb", + "sha256:fa1c969176cb3594a785c6818bcb943ebd49453791f702380b13a35fa23b385a" + ], + "version": "==3.5.32" }, "requests": { "hashes": [ @@ -656,10 +713,10 @@ }, "six": { "hashes": [ - "sha256:3350809f0555b11f552448330d0b52d5f24c91a322ea4a15ef22629740f3761c", - "sha256:d16a0141ec1a18405cd4ce8b4613101da75da0e9a7aec5bdd4fa804d0e0eba73" + "sha256:1f1b7d42e254082a9db6279deae68afb421ceba6158efa6131de7b3003ee93fd", + "sha256:30f610279e8b2578cab6db20741130331735c781b56053c59c4076da27f06b66" ], - "version": "==1.12.0" + "version": "==1.13.0" }, "snowballstemmer": { "hashes": [ @@ -670,24 +727,24 @@ }, "soupsieve": { "hashes": [ - "sha256:605f89ad5fdbfefe30cdc293303665eff2d188865d4dbe4eb510bba1edfbfce3", - "sha256:b91d676b330a0ebd5b21719cb6e9b57c57d433671f65b9c28dd3461d9a1ed0b6" + "sha256:bdb0d917b03a1369ce964056fc195cfdff8819c40de04695a80bc813c3cfa1f5", + "sha256:e2c1c5dee4a1c36bcb790e0fabd5492d874b8ebd4617622c4f6a731701060dda" ], - "version": "==1.9.4" + "version": "==1.9.5" }, "sphinx": { "hashes": [ - "sha256:0d586b0f8c2fc3cc6559c5e8fd6124628110514fda0e5d7c82e682d749d2e845", - "sha256:839a3ed6f6b092bb60f492024489cc9e6991360fb9f52ed6361acd510d261069" + "sha256:31088dfb95359384b1005619827eaee3056243798c62724fd3fa4b84ee4d71bd", + "sha256:52286a0b9d7caa31efee301ec4300dbdab23c3b05da1c9024b4e84896fb73d79" ], - "version": "==2.2.0" + "version": "==2.2.1" }, "sphinx-autodoc-typehints": { "hashes": [ - "sha256:0d968ec3ee4f7fe7695ab6facf5cd2d74d3cea67584277458ad9b2788ebbcc3b", - "sha256:8edca714fd3de8e43467d7e51dd3812fe999f8874408a639f7c38a9e1a5a4eb3" + "sha256:27c9e6ef4f4451766ab8d08b2d8520933b97beb21c913f3df9ab2e59b56e6c6c", + "sha256:a6b3180167479aca2c4d1ed3b5cb044a70a76cccd6b38662d39288ebd9f0dff0" ], - "version": "==1.8.0" + "version": "==1.10.3" }, "sphinxcontrib-applehelp": { "hashes": [ @@ -733,10 +790,10 @@ }, "urllib3": { "hashes": [ - "sha256:3de946ffbed6e6746608990594d08faac602528ac7015ac28d33cee6a45b7398", - "sha256:9a107b99a5393caf59c7aa3c1249c16e6879447533d0887f4336dde834c7be86" + "sha256:a8a318824cc77d1fd4b2bec2ded92646630d7fe8619497b142c84a9e6f5a7293", + "sha256:f3c5fd51747d450d4dcf6f923c81f78f811aab8205fda64b0aba34a4e48b0745" ], - "version": "==1.25.6" + "version": "==1.25.7" }, "validators": { "hashes": [ @@ -756,6 +813,13 @@ "sha256:565a021fd19419476b9362b05eeaa094178de64f8361e44468f9e9d7843901e1" ], "version": "==1.11.2" + }, + "zipp": { + "hashes": [ + "sha256:3718b1cbcd963c7d4c5511a8240812904164b7f381b647143a89d3b98f9bcd8e", + "sha256:f06903e9f1f43b12d371004b4ac7b06ab39a44adc747266928ae6debfa7b3335" + ], + "version": "==0.6.0" } } } From b1e50c8f6d18b8c068d690e518e198f8ffe7ec60 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Fri, 15 Nov 2019 13:35:18 +0100 Subject: [PATCH 05/33] chg: Bump objects --- pymisp/data/misp-objects | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pymisp/data/misp-objects b/pymisp/data/misp-objects index 58d6722f5..6df0e18dd 160000 --- a/pymisp/data/misp-objects +++ b/pymisp/data/misp-objects @@ -1 +1 @@ -Subproject commit 58d6722f5e276a0ec5889e6e67316b7401960542 +Subproject commit 6df0e18ddf6e2fe789ed339e7466072f8834de43 From cd2995a212065f819512edb97d1bfe274096bb45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Fri, 15 Nov 2019 13:59:51 +0100 Subject: [PATCH 06/33] fix: Print the full json blob in debug mode Related https://github.com/MISP/PyMISP/issues/462 --- pymisp/aping.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/pymisp/aping.py b/pymisp/aping.py index 6fa340431..bc84afce1 100644 --- a/pymisp/aping.py +++ b/pymisp/aping.py @@ -2193,10 +2193,6 @@ def _prepare_request(self, request_type: str, url: str, data: dict={}, params: d kw_params: dict={}, output_type: str='json'): '''Prepare a request for python-requests''' url = urljoin(self.root_url, url) - if logger.isEnabledFor(logging.DEBUG): - logger.debug(f'{request_type} - {url}') - if data is not None: - logger.debug(data) if data: if not isinstance(data, str): # Else, we already have a text blob to send if isinstance(data, dict): # Else, we can directly json encode. @@ -2204,6 +2200,11 @@ def _prepare_request(self, request_type: str, url: str, data: dict={}, params: d data = {k: v for k, v in data.items() if v is not None} data = json.dumps(data, default=pymisp_json_default) + if logger.isEnabledFor(logging.DEBUG): + logger.debug(f'{request_type} - {url}') + if data is not None: + logger.debug(data) + if kw_params: # CakePHP params in URL to_append_url = '/'.join([f'{k}:{v}' for k, v in kw_params.items()]) From 1f2b5f132970257096cf158787a864bba6052a26 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Fri, 15 Nov 2019 14:30:39 +0100 Subject: [PATCH 07/33] fix: Python 2.7 tests --- tests/test_mispevent.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/test_mispevent.py b/tests/test_mispevent.py index c8ad63ca1..10cb18d82 100644 --- a/tests/test_mispevent.py +++ b/tests/test_mispevent.py @@ -292,6 +292,8 @@ def test_userdefined_object(self): ref_json = json.load(f) self.assertEqual(self.mispevent.to_json(sort_keys=True, indent=2), json.dumps(ref_json, sort_keys=True, indent=2)) +''' + # Reenable that the 1st of jan 2020. @unittest.skipIf(sys.version_info < (3, 6), 'Not supported on python < 3.6') def test_object_templates(self): me = MISPEvent() @@ -311,7 +313,7 @@ def test_object_templates(self): if 'categories' in entry: subset = set(entry['categories']).issubset(me.describe_types['categories']) self.assertTrue(subset, f'{t_json["name"]} - {obj_relation}') - +''' if __name__ == '__main__': unittest.main() From 2da35829b1f9eeb9ba06247563893c5814ff5fe6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Mon, 18 Nov 2019 18:04:02 +0100 Subject: [PATCH 08/33] chg: Allow to sort and indent the json output for objects --- pymisp/mispevent.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pymisp/mispevent.py b/pymisp/mispevent.py index 4dbce0a44..0e0483336 100644 --- a/pymisp/mispevent.py +++ b/pymisp/mispevent.py @@ -1370,10 +1370,10 @@ def to_dict(self, strict=False): self._validate() return super(MISPObject, self).to_dict() - def to_json(self, strict=False): + def to_json(self, strict=False, sort_keys=False, indent=None): if strict or self._strict and self._known_template: self._validate() - return super(MISPObject, self).to_json() + return super(MISPObject, self).to_json(sort_keys=sort_keys, indent=indent) def _validate(self): """Make sure the object we're creating has the required fields""" From 928af44b4c269b9e3aa4c9bc93eb33348cf91f0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Mon, 18 Nov 2019 18:04:24 +0100 Subject: [PATCH 09/33] chg: Bump misp-object --- pymisp/data/misp-objects | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pymisp/data/misp-objects b/pymisp/data/misp-objects index 6df0e18dd..3d7b09e9c 160000 --- a/pymisp/data/misp-objects +++ b/pymisp/data/misp-objects @@ -1 +1 @@ -Subproject commit 6df0e18ddf6e2fe789ed339e7466072f8834de43 +Subproject commit 3d7b09e9c47929a437c10b77b8525ed5fc16def6 From ca5e39e544d4b8c7400b12cb9329c1ac6ffbacee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Tue, 19 Nov 2019 12:39:14 +0100 Subject: [PATCH 10/33] fix: Bump url template version in test cases --- tests/mispevent_testfiles/event_obj_attr_tag.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/mispevent_testfiles/event_obj_attr_tag.json b/tests/mispevent_testfiles/event_obj_attr_tag.json index 9c4518fc3..7ec383447 100644 --- a/tests/mispevent_testfiles/event_obj_attr_tag.json +++ b/tests/mispevent_testfiles/event_obj_attr_tag.json @@ -50,7 +50,7 @@ "name": "url", "sharing_group_id": "0", "template_uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5", - "template_version": "7", + "template_version": "8", "uuid": "b" } ] From b1818b1751021fc82805524706352b0a8eb77249 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Tue, 19 Nov 2019 15:53:58 +0100 Subject: [PATCH 11/33] new: Add to_feed export to MISPEvent --- pymisp/abstract.py | 12 ++++++ pymisp/mispevent.py | 100 +++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 111 insertions(+), 1 deletion(-) diff --git a/pymisp/abstract.py b/pymisp/abstract.py index 5747f8668..7c5673279 100644 --- a/pymisp/abstract.py +++ b/pymisp/abstract.py @@ -282,6 +282,15 @@ def jsonable(self): """This method is used by the JSON encoder""" return self.to_dict() + def _to_feed(self): + if not hasattr(self, '_fields_for_feed'): + raise Exception('Unable to export in the feed format, _fields_for_feed is missing.') + to_return = {} + for field in self._fields_for_feed: + if getattr(self, field, None): + to_return[field] = getattr(self, field) + return to_return + def to_json(self, sort_keys=False, indent=None): """Dump recursively any class of type MISPAbstract to a json string""" return dumps(self, default=pymisp_json_default, sort_keys=sort_keys, indent=indent) @@ -393,6 +402,9 @@ def __repr__(self): class MISPTag(AbstractMISP): + + _fields_for_feed = {'name', 'colour', 'exportable'} + def __init__(self): super(MISPTag, self).__init__() diff --git a/pymisp/mispevent.py b/pymisp/mispevent.py index 0e0483336..c09294b55 100644 --- a/pymisp/mispevent.py +++ b/pymisp/mispevent.py @@ -1,4 +1,3 @@ - # -*- coding: utf-8 -*- import datetime @@ -11,6 +10,7 @@ import uuid from collections import defaultdict import logging +import hashlib from deprecated import deprecated @@ -103,6 +103,8 @@ def make_bool(value): class MISPAttribute(AbstractMISP): + _fields_for_feed = {'uuid', 'value', 'category', 'type', 'comment', 'data', + 'timestamp', 'to_ids', 'object_relation', 'disable_correlation'} def __init__(self, describe_types=None, strict=False): """Represents an Attribute @@ -121,6 +123,24 @@ def __init__(self, describe_types=None, strict=False): self.ShadowAttribute = [] self.Sighting = [] + def _to_feed(self, valid_distributions): + if (hasattr(self, 'distribution') and self.distribution is not None + and self.distribution not in valid_distributions): + return False + to_return = super(MISPAttribute, self)._to_feed() + to_return['Tag'] = [tag._to_feed() for tag in self.tags] + # Compute the hash of every values for fast lookups + hashes = [] + if '|' in self.type or self.type == 'malware-sample': + hashes = [hashlib.md5(v.encode("utf-8")).hexdigest() for v in self.value.split('|')] + else: + to_encode = self.value + if not isinstance(to_encode, str): + to_encode = str(to_encode) + hashes = [hashlib.md5(to_encode.encode("utf-8")).hexdigest()] + to_return['_hashes'] = hashes + return to_return + @property def known_types(self): """Returns a list of all the known MISP attributes types""" @@ -421,6 +441,9 @@ def set_all_values(self, **kwargs): # pragma: no cover class MISPEvent(AbstractMISP): + _fields_for_feed = {'uuid', 'info', 'threat_level_id', 'analysis', 'timestamp', + 'publish_timestamp', 'published', 'date', 'extends_uuid'} + def __init__(self, describe_types=None, strict_validation=False, **kwargs): super(MISPEvent, self).