MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity

Added unzip-flag 

added: download_samples(..., unzip=True)
pull/238/head
Steffen Sauler 2018-06-12 16:16:40 +02:00 committed by GitHub
parent 3ea729c627
commit 26fa04428d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
pymisp/api.py
View File

@ -1194,7 +1194,7 @@ class PyMISP(object):
rules = '\n\n'.join([a['value'] for a in result['response']['Attribute']]) rules = '\n\n'.join([a['value'] for a in result['response']['Attribute']])
return True, rules return True, rules
def download_samples(self, sample_hash=None, event_id=None, all_samples=False): def download_samples(self, sample_hash=None, event_id=None, all_samples=False, unzip=True):
"""Download samples, by hash or event ID. If there are multiple samples in one event, use the all_samples switch""" """Download samples, by hash or event ID. If there are multiple samples in one event, use the all_samples switch"""
url = urljoin(self.root_url, 'attributes/downloadSample') url = urljoin(self.root_url, 'attributes/downloadSample')
to_post = {'request': {'hash': sample_hash, 'eventID': event_id, 'allSamples': all_samples}} to_post = {'request': {'hash': sample_hash, 'eventID': event_id, 'allSamples': all_samples}}
@ -1208,19 +1208,21 @@ class PyMISP(object):
for f in result['result']: for f in result['result']:
decoded = base64.b64decode(f['base64']) decoded = base64.b64decode(f['base64'])
zipped = BytesIO(decoded) zipped = BytesIO(decoded)
try: if unzip:
archive = zipfile.ZipFile(zipped) try:
if f.get('md5') and f['md5'] in archive.namelist(): archive = zipfile.ZipFile(zipped)
# New format if f.get('md5') and f['md5'] in archive.namelist():
unzipped = BytesIO(archive.open(f['md5'], pwd=b'infected').read()) # New format
else: unzipped = BytesIO(archive.open(f['md5'], pwd=b'infected').read())
# Old format else:
unzipped = BytesIO(archive.open(f['filename'], pwd=b'infected').read()) # Old format
details.append([f['event_id'], f['filename'], unzipped]) unzipped = BytesIO(archive.open(f['filename'], pwd=b'infected').read())
except zipfile.BadZipfile: details.append([f['event_id'], f['filename'], unzipped])
# In case the sample isn't zipped except zipfile.BadZipfile:
details.append([f['event_id'], f['filename'], zipped]) # In case the sample isn't zipped
details.append([f['event_id'], f['filename'], zipped])
else:
details.append([f['event_id'], "{0}.zip".format(f['filename']), zipped])
return True, details return True, details
def download_last(self, last): def download_last(self, last):