MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity

Add support for multiple entries of the same type in an object

pull/111/head
Raphaël Vinot 2017-08-27 18:12:42 +02:00
parent ed441d6356
commit 44f32bc443
3 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pymisp/data/misp-objects

@ -1 +1 @@
Subproject commit fc6d54f93b47d9c2ca951d68e568d1715e6eabf0 Subproject commit d34dd5fb606f1c4d882733d16c16103fe429991c

4
pymisp/tools/elfobject.py
View File

@ -78,8 +78,8 @@ class ELFSectionObject(MISPObjectGenerator):
def generate_attributes(self): def generate_attributes(self):
self._create_attribute('name', value=self.section.name) self._create_attribute('name', value=self.section.name)
self._create_attribute('type', value=str(self.section.type).split('.')[1]) self._create_attribute('type', value=str(self.section.type).split('.')[1])
print(self.section.flags) for flag in self.section.flags_list:
# self._create_attribute('flag', value=str(self.section.flags).split('.')[1]) self._create_attribute('flag', value=str(flag).split('.')[1])
size = self._create_attribute('size-in-bytes', value=self.section.size) size = self._create_attribute('size-in-bytes', value=self.section.size)
if int(size.value) > 0: if int(size.value) > 0:
self._create_attribute('entropy', value=self.section.entropy) self._create_attribute('entropy', value=self.section.entropy)

12
pymisp/tools/objectgenerator.py
View File

@ -1,6 +1,7 @@
#!/usr/bin/env python #!/usr/bin/env python
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
from collections import Counter
from pymisp import MISPEvent, MISPAttribute, AbstractMISP from pymisp import MISPEvent, MISPAttribute, AbstractMISP
import os import os
import json import json
@ -112,9 +113,16 @@ class MISPObjectGenerator(AbstractMISP):
def _validate(self): def _validate(self):
"""Make sure the object we're creating has the required fields""" """Make sure the object we're creating has the required fields"""
all_attribute_names = set() all_object_relations = []
for a in self.Attribute: for a in self.Attribute:
all_attribute_names.add(a.object_relation) all_object_relations.append(a.object_relation)
count_relations = dict(Counter(all_object_relations))
for key, counter in count_relations.items():
if counter == 1:
continue
if not self.definition['attributes'][key].get('multiple'):
raise InvalidMISPObject('Multiple occurrences of {} is not allowed'.format(key))
all_attribute_names = set(count_relations.keys())
if self.definition.get('requiredOneOf'): if self.definition.get('requiredOneOf'):
if not set(self.definition['requiredOneOf']) & all_attribute_names: if not set(self.definition['requiredOneOf']) & all_attribute_names:
raise InvalidMISPObject('At least one of the following attributes is required: {}'.format(', '.join(self.definition['requiredOneOf']))) raise InvalidMISPObject('At least one of the following attributes is required: {}'.format(', '.join(self.definition['requiredOneOf'])))