__init__(**kwargs) if strict_validation: @@ -435,11 +458,65 @@ def __init__(self, describe_types=None, strict_validation=False, **kwargs): # This variable is used in add_attribute in order to avoid duplicating the structure self.describe_types = describe_types + self.uuid = str(uuid.uuid4()) self.Attribute = [] self.Object = [] self.RelatedEvent = [] self.ShadowAttribute = [] + def to_feed(self, date=None, uuid=None, analysis=2, threat_level_id=4, valid_distributions=[0, 1, 2, 3, 4, 5]): + """ Generate a json output for MISP Feed. + Notes: + * valid_distributions only makes sense if the distribution key is set (i.e. the event is exported from a MISP instance) + * analysis: 0 means initial, 1 ongoing, 2 completed + * threat_level_id 4 means undefine. Tags are recommended. + """ + if hasattr(self, 'distribution') and self.distribution not in valid_distributions: + raise PyMISPError('Invalid event distribution ({}). Not in {}'.format(self.distribution, ', '.join(valid_distributions))) + + if date: + self.set_date(date) + elif not hasattr(self, 'date'): + self.set_date(datetime.date.today()) + + if not hasattr(self, 'timestamp'): + self.timestamp = int(datetime.datetime.timestamp(datetime.datetime.now())) + + if uuid: + self.uuid = uuid + elif not hasattr(self, 'uuid'): + self.uuid = str(uuid.uuid4()) + + if analysis: + self.analysis = analysis + if threat_level_id: + self.threat_level_id = threat_level_id + + to_return = super(MISPEvent, self)._to_feed() + to_return['date'] = to_return['date'].isoformat() + to_return['Orgc'] = self.Orgc._to_feed() + to_return['Tag'] = [tag._to_feed() for tag in self.tags] + to_return['Attribute'] = [attribute._to_feed() for attribute in self.attributes if attribute.distribution in valid_distributions] + # Get the hash of every values for fast lookups + to_return['_hashes'] = [] + for attribute in to_return['Attribute']: + to_return['_hashes'] += attribute.pop('_hashes') + to_return['Object'] = [o for o in [obj._to_feed(valid_distributions) for obj in self.objects] if o] + for obj in to_return['Object']: + to_return['_hashes'] += obj.pop('_hashes') + to_return['_manifest'] = { + self.uuid: { + 'Orgc': to_return['Orgc'], + 'Tag': to_return['Tag'], + 'info': self.info, + 'date': self.date.isoformat(), + 'analysis': self.analysis, + 'threat_level_id': self.threat_level_id, + 'timestamp': self.timestamp + } + } + return to_return + @property def known_types(self): return self.describe_types['types'] @@ -857,6 +934,9 @@ def _json(self): # pragma: no cover class MISPObjectReference(AbstractMISP): + _fields_for_feed = {'uuid', 'timestamp', 'relationship_type', 'comment', + 'object_uuid', 'referenced_uuid'} + def __init__(self): super(MISPObjectReference, self).__init__() @@ -900,6 +980,8 @@ def __repr__(self): class MISPOrganisation(AbstractMISP): + _fields_for_feed = {'name', 'uuid'} + def __init__(self): super(MISPOrganisation, self).__init__() @@ -1140,6 +1222,10 @@ def __repr__(self): class MISPObject(AbstractMISP): + _fields_for_feed = {'name', 'meta-category', 'description', 'template_uuid', + 'template_version', 'uuid', 'timestamp', 'distribution', + 'sharing_group_id', 'comment'} + def __init__(self, name, strict=False, standalone=False, default_attributes_parameters={}, **kwargs): ''' Master class representing a generic MISP object :name: Name of the object @@ -1203,6 +1289,18 @@ def _load_template_path(self, template_path): self.template_version = self._definition['version'] return True + def _to_feed(self, valid_distributions): + if hasattr(self, 'distribution') and self.distribution not in valid_distributions: + return False + to_return = super(MISPObject, self)._to_feed() + to_return['Attribute'] = [a for a in [attribute._to_feed(valid_distributions) for attribute in self.attributes] if a] + # Get the hash of every values for fast lookups + to_return['_hashes'] = [] + for attribute in to_return['Attribute']: + to_return['_hashes'] += attribute.pop('_hashes') + to_return['ObjectReference'] = [reference._to_feed() for reference in self.references] + return to_return + def force_misp_objects_path_custom(self, misp_objects_path_custom, object_name=None): if object_name: self.name = object_name From 8d92a77c922f70b8d3a71ea928b491c99baefcfe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Wed, 20 Nov 2019 10:52:27 +0100 Subject: [PATCH 12/33] fix: Do not unitialize the uuid in MISPEvent --- pymisp/mispevent.py | 1 - 1 file changed, 1 deletion(-) diff --git a/pymisp/mispevent.py b/pymisp/mispevent.py index c09294b55..d9feba26f 100644 --- a/pymisp/mispevent.py +++ b/pymisp/mispevent.py @@ -458,7 +458,6 @@ def __init__(self, describe_types=None, strict_validation=False, **kwargs): # This variable is used in add_attribute in order to avoid duplicating the structure self.describe_types = describe_types - self.uuid = str(uuid.uuid4()) self.Attribute = [] self.Object = [] self.RelatedEvent = [] From 61867a8257be086cb63cebeb029c818cd04109bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Wed, 20 Nov 2019 12:49:42 +0100 Subject: [PATCH 13/33] fix: improve stability of feed output --- pymisp/abstract.py | 14 ++++++++++++-- pymisp/mispevent.py | 42 ++++++++++++++++++++++++++---------------- 2 files changed, 38 insertions(+), 18 deletions(-) diff --git a/pymisp/abstract.py b/pymisp/abstract.py index 7c5673279..29e027c1d 100644 --- a/pymisp/abstract.py +++ b/pymisp/abstract.py @@ -288,7 +288,12 @@ def _to_feed(self): to_return = {} for field in self._fields_for_feed: if getattr(self, field, None): - to_return[field] = getattr(self, field) + if field in ['timestamp', 'publish_timestamp']: + to_return[field] = self._datetime_to_timestamp(getattr(self, field)) + elif field == 'date': + to_return[field] = getattr(self, field).isoformat() + else: + to_return[field] = getattr(self, field) return to_return def to_json(self, sort_keys=False, indent=None): @@ -403,7 +408,7 @@ def __repr__(self): class MISPTag(AbstractMISP): - _fields_for_feed = {'name', 'colour', 'exportable'} + _fields_for_feed = {'name', 'colour'} def __init__(self): super(MISPTag, self).__init__() @@ -412,3 +417,8 @@ def from_dict(self, **kwargs): if kwargs.get('Tag'): kwargs = kwargs.get('Tag') super(MISPTag, self).from_dict(**kwargs) + + def _to_feed(self): + if hasattr(self, 'exportable') and not self.exportable: + return False + return super(MISPTag, self)._to_feed() diff --git a/pymisp/mispevent.py b/pymisp/mispevent.py index d9feba26f..e5332da5b 100644 --- a/pymisp/mispevent.py +++ b/pymisp/mispevent.py @@ -128,7 +128,10 @@ def _to_feed(self, valid_distributions): and self.distribution not in valid_distributions): return False to_return = super(MISPAttribute, self)._to_feed() - to_return['Tag'] = [tag._to_feed() for tag in self.tags] + if self.data: + to_return['data'] = base64.b64encode(self.data.getvalue()).decode() + if self.tags: + to_return['Tag'] = list(filter(None, [tag._to_feed() for tag in self.tags])) # Compute the hash of every values for fast lookups hashes = [] if '|' in self.type or self.type == 'malware-sample': @@ -479,30 +482,36 @@ def to_feed(self, date=None, uuid=None, analysis=2, threat_level_id=4, valid_dis self.set_date(datetime.date.today()) if not hasattr(self, 'timestamp'): - self.timestamp = int(datetime.datetime.timestamp(datetime.datetime.now())) + self.timestamp = datetime.datetime.timestamp(datetime.datetime.now()) if uuid: self.uuid = uuid elif not hasattr(self, 'uuid'): self.uuid = str(uuid.uuid4()) - if analysis: + if not hasattr(self, 'analysis'): self.analysis = analysis - if threat_level_id: + if not hasattr(self, 'threat_level_id'): self.threat_level_id = threat_level_id to_return = super(MISPEvent, self)._to_feed() - to_return['date'] = to_return['date'].isoformat() to_return['Orgc'] = self.Orgc._to_feed() - to_return['Tag'] = [tag._to_feed() for tag in self.tags] - to_return['Attribute'] = [attribute._to_feed() for attribute in self.attributes if attribute.distribution in valid_distributions] - # Get the hash of every values for fast lookups + to_return['Tag'] = list(filter(None, [tag._to_feed() for tag in self.tags])) + to_return['_hashes'] = [] - for attribute in to_return['Attribute']: - to_return['_hashes'] += attribute.pop('_hashes') - to_return['Object'] = [o for o in [obj._to_feed(valid_distributions) for obj in self.objects] if o] - for obj in to_return['Object']: - to_return['_hashes'] += obj.pop('_hashes') + + if self.attributes: + to_return['Attribute'] = list(filter(None, [attribute._to_feed(valid_distributions) for attribute in self.attributes])) + # Get the hash of every values for fast lookups + for attribute in to_return['Attribute']: + to_return['_hashes'] += attribute.pop('_hashes') + + if self.objects: + to_return['Object'] = list(filter(None, [obj._to_feed(valid_distributions) for obj in self.objects])) + # Get the hash of every values for fast lookups + for obj in to_return['Object']: + to_return['_hashes'] += obj.pop('_hashes') + to_return['_manifest'] = { self.uuid: { 'Orgc': to_return['Orgc'], @@ -511,7 +520,7 @@ def to_feed(self, date=None, uuid=None, analysis=2, threat_level_id=4, valid_dis 'date': self.date.isoformat(), 'analysis': self.analysis, 'threat_level_id': self.threat_level_id, - 'timestamp': self.timestamp + 'timestamp': self._datetime_to_timestamp(self.timestamp) } } return to_return @@ -1292,12 +1301,13 @@ def _to_feed(self, valid_distributions): if hasattr(self, 'distribution') and