MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'cvandeplas-master'

pull/160/head
Raphaël Vinot 2017-12-20 14:27:49 +01:00
parent 994afea0bd 4a1d43c7e2
commit 346a06c016
5 changed files with 36 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
pymisp/mispevent.py
View File

@ -689,7 +689,7 @@ class MISPObjectAttribute(MISPAttribute):
class MISPObject(AbstractMISP): class MISPObject(AbstractMISP):
def __init__(self, name, strict=False, standalone=False, default_attributes_paramaters={}, **kwargs): def __init__(self, name, strict=False, standalone=False, default_attributes_parameters={}, **kwargs):
''' Master class representing a generic MISP object ''' Master class representing a generic MISP object
:name: Name of the object :name: Name of the object
@ -698,7 +698,7 @@ class MISPObject(AbstractMISP):
:standalone: The object will be pushed as directly on MISP, not as a part of an event. :standalone: The object will be pushed as directly on MISP, not as a part of an event.
In this case the ObjectReference needs to be pushed manually and cannot be in the JSON dump. In this case the ObjectReference needs to be pushed manually and cannot be in the JSON dump.
:default_attributes_paramaters: Used as template for the attributes if they are not overwritten in add_attribute :default_attributes_parameters: Used as template for the attributes if they are not overwritten in add_attribute
''' '''
super(MISPObject, self).__init__(**kwargs) super(MISPObject, self).__init__(**kwargs)
self.__strict = strict self.__strict = strict
@ -725,21 +725,25 @@ class MISPObject(AbstractMISP):
pass pass
self.uuid = str(uuid.uuid4()) self.uuid = str(uuid.uuid4())
self.__fast_attribute_access = {} # Hashtable object_relation: [attributes] self.__fast_attribute_access = {} # Hashtable object_relation: [attributes]
self._default_attributes_paramaters = default_attributes_paramaters self._default_attributes_parameters = default_attributes_parameters
if self._default_attributes_paramaters: if self._default_attributes_parameters:
# Let's clean that up # Let's clean that up
self._default_attributes_paramaters.pop('value', None) # duh self._default_attributes_parameters.pop('value', None) # duh
self._default_attributes_paramaters.pop('uuid', None) # duh self._default_attributes_parameters.pop('uuid', None) # duh
self._default_attributes_paramaters.pop('id', None) # duh self._default_attributes_parameters.pop('id', None) # duh
self._default_attributes_paramaters.pop('object_id', None) # duh self._default_attributes_parameters.pop('object_id', None) # duh
self._default_attributes_paramaters.pop('type', None) # depends on the value self._default_attributes_parameters.pop('type', None) # depends on the value
self._default_attributes_paramaters.pop('object_relation', None) # depends on the value self._default_attributes_parameters.pop('object_relation', None) # depends on the value
self._default_attributes_paramaters.pop('disable_correlation', None) # depends on the value self._default_attributes_parameters.pop('disable_correlation', None) # depends on the value
self._default_attributes_paramaters.pop('to_ids', None) # depends on the value self._default_attributes_parameters.pop('to_ids', None) # depends on the value
self._default_attributes_paramaters.pop('category', None) # depends on the value self._default_attributes_parameters.pop('category', None) # depends on the value
self._default_attributes_paramaters.pop('deleted', None) # doesn't make sense to pre-set it self._default_attributes_parameters.pop('deleted', None) # doesn't make sense to pre-set it
self._default_attributes_paramaters.pop('data', None) # in case the original in a sample or an attachment self._default_attributes_parameters.pop('data', None) # in case the original in a sample or an attachment
self.distribution = self._default_attributes_paramaters.distribution self.distribution = self._default_attributes_parameters.distribution
self.sharing_group_id = self._default_attributes_parameters.sharing_group_id
else:
self.distribution = 3
self.sharing_group_id = None
self.ObjectReference = [] self.ObjectReference = []
self._standalone = standalone self._standalone = standalone
if self._standalone: if self._standalone:
@ -856,8 +860,8 @@ class MISPObject(AbstractMISP):
attribute = MISPObjectAttribute({}) attribute = MISPObjectAttribute({})
else: else:
attribute = MISPObjectAttribute({}) attribute = MISPObjectAttribute({})
# Overwrite the parameters of self._default_attributes_paramaters with the ones of value # Overwrite the parameters of self._default_attributes_parameters with the ones of value
attribute.from_dict(object_relation=object_relation, **dict(self._default_attributes_paramaters, **value)) attribute.from_dict(object_relation=object_relation, **dict(self._default_attributes_parameters, **value))
if not self.__fast_attribute_access.get(object_relation): if not self.__fast_attribute_access.get(object_relation):
self.__fast_attribute_access[object_relation] = [] self.__fast_attribute_access[object_relation] = []
self.__fast_attribute_access[object_relation].append(attribute) self.__fast_attribute_access[object_relation].append(attribute)

