Added xml files parsing

2017-12-01 11:29:48 +01:00 · 2017-12-01 11:29:48 +01:00 · 6747549b67
parent e760ba7b6a
commit 6747549b67
1 changed files with 17 additions and 10 deletions
--- a/app/files/scripts/stix2misp.py
+++ b/app/files/scripts/stix2misp.py
@ -17,6 +17,7 @@

 import sys, json, os, time
 import pymisp
+from stix.core import STIXPackage

 eventTypes = {"ipv4-addr": {"src": "ip-src", "dst": "ip-dst", "value": "address_value"},
              "ipv6-addr": {"src": "ip-src", "dst": "ip-dst", "value": "address_value"},
@ -33,7 +34,11 @@ def loadEvent(args, pathname):
        tempFile = open(filename, 'r')
        if filename.endswith('.json'):
            event = json.loads(tempFile.read())
-        return event
+            isJson = True
+        else:
+            event = STIXPackage.from_xml(tempFile)
+            isJson = False
+        return event, isJson
    except:
        print(json.dumps({'success': 0, 'message': 'The temporary STIX export file could not be read'}))
        sys.exit(1)
@ -102,26 +107,28 @@ def buildMispDict(stixEvent):
        attribute["type"] = typeVal
        attribute["value"] = valueVal
        attribute["category"] = indic.get("relationship")
-        #print(attribute)
        mispDict["Attribute"].append(attribute)
    return mispDict

-def saveFile(args, pathname, misp):
-    filename = "{}/tmp/{}.in".format(pathname, args[1])
+def saveFile(namefile, pathname, misp):
+    filepath = "{}/tmp/{}.in".format(pathname, namefile)
    eventDict = misp.to_dict(with_timestamp=True)
-    print(eventDict)
-    with open(filename, 'w') as f:
+    with open(filepath, 'w') as f:
        f.write(json.dumps(eventDict))

 def main(args):
    pathname = os.path.dirname(args[0])
-    stixEvent = loadEvent(args, pathname)
-    stixEvent = stixEvent["package"]
+    stixEvent, isJson = loadEvent(args, pathname)
+    if isJson:
+        stixEvent = stixEvent["package"]
+        namefile = args[1]
+    else:
+        stixEvent = json.loads(stixEvent.related_packages.related_package[0].to_json())['package']
+        namefile = '{}.json'.format(args[1][:-4])
    mispDict = buildMispDict(stixEvent)
-    #print(mispDict)
    misp = pymisp.MISPEvent(None, False)
    misp.from_dict(**mispDict)
-    saveFile(args, pathname, misp)
+    saveFile(namefile, pathname, misp)
    print(1)

 if __name__ == "__main__":