MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity

new: Add helper and test case for GitVulnFinderObject

pull/591/head
Raphaël Vinot 2020-05-26 15:37:24 +02:00
parent fb03cc1361
commit 5d97d7ee0c
6 changed files with 1535 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pymisp/data/misp-objects

@ -1 +1 @@
Subproject commit 10fe1b29574279902d9c9097e6e67a872ecbe2cf
Subproject commit 99c9f3bef35aa7f0086a0872e455cac133dbbd33

3
pymisp/tools/__init__.py
View File

@ -10,6 +10,7 @@ from .fail2banobject import Fail2BanObject # noqa
from .domainipobject import DomainIPObject # noqa
from .asnobject import ASNObject # noqa
from .geolocationobject import GeolocationObject # noqa
from .git_vuln_finder_object import GitVulnFinderObject # noqa
from .emailobject import EMailObject # noqa
from .vehicleobject import VehicleObject # noqa
@ -22,7 +23,7 @@ except ImportError:
# Requires faup, which is a bit difficult to install
pass
except OSError:
# faup requires liblua-5.3
# faup required liblua-5.3
pass
try:

1
pymisp/tools/abstractgenerator.py
View File

@ -35,6 +35,7 @@ class AbstractMISPObjectGenerator(MISPObject):
return timestamp['value']
else: # Supported: float/int/string
if isinstance(timestamp, (str, int, float)) and self._detect_epoch(timestamp):
# It converts to the *local* datetime, which is consistent with the rest of the code.
return datetime.fromtimestamp(float(timestamp))
elif isinstance(timestamp, str):
return parse(timestamp)

28
pymisp/tools/git_vuln_finder_object.py Normal file
View File

@ -0,0 +1,28 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from .abstractgenerator import AbstractMISPObjectGenerator
import logging
logger = logging.getLogger('pymisp')
class GitVulnFinderObject(AbstractMISPObjectGenerator):
def __init__(self, parameters: dict, strict: bool=True, standalone: bool=True, **kwargs):
super(GitVulnFinderObject, self).__init__('git-vuln-finder', strict=strict, standalone=standalone, **kwargs)
self._parameters = parameters
self.generate_attributes()
def generate_attributes(self):
authored_date = self._sanitize_timestamp(self._parameters.pop('authored_date', None))
self._parameters['authored_date'] = authored_date
committed_date = self._sanitize_timestamp(self._parameters.pop('committed_date', None))
self._parameters['committed_date'] = committed_date
if 'stats' in self._parameters:
stats = self._parameters.pop('stats')
self._parameters['stats.insertions'] = stats.pop('insertions')
self._parameters['stats.deletions'] = stats.pop('deletions')
self._parameters['stats.lines'] = stats.pop('lines')
self._parameters['stats.files'] = stats.pop('files')
return super(GitVulnFinderObject, self).generate_attributes()

1493
tests/git-vuln-finder-quagga.json Normal file
View File

File diff suppressed because it is too large Load Diff

10
tests/test_mispevent.py
View File

@ -11,6 +11,7 @@ from datetime import date, datetime
from pymisp import MISPEvent, MISPSighting, MISPTag, MISPOrganisation
from pymisp.exceptions import InvalidMISPObject
from pymisp.tools import GitVulnFinderObject
class TestMISPEvent(unittest.TestCase):
@ -357,6 +358,15 @@ class TestMISPEvent(unittest.TestCase):
subset = set(entry['categories']).issubset(me.describe_types['categories'])
self.assertTrue(subset, f'{t_json["name"]} - {obj_relation}')
def test_git_vuln_finder(self):
with open('tests/git-vuln-finder-quagga.json') as f:
dump = json.load(f)
for vuln in dump.values():
author = vuln['author']
vuln_finder = GitVulnFinderObject(vuln)
self.assertEqual(vuln_finder.get_attributes_by_relation('author')[0].value, author)
if __name__ == '__main__':
unittest.main()