MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity

Refactoring search method

pull/41/head
Raphaël Vinot 2017-01-24 09:41:30 +01:00
parent 296d0501db
commit 0f1553ef33
1 changed files with 75 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
pymisp/api.py
View File

@ -826,9 +826,7 @@ class PyMISP(object):
to_return += '&&!'.join(not_values) to_return += '&&!'.join(not_values)
return to_return return to_return
def search(self, values=None, not_values=None, type_attribute=None, def search(self, controller='events', **kwargs):
category=None, org=None, tags=None, not_tags=None, date_from=None,
date_to=None, last=None, metadata=None, uuid=None, controller='events'):
"""Search via the Rest API """Search via the Rest API
:param values: values to search for :param values: values to search for
@ -841,42 +839,91 @@ class PyMISP(object):
:param date_from: First date :param date_from: First date
:param date_to: Last date :param date_to: Last date
:param last: Last updated events (for example 5d or 12h or 30m) :param last: Last updated events (for example 5d or 12h or 30m)
:param metadata: return onlymetadata if True :param eventid: Last date
:param uuid: a valid uuid :param withAttachments: return events with or without the attachments
:param uuid: search by uuid
:param publish_timestamp: the publish timestamp
:param timestamp: the creation timestamp
:param enforceWarninglist: Enforce the warning lists
:param searchall: full text search on the database
:param metadata: return only metadata if True
:param published: return only published events
:param to_ids: return only the attributes with the to_ids flag set
:param deleted: also return the deleted attributes
""" """
val = self.__prepare_rest_search(values, not_values) # Event: array('value', 'type', 'category', 'org', 'tags', 'from', 'to', 'last', 'eventid', 'withAttachments', 'uuid', 'publish_timestamp', 'timestamp', 'enforceWarninglist', 'searchall', 'metadata', 'published');
tag = self.__prepare_rest_search(tags, not_tags) # Attribute: array('value', 'type', 'category', 'org', 'tags', 'from', 'to', 'last', 'eventid', 'withAttachments', 'uuid', 'publish_timestamp', 'timestamp', 'enforceWarninglist', 'to_ids', 'deleted');
val = self.__prepare_rest_search(kwargs.get('values'), kwargs.get('not_values'))
query = {} query = {}
if len(val) != 0: if len(val) != 0:
query['value'] = val query['value'] = val
if kwargs.get('type_attribute'):
query['type'] = kwargs.get('type_attribute')
if kwargs.get('category'):
query['category'] = kwargs.get('category')
if kwargs.get('org') is not None:
query['org'] = kwargs.get('org')
tag = self.__prepare_rest_search(kwargs.get('tags'), kwargs.get('not_tags'))
if len(tag) != 0: if len(tag) != 0:
query['tags'] = tag query['tags'] = tag
if type_attribute is not None:
query['type'] = type_attribute if kwargs.get('date_from'):
if category is not None: if isinstance(kwargs.get('date_from'), datetime.date) or isinstance(kwargs.get('date_from'), datetime.datetime):
query['category'] = category query['from'] = kwargs.get('date_from').strftime('%Y-%m-%d')
if org is not None:
query['org'] = org
if date_from is not None:
if isinstance(date_from, datetime.date) or isinstance(date_to, datetime.datetime):
query['from'] = date_from.strftime('%Y-%m-%d')
else: else:
query['from'] = date_from query['from'] = kwargs.get('date_from')
if date_to is not None:
if isinstance(date_to, datetime.date) or isinstance(date_to, datetime.datetime): if kwargs.get('date_to'):
query['to'] = date_to.strftime('%Y-%m-%d') if isinstance(kwargs.get('date_to'), datetime.date) or isinstance(kwargs.get('date_to'), datetime.datetime):
query['to'] = kwargs.get('date_to').strftime('%Y-%m-%d')
else: else:
query['to'] = date_to query['to'] = kwargs.get('date_to')
if last is not None:
query['last'] = last if kwargs.get('last'):
if metadata is not None: query['last'] = kwargs.get('last')
query['metadata'] = metadata
if uuid is not None: if kwargs.get('eventid'):
if self._valid_uuid(uuid): query['eventid'] = kwargs.get('eventid')
query['uuid'] = uuid
if kwargs.get('withAttachments'):
query['withAttachments'] = kwargs.get('withAttachments')
if kwargs.get('uuid'):
if self._valid_uuid(kwargs.get('uuid')):
query['uuid'] = kwargs.get('uuid')
else: else:
return {'error': 'You must enter a valid uuid.'} return {'error': 'You must enter a valid uuid.'}
if kwargs.get('publish_timestamp'):
query['publish_timestamp'] = kwargs.get('publish_timestamp')
if kwargs.get('timestamp'):
query['timestamp'] = kwargs.get('timestamp')
if kwargs.get('enforceWarninglist'):
query['enforceWarninglist'] = kwargs.get('enforceWarninglist')
if kwargs.get('to_ids') is not None:
query['to_ids'] = kwargs.get('to_ids')
if kwargs.get('deleted') is not None:
query['deleted'] = kwargs.get('deleted')
if controller == 'events':
# Event search only:
if kwargs.get('searchall'):
query['searchall'] = kwargs.get('searchall')
if kwargs.get('metadata') is not None:
query['metadata'] = kwargs.get('metadata')
if kwargs.get('published') is not None:
query['published'] = kwargs.get('published')
session = self.__prepare_session() session = self.__prepare_session()
return self.__query(session, 'restSearch/download', query, controller) return self.__query(session, 'restSearch/download', query, controller)