mirror of https://github.com/MISP/MISP
fix: [stix2 export] Making stix2-validator happy with email additional header fields
parent
ec93e56187
commit
941e9d593b
|
@ -824,7 +824,7 @@ class StixBuilder():
|
||||||
def resolve_email_object_observable(self, attributes, object_id):
|
def resolve_email_object_observable(self, attributes, object_id):
|
||||||
observable = {}
|
observable = {}
|
||||||
message = defaultdict(list)
|
message = defaultdict(list)
|
||||||
reply_to = []
|
additional_header = {}
|
||||||
object_num = 0
|
object_num = 0
|
||||||
for attribute in attributes:
|
for attribute in attributes:
|
||||||
self.parse_galaxies(attribute['Galaxy'], object_id)
|
self.parse_galaxies(attribute['Galaxy'], object_id)
|
||||||
|
@ -840,8 +840,6 @@ class StixBuilder():
|
||||||
else:
|
else:
|
||||||
message[mapping].append(object_str)
|
message[mapping].append(object_str)
|
||||||
object_num += 1
|
object_num += 1
|
||||||
elif relation == 'reply-to':
|
|
||||||
reply_to.append(attribute_value)
|
|
||||||
elif relation == 'attachment':
|
elif relation == 'attachment':
|
||||||
object_str = str(object_num)
|
object_str = str(object_num)
|
||||||
body = {"content_disposition": "{}; filename='{}'".format(relation, attribute_value),
|
body = {"content_disposition": "{}; filename='{}'".format(relation, attribute_value),
|
||||||
|
@ -849,11 +847,9 @@ class StixBuilder():
|
||||||
message['body_multipart'].append(body)
|
message['body_multipart'].append(body)
|
||||||
observable[object_str] = {'type': 'file', 'name': attribute_value}
|
observable[object_str] = {'type': 'file', 'name': attribute_value}
|
||||||
object_num += 1
|
object_num += 1
|
||||||
elif relation == 'x-mailer':
|
elif relation in ('x-mailer', 'reply-to'):
|
||||||
if 'additional_header_fields' in message:
|
key = '-'.join([part.capitalize() for part in relation.split('-')])
|
||||||
message['additional_header_fields']['X-Mailer'] = attribute_value
|
additional_header[key] = attribute_value
|
||||||
else:
|
|
||||||
message['additional_header_fields'] = {'X-Mailer': attribute_value}
|
|
||||||
else:
|
else:
|
||||||
message[mapping] = attribute_value
|
message[mapping] = attribute_value
|
||||||
except Exception:
|
except Exception:
|
||||||
|
@ -862,8 +858,8 @@ class StixBuilder():
|
||||||
message[mapping] = {'value': attribute_value, 'data': attribute['data']}
|
message[mapping] = {'value': attribute_value, 'data': attribute['data']}
|
||||||
else:
|
else:
|
||||||
message[mapping] = attribute_value
|
message[mapping] = attribute_value
|
||||||
if reply_to and 'additional_header_fields' in message:
|
if additional_header:
|
||||||
message['additional_header_fields']['Reply-To'] = reply_to
|
message['additional_header_fields'] = additional_header
|
||||||
message['type'] = 'email-message'
|
message['type'] = 'email-message'
|
||||||
if 'body_multipart' in message:
|
if 'body_multipart' in message:
|
||||||
message['is_multipart'] = True
|
message['is_multipart'] = True
|
||||||
|
|
|
@ -188,7 +188,7 @@ def pattern_regkey_value(_, attribute_value):
|
||||||
|
|
||||||
def observable_reply_to(_, attribute_value):
|
def observable_reply_to(_, attribute_value):
|
||||||
return {'0': {'type': 'email-addr', 'value': attribute_value},
|
return {'0': {'type': 'email-addr', 'value': attribute_value},
|
||||||
'1': {'type': 'email-message', 'additional_header_fields': {'Reply-To': ['0']}, 'is_multipart': 'false'}}
|
'1': {'type': 'email-message', 'additional_header_fields': {'Reply-To': '0'}, 'is_multipart': 'false'}}
|
||||||
|
|
||||||
def pattern_reply_to(_, attribute_value):
|
def pattern_reply_to(_, attribute_value):
|
||||||
return "[email-message:additional_header_fields.reply_to = '{}']".format(attribute_value)
|
return "[email-message:additional_header_fields.reply_to = '{}']".format(attribute_value)
|
||||||
|
|
Loading…
Reference in New Issue