22
pymisp/tools/create_misp_object.py
View File

@ -22,8 +22,8 @@ class FileTypeNotImplemented(MISPObjectException):
pass pass
def make_pe_objects(lief_parsed, misp_file, standalone=True, default_attributes_paramaters={}): def make_pe_objects(lief_parsed, misp_file, standalone=True, default_attributes_parameters={}):
pe_object = PEObject(parsed=lief_parsed, standalone=standalone, default_attributes_paramaters=default_attributes_paramaters) pe_object = PEObject(parsed=lief_parsed, standalone=standalone, default_attributes_parameters=default_attributes_parameters)
misp_file.add_reference(pe_object.uuid, 'included-in', 'PE indicators') misp_file.add_reference(pe_object.uuid, 'included-in', 'PE indicators')
pe_sections = [] pe_sections = []
for s in pe_object.sections: for s in pe_object.sections:
@ -31,8 +31,8 @@ def make_pe_objects(lief_parsed, misp_file, standalone=True, default_attributes_
return misp_file, pe_object, pe_sections return misp_file, pe_object, pe_sections
def make_elf_objects(lief_parsed, misp_file, standalone=True, default_attributes_paramaters={}): def make_elf_objects(lief_parsed, misp_file, standalone=True, default_attributes_parameters={}):
elf_object = ELFObject(parsed=lief_parsed, standalone=standalone, default_attributes_paramaters=default_attributes_paramaters) elf_object = ELFObject(parsed=lief_parsed, standalone=standalone, default_attributes_parameters=default_attributes_parameters)
misp_file.add_reference(elf_object.uuid, 'included-in', 'ELF indicators') misp_file.add_reference(elf_object.uuid, 'included-in', 'ELF indicators')
elf_sections = [] elf_sections = []
for s in elf_object.sections: for s in elf_object.sections:
@ -40,8 +40,8 @@ def make_elf_objects(lief_parsed, misp_file, standalone=True, default_attributes
return misp_file, elf_object, elf_sections return misp_file, elf_object, elf_sections
def make_macho_objects(lief_parsed, misp_file, standalone=True, default_attributes_paramaters={}): def make_macho_objects(lief_parsed, misp_file, standalone=True, default_attributes_parameters={}):
macho_object = MachOObject(parsed=lief_parsed, standalone=standalone, default_attributes_paramaters=default_attributes_paramaters) macho_object = MachOObject(parsed=lief_parsed, standalone=standalone, default_attributes_parameters=default_attributes_parameters)
misp_file.add_reference(macho_object.uuid, 'included-in', 'MachO indicators') misp_file.add_reference(macho_object.uuid, 'included-in', 'MachO indicators')
macho_sections = [] macho_sections = []
for s in macho_object.sections: for s in macho_object.sections:
@ -49,9 +49,9 @@ def make_macho_objects(lief_parsed, misp_file, standalone=True, default_attribut
return misp_file, macho_object, macho_sections return misp_file, macho_object, macho_sections
def make_binary_objects(filepath=None, pseudofile=None, filename=None, standalone=True, default_attributes_paramaters={}): def make_binary_objects(filepath=None, pseudofile=None, filename=None, standalone=True, default_attributes_parameters={}):
misp_file = FileObject(filepath=filepath, pseudofile=pseudofile, filename=filename, misp_file = FileObject(filepath=filepath, pseudofile=pseudofile, filename=filename,
standalone=standalone, default_attributes_paramaters=default_attributes_paramaters) standalone=standalone, default_attributes_parameters=default_attributes_parameters)
if HAS_LIEF and filepath or (pseudofile and filename): if HAS_LIEF and filepath or (pseudofile and filename):
try: try:
if filepath: if filepath:
@ -63,11 +63,11 @@ def make_binary_objects(filepath=None, pseudofile=None, filename=None, standalon
else: else:
lief_parsed = lief.parse(raw=pseudofile.getvalue(), name=filename) lief_parsed = lief.parse(raw=pseudofile.getvalue(), name=filename)
if isinstance(lief_parsed, lief.PE.Binary): if isinstance(lief_parsed, lief.PE.Binary):
return make_pe_objects(lief_parsed, misp_file, standalone, default_attributes_paramaters) return make_pe_objects(lief_parsed, misp_file, standalone, default_attributes_parameters)
elif isinstance(lief_parsed, lief.ELF.Binary): elif isinstance(lief_parsed, lief.ELF.Binary):
return make_elf_objects(lief_parsed, misp_file, standalone, default_attributes_paramaters) return make_elf_objects(lief_parsed, misp_file, standalone, default_attributes_parameters)
elif isinstance(lief_parsed, lief.MachO.Binary): elif isinstance(lief_parsed, lief.MachO.Binary):
return make_macho_objects(lief_parsed, misp_file, standalone, default_attributes_paramaters) return make_macho_objects(lief_parsed, misp_file, standalone, default_attributes_parameters)
except lief.bad_format as e: except lief.bad_format as e:
logger.warning('Bad format: {}'.format(e)) logger.warning('Bad format: {}'.format(e))
except lief.bad_file as e: except lief.bad_file as e:

