From 17ebfe86aba41a368c4f68e9ff3b77088389ab42 Mon Sep 17 00:00:00 2001
From: Troy Ross <troy.ross@mandiant.com>
Date: Sun, 14 Jun 2020 10:36:40 -0600
Subject: [PATCH] Previously file object was reporting the libmagic description
 of a file instead of the mimetype. According to [MISP
 DataModels](https://www.misp-project.org/datamodels/#types) ``` mime-type: A
 media type (also MIME type and content type) is a two-part identifier for
 file formats and format contents transmitted on the Internet ``` more
 precisely defined in [RFC2045](https://tools.ietf.org/html/rfc2045) and
 others.

The description returned by libmagic is more useful than the generic mime-type,
but I did not find a place to put the description in the current data model.
---
 pymisp/tools/fileobject.py |  2 +-
 tests/test_fileobject.py   | 16 ++++++++++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)
 create mode 100644 tests/test_fileobject.py

diff --git a/pymisp/tools/fileobject.py b/pymisp/tools/fileobject.py
index 5350a67..4d7d407 100644
--- a/pymisp/tools/fileobject.py
+++ b/pymisp/tools/fileobject.py
@@ -68,7 +68,7 @@ class FileObject(AbstractMISPObjectGenerator):
             self.add_attribute('sha512', value=sha512(self.__data).hexdigest())
             self.add_attribute('malware-sample', value=self.__filename, data=self.__pseudofile)
             if HAS_MAGIC:
-                self.add_attribute('mimetype', value=magic.from_buffer(self.__data))
+                self.add_attribute('mimetype', value=magic.from_buffer(self.__data, mime=True))
             if HAS_PYDEEP:
                 self.add_attribute('ssdeep', value=pydeep.hash_buf(self.__data).decode())
 
diff --git a/tests/test_fileobject.py b/tests/test_fileobject.py
new file mode 100644
index 0000000..acd5b72
--- /dev/null
+++ b/tests/test_fileobject.py
@@ -0,0 +1,16 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+import unittest
+import json
+from pymisp.tools import FileObject
+import pathlib
+
+
+class TestFileObject(unittest.TestCase):
+    def test_mimeType(self):
+        file_object = FileObject(filepath=pathlib.Path(__file__))
+        attributes = json.loads(file_object.to_json())['Attribute']
+        mime = next(attr for attr in attributes if attr['object_relation'] == 'mimetype')
+        # was "Python script, ASCII text executable"
+        self.assertEqual(mime['value'], 'text/x-python')