new: [transform] migration to ExpandedPyMISP

2019-10-06 16:57:27 +02:00 · 2019-10-06 16:57:27 +02:00 · c90973ff06
parent baa878dea1
commit c90973ff06
5 changed files with 17 additions and 20 deletions
--- a/setup.py
+++ b/setup.py
@ -31,7 +31,7 @@ setup(
    python_requires='>=3.5',
    install_requires=[
        'canari>=3.3.10,<4',
-        'PyMISP>=2.4.106'
+        'PyMISP>=2.4.114'
    ],
    dependency_links=[
        # custom links for the install_requires
--- a/src/MISP_maltego/transforms/attributetoevent.py
+++ b/src/MISP_maltego/transforms/attributetoevent.py
@ -32,18 +32,12 @@ class AttributeInMISP(Transform):

        misp = get_misp_connection(config)
        events_json = misp.search(controller='events', values=maltego_misp_attribute.value, withAttachments=False)
-        in_misp = False
-        for e in events_json['response']:
-            in_misp = True
-            break
-        # find the object again, and bookmark it green
        # we need to do really rebuild the Entity from scratch as request.entity is of type Unknown
-        if in_misp:
-            for e in events_json['response']:
-                attr = get_attribute_in_event(e, maltego_misp_attribute.value)
-                if attr:
-                    for item in attribute_to_entity(attr, only_self=True):
-                        response += item
+        for e in events_json:
+            attr = get_attribute_in_event(e, maltego_misp_attribute.value)
+            if attr:
+                for item in attribute_to_entity(attr, only_self=True):
+                    response += item
        return response


@ -92,21 +86,24 @@ class AttributeToEvent(Transform):
            if not tag_name:
                tag_name = request.entity.value
            events_json = misp.search(controller='events', tags=tag_name, withAttachments=False)
+            for e in events_json:
+                response += event_to_entity(e, link_direction=LinkDirection.OutputToInput)
+            return response
        # from Object
        elif 'properties.mispobject' in request.entity.fields:
            if request.entity.fields.get('event_id'):
                events_json = misp.search(controller='events', eventid=request.entity.fields.get('event_id').value, withAttachments=False)
-                for e in events_json['response']:
+                for e in events_json:
                    response += event_to_entity(e, link_direction=LinkDirection.OutputToInput)
                return response
            else:
                return response
        # standard Entities (normal attributes)
        else:
-            events_json = misp.search(controller='events', values=request.entity.value, withAttachments=False)
+            events_json = misp.search(controller='events', value=request.entity.value, withAttachments=False)

        # return the MISPEvent or MISPObject of the attribute
-        for e in events_json['response']:
+        for e in events_json:
            # find the value as attribute
            attr = get_attribute_in_event(e, request.entity.value)
            if attr:
--- a/src/MISP_maltego/transforms/common/util.py
+++ b/src/MISP_maltego/transforms/common/util.py
@ -1,7 +1,7 @@
 from canari.maltego.entities import Hash, Domain, IPv4Address, URL, DNSName, AS, Website, NSRecord, PhoneNumber, EmailAddress, File, Person, Hashtag, Location, Company, Alias, Port, Twitter
 from MISP_maltego.transforms.common.entities import MISPEvent, MISPObject, MISPGalaxy
 from canari.maltego.message import Label, LinkStyle, MaltegoException, Bookmark, LinkDirection
-from pymisp import PyMISP
+from pymisp import ExpandedPyMISP as PyMISP
 import json
 import os
 import os.path
@ -235,7 +235,7 @@ def object_to_entity(o, link_label=None, link_direction=LinkDirection.InputToOut
    # - if none, use the first RequiredField
    # LATER further finetune the human readable version of this object
    misp = get_misp_connection()
-    o_template = misp.get_object_template_id(o['template_uuid'])
+    o_template = misp.get_object_template(o['template_uuid'])
    human_readable = None
    try:
        found = False
--- a/src/MISP_maltego/transforms/eventtoattributes.py
+++ b/src/MISP_maltego/transforms/eventtoattributes.py
@ -39,8 +39,8 @@ class EventToTransform(Transform):
        self.misp = get_misp_connection(config)
        event_id = maltego_misp_event.id
        search_result = self.misp.search(controller='events', eventid=event_id, withAttachments=False)
-        if search_result.get('response'):
-            self.event_json = search_result['response'].pop()
+        if search_result:
+            self.event_json = search_result.pop()
        else:
            return False

--- a/src/MISP_maltego/transforms/galaxytoevent.py
+++ b/src/MISP_maltego/transforms/galaxytoevent.py
@ -41,7 +41,7 @@ class GalaxyToEvents(Transform):
        else:
            tag_name = maltego_misp_galaxy.value
        events_json = misp.search(controller='events', tags=tag_name, withAttachments=False)
-        for e in events_json['response']:
+        for e in events_json:
            response += MISPEvent(e['Event']['id'], uuid=e['Event']['uuid'], info=e['Event']['info'], link_direction=LinkDirection.OutputToInput)
        return response