From b6ff8746bc5b1087cc91bd814aac1d7632c53d4c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Sun, 3 May 2015 02:47:47 +0200 Subject: [PATCH 1/6] Make the code python3 friendly --- examples/copy_list.py | 14 +++++++------- examples/get_network_activity.py | 12 ++++++------ pymisp/__init__.py | 2 +- pymisp/api.py | 2 +- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/examples/copy_list.py b/examples/copy_list.py index 074403a..b7a1a55 100644 --- a/examples/copy_list.py +++ b/examples/copy_list.py @@ -18,7 +18,7 @@ destination = None def init(cert_to_priv=True): global source global destination - print cert_to_priv + print(cert_to_priv) if cert_to_priv: source = PyMISP(url_cert, cert, cert_cert, 'xml') destination = PyMISP(url_priv, priv, cert_priv, 'xml') @@ -63,22 +63,22 @@ def loop_copy(): def copy(eventid): eventid = eventid.strip() if len(eventid) == 0 or not eventid.isdigit(): - print 'empty line or NaN.' + print('empty line or NaN.') return eventid = int(eventid) - print eventid, 'copying...' + print(eventid, 'copying...') r = copy_event(eventid) if r.status_code >= 400: loc = r.headers['location'] if loc is not None: event_to_update = loc.split('/')[-1] - print'updating', event_to_update + print('updating', event_to_update) r = update_event(eventid, event_to_update) if r.status_code >= 400: - print r.status_code, r.headers + print(r.status_code, r.headers) else: - print r.status_code, r.headers - print eventid, 'done.' + print(r.status_code, r.headers) + print(eventid, 'done.') def export_our_org(): diff --git a/examples/get_network_activity.py b/examples/get_network_activity.py index 5199db4..0b0fe16 100755 --- a/examples/get_network_activity.py +++ b/examples/get_network_activity.py @@ -74,7 +74,7 @@ def get_event(event_id): else: continue else: - print "Not a valid ID" + print("Not a valid ID") return @@ -109,16 +109,16 @@ def print_events(): if app_ip_src == True: for ip in network_ip_src: - print ip[0] + print(ip[0]) if app_ip_dst == True: for ip in network_ip_dst: - print ip[0] + print(ip[0]) if app_domain == True: for ip in network_domain: - print ip[0] + print(ip[0]) if app_hostname == True: for ip in network_hostname: - print ip[0] + print(ip[0]) if __name__ == '__main__': @@ -164,5 +164,5 @@ if __name__ == '__main__': get_event( event_id.strip() ) print_events() else: - print "No filename given, stopping." + print("No filename given, stopping.") diff --git a/pymisp/__init__.py b/pymisp/__init__.py index 1c09d31..e4c98cb 100644 --- a/pymisp/__init__.py +++ b/pymisp/__init__.py @@ -1 +1 @@ -from api import PyMISP +from .api import PyMISP diff --git a/pymisp/api.py b/pymisp/api.py index b7bf979..79df3c8 100644 --- a/pymisp/api.py +++ b/pymisp/api.py @@ -53,7 +53,7 @@ class PyMISP(object): return query url = self.rest.format(path) query = {'request': query} - print json.dumps(query) + print(json.dumps(query)) r = session.post(url, data=json.dumps(query)) return r.json() From b08d3ab15d50468931234f05470f85f4e7e13bae Mon Sep 17 00:00:00 2001 From: didelphodon Date: Tue, 2 Jun 2015 10:40:14 +0200 Subject: [PATCH 2/6] Update / Add need a JSON object as data ... furthermore content-type application was necessary otherwise MISP-REST API refuses to work as expected, at least with my installation. --- pymisp/api.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pymisp/api.py b/pymisp/api.py index 79df3c8..c720e6d 100644 --- a/pymisp/api.py +++ b/pymisp/api.py @@ -45,7 +45,7 @@ class PyMISP(object): session.headers.update( {'Authorization': self.key, 'Accept': 'application/' + out, - 'content-type': 'text/' + out}) + 'content-type': 'application/' + out}) return session def __query(self, session, path, query): @@ -84,7 +84,7 @@ class PyMISP(object): :param event: Event object to add """ session = self.__prepare_session() - return session.post(self.url, data=event) + return session.post(self.url, data=json.dumps(event)) def update_event(self, event_id, event): """ @@ -94,7 +94,7 @@ class PyMISP(object): :param event: Elements to add """ session = self.__prepare_session() - return session.post(self.rest.format(event_id), data=event) + return session.post(self.rest.format(event_id), data=json.dumps(event)) def delete_event(self, event_id): """ From f28c9cdf07d984b3e657429eb72f43e07e16c183 Mon Sep 17 00:00:00 2001 From: Debra Jules Date: Wed, 29 Jul 2015 15:07:37 +0200 Subject: [PATCH 3/6] Add 2 download functions of suricata rules events --- pymisp/api.py | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/pymisp/api.py b/pymisp/api.py index c720e6d..edf047f 100644 --- a/pymisp/api.py +++ b/pymisp/api.py @@ -196,6 +196,24 @@ class PyMISP(object): session = self.__prepare_session('xml') return session.get(xml) + def download_all_suricata(self): + """ + Download all suricata rules events. + """ + suricata_rules = self.url + '/nids/suricata/download' + session = self.