new: Add helper and test case for GitVulnFinderObject

pymisp/data/misp-objects

@@ -1 +1 @@
-Subproject commit 10fe1b29574279902d9c9097e6e67a872ecbe2cf
+Subproject commit 99c9f3bef35aa7f0086a0872e455cac133dbbd33

pymisp/tools/__init__.py

@@ -10,6 +10,7 @@ from .fail2banobject import Fail2BanObject  # noqa
 from .domainipobject import DomainIPObject  # noqa
 from .asnobject import ASNObject  # noqa
 from .geolocationobject import GeolocationObject  # noqa
+from .git_vuln_finder_object import GitVulnFinderObject  # noqa
 
 from .emailobject import EMailObject  # noqa
 from .vehicleobject import VehicleObject  # noqa
@@ -22,7 +23,7 @@ except ImportError:
     # Requires faup, which is a bit difficult to install
     pass
 except OSError:
-    # faup requires liblua-5.3
+    # faup required liblua-5.3
     pass
 
 try:

pymisp/tools/abstractgenerator.py

@@ -35,6 +35,7 @@ class AbstractMISPObjectGenerator(MISPObject):
             return timestamp['value']
         else:  # Supported: float/int/string
             if isinstance(timestamp, (str, int, float)) and self._detect_epoch(timestamp):
+                # It converts to the *local* datetime, which is consistent with the rest of the code.
                 return datetime.fromtimestamp(float(timestamp))
             elif isinstance(timestamp, str):
                 return parse(timestamp)

pymisp/tools/git_vuln_finder_object.py

@@ -0,0 +1,28 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+from .abstractgenerator import AbstractMISPObjectGenerator
+import logging
+
+logger = logging.getLogger('pymisp')
+
+
+class GitVulnFinderObject(AbstractMISPObjectGenerator):
+
+    def __init__(self, parameters: dict, strict: bool=True, standalone: bool=True, **kwargs):
+        super(GitVulnFinderObject, self).__init__('git-vuln-finder', strict=strict, standalone=standalone, **kwargs)
+        self._parameters = parameters
+        self.generate_attributes()
+
+    def generate_attributes(self):
+        authored_date = self._sanitize_timestamp(self._parameters.pop('authored_date', None))
+        self._parameters['authored_date'] = authored_date
+        committed_date = self._sanitize_timestamp(self._parameters.pop('committed_date', None))
+        self._parameters['committed_date'] = committed_date
+        if 'stats' in self._parameters:
+            stats = self._parameters.pop('stats')
+            self._parameters['stats.insertions'] = stats.pop('insertions')
+            self._parameters['stats.deletions'] = stats.pop('deletions')
+            self._parameters['stats.lines'] = stats.pop('lines')
+            self._parameters['stats.files'] = stats.pop('files')
+        return super(GitVulnFinderObject, self).generate_attributes()

tests/test_mispevent.py

@@ -11,6 +11,7 @@ from datetime import date, datetime
 
 from pymisp import MISPEvent, MISPSighting, MISPTag, MISPOrganisation
 from pymisp.exceptions import InvalidMISPObject
+from pymisp.tools import GitVulnFinderObject
 
 
 class TestMISPEvent(unittest.TestCase):
@@ -357,6 +358,15 @@ class TestMISPEvent(unittest.TestCase):
                         subset = set(entry['categories']).issubset(me.describe_types['categories'])
                         self.assertTrue(subset, f'{t_json["name"]} - {obj_relation}')
 
+    def test_git_vuln_finder(self):
+        with open('tests/git-vuln-finder-quagga.json') as f:
+            dump = json.load(f)
+
+        for vuln in dump.values():
+            author = vuln['author']
+            vuln_finder = GitVulnFinderObject(vuln)
+            self.assertEqual(vuln_finder.get_attributes_by_relation('author')[0].value, author)
+
 
 if __name__ == '__main__':
     unittest.main()