mirror of https://github.com/MISP/PyMISP
Merge pull request #789 from samitainio/samitainio-patch-1
Fix #787 and add Unicode to ASCII functionpull/792/head
commit
85ac1b0e6a
|
@ -317,15 +317,6 @@ class EMailObject(AbstractMISPObjectGenerator):
|
||||||
if "Thread-Index" in message:
|
if "Thread-Index" in message:
|
||||||
self.add_attribute("thread-index", message["Thread-Index"])
|
self.add_attribute("thread-index", message["Thread-Index"])
|
||||||
|
|
||||||
if "Received" in message:
|
|
||||||
try:
|
|
||||||
# We only want the hostnames
|
|
||||||
received_content = message['Received'].split(' ')
|
|
||||||
if received_content[0] == 'from':
|
|
||||||
self.add_attribute("received-header-hostname", received_content[1])
|
|
||||||
except Exception:
|
|
||||||
pass
|
|
||||||
|
|
||||||
self.__generate_received()
|
self.__generate_received()
|
||||||
|
|
||||||
def __add_emails(self, typ: str, data: str, insert_display_names: bool = True):
|
def __add_emails(self, typ: str, data: str, insert_display_names: bool = True):
|
||||||
|
@ -354,7 +345,7 @@ class EMailObject(AbstractMISPObjectGenerator):
|
||||||
|
|
||||||
def __generate_received(self):
|
def __generate_received(self):
|
||||||
"""
|
"""
|
||||||
Extract IP addresses from received headers that are not private.
|
Extract IP addresses from received headers that are not private. Also extract hostnames or domains.
|
||||||
"""
|
"""
|
||||||
received_items = self.email.get_all("received")
|
received_items = self.email.get_all("received")
|
||||||
if received_items is None:
|
if received_items is None:
|
||||||
|
@ -378,3 +369,11 @@ class EMailObject(AbstractMISPObjectGenerator):
|
||||||
continue # skip header if IP not found or is private
|
continue # skip header if IP not found or is private
|
||||||
|
|
||||||
self.add_attribute("received-header-ip", value=str(ip), comment=fromstr)
|
self.add_attribute("received-header-ip", value=str(ip), comment=fromstr)
|
||||||
|
|
||||||
|
# The hostnames and/or domains always come after the "Received: from"
|
||||||
|
# part so we can use regex to pick up those attributes.
|
||||||
|
received_from = re.findall(r'(?<=from\s)[\w\d\.\-]+\.\w{2,24}', str(received_items))
|
||||||
|
try:
|
||||||
|
[self.add_attribute("received-header-hostname", i) for i in received_from]
|
||||||
|
except Exception:
|
||||||
|
pass
|
||||||
|
|
Loading…
Reference in New Issue