__prepare_session('rules') + return session.get(suricata_rules) + + def download_suricata_rule_event(self, event_id): + """ + Download one suricata rule event. + + :param event_id: ID of the event to download (same as get) + """ + template = self.url + '/nids/suricata/download/{}' + session = self.__prepare_session('rules') + return session.get(template.format(event_id)) + def download(self, event_id, with_attachement=False): """ Download one event in XML From c315ecaef601eb4c1cf6fadd64f5203000d5d5f8 Mon Sep 17 00:00:00 2001 From: Iglocska Date: Thu, 30 Jul 2015 15:26:05 +0200 Subject: [PATCH 4/6] Fix to an issue with using XML as input for add_event() and update_event() - also a change to the copy_list.py script to account for the change --- examples/copy_list.py | 3 ++- pymisp/api.py | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/examples/copy_list.py b/examples/copy_list.py index b7a1a55..16cb737 100644 --- a/examples/copy_list.py +++ b/examples/copy_list.py @@ -4,6 +4,7 @@ import sys from pymisp import PyMISP +import json from keys import cert, priv @@ -30,7 +31,7 @@ def init(cert_to_priv=True): def _to_utf8(request): to_return = None if 'json' in request.headers['content-type']: - to_return = request.json() + to_return = json.dumps(request.json()) else: to_return = request.text.encode('utf-8') return to_return diff --git a/pymisp/api.py b/pymisp/api.py index edf047f..cc101d3 100644 --- a/pymisp/api.py +++ b/pymisp/api.py @@ -84,7 +84,7 @@ class PyMISP(object): :param event: Event object to add """ session = self.__prepare_session() - return session.post(self.url, data=json.dumps(event)) + return session.post(self.url, data=event) def update_event(self, event_id, event): """ @@ -94,7 +94,7 @@ class PyMISP(object): :param event: Elements to add """ session = self.__prepare_session() - return session.post(self.rest.format(event_id), data=json.dumps(event)) + return session.post(self.rest.format(event_id), data=event) def delete_event(self, event_id): """ From 507c5a54467763cd4be4f15f95d13add3c6a6315 Mon Sep 17 00:00:00 2001 From: Iglocska Date: Thu, 30 Jul 2015 15:53:34 +0200 Subject: [PATCH 5/6] API made a bit more flexible with input data - input for add_event() and update_event() can now be a JSON object, JSON string, XML --- examples/copy_list.py | 3 +-- pymisp/api.py | 20 ++++++++++++++++---- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/examples/copy_list.py b/examples/copy_list.py index 16cb737..b7a1a55 100644 --- a/examples/copy_list.py +++ b/examples/copy_list.py @@ -4,7 +4,6 @@ import sys from pymisp import PyMISP -import json from keys import cert, priv @@ -31,7 +30,7 @@ def init(cert_to_priv=True): def _to_utf8(request): to_return = None if 'json' in request.headers['content-type']: - to_return = json.dumps(request.json()) + to_return = request.json() else: to_return = request.text.encode('utf-8') return to_return diff --git a/pymisp/api.py b/pymisp/api.py index cc101d3..dbf1891 100644 --- a/pymisp/api.py +++ b/pymisp/api.py @@ -81,20 +81,32 @@ class PyMISP(object): """ Add a new event - :param event: Event object to add + :param event: Event as JSON object / string or XML to add """ session = self.__prepare_session() - return session.post(self.url, data=event) + if self.out_type == 'json': + if isinstance(event, basestring): + return session.post(self.url, data=event) + else: + return session.post(self.url, data=json.dumps(event)) + else: + return session.post(self.url, data=event) def update_event(self, event_id, event): """ Update an event :param event_id: Event id to update - :param event: Elements to add + :param event: Event as JSON object / string or XML to add """ session = self.__prepare_session() - return session.post(self.rest.format(event_id), data=event) + if self.out_type == 'json': + if isinstance(event, basestring): + return session.post(self.rest.format(event_id), data=event) + else: + return session.post(self.rest.format(event_id), data=json.dumps(event)) + else: + return session.post(self.rest.format(event_id), data=event) def delete_event(self, event_id): """ From e0b781c03344f08f1de9ef007914d505d5345bdf Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Thu, 30 Jul 2015 14:20:41 +0000 Subject: [PATCH 6/6] Bug fix: get_index now works properly and return the events index An bug was introduced and appending "{}" to the /index url which gives a 404 on a MISP server. --- pymisp/api.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pymisp/api.py b/pymisp/api.py index dbf1891..b02e28b 100644 --- a/pymisp/api.py +++ b/pymisp/api.py @@ -66,7 +66,7 @@ class PyMISP(object): Warning, there's a limit on the number of results """ session = self.__prepare_session() - return session.get(self.rest) + return session.get(self.url) def get_event(self, event_id): """