self.distribution not in valid_distributions: return False to_return = super(MISPObject, self)._to_feed() - to_return['Attribute'] = [a for a in [attribute._to_feed(valid_distributions) for attribute in self.attributes] if a] + to_return['Attribute'] = list(filter(None, [attribute._to_feed(valid_distributions) for attribute in self.attributes])) # Get the hash of every values for fast lookups to_return['_hashes'] = [] for attribute in to_return['Attribute']: to_return['_hashes'] += attribute.pop('_hashes') - to_return['ObjectReference'] = [reference._to_feed() for reference in self.references] + if self.references: + to_return['ObjectReference'] = [reference._to_feed() for reference in self.references] return to_return def force_misp_objects_path_custom(self, misp_objects_path_custom, object_name=None): From 5ebaca3b5260e809a5018b308e38f160397497c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Wed, 20 Nov 2019 12:50:22 +0100 Subject: [PATCH 14/33] chg: Use New version of PyMISP in the feed generator --- examples/feed-generator/generate.py | 170 ++++------------------------ 1 file changed, 21 insertions(+), 149 deletions(-) diff --git a/examples/feed-generator/generate.py b/examples/feed-generator/generate.py index 1400813ee..991b2da3d 100755 --- a/examples/feed-generator/generate.py +++ b/examples/feed-generator/generate.py @@ -4,83 +4,11 @@ import sys import json import os -import hashlib -from pymisp import PyMISP +from pymisp import ExpandedPyMISP from settings import url, key, ssl, outputdir, filters, valid_attribute_distribution_levels -objectsFields = { - 'Attribute': { - 'uuid', - 'value', - 'category', - 'type', - 'comment', - 'data', - 'timestamp', - 'to_ids', - 'object_relation', - 'disable_correlation' - }, - 'Event': { - 'uuid', - 'info', - 'threat_level_id', - 'analysis', - 'timestamp', - 'publish_timestamp', - 'published', - 'date', - 'extends_uuid' - }, - 'Object': { - 'name', - 'meta-category', - 'description', - 'template_uuid', - 'template_version', - 'uuid', - 'timestamp', - 'distribution', - 'sharing_group_id', - 'comment' - }, - 'ObjectReference': { - 'uuid', - 'timestamp', - 'relationship_type', - 'comment', - 'object_uuid', - 'referenced_uuid' - }, - 'Orgc': { - 'name', - 'uuid' - }, - 'Tag': { - 'name', - 'colour', - 'exportable' - } -} - -objectsToSave = { - 'Orgc': {}, - 'Tag': {}, - 'Attribute': { - 'Tag': {} - }, - 'Object': { - 'Attribute': { - 'Tag': {} - }, - 'ObjectReference': {} - } -} - valid_attribute_distributions = [] -attributeHashes = [] - def init(): # If we have an old settings.py file then this variable won't exist @@ -89,66 +17,23 @@ def init(): valid_attribute_distributions = valid_attribute_distribution_levels except Exception: valid_attribute_distributions = ['0', '1', '2', '3', '4', '5'] - return PyMISP(url, key, ssl) - - -def recursiveExtract(container, containerType, leaf, eventUuid): - temp = {} - if containerType in ['Attribute', 'Object']: - if (__blockByDistribution(container)): - return False - for field in objectsFields[containerType]: - if field in container: - temp[field] = container[field] - if (containerType == 'Attribute'): - global attributeHashes - if ('|' in container['type'] or container['type'] == 'malware-sample'): - split = container['value'].split('|') - attributeHashes.append([hashlib.md5(split[0].encode("utf-8")).hexdigest(), eventUuid]) - attributeHashes.append([hashlib.md5(split[1].encode("utf-8")).hexdigest(), eventUuid]) - else: - attributeHashes.append([hashlib.md5(container['value'].encode("utf-8")).hexdigest(), eventUuid]) - children = leaf.keys() - for childType in children: - childContainer = container.get(childType) - if (childContainer): - if (type(childContainer) is dict): - temp[childType] = recursiveExtract(childContainer, childType, leaf[childType], eventUuid) - else: - temp[childType] = [] - for element in childContainer: - processed = recursiveExtract(element, childType, leaf[childType], eventUuid) - if (processed): - temp[childType].append(processed) - return temp - + return ExpandedPyMISP(url, key, ssl) -def saveEvent(misp, uuid): - event = misp.get_event(uuid) - if not event.get('Event'): - print('Error while fetching event: {}'.format(event['message'])) - sys.exit('Could not create file for event ' + uuid + '.') - event['Event'] = recursiveExtract(event['Event'], 'Event', objectsToSave, event['Event']['uuid']) - event = json.dumps(event) - eventFile = open(os.path.join(outputdir, uuid + '.json'), 'w') - eventFile.write(event) - eventFile.close() - -def __blockByDistribution(element): - if element['distribution'] not in valid_attribute_distributions: - return True - return False +def saveEvent(event): + try: + with open(os.path.join(outputdir, f'{event["uuid"]}.json'), 'w') as f: + json.dump(event, f, indent=2) + except Exception as e: + print(e) + sys.exit('Could not create the event dump.') -def saveHashes(): - if not attributeHashes: - return False +def saveHashes(hashes): try: - hashFile = open(os.path.join(outputdir, 'hashes.csv'), 'w') - for element in attributeHashes: - hashFile.write('{},{}\n'.format(element[0], element[1])) - hashFile.close() + with open(os.path.join(outputdir, 'hashes.csv'), 'w') as hashFile: + for element in hashes: + hashFile.write('{},{}\n'.format(element[0], element[1])) except Exception as e: print(e) sys.exit('Could not create the quick hash lookup file.') @@ -164,41 +49,28 @@ def saveManifest(manifest): sys.exit('Could not create the manifest file.') -def __addEventToManifest(event): - tags = [] - for eventTag in event['EventTag']: - tags.append({'name': eventTag['Tag']['name'], - 'colour': eventTag['Tag']['colour']}) - return {'Orgc': event['Orgc'], - 'Tag': tags, - 'info': event['info'], - 'date': event['date'], - 'analysis': event['analysis'], - 'threat_level_id': event['threat_level_id'], - 'timestamp': event['timestamp'] - } - - if __name__ == '__main__': misp = init() try: - r = misp.get_index(filters) - events = r['response'] - print(events[0]) + events = misp.search(metadata=True, limit=200, **filters, pythonify=True) except Exception as e: print(e) sys.exit("Invalid response received from MISP.") if len(events) == 0: sys.exit("No events returned.") manifest = {} + hashes = [] counter = 1 total = len(events) for event in events: - saveEvent(misp, event['uuid']) - manifest[event['uuid']] = __addEventToManifest(event) + e = misp.get_event(event.uuid, pythonify=True) + e_feed = e.to_feed() + hashes += [[h, e.uuid] for h in e_feed.pop('_hashes')] + manifest.update(e_feed.pop('_manifest')) + saveEvent(e_feed) print("Event " + str(counter) + "/" + str(total) + " exported.") counter += 1 saveManifest(manifest) print('Manifest saved.') - saveHashes() + saveHashes(hashes) print('Hashes saved. Feed creation completed.') From 6098cd869f07552c0d9aca0144b8d70ccdfde848 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Fri, 22 Nov 2019 17:36:24 +0100 Subject: [PATCH 15/33] chg: Make the feed generator more generic --- examples/feed-generator/generate.py | 9 +- pymisp/abstract.py | 2 +- pymisp/mispevent.py | 152 +++++++++++++++++----------- pymisp/tools/__init__.py | 1 + pymisp/tools/feed_meta_generator.py | 26 +++++ 5 files changed, 127 insertions(+), 63 deletions(-) create mode 100644 pymisp/tools/feed_meta_generator.py diff --git a/examples/feed-generator/generate.py b/examples/feed-generator/generate.py index 991b2da3d..174428ce6 100755 --- a/examples/feed-generator/generate.py +++ b/examples/feed-generator/generate.py @@ -14,9 +14,9 @@ def init(): # If we have an old settings.py file then this variable won't exist global valid_attribute_distributions try: - valid_attribute_distributions = valid_attribute_distribution_levels + valid_attribute_distributions = [int(v) for v in valid_attribute_distribution_levels] except Exception: - valid_attribute_distributions = ['0', '1', '2', '3', '4', '5'] + valid_attribute_distributions = [0, 1, 2, 3, 4, 5] return ExpandedPyMISP(url, key, ssl) @@ -64,7 +64,10 @@ def saveManifest(manifest): total = len(events) for event in events: e = misp.get_event(event.uuid, pythonify=True) - e_feed = e.to_feed() + e_feed = e.to_feed(valid_distributions=valid_attribute_distributions, with_meta=True) + if not e_feed: + print(f'Invalid distribution {e.distribution}, skipping') + continue hashes += [[h, e.uuid] for h in e_feed.pop('_hashes')] manifest.update(e_feed.pop('_manifest')) saveEvent(e_feed) diff --git a/pymisp/abstract.py b/pymisp/abstract.py index 29e027c1d..7ea7cedeb 100644 --- a/pymisp/abstract.py +++ b/pymisp/abstract.py @@ -287,7 +287,7 @@ def _to_feed(self): raise Exception('Unable to export in the feed format, _fields_for_feed is missing.') to_return = {} for field in self._fields_for_feed: - if getattr(self, field, None): + if getattr(self, field, None) is not None: if field in ['timestamp', 'publish_timestamp']: to_return[field] = self._datetime_to_timestamp(getattr(self, field)) elif field == 'date': diff --git a/pymisp/mispevent.py b/pymisp/mispevent.py index e5332da5b..dda64fbdf 100644 --- a/pymisp/mispevent.py +++ b/pymisp/mispevent.py @@ -123,6 +123,25 @@ def __init__(self, describe_types=None, strict=False): self.ShadowAttribute = [] self.Sighting = [] + def hash_values(self, algorithm='sha512'): + """Compute the hash of every values for fast lookups""" + if algorithm not in hashlib.algorithms_available: + raise PyMISPError('The algorithm {} is not available for hashing.'