PyMISP/pymisp/tools/emailobject.py

64 lines
2.7 KiB
Python
Raw Normal View History

2018-03-18 23:21:29 +01:00
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from ..exceptions import InvalidMISPObject
from .abstractgenerator import AbstractMISPObjectGenerator
from io import BytesIO
import logging
from email import message_from_bytes, policy
2018-03-18 23:21:29 +01:00
logger = logging.getLogger('pymisp')
class EMailObject(AbstractMISPObjectGenerator):
def __init__(self, filepath=None, pseudofile=None, attach_original_email=True, standalone=True, **kwargs):
2018-03-18 23:21:29 +01:00
if filepath:
with open(filepath, 'rb') as f:
self.__pseudofile = BytesIO(f.read())
2018-03-18 23:21:29 +01:00
elif pseudofile and isinstance(pseudofile, BytesIO):
self.__pseudofile = pseudofile
2018-03-18 23:21:29 +01:00
else:
raise InvalidMISPObject('File buffer (BytesIO) or a path is required.')
# PY3 way:
# super().__init__('file')
super(EMailObject, self).__init__('email', standalone=standalone, **kwargs)
self.__email = message_from_bytes(self.__pseudofile.getvalue(), policy=policy.default)
if attach_original_email:
self.add_attribute('eml', value='Full email.eml', data=self.__pseudofile)
2018-03-18 23:21:29 +01:00
self.generate_attributes()
@property
def email(self):
return self.__email
@property
def attachments(self):
to_return = []
for attachment in self.__email.iter_attachments():
2018-05-04 16:06:48 +02:00
to_return.append((attachment.get_filename(), BytesIO(attachment.get_content())))
return to_return
2018-03-18 23:21:29 +01:00
def generate_attributes(self):
if self.__email.get_body(preferencelist=('html', 'plain')):
self.add_attribute('email-body', value=self.__email.get_body(preferencelist=('html', 'plain')).get_payload(decode=True).decode())
2018-03-18 23:21:29 +01:00
if 'Reply-To' in self.__email:
self.add_attribute('reply-to', value=self.__email['Reply-To'])
if 'Message-ID' in self.__email:
self.add_attribute('message-id', value=self.__email['Message-ID'])
if 'To' in self.__email:
for to in self.__email['To'].split(','):
self.add_attribute('to', value=to.strip())
if 'Cc' in self.__email:
for cc in self.__email['Cc'].split(','):
self.add_attribute('cc', value=cc.strip())
if 'Subject' in self.__email:
self.add_attribute('subject', value=self.__email['Subject'])
if 'From' in self.__email:
for e_from in self.__email['From'].split(','):
self.add_attribute('from', value=e_from.strip())
if 'Return-Path' in self.__email:
self.add_attribute('return-path', value=self.__email['Return-Path'])
if 'User-Agent' in self.__email:
self.add_attribute('user-agent', value=self.__email['User-Agent'])