2
pymisp/tools/elfobject.py
View File

@ -58,7 +58,7 @@ class ELFObject(AbstractMISPObjectGenerator):
if self.__elf.sections: if self.__elf.sections:
pos = 0 pos = 0
for section in self.__elf.sections: for section in self.__elf.sections:
s = ELFSectionObject(section, self._standalone, default_attributes_paramaters=self._default_attributes_paramaters) s = ELFSectionObject(section, self._standalone, default_attributes_parameters=self._default_attributes_parameters)
self.add_reference(s.uuid, 'included-in', 'Section {} of ELF'.format(pos)) self.add_reference(s.uuid, 'included-in', 'Section {} of ELF'.format(pos))
pos += 1 pos += 1
self.sections.append(s) self.sections.append(s)

2
pymisp/tools/machoobject.py
View File

@ -61,7 +61,7 @@ class MachOObject(AbstractMISPObjectGenerator):
if self.__macho.sections: if self.__macho.sections:
pos = 0 pos = 0
for section in self.__macho.sections: for section in self.__macho.sections:
s = MachOSectionObject(section, self._standalone, default_attributes_paramaters=self._default_attributes_paramaters) s = MachOSectionObject(section, self._standalone, default_attributes_parameters=self._default_attributes_parameters)
self.add_reference(s.uuid, 'included-in', 'Section {} of MachO'.format(pos)) self.add_reference(s.uuid, 'included-in', 'Section {} of MachO'.format(pos))
pos += 1 pos += 1
self.sections.append(s) self.sections.append(s)

2
pymisp/tools/peobject.py
View File

@ -104,7 +104,7 @@ class PEObject(AbstractMISPObjectGenerator):
if self.__pe.sections: if self.__pe.sections:
pos = 0 pos = 0
for section in self.__pe.sections: for section in self.__pe.sections:
s = PESectionObject(section, self._standalone, default_attributes_paramaters=self._default_attributes_paramaters) s = PESectionObject(section, self._standalone, default_attributes_parameters=self._default_attributes_parameters)
self.add_reference(s.uuid, 'included-in', 'Section {} of PE'.format(pos)) self.add_reference(s.uuid, 'included-in', 'Section {} of PE'.format(pos))
if ((self.__pe.entrypoint >= section.virtual_address) and if ((self.__pe.entrypoint >= section.virtual_address) and
(self.__pe.entrypoint < (section.virtual_address + section.virtual_size))): (self.__pe.entrypoint < (section.virtual_address + section.virtual_size))):