From 57de6de139aa7531f90253882eaee75537265ffc Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <mokaddem.sami@gmail.com>
Date: Wed, 17 Nov 2021 12:38:25 +0100
Subject: [PATCH] chg: [feed-generator] Make the feature to exlude attribute
 type more generic

---
 examples/feed-generator/generate.py         | 18 +++++++++---------
 examples/feed-generator/settings.default.py | 12 +++++-------
 2 files changed, 14 insertions(+), 16 deletions(-)

diff --git a/examples/feed-generator/generate.py b/examples/feed-generator/generate.py
index 1211b91..1856e57 100755
--- a/examples/feed-generator/generate.py
+++ b/examples/feed-generator/generate.py
@@ -5,7 +5,7 @@ import sys
 import json
 import os
 from pymisp import ExpandedPyMISP
-from settings import entries, url, key, ssl, outputdir, filters, valid_attribute_distribution_levels
+from settings import url, key, ssl, outputdir, filters, valid_attribute_distribution_levels
 
 try:
     from settings import include_deleted
@@ -13,9 +13,9 @@ except ImportError:
     include_deleted = False
 
 try:
-    from settings import exclude_malware_samples
+    from settings import exclude_attribute_types
 except ImportError:
-    exclude_malware_samples = False
+    exclude_attribute_types = []
 
 valid_attribute_distributions = []
 
@@ -62,7 +62,7 @@ def saveManifest(manifest):
 if __name__ == '__main__':
     misp = init()
     try:
-        events = misp.search_index(minimal=True, limit=entries, **filters, pythonify=False)
+        events = misp.search_index(minimal=True, **filters, pythonify=False)
     except Exception as e:
         print(e)
         sys.exit("Invalid response received from MISP.")
@@ -74,14 +74,14 @@ if __name__ == '__main__':
     total = len(events)
     for event in events:
         try:
-            e = misp.get_event(event.uuid, deleted=include_deleted, pythonify=True)
-            if exclude_malware_samples:
+            e = misp.get_event(event['uuid'], deleted=include_deleted, pythonify=True)
+            if exclude_attribute_types:
                 for i, attribute in enumerate(e.attributes):
-                    if attribute.type == 'malware-sample':
-                        del e.attributes[i]
+                    if attribute.type in exclude_attribute_types:
+                        e.attributes.pop(i)
             e_feed = e.to_feed(valid_distributions=valid_attribute_distributions, with_meta=True)
         except Exception as err:
-            print(err, event.uuid)
+            print(err, event['uuid'])
             continue
         if not e_feed:
             print(f'Invalid distribution {e.distribution}, skipping')
diff --git a/examples/feed-generator/settings.default.py b/examples/feed-generator/settings.default.py
index e5de19d..c9e19b0 100755
--- a/examples/feed-generator/settings.default.py
+++ b/examples/feed-generator/settings.default.py
@@ -12,9 +12,6 @@ ssl = False
 # sure that you use a directory dedicated to the feed
 outputdir = 'output'
 
-# Determine the number of entries to output
-entries = 200
-
 # The filters to be used for by the feed. You can use any filter that
 # you can use on the event index, such as organisation, tags, etc.
 # It uses the same joining and condition rules as the API parameters
@@ -42,9 +39,10 @@ include_deleted = False
 # 5: Inherit Event
 valid_attribute_distribution_levels = ['0', '1', '2', '3', '4', '5']
 
-
 # By default, all attribute passing the filtering rules will be exported.
-# This setting can be used to filter out attributes being of the type `malaware-sample`. 
+# This setting can be used to filter out any attributes being of the type contained in the list. 
 # Warning: Keep in mind that if you propagate data (via synchronisation/feeds/...), recipients
-# will not be able to get the malware samples back.
-exclude_malware_samples = False
\ No newline at end of file
+# will not be able to get these attributes back unless their events get updated.
+# For example:
+# exclude_attribute_types = ['malware-sample']
+exclude_attribute_types = []
\ No newline at end of file