.format(algorithm)) + if '|' in self.type or self.type == 'malware-sample': + hashes = [] + for v in self.value.split('|'): + h = hashlib.new(algorithm) + h.update(v.encode("utf-8")) + hashes.append(h.hexdigest()) + return hashes + else: + h = hashlib.new(algorithm) + to_encode = self.value + if not isinstance(to_encode, str): + to_encode = str(to_encode) + h.update(to_encode.encode("utf-8")) + return [h.hexdigest()] + def _to_feed(self, valid_distributions): if (hasattr(self, 'distribution') and self.distribution is not None and self.distribution not in valid_distributions): @@ -132,16 +151,6 @@ def _to_feed(self, valid_distributions): to_return['data'] = base64.b64encode(self.data.getvalue()).decode() if self.tags: to_return['Tag'] = list(filter(None, [tag._to_feed() for tag in self.tags])) - # Compute the hash of every values for fast lookups - hashes = [] - if '|' in self.type or self.type == 'malware-sample': - hashes = [hashlib.md5(v.encode("utf-8")).hexdigest() for v in self.value.split('|')] - else: - to_encode = self.value - if not isinstance(to_encode, str): - to_encode = str(to_encode) - hashes = [hashlib.md5(to_encode.encode("utf-8")).hexdigest()] - to_return['_hashes'] = hashes return to_return @property @@ -466,56 +475,34 @@ def __init__(self, describe_types=None, strict_validation=False, **kwargs): self.RelatedEvent = [] self.ShadowAttribute = [] - def to_feed(self, date=None, uuid=None, analysis=2, threat_level_id=4, valid_distributions=[0, 1, 2, 3, 4, 5]): - """ Generate a json output for MISP Feed. - Notes: - * valid_distributions only makes sense if the distribution key is set (i.e. the event is exported from a MISP instance) - * analysis: 0 means initial, 1 ongoing, 2 completed - * threat_level_id 4 means undefine. Tags are recommended. - """ - if hasattr(self, 'distribution') and self.distribution not in valid_distributions: - raise PyMISPError('Invalid event distribution ({}). Not in {}'.format(self.distribution, ', '.join(valid_distributions))) - - if date: - self.set_date(date) - elif not hasattr(self, 'date'): + def _set_default(self): + """There are a few keys that could be set by default""" + if not hasattr(self, 'uuid'): + self.uuid = str(uuid.uuid4()) + if not hasattr(self, 'date'): self.set_date(datetime.date.today()) - if not hasattr(self, 'timestamp'): self.timestamp = datetime.datetime.timestamp(datetime.datetime.now()) - - if uuid: - self.uuid = uuid - elif not hasattr(self, 'uuid'): - self.uuid = str(uuid.uuid4()) - if not hasattr(self, 'analysis'): - self.analysis = analysis + # analysis: 0 means initial, 1 ongoing, 2 completed + self.analysis = 2 if not hasattr(self, 'threat_level_id'): - self.threat_level_id = threat_level_id + # threat_level_id 4 means undefined. Tags are recommended. + self.threat_level_id = 4 - to_return = super(MISPEvent, self)._to_feed() - to_return['Orgc'] = self.Orgc._to_feed() - to_return['Tag'] = list(filter(None, [tag._to_feed() for tag in self.tags])) - - to_return['_hashes'] = [] - - if self.attributes: - to_return['Attribute'] = list(filter(None, [attribute._to_feed(valid_distributions) for attribute in self.attributes])) - # Get the hash of every values for fast lookups - for attribute in to_return['Attribute']: - to_return['_hashes'] += attribute.pop('_hashes') + @property + def manifest(self): + required = ['info', 'Orgc'] + for r in required: + if not hasattr(self, r): + raise PyMISPError('The field {} is required to generate the event manifest.') - if self.objects: - to_return['Object'] = list(filter(None, [obj._to_feed(valid_distributions) for obj in self.objects])) - # Get the hash of every values for fast lookups - for obj in to_return['Object']: - to_return['_hashes'] += obj.pop('_hashes') + self._set_default() - to_return['_manifest'] = { + return { self.uuid: { - 'Orgc': to_return['Orgc'], - 'Tag': to_return['Tag'], + 'Orgc': self.Orgc._to_feed(), + 'Tag': list(filter(None, [tag._to_feed() for tag in self.tags])), 'info': self.info, 'date': self.date.isoformat(), 'analysis': self.analysis, @@ -523,6 +510,60 @@ def to_feed(self, date=None, uuid=None, analysis=2, threat_level_id=4, valid_dis 'timestamp': self._datetime_to_timestamp(self.timestamp) } } + + def attributes_hashes(self, algorithm='sha512'): + to_return = [] + for attribute in self.attributes: + to_return += attribute.hash_values(algorithm) + for obj in self.objects: + for attribute in obj.attributes: + to_return += attribute.hash_values(algorithm) + return to_return + + def to_feed(self, valid_distributions=[0, 1, 2, 3, 4, 5], with_meta=False): + """ Generate a json output for MISP Feed. + Notes: + * valid_distributions only makes sense if the distribution key is set (i.e. the event is exported from a MISP instance) + """ + required = ['info', 'Orgc'] + for r in required: + if not hasattr(self, r): + raise PyMISPError('The field {} is required to generate the event feed output.') + + if hasattr(self, 'distribution') and int(self.distribution) not in valid_distributions: + return + + self._set_default() + + to_return = super(MISPEvent, self)._to_feed() + if with_meta: + to_return['_hashes'] = [] + to_return['_manifest'] = self.manifest + + to_return['Orgc'] = self.Orgc._to_feed() + to_return['Tag'] = list(filter(None, [tag._to_feed() for tag in self.tags])) + if self.attributes: + to_return['Attribute'] = [] + for attribute in self.attributes: + if (valid_distributions and attribute.get('distribution') is not None and attribute.distribution not in valid_distributions): + continue + to_return['Attribute'].append(attribute._to_feed(valid_distributions)) + if with_meta: + to_return['_hashes'] += attribute.hash_values('md5') + + if self.objects: + to_return['Object']['Attribute'] = [] + for obj in self.objects: + if (valid_distributions and obj.get('distribution') is not None and obj.distribution not in valid_distributions): + continue + to_return['Object'] = obj._to_feed() + for attribute in obj.attributes: + if (valid_distributions and attribute.get('distribution') is not None and attribute.distribution not in valid_distributions): + continue + to_return['Object']['Attribute'].append(attribute._to_feed(valid_distributions)) + if with_meta: + to_return['_hashes'] += attribute.hash_values('md5') + return to_return @property @@ -1297,15 +1338,8 @@ def _load_template_path(self, template_path): self.template_version = self._definition['version'] return True - def _to_feed(self, valid_distributions): - if hasattr(self, 'distribution') and self.distribution not in valid_distributions: - return False + def _to_feed(self): to_return = super(MISPObject, self)._to_feed() - to_return['Attribute'] = list(filter(None, [attribute._to_feed(valid_distributions) for attribute in self.attributes])) - # Get the hash of every values for fast lookups - to_return['_hashes'] = [] - for attribute in to_return['Attribute']: - to_return['_hashes'] += attribute.pop('_hashes') if self.references: to_return['ObjectReference'] = [reference._to_feed() for reference in self.references] return to_return diff --git a/pymisp/tools/__init__.py b/pymisp/tools/__init__.py index eb2309816..675917461 100644 --- a/pymisp/tools/__init__.py +++ b/pymisp/tools/__init__.py @@ -21,3 +21,4 @@ from .vehicleobject import VehicleObject # noqa from .csvloader import CSVLoader # noqa from .sshauthkeyobject import SSHAuthorizedKeysObject # noqa + from .feed_meta_generator import feed_meta_generator # noqa diff --git a/pymisp/tools/feed_meta_generator.py b/pymisp/tools/feed_meta_generator.py new file mode 100644 index 000000000..9ff53d29c --- /dev/null +++ b/pymisp/tools/feed_meta_generator.py @@ -0,0 +1,26 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- + +from pathlib import Path +from pymisp import MISPEvent +import json + + +def feed_meta_generator(path: Path): + manifests = {} + hashes = [] + + for f_name in path.glob('*.json'): + if str(f_name.name) == 'manifest.json': + continue + event = MISPEvent() + event.load_file(str(f_name)) + manifests.update(event.manifest) + hashes += [f'{h},{event.uuid}' for h in event.attributes_hashes('md5')] + + with (path / 'manifest.json').open('w') as f: + json.dump(manifests, f) + + with (path / 'hashes.csv').open('w') as f: + for h in hashes: + f.write(f'{h}\n') From 260d730b5abc3040d6c3f763ec460d8b8bc9e6c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Fri, 22 Nov 2019 17:43:08 +0100 Subject: [PATCH 16/33] new: Script to generate the metadata of a feed out of a directory --- examples/generate_meta_feed.py | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 examples/generate_meta_feed.py diff --git a/examples/generate_meta_feed.py b/examples/generate_meta_feed.py new file mode 100644 index 000000000..56185953b --- /dev/null +++ b/examples/generate_meta_feed.py @@ -0,0 +1,15 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- + +from pymisp.tools import feed_meta_generator +import argparse +from pathlib import Path + +if __name__ == '__main__': + parser = argparse.ArgumentParser(description='Build meta files for feed') + parser.add_argument("--feed", required=True, help="Path to directory containing the feed.") + args = parser.parse_args() + + feed = Path(args.feed) + + feed_meta_generator(feed) From 38ee7679a7a577628436c713bc2fb8b89f346178 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Mon, 25 Nov 2019 14:44:53 +0100 Subject: [PATCH 17/33] cch: Bump misp-objects --- pymisp/data/misp-objects | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pymisp/data/misp-objects b/pymisp/data/misp-objects index 3d7b09e9c..2fe41c1c4 160000 --- a/pymisp/data/misp-objects +++ b/pymisp/data/misp-objects @@ -1 +1 @@ -Subproject commit 3d7b09e9c47929a437c10b77b8525ed5fc16def6 +Subproject commit 2fe41c1c4618439473357b487f9ca228488dc632 From af3e19a27128210c4b2e3242815d61043a863dd7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Mon, 25 Nov 2019 16:29:18 +0100 Subject: [PATCH 18/33] chg: Bump misp-objects --- pymisp/data/misp-objects | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pymisp/data/misp-objects b/pymisp/data/misp-objects index 2fe41c1c4..68d61d25d 160000 --- a/pymisp/data/misp-objects +++ b/pymisp/data/misp-objects @@ -1 +1 @@ -Subproject commit 2fe41c1c4618439473357b487f9ca228488dc632 +Subproject commit 68d61d25d9fabd43acd3430e7be196863317233d From 78c9f4f605ea421924a459a748d55fd569db6472 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Mon, 25 Nov 2019 16:35:56 +0100 Subject: [PATCH 19/33] chg: Few more improvements on the feed export --- pymisp/abstract.py | 4 ++-- pymisp/mispevent.py | 19 ++++++++++--------- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/pymisp/abstract.py b/pymisp/abstract.py index 7ea7cedeb..3e7f8507d 100644 --- a/pymisp/abstract.py +++ b/pymisp/abstract.py @@ -290,7 +290,7 @@ def _to_feed(self): if getattr(self, field, None) is not None: if field in ['timestamp', 'publish_timestamp']: