From bfb9fd5db3015a421b9d04f0dc54324f04d508d4 Mon Sep 17 00:00:00 2001 From: Tristan METAYER Date: Wed, 4 Jan 2017 11:23:18 +0100 Subject: [PATCH 1/3] Add uuid serch with pymisp --- pymisp/api.py | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/pymisp/api.py b/pymisp/api.py index f12b668..f10485f 100644 --- a/pymisp/api.py +++ b/pymisp/api.py @@ -368,6 +368,19 @@ class PyMISP(object): return self._check_response(response) + def _valid_uuid(self,uuid): + """ + Test valid uuid générate by CakePhp + + CakeText::uuid follow RFC 4122 + - the third group must start with a 4, + - the fourth group must start with 8, 9, a or b. + + :param uuid: A UUID to validate + """ + regex = re.compile('^[a-f0-9]{8}-?[a-f0-9]{4}-?4[a-f0-9]{3}-?[89ab][a-f0-9]{3}-?[a-f0-9]{12}\Z', re.I) + match = regex.match(uuid) + return bool(match) # ##### File attributes ##### def _send_attributes(self, event, attributes, proposal=False): @@ -732,7 +745,7 @@ class PyMISP(object): def search(self, values=None, not_values=None, type_attribute=None, category=None, org=None, tags=None, not_tags=None, date_from=None, - date_to=None, last=None): + date_to=None, last=None, uuid=None): """ Search via the Rest API @@ -746,6 +759,7 @@ class PyMISP(object): :param date_from: First date :param date_to: Last date :param last: Last updated events (for example 5d or 12h or 30m) + :param uuid: A uuid valideted """ val = self.__prepare_rest_search(values, not_values).replace('/', '|') @@ -773,6 +787,11 @@ class PyMISP(object): query['to'] = date_to if last is not None: query['last'] = last + if uuid is not None: + if self._valid_uuid(uuid): + query['uuid'] = uuid + else: + return {'error': 'You must enter a valid uuid.'} session = self.__prepare_session('json') return self.__query(session, 'restSearch/download', query) From 879f60f36855bee0b436ba7d9d3c2d9c53edef86 Mon Sep 17 00:00:00 2001 From: Tristan METAYER Date: Wed, 4 Jan 2017 17:02:13 +0100 Subject: [PATCH 2/3] refere to FloatingGhost comment --- pymisp/api.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pymisp/api.py b/pymisp/api.py index f10485f..d85efd7 100644 --- a/pymisp/api.py +++ b/pymisp/api.py @@ -376,7 +376,7 @@ class PyMISP(object): - the third group must start with a 4, - the fourth group must start with 8, 9, a or b. - :param uuid: A UUID to validate + :param uuid: an uuid """ regex = re.compile('^[a-f0-9]{8}-?[a-f0-9]{4}-?4[a-f0-9]{3}-?[89ab][a-f0-9]{3}-?[a-f0-9]{12}\Z', re.I) match = regex.match(uuid) @@ -759,7 +759,7 @@ class PyMISP(object): :param date_from: First date :param date_to: Last date :param last: Last updated events (for example 5d or 12h or 30m) - :param uuid: A uuid valideted + :param uuid: a valid uuid """ val = self.__prepare_rest_search(values, not_values).replace('/', '|') From 5478778a38c04ff30f5fdd7bc500a7dd8b9e39f3 Mon Sep 17 00:00:00 2001 From: Tristan METAYER Date: Wed, 4 Jan 2017 17:04:36 +0100 Subject: [PATCH 3/3] idem --- pymisp/api.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pymisp/api.py b/pymisp/api.py index d85efd7..d3f21f6 100644 --- a/pymisp/api.py +++ b/pymisp/api.py @@ -370,7 +370,7 @@ class PyMISP(object): def _valid_uuid(self,uuid): """ - Test valid uuid générate by CakePhp + Test if uuid is valid CakeText::uuid follow RFC 4122 - the third group must start with a 4,