Update accordingly to the current server implementation

2017-07-24 17:16:40 +02:00 · 2017-07-24 17:16:40 +02:00 · 2fd3b05202
parent 0c66d80dd1
commit 2fd3b05202
5 changed files with 66 additions and 58 deletions
--- a/examples/add_file_object.py
+++ b/examples/add_file_object.py
@ -0,0 +1,48 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+from pymisp import PyMISP
+from pymisp.tools import make_binary_objects
+import traceback
+from keys import misp_url, misp_key, misp_verifycert
+import glob
+import argparse
+
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description='Extract indicators out of binaries and add MISP objects to a MISP instance.')
+    parser.add_argument("-e", "--event", required=True, help="Event ID to update.")
+    parser.add_argument("-p", "--path", required=True, help="Path to process (expanded using glob).")
+    args = parser.parse_args()
+
+    pymisp = PyMISP(misp_url, misp_key, misp_verifycert)
+
+    for f in glob.glob(args.path):
+        print('\n', f)
+        try:
+            fo, peo, seos = make_binary_objects(f)
+        except Exception as e:
+            traceback.print_exc()
+            continue
+        if fo:
+            template_id = pymisp.get_object_template_id(fo['name'])
+            try:
+                response = pymisp.add_object(args.event, template_id, fo)
+                print(response)
+            except Exception as e:
+                traceback.print_exc()
+                continue
+        continue
+        if peo:
+            template_id = pymisp.get_object_template_id(peo['name'])
+            print(template_id)
+            r = pymisp.add_object(args.event, template_id, peo)
+            print(r)
+        continue
+        if seos:
+            for s in seos:
+                print(s)
+                template_id = pymisp.get_object_template_id(s['name'])
+                r = pymisp.add_object(args.event, template_id, s)
+                print(r)
+                break
--- a/pymisp/api.py
+++ b/pymisp/api.py
@ -1584,12 +1584,23 @@ class PyMISP(object):

    def add_object(self, event_id, template_id, misp_object):
        session = self.__prepare_session()
-        url = urljoin(self.root_url, 'objectTemplates/add/{}/{}'.format(event_id, template_id))
-        if not misp_object.get('object'):
-            misp_object = {'object': misp_object}
+        url = urljoin(self.root_url, 'objects/add/{}/{}'.format(event_id, template_id))
        response = session.post(url, data=json.dumps(misp_object))
        return self._check_response(response)

+    def get_object_templates_list(self):
+        session = self.__prepare_session()
+        url = urljoin(self.root_url, 'objectTemplates')
+        response = session.get(url)
+        return self._check_response(response)['response']
+
+    def get_object_template_id(self, object_name):
+        templates = self.get_object_templates_list()
+        for t in templates:
+            if t['ObjectTemplate']['name'] == object_name:
+                return t['ObjectTemplate']['id']
+        raise Exception('Unable to find template name {} on the MISP instance'.format(object_name))
+
    # ###########################
    # ####### Deprecated ########
    # ###########################
--- a/pymisp/tools/create_misp_object.py
+++ b/pymisp/tools/create_misp_object.py
@ -32,7 +32,7 @@ def make_binary_objects(filepath):
    try:
        lief_parsed = lief.parse(filepath)
        if isinstance(lief_parsed, lief.PE.Binary):
-            make_pe_objects(lief_parsed, misp_file)
+            return make_pe_objects(lief_parsed, misp_file)
        elif isinstance(lief_parsed, lief.ELF.Binary):
            raise FileTypeNotImplemented('ELF not implemented yet.')
        elif isinstance(lief_parsed, lief.MachO.Binary):
--- a/pymisp/tools/objectgenerator.py
+++ b/pymisp/tools/objectgenerator.py
@ -7,7 +7,7 @@ import json
 import uuid
 import abc
 import sys
-import six
+import six  # Remove that import when discarding python2 support.


 class MISPObjectException(Exception):
@ -72,7 +72,7 @@ class MISPObjectGenerator():
            # Set all the values in the MISP attribute
            attribute.set_all_values(**value)
            # Finalize the actual MISP Object
-            new_object['ObjectAttribute'].append({'type': object_type, 'Attribute': attribute._json()})
+            new_object['Attribute'].append({'type': object_type, 'Attribute': attribute._json()})
        return new_object

    def _validate(self, dump):
@ -95,7 +95,7 @@ class MISPObjectGenerator():
        """Create a new empty object out of the template"""
        return {'name': object_definiton['name'], 'meta-category': object_definiton['meta-category'],
                'uuid': self.uuid, 'description': object_definiton['description'],
-                'version': object_definiton['version'], 'ObjectAttribute': []}
+                'version': object_definiton['version'], 'Attribute': []}

    @abc.abstractmethod
    def generate_attributes(self):
--- a/pymisp/tools/prepare_misp_object.py
+++ b/pymisp/tools/prepare_misp_object.py
@ -1,51 +0,0 @@
-#!/usr/bin/env python3
-# -*- coding: utf-8 -*-
-
-from pymisp import PyMISP
-from pymisp.tools import FileObject, PEObject
-from pymisp.tools import make_binary_objects
-import traceback
-
-
-try:
-    import lief
-    HAS_LIEF = True
-except ImportError:
-    HAS_LIEF = False
-    raise ImportError("Please install lief: https://github.com/lief-project/LIEF")
-
-
-if __name__ == '__main__':
-    pymisp = PyMISP('https://mispbeta.circl.lu', 'et9ZEgn70YJ6URkCr6741LpJNAVUMYD1rM063od3')
-
-
-    # fo, peo, seos = make_objects('/home/raphael/.viper/projects/troopers17/vt_samples/1189/566ab945f61be016bfd9e83cc1b64f783b9b8deb891e6d504d3442bc8281b092')
-    import glob
-    for f in glob.glob('/home/raphael/.viper/projects/troopers17/vt_samples/*/*'):
-    #for f in glob.glob('/home/raphael/gits/pefile-tests/tests/corkami/*/*.exe'):
-    #for f in glob.glob('/home/raphael/gits/pefile-tests/tests/corkami/pocs/version_mini.exe'):
-    #for f in glob.glob('/home/raphael/gits/pefile-tests/tests/corkami/pocs/version_cust.exe'):
-    #for f in glob.glob('/home/raphael/gits/pefile-tests/tests/data/*.dll'):
-        print('\n', f)
-        try:
-            fo, peo, seos = make_binary_objects(f)
-        except Exception as e:
-            traceback.print_exc()
-            continue
-        continue
-        if fo:
-            response = pymisp.add_object(2221, 7, fo)
-            print(response)
-        if peo:
-            pymisp.add_object(2221, 11, peo)
-        if seos:
-            for s in seos:
-                pymisp.add_object(2221, 12, s)
-
-        #with open('fileobj.json', 'w') as f:
-        #    json.dump(fo, f)
-        #with open('peobj.json', 'w') as f:
-        #    json.dump(peo, f)
-        #with open('seobj.json', 'w') as f:
-        #    json.dump(seos, f)
-        break