to_return[field] = self._datetime_to_timestamp(getattr(self, field)) - elif field == 'date': + elif isinstance(getattr(self, field), (datetime.datetime, datetime.date)): to_return[field] = getattr(self, field).isoformat() else: to_return[field] = getattr(self, field) @@ -354,7 +354,7 @@ def __setattr__(self, name, value): def _datetime_to_timestamp(self, d): """Convert a datetime.datetime object to a timestamp (int)""" - if isinstance(d, (int, str)) or (sys.version_info < (3, 0) and isinstance(d, unicode)): + if isinstance(d, (int, float, str)) or (sys.version_info < (3, 0) and isinstance(d, unicode)): # Assume we already have a timestamp return int(d) if sys.version_info >= (3, 3): diff --git a/pymisp/mispevent.py b/pymisp/mispevent.py index dda64fbdf..b16b0686d 100644 --- a/pymisp/mispevent.py +++ b/pymisp/mispevent.py @@ -142,10 +142,7 @@ def hash_values(self, algorithm='sha512'): h.update(to_encode.encode("utf-8")) return [h.hexdigest()] - def _to_feed(self, valid_distributions): - if (hasattr(self, 'distribution') and self.distribution is not None - and self.distribution not in valid_distributions): - return False + def _to_feed(self): to_return = super(MISPAttribute, self)._to_feed() if self.data: to_return['data'] = base64.b64encode(self.data.getvalue()).decode() @@ -530,7 +527,9 @@ def to_feed(self, valid_distributions=[0, 1, 2, 3, 4, 5], with_meta=False): if not hasattr(self, r): raise PyMISPError('The field {} is required to generate the event feed output.') - if hasattr(self, 'distribution') and int(self.distribution) not in valid_distributions: + if (hasattr(self, 'distribution') + and self.distribution is not None + and int(self.distribution) not in valid_distributions): return self._set_default() @@ -547,22 +546,24 @@ def to_feed(self, valid_distributions=[0, 1, 2, 3, 4, 5], with_meta=False): for attribute in self.attributes: if (valid_distributions and attribute.get('distribution') is not None and attribute.distribution not in valid_distributions): continue - to_return['Attribute'].append(attribute._to_feed(valid_distributions)) + to_return['Attribute'].append(attribute._to_feed()) if with_meta: to_return['_hashes'] += attribute.hash_values('md5') if self.objects: - to_return['Object']['Attribute'] = [] + to_return['Object'] = [] for obj in self.objects: if (valid_distributions and obj.get('distribution') is not None and obj.distribution not in valid_distributions): continue - to_return['Object'] = obj._to_feed() + obj_to_attach = obj._to_feed() + obj_to_attach['Attribute'] = [] for attribute in obj.attributes: if (valid_distributions and attribute.get('distribution') is not None and attribute.distribution not in valid_distributions): continue - to_return['Object']['Attribute'].append(attribute._to_feed(valid_distributions)) + obj_to_attach['Attribute'].append(attribute._to_feed()) if with_meta: to_return['_hashes'] += attribute.hash_values('md5') + to_return['Object'].append(obj_to_attach) return to_return From 15d28b71a11e7b7e2f291b4db88fcaf01a4da0bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Mon, 25 Nov 2019 16:43:10 +0100 Subject: [PATCH 20/33] chg: Require stable version of lief again --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 61819bdc0..a6539850c 100644 --- a/setup.py +++ b/setup.py @@ -42,7 +42,7 @@ install_requires=['six', 'requests', 'python-dateutil', 'jsonschema', 'python-dateutil', 'enum34;python_version<"3.4"', 'functools32;python_version<"3.0"', 'deprecated', 'cachetools;python_version<"3.0"'], - extras_require={'fileobjects': ['lief>=0.8,<0.10;python_version<"3.5"', 'lief>=0.10.0.dev0;python_version>"3.5"', 'python-magic', 'pydeep'], + extras_require={'fileobjects': ['lief>=0.8,<0.10;python_version<"3.5"', 'lief>=0.10;python_version>"3.5"', 'python-magic', 'pydeep'], 'neo': ['py2neo'], 'openioc': ['beautifulsoup4'], 'virustotal': ['validators'], From e822f7b82a559efce0cd1dab7c67392b76044127 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Mon, 25 Nov 2019 16:44:07 +0100 Subject: [PATCH 21/33] chg: Bump dependencies --- Pipfile.lock | 106 +++++++++++++++++++++++++++------------------------ 1 file changed, 56 insertions(+), 50 deletions(-) diff --git a/Pipfile.lock b/Pipfile.lock index cfdb5faf0..2a0c59e9f 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -71,31 +71,34 @@ "sha256:aa18d7378b00b40847790e7c27e11673d7fed219354109d0e7b9e5b25dc3ad26", "sha256:d5f18a79777f3aa179c145737780282e27b508fc8fd688cb17c7a813e8bd39af" ], + "markers": "python_version < '3.8'", "version": "==0.23" }, "jsonschema": { "hashes": [ - "sha256:2fa0684276b6333ff3c0b1b27081f4b2305f0a36cf702a23db50edb141893c3f", - "sha256:94c0a13b4a0616458b42529091624e66700a17f847453e52279e35509a5b7631" + "sha256:4e5b3cf8216f577bee9ce139cbe72eca3ea4f292ec60928ff24758ce626cd163", + "sha256:c8a85b28d377cc7737e46e2d9f2b4f44ee3c0e1deac6bf46ddefc7187d30797a" ], - "version": "==3.1.1" + "version": "==3.2.0" }, "lief": { "hashes": [ - "sha256:0efba18d7b9776529ea5c18c771b35871896a8ceb95a19351e50d4813a11c632", - "sha256:3d9c7bb1e353e875f295a72a58d3a37ae1ba3e1ff1beb57b8a65f1a726064093", - "sha256:3db5939e7d95f776f9866586128c2a5be614eaec43ab985ac27ff2c531f8ac5f", - "sha256:4c61598818b0091d80839875aa107cfd10ae1017a3e9c9de4bc002622b8e3179", - "sha256:4f26d07bdada8ca5ef3dc5fa2f71f20f7e8ab4f78f7c5e00134477f51feb6a80", - "sha256:55fe3c8a0990dce16ab5bf88df707f1eacac4eb34561667ac478497e0e0807c7", - "sha256:68bcf18e40c9412d2d08d6311e04eb6c19e20ec174764706da2d602c45aa4fd5", - "sha256:7ff910d99361022451e9c25e34cb844768e2fa347cfb0f4ad70f531810d776d4", - "sha256:ac571152d0b864e8d376bc733c5728a224316be1cdefc290174f1bf8ab10ec70", - "sha256:dd17a7cdcd29a2efca3d4cb4fb078a06daf1cafec8912560965a8d8dbf346739", - "sha256:efa5f3523c01f7f0f5f2c14e5ac808e2447d1435c6a2872e5ab1a97ef1b0db9b", - "sha256:f1aadb344b5e14b308167bd2c9f31f1915e3c4e3f9a9ca92ff7b7bfbede5034c" - ], - "version": "==0.10.0.dev0" + "sha256:303f90f7fe02da5c01cf23e4a09a00c458dbb9fb19872375e30ca3a7db311323", + "sha256:32e671e75c5cfdb545225929bfac2f20f5a8818f525df7d37a9c052d08ab53be", + "sha256:338be7c84f135af0129cf9bf2ffd9bca6c56fa326f947f24da5630dbdbeaf6a6", + "sha256:4aef53ce999c3ed495023fb253b16842e8656da59f6f6278f973c700485d71ee", + "sha256:66e05179c98e75ee3d5deb4c9fdc6446cbbf03a63489c265654571d3551714f6", + "sha256:83f086780d04c34d08436e0cb7ba75f8aa4637fdf650aeaac8adddb7bfd9b81a", + "sha256:93f3e54485f77f658be15cb7673fc444198797f7c4a637dac31e9866d87cd6c1", + "sha256:ad46b620401b31cefee60093172aad7b616d90a50d21f99ac73134e474d5b048", + "sha256:c70e564736cc74abbb5ea151b4167aaef8136b24b1a71806ec711f7556016a47", + "sha256:cbfc6bb998496afd750884b7f077a146dd2378e9237bb3fc46a34c01aa3f325e", + "sha256:fcad89473cfbb61b7de732c6b8992cd7ecc9e8974d27ba6a652f87f5010dc62b", + "sha256:fd1ab21e0a33735ef1512645ee816562ee88d724bb30d2d760785ec26899e625", + "sha256:fd8386f245770cadd0ee60c653af905d75f390384df640bf884aa3ef96278d3e", + "sha256:ff029fb67b3696b9bd920728a991db380440bac01553b57298f6a84aaaf6a664" + ], + "version": "==0.10.0" }, "more-itertools": { "hashes": [ @@ -162,9 +165,9 @@ }, "pyrsistent": { "hashes": [ - "sha256:eb6545dbeb1aa69ab1fb4809bfbf5a8705e44d92ef8fc7c2361682a47c46c778" + "sha256:f3b280d030afb652f79d67c5586157c5c1355c9a58dfc7940566e28d28f3df1b" ], - "version": "==0.15.5" + "version": "==0.15.6" }, "python-dateutil": { "hashes": [ @@ -426,6 +429,7 @@ "sha256:aa18d7378b00b40847790e7c27e11673d7fed219354109d0e7b9e5b25dc3ad26", "sha256:d5f18a79777f3aa179c145737780282e27b508fc8fd688cb17c7a813e8bd39af" ], + "markers": "python_version < '3.8'", "version": "==0.23" }, "jinja2": { @@ -437,27 +441,29 @@ }, "jsonschema": { "hashes": [ - "sha256:2fa0684276b6333ff3c0b1b27081f4b2305f0a36cf702a23db50edb141893c3f", - "sha256:94c0a13b4a0616458b42529091624e66700a17f847453e52279e35509a5b7631" + "sha256:4e5b3cf8216f577bee9ce139cbe72eca3ea4f292ec60928ff24758ce626cd163", + "sha256:c8a85b28d377cc7737e46e2d9f2b4f44ee3c0e1deac6bf46ddefc7187d30797a" ], - "version": "==3.1.1" + "version": "==3.2.0" }, "lief": { "hashes": [ - "sha256:0efba18d7b9776529ea5c18c771b35871896a8ceb95a19351e50d4813a11c632", - "sha256:3d9c7bb1e353e875f295a72a58d3a37ae1ba3e1ff1beb57b8a65f1a726064093", - "sha256:3db5939e7d95f776f9866586128c2a5be614eaec43ab985ac27ff2c531f8ac5f", - "sha256:4c61598818b0091d80839875aa107cfd10ae1017a3e9c9de4bc002622b8e3179", - "sha256:4f26d07bdada8ca5ef3dc5fa2f71f20f7e8ab4f78f7c5e00134477f51feb6a80", - "sha256:55fe3c8a0990dce16ab5bf88df707f1eacac4eb34561667ac478497e0e0807c7", - "sha256:68bcf18e40c9412d2d08d6311e04eb6c19e20ec174764706da2d602c45aa4fd5", - "sha256:7ff910d99361022451e9c25e34cb844768e2fa347cfb0f4ad70f531810d776d4", - "sha256:ac571152d0b864e8d376bc733c5728a224316be1cdefc290174f1bf8ab10ec70", - "sha256:dd17a7cdcd29a2efca3d4cb4fb078a06daf1cafec8912560965a8d8dbf346739", - "sha256:efa5f3523c01f7f0f5f2c14e5ac808e2447d1435c6a2872e5ab1a97ef1b0db9b", - "sha256:f1aadb344b5e14b308167bd2c9f31f1915e3c4e3f9a9ca92ff7b7bfbede5034c" - ], - "version": "==0.10.0.dev0" + "sha256:303f90f7fe02da5c01cf23e4a09a00c458dbb9fb19872375e30ca3a7db311323", + "sha256:32e671e75c5cfdb545225929bfac2f20f5a8818f525df7d37a9c052d08ab53be", + "sha256:338be7c84f135af0129cf9bf2ffd9bca6c56fa326f947f24da5630dbdbeaf6a6", + "sha256:4aef53ce999c3ed495023fb253b16842e8656da59f6f6278f973c700485d71ee", + "sha256:66e05179c98e75ee3d5deb4c9fdc6446cbbf03a63489c265654571d3551714f6", + "sha256:83f086780d04c34d08436e0cb7ba75f8aa4637fdf650aeaac8adddb7bfd9b81a", + "sha256:93f3e54485f77f658be15cb7673fc444198797f7c4a637dac31e9866d87cd6c1", + "sha256:ad46b620401b31cefee60093172aad7b616d90a50d21f99ac73134e474d5b048", + "sha256:c70e564736cc74abbb5ea151b4167aaef8136b24b1a71806ec711f7556016a47", + "sha256:cbfc6bb998496afd750884b7f077a146dd2378e9237bb3fc46a34c01aa3f325e", + "sha256:fcad89473cfbb61b7de732c6b8992cd7ecc9e8974d27ba6a652f87f5010dc62b", + "sha256:fd1ab21e0a33735ef1512645ee816562ee88d724bb30d2d760785ec26899e625", + "sha256:fd8386f245770cadd0ee60c653af905d75f390384df640bf884aa3ef96278d3e", + "sha256:ff029fb67b3696b9bd920728a991db380440bac01553b57298f6a84aaaf6a664" + ], + "version": "==0.10.0" }, "markupsafe": { "hashes": [ @@ -579,19 +585,19 @@ }, "psutil": { "hashes": [ - "sha256:021d361439586a0fd8e64f8392eb7da27135db980f249329f1a347b9de99c695", - "sha256:145e0f3ab9138165f9e156c307100905fd5d9b7227504b8a9d3417351052dc3d", - "sha256:348ad4179938c965a27d29cbda4a81a1b2c778ecd330a221aadc7bd33681afbd", - "sha256:3feea46fbd634a93437b718518d15b5dd49599dfb59a30c739e201cc79bb759d", - "sha256:474e10a92eeb4100c276d4cc67687adeb9d280bbca01031a3e41fb35dfc1d131", - "sha256:47aeb4280e80f27878caae4b572b29f0ec7967554b701ba33cd3720b17ba1b07", - "sha256:73a7e002781bc42fd014dfebb3fc0e45f8d92a4fb9da18baea6fb279fbc1d966", - "sha256:d051532ac944f1be0179e0506f6889833cf96e466262523e57a871de65a15147", - "sha256:dfb8c5c78579c226841908b539c2374da54da648ee5a837a731aa6a105a54c00", - "sha256:e3f5f9278867e95970854e92d0f5fe53af742a7fc4f2eba986943345bcaed05d", - "sha256:e9649bb8fc5cea1f7723af53e4212056a6f984ee31784c10632607f472dec5ee" + "sha256:06660136ab88762309775fd47290d7da14094422d915f0466e0adf8e4b22214e", + "sha256:0c11adde31011a286197630ba2671e34651f004cc418d30ae06d2033a43c9e20", + "sha256:0c211eec4185725847cb6c28409646c7cfa56fdb531014b35f97b5dc7fe04ff9", + "sha256:0fc7a5619b47f74331add476fbc6022d7ca801c22865c7069ec0867920858963", + "sha256:3004361c6b93dbad71330d992c1ae409cb8314a6041a0b67507cc882357f583e", + "sha256:5e8dbf31871b0072bcba8d1f2861c0ec6c84c78f13c723bb6e981bce51b58f12", + "sha256:6d81b9714791ef9a3a00b2ca846ee547fc5e53d259e2a6258c3d2054928039ff", + "sha256:724390895cff80add7a1c4e7e0a04d9c94f3ee61423a2dcafd83784fabbd1ee9", + "sha256:ad21281f7bd6c57578dd53913d2d44218e9e29fd25128d10ff7819ef16fa46e7", + "sha256:f21a7bb4b207e4e7c60b3c40ffa89d790997619f04bbecec9db8e3696122bc78", + "sha256:f60042bef7dc50a78c06334ca8e25580455948ba2fa98f240d034a4fed9141a5" ], - "version": "==5.6.5" + "version": "==5.6.6" }, "py2neo": { "hashes": [ @@ -631,9 +637,9 @@ }, "pyrsistent": { "hashes": [ - "sha256:eb6545dbeb1aa69ab1fb4809bfbf5a8705e44d92ef8fc7c2361682a47c46c778" + "sha256:f3b280d030afb652f79d67c5586157c5c1355c9a58dfc7940566e28d28f3df1b" ], - "version": "==0.15.5" + "version": "==0.15.6" }, "python-dateutil": { "hashes": [ From 9495ae8c89037270faddc0891c149d08bd262114 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Mon, 25 Nov 2019 16:44:29 +0100 Subject: [PATCH 22/33] chg: Bump version --- pymisp/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pymisp/__init__.py b/pymisp/__init__.py index 144b054ee..3678225ea 100644 --- a/pymisp/__init__.py +++ b/pymisp/__init__.py @@ -1,4 +1,4 @@ -__version__ = '2.4.117.1' +__version__ = '2.4.117.3' import logging import warnings import sys From a32256f1959cc3fb6a4481b77dbe2589385e4f5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Mon, 25 Nov 2019 16:47:01 +0100 Subject: [PATCH 23/33] chg: Bump changelog --- CHANGELOG.txt | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/CHANGELOG.txt b/CHANGELOG.txt index c61a15836..e4f0a32cb 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -2,9 +2,62 @@ Changelog ========= +v2.4.117.3 (2019-11-25) +----------------------- + +New +~~~ +- Script to generate the metadata of a feed out of a directory. [Raphaël + Vinot] +- Add to_feed export to MISPEvent. [Raphaël Vinot] +- Validate object templates. [Raphaël Vinot] + + fix https://github.com/MISP/misp-objects/issues/199 +- Test cases for restricted tags. [Raphaël Vinot] + + Fix #483 +- Get Database Schema Diagnostic. [Raphaël Vinot] + + Fix #492 + +Changes +~~~~~~~ +- Bump version. [Raphaël Vinot] +- Bump dependencies. [Raphaël Vinot] +- Require stable version of lief again. [Raphaël Vinot] +- Few more improvements on the feed export. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Make the feed generator more generic. [Raphaël Vinot] +- Use New version of PyMISP in the feed generator. [Raphaël Vinot] +- Bump misp-object. [Raphaël Vinot] +- Allow to sort and indent the json output for objects. [Raphaël Vinot] +- Bump objects. [Raphaël Vinot] +- Bump dependencies. [Raphaël Vinot] +- [test] feed test updated as botvrij is now TLS by default. [Alexandre + Dulaunoy] + +Fix +~~~ +- Improve stability of feed output. [Raphaël Vinot] +- Do not unitialize the uuid in MISPEvent. [Raphaël Vinot] +- Bump url template version in test cases. [Raphaël Vinot] +- Python 2.7 tests. [Raphaël Vinot] +- Print the full json blob in debug mode. [Raphaël Vinot] + + Related https://github.com/MISP/PyMISP/issues/462 + +Other +~~~~~ +- Cch: Bump misp-objects. [Raphaël Vinot] + + v2.4.117.2 (2019-10-30) ----------------------- +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] + Fix ~~~ - Avoid exception on legacy MISP. [Raphaël Vinot] From 4fed55a09ded9f0007c92c52a67bb21282dfc567 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Wed, 27 Nov 2019 11:10:57 +0100 Subject: [PATCH 24/33] fix: Rename feed_meta_generator so it clearly fails with python<3.6 --- pymisp/tools/__init__.py | 2 +- pymisp/tools/{feed_meta_generator.py => feed.py} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename pymisp/tools/{feed_meta_generator.py => feed.py} (100%) diff --git a/pymisp/tools/__init__.py b/pymisp/tools/__init__.py index 675917461..d33e0731f 100644 --- a/pymisp/tools/__init__.py +++ b/pymisp/tools/__init__.py @@ -21,4 +21,4 @@ from .vehicleobject import VehicleObject # noqa from .csvloader import CSVLoader # noqa from .sshauthkeyobject import SSHAuthorizedKeysObject # noqa - from .feed_meta_generator import feed_meta_generator # noqa + from .feed import feed_meta_generator # noqa diff --git a/pymisp/tools/feed_meta_generator.py b/pymisp/tools/feed.py similarity index 100% rename from pymisp/tools/feed_meta_generator.py rename to pymisp/tools/feed.py From 446649992fa74776905d8cc312d4fbbcfe68eceb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Wed, 27 Nov 2019 17:08:15 +0100 Subject: [PATCH 25/33] fix: Raise PyMISPError instead of Exception --- pymisp/abstract.py | 6 +++--- pymisp/aping.py | 2 +- pymisp/mispevent.py | 8 ++++---- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/pymisp/abstract.py b/pymisp/abstract.py index 3e7f8507d..15e8e212e 100644 --- a/pymisp/abstract.py +++ b/pymisp/abstract.py @@ -24,7 +24,7 @@ import logging from enum import Enum -from .exceptions import PyMISPInvalidFormat +from .exceptions import PyMISPInvalidFormat, PyMISPError logger = logging.getLogger('pymisp') @@ -284,7 +284,7 @@ def jsonable(self): def _to_feed(self): if not hasattr(self, '_fields_for_feed'): - raise Exception('Unable to export in the feed format, _fields_for_feed is missing.') + raise PyMISPError('Unable to export in the feed format, _fields_for_feed is missing.') to_return = {} for field in self._fields_for_feed: if getattr(self, field, None) is not None: @@ -343,7 +343,7 @@ def edited(self, val): if isinstance(val, bool): self.__edited = val else: - raise Exception('edited can only be True or False') + raise PyMISPError('edited can only be True or False') def __setattr__(self, name, value): if name[0] != '_' and not self.__edited and name in self.keys(): diff --git a/pymisp/aping.py b/pymisp/aping.py index bc84afce1..32ef86147 100644 --- a/pymisp/aping.py +++ b/pymisp/aping.py @@ -1895,7 +1895,7 @@ def freetext(self, event: Union[MISPEvent, int, str, UUID], string: str, adhereT if adhereToWarninglists in wl_params: query['adhereToWarninglists'] = adhereToWarninglists else: - raise Exception('Invalid parameter, adhereToWarninglists Can only be {}'.format(', '.join(wl_params))) + raise PyMISPError('Invalid parameter, adhereToWarninglists Can only be {}'.format(', '.join(wl_params))) if distribution is not None: query['distribution'] = distribution if returnMetaAttributes: diff --git a/pymisp/mispevent.py b/pymisp/mispevent.py index b16b0686d..a015e138d 100644 --- a/pymisp/mispevent.py +++ b/pymisp/mispevent.py @@ -99,7 +99,7 @@ def make_bool(value): return False return True else: - raise Exception('Unable to convert {} to a boolean.'.format(value)) + raise PyMISPError('Unable to convert {} to a boolean.'.format(value)) class MISPAttribute(AbstractMISP): @@ -378,7 +378,7 @@ def data(self, data): try: with ZipFile(self.data) as f: if not self.__is_misp_encrypted_file(f): - raise Exception('Not an existing malware sample') + raise PyMISPError('Not an existing malware sample') for name in f.namelist(): if name.endswith('.filename.txt'): with f.open(name, pwd=b'infected') as unpacked: @@ -798,7 +798,7 @@ def add_attribute_tag(self, tag, attribute_identifier): attributes.append(a) if not attributes: - raise Exception('No attribute with identifier {} found.'.format(attribute_identifier)) + raise PyMISPError('No attribute with identifier {} found.'.format(attribute_identifier)) self.edited = True return attributes @@ -820,7 +820,7 @@ def delete_attribute(self, attribute_id): found = True break if not found: - raise Exception('No attribute with UUID/ID {} found.'.format(attribute_id)) + raise PyMISPError('No attribute with UUID/ID {} found.'