From d8ef2559c6c51e139cfbd91fd6b9752f06c25880 Mon Sep 17 00:00:00 2001 From: Steffen Sauler Date: Wed, 5 Sep 2018 15:29:26 +0200 Subject: [PATCH] Fix #270 uniquely identifying sample --- pymisp/api.py | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/pymisp/api.py b/pymisp/api.py index 240efdd..0315120 100644 --- a/pymisp/api.py +++ b/pymisp/api.py @@ -1223,7 +1223,15 @@ class PyMISP(object): return True, rules def download_samples(self, sample_hash=None, event_id=None, all_samples=False, unzip=True): - """Download samples, by hash or event ID. If there are multiple samples in one event, use the all_samples switch""" + """Download samples, by hash or event ID. If there are multiple samples in one event, use the all_samples switch + + :param sample_hash: hash of sample + :param event_id: ID of event + :param all_samples: download all samples + :param unzip: whether to unzip or keep zipped + :return: A tuple with (success, [[event_id, sample_hash, sample_as_bytesio], [event_id,...]]) + In case of legacy sample, the sample_hash will be replaced by the zip's filename + """ url = urljoin(self.root_url, 'attributes/downloadSample') to_post = {'request': {'hash': sample_hash, 'eventID': event_id, 'allSamples': all_samples}} response = self._prepare_request('POST', url, data=json.dumps(to_post)) @@ -1242,10 +1250,11 @@ class PyMISP(object): if f.get('md5') and f['md5'] in archive.namelist(): # New format unzipped = BytesIO(archive.open(f['md5'], pwd=b'infected').read()) + details.append([f['event_id'], f['md5'], unzipped]) else: # Old format unzipped = BytesIO(archive.open(f['filename'], pwd=b'infected').read()) - details.append([f['event_id'], f['filename'], unzipped]) + details.append([f['event_id'], f['filename'], unzipped]) except zipfile.BadZipfile: # In case the sample isn't zipped details.append([f['event_id'], f['filename'], zipped])