Merge pull request #40 from MISP/fix-timeout

Fix timeout
2020-07-14 17:13:42 +02:00 · 2020-07-14 17:13:42 +02:00 · 476f007f41
parent f23f7ddaa1 c11da6661e
commit 476f007f41
3 changed files with 26 additions and 18 deletions
--- a/setup.py
+++ b/setup.py
@ -9,7 +9,7 @@ setup(
    name='MISP_maltego',
    author='Christophe Vandeplas',
    # also update version in util.py
-    version='1.4.5',
+    version='1.4.6',
    author_email='christophe@vandeplas.com',
    maintainer='Christophe Vandeplas',
    url='https://github.com/MISP/MISP-maltego',
@ -36,7 +36,7 @@ setup(
    python_requires='>=3.5',
    install_requires=[
        'canari>=3.3.10,<4',
-        'PyMISP>=2.4.114'
+        'PyMISP>=2.4.127'
    ],
    dependency_links=[
        # custom links for the install_requires
--- a/src/MISP_maltego/transforms/attributetoevent.py
+++ b/src/MISP_maltego/transforms/attributetoevent.py
@ -82,19 +82,24 @@ class SearchInMISP(Transform):

        # for all other normal entities
        conn = MISPConnection(config, request.parameters)
-        events_json = conn.misp.search(controller='events', value=request.entity.value, with_attachments=False)
+
        # we need to do really rebuild the Entity from scratch as request.entity is of type Unknown
-        for e in events_json:
-            # find the value as attribute
-            attr = get_attribute_in_event(e, request.entity.value, substring=True)
-            if attr:
-                for item in attribute_to_entity(attr, only_self=True):
-                    response += item
-            # find the value as object, and return the object
-            if 'Object' in e['Event']:
-                for o in e['Event']['Object']:
-                    if get_attribute_in_object(o, attribute_value=request.entity.value, substring=True).get('value'):
-                        response += conn.object_to_entity(o, link_label=link_label)
+        # TODO First try to build the object, then only attributes (for those that are not in object, or for all?)
+        # TODO check for the right version of MISP before, it needs to be 2.4.127 or higher.
+        # obj_json = conn.misp.search(controller='objects', value=request.entity.value, with_attachments=False)
+        # for o in obj_json:
+        #         for item in attribute_to_entity(attr, only_self=True, link_label=link_label):
+        #             response += item
+        #     # find the value as object, and return the object
+        #     if 'Object' in e['Event']:
+        #         for o in e['Event']['Object']:
+        #             if get_attribute_in_object(o, attribute_value=request.entity.value, substring=True).get('value'):
+        #                 response += conn.object_to_entity(o, link_label=link_label)
+
+        attr_json = conn.misp.search(controller='attributes', value=request.entity.value, with_attachments=False)
+        for a in attr_json['Attribute']:
+            for item in attribute_to_entity(a, only_self=True, link_label=link_label):
+                response += item

        return response

--- a/src/MISP_maltego/transforms/common/util.py
+++ b/src/MISP_maltego/transforms/common/util.py
@ -12,7 +12,7 @@ import requests
 import tempfile
 import time

-__version__ = '1.4.5'  # also update version in setup.py
+__version__ = '1.4.6'  # also update version in setup.py

 tag_note_prefixes = ['tlp:', 'PAP:', 'de-vs:', 'euci:', 'fr-classif:', 'nato:']

@ -85,7 +85,7 @@ class MISPConnection():
                    misp_key = parameters['mispkey'].value
                except AttributeError:
                    raise MaltegoException("ERROR: mispurl and mispkey need to be set to something valid")
-            self.misp = PyMISP(misp_url, misp_key, misp_verify, 'json', misp_debug, tool='misp_maltego')
+            self.misp = PyMISP(url=misp_url, key=misp_key, ssl=misp_verify, debug=misp_debug, tool='misp_maltego', timeout=(2, 60))
        except Exception:
            if is_local_exec_mode():
                raise MaltegoException("ERROR: Cannot connect to MISP server. Please verify your MISP_Maltego.conf settings.")
@ -219,6 +219,7 @@ def attribute_to_entity(a, link_label=None, event_tags=[], only_self=False):
    if a['type'] in ('url', 'uri'):
        yield(URL(url=a['value'], short_title=a['value'], link_label=link_label, notes=notes, bookmark=Bookmark.Green))
        return
+    # FIXME implement attachment screenshot type

    # attribute is from an object, and a relation gives better understanding of the type of attribute
    if a.get('object_relation') and mapping_misp_to_maltego.get(a['object_relation']):
@ -444,9 +445,9 @@ def galaxycluster_to_entity(c, link_label=None, link_direction=LinkDirection.Inp

 # LATER this uses the galaxies from github as the MISP web UI does not fully support the Galaxies in the webui.
 # See https://github.com/MISP/MISP/issues/3801
-galaxy_archive_url = 'https://github.com/MISP/misp-galaxy/archive/master.zip'
+galaxy_archive_url = 'https://github.com/MISP/misp-galaxy/archive/main.zip'
 local_path_uuid_mapping = os.path.join(local_path_root, 'MISP_maltego_galaxy_mapping.json')
-local_path_clusters = os.path.join(local_path_root, 'misp-galaxy-master', 'clusters')
+local_path_clusters = os.path.join(local_path_root, 'misp-galaxy-main', 'clusters')
 galaxy_cluster_uuids = None


@ -479,6 +480,8 @@ def galaxy_update_local_copy(force=False):
            zf.extractall(local_path_root)
            zf.close()
        except Exception:
+            # remove the lock
+            os.remove(lockfile)
            raise(MaltegoException("ERROR: Could not download Galaxy data from htts://github.com/MISP/MISP-galaxy/. Please check internet connectivity."))

        # generate the uuid mapping and save it to a file