.format(attribute_id)) def add_attribute(self, type, value, **kwargs): """Add an attribute. type and value are required but you can pass all From 0d354b203261619170456fdb21ca55004315dccc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Fri, 29 Nov 2019 16:33:17 +0100 Subject: [PATCH 26/33] fix: Update tests. --- pymisp/mispevent.py | 2 ++ tests/testlive_comprehensive.py | 8 ++++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/pymisp/mispevent.py b/pymisp/mispevent.py index a015e138d..7b3f5d5bc 100644 --- a/pymisp/mispevent.py +++ b/pymisp/mispevent.py @@ -1021,6 +1021,8 @@ def from_dict(self, **kwargs): if 'User' in kwargs: kwargs = kwargs['User'] super(MISPUser, self).from_dict(**kwargs) + if hasattr(self, 'password') and set(self.password) == set(['*']): + self.password = None def __repr__(self): if hasattr(self, 'email'): diff --git a/tests/testlive_comprehensive.py b/tests/testlive_comprehensive.py index 39d74b5f0..0d03e5ab7 100644 --- a/tests/testlive_comprehensive.py +++ b/tests/testlive_comprehensive.py @@ -23,6 +23,8 @@ import logging logging.disable(logging.CRITICAL) +logger = logging.getLogger('pymisp') + try: from pymisp import ExpandedPyMISP, MISPEvent, MISPOrganisation, MISPUser, Distribution, ThreatLevel, Analysis, MISPObject, MISPAttribute, MISPSighting, MISPShadowAttribute, MISPTag, MISPSharingGroup, MISPFeed, MISPServer, MISPUserSetting @@ -75,7 +77,7 @@ def setUpClass(cls): user.email = 'testusr@user.local' user.org_id = cls.test_org.id cls.test_usr = cls.admin_misp_connector.add_user(user, pythonify=True) - cls.user_misp_connector = ExpandedPyMISP(url, cls.test_usr.authkey, verifycert, debug=False) + cls.user_misp_connector = ExpandedPyMISP(url, cls.test_usr.authkey, verifycert, debug=True) cls.user_misp_connector.toggle_global_pythonify() # Creates a publisher user = MISPUser() @@ -1185,7 +1187,9 @@ def test_tags(self): self.assertFalse(first.attributes[0].tags) # Reference: https://github.com/MISP/PyMISP/issues/483 r = self.delegate_user_misp_connector.tag(first, tag_org_restricted) - self.assertEqual(r['errors'][1]['message'], 'Invalid Tag. This tag can only be set by a fixed organisation.') + # FIXME: The error message changed and is unhelpful. + # self.assertEqual(r['errors'][1]['message'], 'Invalid Tag. This tag can only be set by a fixed organisation.') + self.assertEqual(r['errors'][1]['message'], 'Invalid Target.') r = self.user_misp_connector.tag(first, tag_org_restricted) self.assertEqual(r['name'], f'Global tag {tag_org_restricted.name}({tag_org_restricted.id}) successfully attached to Event({first.id}).') r = self.pub_misp_connector.tag(first.attributes[0], tag_user_restricted) From 1e8d9eb406fa368da5c1691a4cfda6eadbc496a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Sat, 30 Nov 2019 10:41:15 +0100 Subject: [PATCH 27/33] fix: Bump lief to 0.10.1 --- Pipfile.lock | 114 +++++++++++++++++++++++++-------------------------- setup.py | 2 +- 2 files changed, 58 insertions(+), 58 deletions(-) diff --git a/Pipfile.lock b/Pipfile.lock index 2a0c59e9f..90287e5cb 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -33,10 +33,10 @@ }, "certifi": { "hashes": [ - "sha256:e4f3620cfea4f83eedc95b24abd9cd56f3c4b146dd0177e83a21b4eb49e21e50", - "sha256:fd7c7c74727ddcf00e9acd26bba8da604ffec95bf1c2144e67aff7a8b50e6cef" + "sha256:017c25db2a153ce562900032d5bc68e9f191e44e9a0f762f373977de9df1fbb3", + "sha256:25b64c7da4cd7479594d035c08c2d809eb4aab3a26e5a990ea98cc450c320f1f" ], - "version": "==2019.9.11" + "version": "==2019.11.28" }, "chardet": { "hashes": [ @@ -83,29 +83,29 @@ }, "lief": { "hashes": [ - "sha256:303f90f7fe02da5c01cf23e4a09a00c458dbb9fb19872375e30ca3a7db311323", - "sha256:32e671e75c5cfdb545225929bfac2f20f5a8818f525df7d37a9c052d08ab53be", - "sha256:338be7c84f135af0129cf9bf2ffd9bca6c56fa326f947f24da5630dbdbeaf6a6", - "sha256:4aef53ce999c3ed495023fb253b16842e8656da59f6f6278f973c700485d71ee", - "sha256:66e05179c98e75ee3d5deb4c9fdc6446cbbf03a63489c265654571d3551714f6", - "sha256:83f086780d04c34d08436e0cb7ba75f8aa4637fdf650aeaac8adddb7bfd9b81a", - "sha256:93f3e54485f77f658be15cb7673fc444198797f7c4a637dac31e9866d87cd6c1", - "sha256:ad46b620401b31cefee60093172aad7b616d90a50d21f99ac73134e474d5b048", - "sha256:c70e564736cc74abbb5ea151b4167aaef8136b24b1a71806ec711f7556016a47", - "sha256:cbfc6bb998496afd750884b7f077a146dd2378e9237bb3fc46a34c01aa3f325e", - "sha256:fcad89473cfbb61b7de732c6b8992cd7ecc9e8974d27ba6a652f87f5010dc62b", - "sha256:fd1ab21e0a33735ef1512645ee816562ee88d724bb30d2d760785ec26899e625", - "sha256:fd8386f245770cadd0ee60c653af905d75f390384df640bf884aa3ef96278d3e", - "sha256:ff029fb67b3696b9bd920728a991db380440bac01553b57298f6a84aaaf6a664" - ], - "version": "==0.10.0" + "sha256:276cc63ec12a21bdf01b8d30962692c17499788234f0765247ca7a35872097ec", + "sha256:3e6baaeb52bdc339b5f19688b58fd8d5778b92e50221f920cedfa2bec1f4d5c2", + "sha256:45e5c592b57168c447698381d927eb2386ffdd52afe0c48245f848d4cc7ee05a", + "sha256:6547752b5db105cd41c9fa65d0d7452a4d7541b77ffee716b46246c6d81e172f", + "sha256:83b51e01627b5982662f9550ac1230758aa56945ed86829e4291932d98417da3", + "sha256:895599194ea7495bf304e39317b04df20cccf799fc2751867cc1aa4997cfcdae", + "sha256:8a91cee2568306fe1d2bf84341b459c85368317d01d7105fa49e4f4ede837076", + "sha256:913b36a67707dc2afa72f117bab9856ea3f434f332b04a002a0f9723c8779320", + "sha256:9f604a361a3b1b3ed5fdafed0321c5956cb3b265b5efe2250d1bf8911a80c65b", + "sha256:a487fe7234c04bccd58223dbb79214421176e2629814c7a4a887764cceb5be7c", + "sha256:bc8488fb0661cb436fe4bb4fe947d0f9aa020e9acaed233ccf01ab04d888c68a", + "sha256:bddbf333af62310a10cb738a1df1dc2b140dd9c663b55ba3500c10c249d416d2", + "sha256:cce48d7c97cef85e01e6cfeff55f2068956b5c0257eb9c2d2c6d15e33dd1e4fc", + "sha256:f8b3f66956c56b582b3adc573bf2a938c25fb21c8894b373a113e24c494fc982" + ], + "version": "==0.10.1" }, "more-itertools": { "hashes": [ - "sha256:409cd48d4db7052af495b09dec721011634af3753ae1ef92d2b32f73a745f832", - "sha256:92b8c4b06dac4f0611c0729b2f2ede52b2e1bac1ab48f089c7ddc12e26bb60c4" + "sha256:53ff73f186307d9c8ef17a9600309154a6ae27f25579e80af4db8f047ba14bc2", + "sha256:a0ea684c39bc4315ba7aae406596ef191fd84f873d2d2751f84d64e81a7a2d45" ], - "version": "==7.2.0" + "version": "==8.0.0" }, "pillow": { "hashes": [ @@ -296,10 +296,10 @@ }, "certifi": { "hashes": [ - "sha256:e4f3620cfea4f83eedc95b24abd9cd56f3c4b146dd0177e83a21b4eb49e21e50", - "sha256:fd7c7c74727ddcf00e9acd26bba8da604ffec95bf1c2144e67aff7a8b50e6cef" + "sha256:017c25db2a153ce562900032d5bc68e9f191e44e9a0f762f373977de9df1fbb3", + "sha256:25b64c7da4cd7479594d035c08c2d809eb4aab3a26e5a990ea98cc450c320f1f" ], - "version": "==2019.9.11" + "version": "==2019.11.28" }, "chardet": { "hashes": [ @@ -448,22 +448,22 @@ }, "lief": { "hashes": [ - "sha256:303f90f7fe02da5c01cf23e4a09a00c458dbb9fb19872375e30ca3a7db311323", - "sha256:32e671e75c5cfdb545225929bfac2f20f5a8818f525df7d37a9c052d08ab53be", - "sha256:338be7c84f135af0129cf9bf2ffd9bca6c56fa326f947f24da5630dbdbeaf6a6", - "sha256:4aef53ce999c3ed495023fb253b16842e8656da59f6f6278f973c700485d71ee", - "sha256:66e05179c98e75ee3d5deb4c9fdc6446cbbf03a63489c265654571d3551714f6", - "sha256:83f086780d04c34d08436e0cb7ba75f8aa4637fdf650aeaac8adddb7bfd9b81a", - "sha256:93f3e54485f77f658be15cb7673fc444198797f7c4a637dac31e9866d87cd6c1", - "sha256:ad46b620401b31cefee60093172aad7b616d90a50d21f99ac73134e474d5b048", - "sha256:c70e564736cc74abbb5ea151b4167aaef8136b24b1a71806ec711f7556016a47", - "sha256:cbfc6bb998496afd750884b7f077a146dd2378e9237bb3fc46a34c01aa3f325e", - "sha256:fcad89473cfbb61b7de732c6b8992cd7ecc9e8974d27ba6a652f87f5010dc62b", - "sha256:fd1ab21e0a33735ef1512645ee816562ee88d724bb30d2d760785ec26899e625", - "sha256:fd8386f245770cadd0ee60c653af905d75f390384df640bf884aa3ef96278d3e", - "sha256:ff029fb67b3696b9bd920728a991db380440bac01553b57298f6a84aaaf6a664" - ], - "version": "==0.10.0" + "sha256:276cc63ec12a21bdf01b8d30962692c17499788234f0765247ca7a35872097ec", + "sha256:3e6baaeb52bdc339b5f19688b58fd8d5778b92e50221f920cedfa2bec1f4d5c2", + "sha256:45e5c592b57168c447698381d927eb2386ffdd52afe0c48245f848d4cc7ee05a", + "sha256:6547752b5db105cd41c9fa65d0d7452a4d7541b77ffee716b46246c6d81e172f", + "sha256:83b51e01627b5982662f9550ac1230758aa56945ed86829e4291932d98417da3", + "sha256:895599194ea7495bf304e39317b04df20cccf799fc2751867cc1aa4997cfcdae", + "sha256:8a91cee2568306fe1d2bf84341b459c85368317d01d7105fa49e4f4ede837076", + "sha256:913b36a67707dc2afa72f117bab9856ea3f434f332b04a002a0f9723c8779320", + "sha256:9f604a361a3b1b3ed5fdafed0321c5956cb3b265b5efe2250d1bf8911a80c65b", + "sha256:a487fe7234c04bccd58223dbb79214421176e2629814c7a4a887764cceb5be7c", + "sha256:bc8488fb0661cb436fe4bb4fe947d0f9aa020e9acaed233ccf01ab04d888c68a", + "sha256:bddbf333af62310a10cb738a1df1dc2b140dd9c663b55ba3500c10c249d416d2", + "sha256:cce48d7c97cef85e01e6cfeff55f2068956b5c0257eb9c2d2c6d15e33dd1e4fc", + "sha256:f8b3f66956c56b582b3adc573bf2a938c25fb21c8894b373a113e24c494fc982" + ], + "version": "==0.10.1" }, "markupsafe": { "hashes": [ @@ -507,10 +507,10 @@ }, "more-itertools": { "hashes": [ - "sha256:409cd48d4db7052af495b09dec721011634af3753ae1ef92d2b32f73a745f832", - "sha256:92b8c4b06dac4f0611c0729b2f2ede52b2e1bac1ab48f089c7ddc12e26bb60c4" + "sha256:53ff73f186307d9c8ef17a9600309154a6ae27f25579e80af4db8f047ba14bc2", + "sha256:a0ea684c39bc4315ba7aae406596ef191fd84f873d2d2751f84d64e81a7a2d45" ], - "version": "==7.2.0" + "version": "==8.0.0" }, "neobolt": { "hashes": [ @@ -585,19 +585,19 @@ }, "psutil": { "hashes": [ - "sha256:06660136ab88762309775fd47290d7da14094422d915f0466e0adf8e4b22214e", - "sha256:0c11adde31011a286197630ba2671e34651f004cc418d30ae06d2033a43c9e20", - "sha256:0c211eec4185725847cb6c28409646c7cfa56fdb531014b35f97b5dc7fe04ff9", - "sha256:0fc7a5619b47f74331add476fbc6022d7ca801c22865c7069ec0867920858963", - "sha256:3004361c6b93dbad71330d992c1ae409cb8314a6041a0b67507cc882357f583e", - "sha256:5e8dbf31871b0072bcba8d1f2861c0ec6c84c78f13c723bb6e981bce51b58f12", - "sha256:6d81b9714791ef9a3a00b2ca846ee547fc5e53d259e2a6258c3d2054928039ff", - "sha256:724390895cff80add7a1c4e7e0a04d9c94f3ee61423a2dcafd83784fabbd1ee9", - "sha256:ad21281f7bd6c57578dd53913d2d44218e9e29fd25128d10ff7819ef16fa46e7", - "sha256:f21a7bb4b207e4e7c60b3c40ffa89d790997619f04bbecec9db8e3696122bc78", - "sha256:f60042bef7dc50a78c06334ca8e25580455948ba2fa98f240d034a4fed9141a5" - ], - "version": "==5.6.6" + "sha256:094f899ac3ef72422b7e00411b4ed174e3c5a2e04c267db6643937ddba67a05b", + "sha256:10b7f75cc8bd676cfc6fa40cd7d5c25b3f45a0e06d43becd7c2d2871cbb5e806", + "sha256:1b1575240ca9a90b437e5a40db662acd87bbf181f6aa02f0204978737b913c6b", + "sha256:21231ef1c1a89728e29b98a885b8e0a8e00d09018f6da5cdc1f43f988471a995", + "sha256:28f771129bfee9fc6b63d83a15d857663bbdcae3828e1cb926e91320a9b5b5cd", + "sha256:70387772f84fa5c3bb6a106915a2445e20ac8f9821c5914d7cbde148f4d7ff73", + "sha256:b560f5cd86cf8df7bcd258a851ca1ad98f0d5b8b98748e877a0aec4e9032b465", + "sha256:b74b43fecce384a57094a83d2778cdfc2e2d9a6afaadd1ebecb2e75e0d34e10d", + "sha256:e85f727ffb21539849e6012f47b12f6dd4c44965e56591d8dec6e8bc9ab96f4a", + "sha256:fd2e09bb593ad9bdd7429e779699d2d47c1268cbde4dda95fcd1bd17544a0217", + "sha256:ffad8eb2ac614518bbe3c0b8eb9dffdb3a8d2e3a7d5da51c5b974fb723a5c5aa" + ], + "version": "==5.6.7" }, "py2neo": { "hashes": [ diff --git a/setup.py b/setup.py index a6539850c..87047988c 100644 --- a/setup.py +++ b/setup.py @@ -42,7 +42,7 @@ install_requires=['six', 'requests', 'python-dateutil', 'jsonschema', 'python-dateutil', 'enum34;python_version<"3.4"', 'functools32;python_version<"3.0"', 'deprecated', 'cachetools;python_version<"3.0"'], - extras_require={'fileobjects': ['lief>=0.8,<0.10;python_version<"3.5"', 'lief>=0.10;python_version>"3.5"', 'python-magic', 'pydeep'], + extras_require={'fileobjects': ['lief>=0.8,<0.10;python_version<"3.5"', 'lief>=0.10.1;python_version>"3.5"', 'python-magic', 'pydeep'], 'neo': ['py2neo'], 'openioc': ['beautifulsoup4'], 'virustotal': ['validators'], From 7a88598225eac740d1e07cb336241d590acbc444 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Mon, 2 Dec 2019 09:39:47 +0100 Subject: [PATCH 28/33] chg: Bump dependencies --- Pipfile.