MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'cvandeplas-master'

pull/160/head
Raphaël Vinot 2017-12-20 14:27:49 +01:00
parent 994afea0bd 4a1d43c7e2
commit 346a06c016
5 changed files with 36 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
pymisp/mispevent.py
View File

@ -689,7 +689,7 @@ class MISPObjectAttribute(MISPAttribute):
class MISPObject(AbstractMISP):
def __init__(self, name, strict=False, standalone=False, default_attributes_paramaters={}, **kwargs):
def __init__(self, name, strict=False, standalone=False, default_attributes_parameters={}, **kwargs):
''' Master class representing a generic MISP object
:name: Name of the object
@ -698,7 +698,7 @@ class MISPObject(AbstractMISP):
:standalone: The object will be pushed as directly on MISP, not as a part of an event.
In this case the ObjectReference needs to be pushed manually and cannot be in the JSON dump.
:default_attributes_paramaters: Used as template for the attributes if they are not overwritten in add_attribute
:default_attributes_parameters: Used as template for the attributes if they are not overwritten in add_attribute
'''
super(MISPObject, self).__init__(**kwargs)
self.__strict = strict
@ -725,21 +725,25 @@ class MISPObject(AbstractMISP):
pass
self.uuid = str(uuid.uuid4())
self.__fast_attribute_access = {} # Hashtable object_relation: [attributes]
self._default_attributes_paramaters = default_attributes_paramaters
if self._default_attributes_paramaters:
self._default_attributes_parameters = default_attributes_parameters
if self._default_attributes_parameters:
# Let's clean that up
self._default_attributes_paramaters.pop('value', None) # duh
self._default_attributes_paramaters.pop('uuid', None) # duh
self._default_attributes_paramaters.pop('id', None) # duh
self._default_attributes_paramaters.pop('object_id', None) # duh
self._default_attributes_paramaters.pop('type', None) # depends on the value
self._default_attributes_paramaters.pop('object_relation', None) # depends on the value
self._default_attributes_paramaters.pop('disable_correlation', None) # depends on the value
self._default_attributes_paramaters.pop('to_ids', None) # depends on the value
self._default_attributes_paramaters.pop('category', None) # depends on the value
self._default_attributes_paramaters.pop('deleted', None) # doesn't make sense to pre-set it
self._default_attributes_paramaters.pop('data', None) # in case the original in a sample or an attachment
self.distribution = self._default_attributes_paramaters.distribution
self._default_attributes_parameters.pop('value', None) # duh
self._default_attributes_parameters.pop('uuid', None) # duh
self._default_attributes_parameters.pop('id', None) # duh
self._default_attributes_parameters.pop('object_id', None) # duh
self._default_attributes_parameters.pop('type', None) # depends on the value
self._default_attributes_parameters.pop('object_relation', None) # depends on the value
self._default_attributes_parameters.pop('disable_correlation', None) # depends on the value
self._default_attributes_parameters.pop('to_ids', None) # depends on the value
self._default_attributes_parameters.pop('category', None) # depends on the value
self._default_attributes_parameters.pop('deleted', None) # doesn't make sense to pre-set it
self._default_attributes_parameters.pop('data', None) # in case the original in a sample or an attachment
self.distribution = self._default_attributes_parameters.distribution
self.sharing_group_id = self._default_attributes_parameters.sharing_group_id
else:
self.distribution = 3
self.sharing_group_id = None
self.ObjectReference = []
self._standalone = standalone
if self._standalone:
@ -856,8 +860,8 @@ class MISPObject(AbstractMISP):
attribute = MISPObjectAttribute({})
else:
attribute = MISPObjectAttribute({})
# Overwrite the parameters of self._default_attributes_paramaters with the ones of value
attribute.from_dict(object_relation=object_relation, **dict(self._default_attributes_paramaters, **value))
# Overwrite the parameters of self._default_attributes_parameters with the ones of value
attribute.from_dict(object_relation=object_relation, **dict(self._default_attributes_parameters, **value))
if not self.__fast_attribute_access.get(object_relation):
self.__fast_attribute_access[object_relation] = []
self.__fast_attribute_access[object_relation].append(attribute)

