From 44008d1c0c285e5871ea14f6638568dfc48624ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Fri, 25 Aug 2017 15:57:12 +0200 Subject: [PATCH] Add support for ELF and MachO objects --- pymisp/data/misp-objects | 2 +- pymisp/tools/__init__.py | 12 ++++--- pymisp/tools/create_misp_object.py | 53 +++++++++++++++++++++--------- 3 files changed, 45 insertions(+), 22 deletions(-) diff --git a/pymisp/data/misp-objects b/pymisp/data/misp-objects index 96d7aeb..fc6d54f 160000 --- a/pymisp/data/misp-objects +++ b/pymisp/data/misp-objects @@ -1 +1 @@ -Subproject commit 96d7aeb0729428a43f38f45b6c00a60b9fdba2b6 +Subproject commit fc6d54f93b47d9c2ca951d68e568d1715e6eabf0 diff --git a/pymisp/tools/__init__.py b/pymisp/tools/__init__.py index dc1748c..2a81b2a 100644 --- a/pymisp/tools/__init__.py +++ b/pymisp/tools/__init__.py @@ -1,5 +1,7 @@ -from .neo4j import Neo4j -from .objectgenerator import MISPObjectGenerator, MISPObjectException, InvalidMISPObject -from .fileobject import FileObject -from .peobject import PEObject, PESectionObject -from .create_misp_object import make_binary_objects +from .neo4j import Neo4j # noqa +from .objectgenerator import MISPObjectGenerator, MISPObjectException, InvalidMISPObject # noqa +from .fileobject import FileObject # noqa +from .peobject import PEObject, PESectionObject # noqa +from .elfobject import ELFObject, ELFSectionObject # noqa +from .machoobject import MachOObject, MachOSectionObject # noqa +from .create_misp_object import make_binary_objects # noqa diff --git a/pymisp/tools/create_misp_object.py b/pymisp/tools/create_misp_object.py index a69bfdb..a77fb8c 100644 --- a/pymisp/tools/create_misp_object.py +++ b/pymisp/tools/create_misp_object.py @@ -1,10 +1,12 @@ #!/usr/bin/env python # -*- coding: utf-8 -*- -from pymisp.tools import FileObject, PEObject, MISPObjectException +from pymisp.tools import FileObject, PEObject, ELFObject, MachOObject, MISPObjectException try: import lief + from lief import Logger + Logger.disable() HAS_LIEF = True except ImportError: HAS_LIEF = False @@ -15,14 +17,30 @@ class FileTypeNotImplemented(MISPObjectException): def make_pe_objects(lief_parsed, misp_file): - misp_pe = PEObject(parsed=lief_parsed) - misp_file.add_reference(misp_pe.uuid, 'included-in', 'PE indicators') - file_object = misp_file - pe_object = misp_pe + pe_object = PEObject(parsed=lief_parsed) + misp_file.add_reference(pe_object.uuid, 'included-in', 'PE indicators') pe_sections = [] - for s in misp_pe.sections: + for s in pe_object.sections: pe_sections.append(s) - return file_object, pe_object, pe_sections + return misp_file, pe_object, pe_sections + + +def make_elf_objects(lief_parsed, misp_file): + elf_object = ELFObject(parsed=lief_parsed) + misp_file.add_reference(elf_object.uuid, 'included-in', 'ELF indicators') + elf_sections = [] + for s in elf_object.sections: + elf_sections.append(s) + return misp_file, elf_object, elf_sections + + +def make_macho_objects(lief_parsed, misp_file): + macho_object = MachOObject(parsed=lief_parsed) + misp_file.add_reference(macho_object.uuid, 'included-in', 'MachO indicators') + macho_sections = [] + for s in macho_object.sections: + macho_sections.append(s) + return misp_file, macho_object, macho_sections def make_binary_objects(filepath): @@ -34,16 +52,19 @@ def make_binary_objects(filepath): if isinstance(lief_parsed, lief.PE.Binary): return make_pe_objects(lief_parsed, misp_file) elif isinstance(lief_parsed, lief.ELF.Binary): - raise FileTypeNotImplemented('ELF not implemented yet.') + return make_elf_objects(lief_parsed, misp_file) elif isinstance(lief_parsed, lief.MachO.Binary): - raise FileTypeNotImplemented('MachO not implemented yet.') + return make_macho_objects(lief_parsed, misp_file) except lief.bad_format as e: - print('\tBad format: ', e) + # print('\tBad format: ', e) + pass except lief.bad_file as e: - print('\tBad file: ', e) + # print('\tBad file: ', e) + pass except lief.parser_error as e: - print('\tParser error: ', e) - except FileTypeNotImplemented as e: - print(e) - file_object = misp_file.to_json() - return file_object, None, None + # print('\tParser error: ', e) + pass + except FileTypeNotImplemented as e: # noqa + # print(e) + pass + return misp_file, None, None