2018-03-18 23:21:29 +01:00
|
|
|
#!/usr/bin/env python
|
|
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
|
|
|
|
|
|
from ..exceptions import InvalidMISPObject
|
|
|
|
|
from .abstractgenerator import AbstractMISPObjectGenerator
|
|
|
|
|
from io import BytesIO
|
|
|
|
|
import logging
|
2018-05-03 20:51:04 +02:00
|
|
|
from email import message_from_bytes, policy
|
2018-03-18 23:21:29 +01:00
|
|
|
|
|
|
|
|
logger = logging.getLogger('pymisp')
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class EMailObject(AbstractMISPObjectGenerator):
|
|
|
|
|
|
2018-05-03 20:51:04 +02:00
|
|
|
def __init__(self, filepath=None, pseudofile=None, attach_original_email=True, standalone=True, **kwargs):
|
2018-03-18 23:21:29 +01:00
|
|
|
if filepath:
|
|
|
|
|
with open(filepath, 'rb') as f:
|
2018-05-03 20:51:04 +02:00
|
|
|
self.__pseudofile = BytesIO(f.read())
|
2018-03-18 23:21:29 +01:00
|
|
|
elif pseudofile and isinstance(pseudofile, BytesIO):
|
2018-05-03 20:51:04 +02:00
|
|
|
self.__pseudofile = pseudofile
|
2018-03-18 23:21:29 +01:00
|
|
|
else:
|
|
|
|
|
raise InvalidMISPObject('File buffer (BytesIO) or a path is required.')
|
|
|
|
|
# PY3 way:
|
|
|
|
|
# super().__init__('file')
|
|
|
|
|
super(EMailObject, self).__init__('email', standalone=standalone, **kwargs)
|
2018-05-03 20:51:04 +02:00
|
|
|
self.__email = message_from_bytes(self.__pseudofile.getvalue(), policy=policy.default)
|
|
|
|
|
if attach_original_email:
|
2018-05-07 10:18:38 +02:00
|
|
|
self.add_attribute('eml', value='Full email.eml', data=self.__pseudofile)
|
2018-03-18 23:21:29 +01:00
|
|
|
self.generate_attributes()
|
|
|
|
|
|
2018-05-03 20:51:04 +02:00
|
|
|
@property
|
|
|
|
|
def email(self):
|
|
|
|
|
return self.__email
|
|
|
|
|
|
|
|
|
|
@property
|
|
|
|
|
def attachments(self):
|
|
|
|
|
to_return = []
|
|
|
|
|
for attachment in self.__email.iter_attachments():
|
2018-05-04 16:06:48 +02:00
|
|
|
to_return.append((attachment.get_filename(), BytesIO(attachment.get_content())))
|
2018-05-03 20:51:04 +02:00
|
|
|
return to_return
|
|
|
|
|
|
2018-03-18 23:21:29 +01:00
|
|
|
def generate_attributes(self):
|
2018-05-08 11:02:32 +02:00
|
|
|
if self.__email.get_body(preferencelist=('html', 'plain')):
|
|
|
|
|
self.add_attribute('email-body', value=self.__email.get_body(preferencelist=('html', 'plain')).get_payload(decode=True).decode())
|
2018-03-18 23:21:29 +01:00
|
|
|
if 'Reply-To' in self.__email:
|
|
|
|
|
self.add_attribute('reply-to', value=self.__email['Reply-To'])
|
|
|
|
|
if 'Message-ID' in self.__email:
|
|
|
|
|
self.add_attribute('message-id', value=self.__email['Message-ID'])
|
|
|
|
|
if 'To' in self.__email:
|
|
|
|
|
for to in self.__email['To'].split(','):
|
|
|
|
|
self.add_attribute('to', value=to.strip())
|
|
|
|
|
if 'Cc' in self.__email:
|
|
|
|
|
for cc in self.__email['Cc'].split(','):
|
|
|
|
|
self.add_attribute('cc', value=cc.strip())
|
|
|
|
|
if 'Subject' in self.__email:
|
|
|
|
|
self.add_attribute('subject', value=self.__email['Subject'])
|
|
|
|
|
if 'From' in self.__email:
|
|
|
|
|
for e_from in self.__email['From'].split(','):
|
|
|
|
|
self.add_attribute('from', value=e_from.strip())
|
|
|
|
|
if 'Return-Path' in self.__email:
|
|
|
|
|
self.add_attribute('return-path', value=self.__email['Return-Path'])
|
2018-05-03 20:51:04 +02:00
|
|
|
if 'User-Agent' in self.__email:
|
|
|
|
|
self.add_attribute('user-agent', value=self.__email['User-Agent'])
|