22
pymisp/tools/create_misp_object.py
View File

@ -22,8 +22,8 @@ class FileTypeNotImplemented(MISPObjectException):
pass
def make_pe_objects(lief_parsed, misp_file, standalone=True, default_attributes_paramaters={}):
pe_object = PEObject(parsed=lief_parsed, standalone=standalone, default_attributes_paramaters=default_attributes_paramaters)
def make_pe_objects(lief_parsed, misp_file, standalone=True, default_attributes_parameters={}):
pe_object = PEObject(parsed=lief_parsed, standalone=standalone, default_attributes_parameters=default_attributes_parameters)
misp_file.add_reference(pe_object.uuid, 'included-in', 'PE indicators')
pe_sections = []
for s in pe_object.sections:
@ -31,8 +31,8 @@ def make_pe_objects(lief_parsed, misp_file, standalone=True, default_attributes_
return misp_file, pe_object, pe_sections
def make_elf_objects(lief_parsed, misp_file, standalone=True, default_attributes_paramaters={}):
elf_object = ELFObject(parsed=lief_parsed, standalone=standalone, default_attributes_paramaters=default_attributes_paramaters)
def make_elf_objects(lief_parsed, misp_file, standalone=True, default_attributes_parameters={}):
elf_object = ELFObject(parsed=lief_parsed, standalone=standalone, default_attributes_parameters=default_attributes_parameters)
misp_file.add_reference(elf_object.uuid, 'included-in', 'ELF indicators')
elf_sections = []
for s in elf_object.sections:
@ -40,8 +40,8 @@ def make_elf_objects(lief_parsed, misp_file, standalone=True, default_attributes
return misp_file, elf_object, elf_sections
def make_macho_objects(lief_parsed, misp_file, standalone=True, default_attributes_paramaters={}):
macho_object = MachOObject(parsed=lief_parsed, standalone=standalone, default_attributes_paramaters=default_attributes_paramaters)
def make_macho_objects(lief_parsed, misp_file, standalone=True, default_attributes_parameters={}):
macho_object = MachOObject(parsed=lief_parsed, standalone=standalone, default_attributes_parameters=default_attributes_parameters)
misp_file.add_reference(macho_object.uuid, 'included-in', 'MachO indicators')
macho_sections = []
for s in macho_object.sections:
@ -49,9 +49,9 @@ def make_macho_objects(lief_parsed, misp_file, standalone=True, default_attribut
return misp_file, macho_object, macho_sections
def make_binary_objects(filepath=None, pseudofile=None, filename=None, standalone=True, default_attributes_paramaters={}):
def make_binary_objects(filepath=None, pseudofile=None, filename=None, standalone=True, default_attributes_parameters={}):
misp_file = FileObject(filepath=filepath, pseudofile=pseudofile, filename=filename,
standalone=standalone, default_attributes_paramaters=default_attributes_paramaters)
standalone=standalone, default_attributes_parameters=default_attributes_parameters)
if HAS_LIEF and filepath or (pseudofile and filename):
try:
if filepath:
@ -63,11 +63,11 @@ def make_binary_objects(filepath=None, pseudofile=None, filename=None, standalon
else:
lief_parsed = lief.parse(raw=pseudofile.getvalue(), name=filename)
if isinstance(lief_parsed, lief.PE.Binary):
return make_pe_objects(lief_parsed, misp_file, standalone, default_attributes_paramaters)
return make_pe_objects(lief_parsed, misp_file, standalone, default_attributes_parameters)
elif isinstance(lief_parsed, lief.ELF.Binary):
return make_elf_objects(lief_parsed, misp_file, standalone, default_attributes_paramaters)
return make_elf_objects(lief_parsed, misp_file, standalone, default_attributes_parameters)
elif isinstance(lief_parsed, lief.MachO.Binary):
return make_macho_objects(lief_parsed, misp_file, standalone, default_attributes_paramaters)
return make_macho_objects(lief_parsed, misp_file, standalone, default_attributes_parameters)
except lief.bad_format as e:
logger.warning('Bad format: {}'.format(e))
except lief.bad_file as e:

2
pymisp/tools/elfobject.py
View File

@ -58,7 +58,7 @@ class ELFObject(AbstractMISPObjectGenerator):
if self.__elf.sections:
pos = 0
for section in self.__elf.sections:
s = ELFSectionObject(section, self._standalone, default_attributes_paramaters=self._default_attributes_paramaters)
s = ELFSectionObject(section, self._standalone, default_attributes_parameters=self._default_attributes_parameters)
self.add_reference(s.uuid, 'included-in', 'Section {} of ELF'.format(pos))
pos += 1
self.sections.append(s)

2
pymisp/tools/machoobject.py
View File

@ -61,7 +61,7 @@ class MachOObject(AbstractMISPObjectGenerator):
if self.__macho.sections:
pos = 0
for section in self.__macho.sections:
s = MachOSectionObject(section, self._standalone, default_attributes_paramaters=self._default_attributes_paramaters)
s = MachOSectionObject(section, self._standalone, default_attributes_parameters=self._default_attributes_parameters)
self.add_reference(s.uuid, 'included-in', 'Section {} of MachO'.format(pos))
pos += 1
self.sections.append(s)

2
pymisp/tools/peobject.py
View File

@ -104,7 +104,7 @@ class PEObject(AbstractMISPObjectGenerator):
if self.__pe.sections:
pos = 0
for section in self.__pe.sections:
s = PESectionObject(section, self._standalone, default_attributes_paramaters=self._default_attributes_paramaters)
s = PESectionObject(section, self._standalone, default_attributes_parameters=self._default_attributes_parameters)
self.add_reference(s.uuid, 'included-in', 'Section {} of PE'.format(pos))
if ((self.__pe.entrypoint >= section.virtual_address) and
(self.__pe.entrypoint < (section.virtual_address + section.virtual_size))):