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Pipfile.lock b/Pipfile.lock index 90287e5cb..889425006 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -68,11 +68,11 @@ }, "importlib-metadata": { "hashes": [ - "sha256:aa18d7378b00b40847790e7c27e11673d7fed219354109d0e7b9e5b25dc3ad26", - "sha256:d5f18a79777f3aa179c145737780282e27b508fc8fd688cb17c7a813e8bd39af" + "sha256:b044f07694ef14a6683b097ba56bd081dbc7cdc7c7fe46011e499dfecc082f21", + "sha256:e6ac600a142cf2db707b1998382cc7fc3b02befb7273876e01b8ad10b9652742" ], "markers": "python_version < '3.8'", - "version": "==0.23" + "version": "==1.1.0" }, "jsonschema": { "hashes": [ @@ -426,11 +426,11 @@ }, "importlib-metadata": { "hashes": [ - "sha256:aa18d7378b00b40847790e7c27e11673d7fed219354109d0e7b9e5b25dc3ad26", - "sha256:d5f18a79777f3aa179c145737780282e27b508fc8fd688cb17c7a813e8bd39af" + "sha256:b044f07694ef14a6683b097ba56bd081dbc7cdc7c7fe46011e499dfecc082f21", + "sha256:e6ac600a142cf2db707b1998382cc7fc3b02befb7273876e01b8ad10b9652742" ], "markers": "python_version < '3.8'", - "version": "==0.23" + "version": "==1.1.0" }, "jinja2": { "hashes": [ From 51b0ad58f3f564cf8fc40789055bcff03dbff5d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Mon, 2 Dec 2019 09:40:13 +0100 Subject: [PATCH 29/33] chg: Bump version --- pymisp/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pymisp/__init__.py b/pymisp/__init__.py index 3678225ea..c1bb1851b 100644 --- a/pymisp/__init__.py +++ b/pymisp/__init__.py @@ -1,4 +1,4 @@ -__version__ = '2.4.117.3' +__version__ = '2.4.119' import logging import warnings import sys From 97a706a361913152cfb33bcbb0153814072c62d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Mon, 2 Dec 2019 09:41:43 +0100 Subject: [PATCH 30/33] chg: Bump changelog --- CHANGELOG.txt | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/CHANGELOG.txt b/CHANGELOG.txt index e4f0a32cb..21f8ac497 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -2,6 +2,23 @@ Changelog ========= +v2.4.119 (2019-12-02) +--------------------- + +Changes +~~~~~~~ +- Bump version. [Raphaël Vinot] +- Bump dependencies. [Raphaël Vinot] + +Fix +~~~ +- Bump lief to 0.10.1. [Raphaël Vinot] +- Update tests. [Raphaël Vinot] +- Raise PyMISPError instead of Exception. [Raphaël Vinot] +- Rename feed_meta_generator so it clearly fails with python<3.6. + [Raphaël Vinot] + + v2.4.117.3 (2019-11-25) ----------------------- @@ -22,6 +39,7 @@ New Changes ~~~~~~~ +- Bump changelog. [Raphaël Vinot] - Bump version. [Raphaël Vinot] - Bump dependencies. [Raphaël Vinot] - Require stable version of lief again. [Raphaël Vinot] From 75ecabaccfaa9a0de133fbaee5e0aac6fa63a09f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Mon, 2 Dec 2019 09:57:29 +0100 Subject: [PATCH 31/33] chg: Bump objects --- pymisp/data/misp-objects | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pymisp/data/misp-objects b/pymisp/data/misp-objects index 68d61d25d..54da7b5cc 160000 --- a/pymisp/data/misp-objects +++ b/pymisp/data/misp-objects @@ -1 +1 @@ -Subproject commit 68d61d25d9fabd43acd3430e7be196863317233d +Subproject commit 54da7b5cc30aea83905bb23e94a25b75c055f022 From 99d015a0d154c12867a6dfad7487b3be505806e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Mon, 2 Dec 2019 23:32:58 +0100 Subject: [PATCH 32/33] chg: Update documentation Fix #396 --- pymisp/abstract.py | 7 ++++++- pymisp/aping.py | 14 ++++++++++---- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/pymisp/abstract.py b/pymisp/abstract.py index 15e8e212e..5081a7c85 100644 --- a/pymisp/abstract.py +++ b/pymisp/abstract.py @@ -185,7 +185,12 @@ class AbstractMISP(MutableMapping, MISPFileCache): __describe_types = describe_types def __init__(self, **kwargs): - """Abstract class for all the MISP objects""" + """Abstract class for all the MISP objects. + NOTE: Every method in every classes inheriting this one are doing + changes in memory and do not modify data on a remote MISP instance. + To do so, you need to call the respective add_* or update_* + methods in ExpandedPyMISP/PyMISP. + """ super(AbstractMISP, self).__init__() self.__edited = True # As we create a new object, we assume it is edited self.__not_jsonable = [] diff --git a/pymisp/aping.py b/pymisp/aping.py index 32ef86147..d26d1cead 100644 --- a/pymisp/aping.py +++ b/pymisp/aping.py @@ -624,7 +624,11 @@ def get_tag(self, tag: Union[MISPTag, int, str, UUID], pythonify: bool=False): return t def add_tag(self, tag: MISPTag, pythonify: bool=False): - '''Add a new tag on a MISP instance''' + '''Add a new tag on a MISP instance + Notes: + * The user calling this method needs the Tag Editor permission + * It doesn't add a tag to an event, simply create it on a MISP instance. + ''' new_tag = self._prepare_request('POST', 'tags/add', data=tag) new_tag = self._check_response(new_tag, expect_json=True) if not (self.global_pythonify or pythonify) or 'errors' in new_tag: @@ -2048,8 +2052,8 @@ def change_sharing_group_on_entity(self, misp_entity: AbstractMISP, sharing_grou raise PyMISPError('The misp_entity must be MISPEvent, MISPObject or MISPAttribute') - def tag(self, misp_entity: Union[AbstractMISP, str], tag: Union[MISPTag, int, str], local: bool=False): - """Tag an event or an attribute. misp_entity can be a UUID""" + def tag(self, misp_entity: Union[AbstractMISP, str], tag: Union[MISPTag, str], local: bool=False): + """Tag an event or an attribute. misp_entity can be a MISPEvent, a MISP Attribute, or a UUID""" if 'uuid' in misp_entity: uuid = misp_entity.uuid else: @@ -2060,12 +2064,14 @@ def tag(self, misp_entity: Union[AbstractMISP, str], tag: Union[MISPTag, int, st response = self._prepare_request('POST', 'tags/attachTagToObject', data=to_post) return self._check_response(response, expect_json=True) - def untag(self, misp_entity: Union[AbstractMISP, str], tag: str): + def untag(self, misp_entity: Union[AbstractMISP, str], tag: Union[MISPTag, str]): """Untag an event or an attribute. misp_entity can be a UUID""" if 'uuid' in misp_entity: uuid = misp_entity.uuid else: uuid = misp_entity + if isinstance(tag, MISPTag): + tag = tag.name to_post = {'uuid': uuid, 'tag': tag} response = self._prepare_request('POST', 'tags/removeTagFromObject', data=to_post) return self._check_response(response, expect_json=True) From c03b26a18c83b47d2a04e908fe6c78176ec45509 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Wed, 4 Dec 2019 15:18:27 +0100 Subject: [PATCH 33/33] new: URLObject (requires pyfaup) --- pymisp/tools/__init__.py | 5 +++++ pymisp/tools/emailobject.py | 13 +++++++++++++ pymisp/tools/urlobject.py | 28 ++++++++++++++++++++++++++++ 3 files changed, 46 insertions(+) create mode 100644 pymisp/tools/urlobject.py diff --git a/pymisp/tools/__init__.py b/pymisp/tools/__init__.py index d33e0731f..14a9ed015 100644 --- a/pymisp/tools/__init__.py +++ b/pymisp/tools/__init__.py @@ -22,3 +22,8 @@ from .csvloader import CSVLoader # noqa from .sshauthkeyobject import SSHAuthorizedKeysObject # noqa from .feed import feed_meta_generator # noqa + try: + from .urlobject import URLObject # noqa + except ImportError: + # Requires faup, which is a bit difficult to install + pass diff --git a/pymisp/tools/emailobject.py b/pymisp/tools/emailobject.py index 0984336c1..c665ad576 100644 --- a/pymisp/tools/emailobject.py +++ b/pymisp/tools/emailobject.py @@ -50,17 +50,30 @@ def generate_attributes(self): if 'Message-ID' in self.__email: self.add_attribute('message-id', value=self.__email['Message-ID']) if 'To' in self.__email: + # TODO: split name and email address to_add = [to.strip() for to in self.__email['To'].split(',')] self.add_attributes('to', *to_add) if 'Cc' in self.__email: + # TODO: split name and email address to_add = [to.strip() for to in self.__email['Cc'].split(',')] self.add_attributes('cc', *to_add) if 'Subject' in self.__email: self.add_attribute('subject', value=self.__email['Subject']) if 'From' in self.__email: + # TODO: split name and email address to_add = [to.strip() for to in self.__email['From'].split(',')] self.add_attributes('from', *to_add) if 'Return-Path' in self.__email: + # TODO: split name and email address self.add_attribute('return-path', value=self.__email['Return-Path']) if 'User-Agent' in self.__email: self.add_attribute('user-agent', value=self.__email['User-Agent']) + if self.__email.get_boundary(): + self.add_attribute('mime-boundary', value=self.__email.get_boundary()) + if 'X-Mailer' in self.__email: + self.add_attribute('x-mailer', value=self.__email['X-Mailer']) + if 'Thread-Index' in self.__email: + self.add_attribute('thread-index', value=self.__email['Thread-Index']) + # TODO: email-header: all headers in one bloc + # TODO: BCC? + # TODO: received headers sometimes have TO email addresses diff --git a/pymisp/tools/urlobject.py b/pymisp/tools/urlobject.py new file mode 100644 index 000000000..1e8df2dc5 --- /dev/null +++ b/pymisp/tools/urlobject.py @@ -0,0 +1,28 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +from .abstractgenerator import AbstractMISPObjectGenerator +import logging +from pyfaup.faup import Faup +from urllib.parse import unquote_plus + +logger = logging.getLogger('pymisp') + +faup = Faup() + + +class URLObject(AbstractMISPObjectGenerator): + + def __init__(self, url, standalone=True, **kwargs): + # PY3 way: + # super().__init__('file') + super(URLObject, self).__init__('url', standalone=standalone, **kwargs) + faup.decode(unquote_plus(url)) + self.generate_attributes() + + def generate_attributes(self): + self.add_attribute('url', value=faup.url.decode()) + if faup.get_host(): + self.add_attribute('host', value=faup.get_host()) + if faup.get_domain(): + self.add_attribute('domain', value=faup.get_domain())