MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: Rename blacklist -> blocklist

pull/624/head
Raphaël Vinot 2020-09-01 19:29:12 +02:00
parent e0e1a7fdf4
commit 918f841087
4 changed files with 92 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pymisp/__init__.py
View File

@ -24,7 +24,7 @@ Response (if any):
try: try:
from .exceptions import PyMISPError, NewEventError, NewAttributeError, MissingDependency, NoURL, NoKey, InvalidMISPObject, UnknownMISPObjectTemplate, PyMISPInvalidFormat, MISPServerError, PyMISPNotImplementedYet, PyMISPUnexpectedResponse, PyMISPEmptyResponse # noqa from .exceptions import PyMISPError, NewEventError, NewAttributeError, MissingDependency, NoURL, NoKey, InvalidMISPObject, UnknownMISPObjectTemplate, PyMISPInvalidFormat, MISPServerError, PyMISPNotImplementedYet, PyMISPUnexpectedResponse, PyMISPEmptyResponse # noqa
from .abstract import AbstractMISP, MISPEncode, pymisp_json_default, MISPTag, Distribution, ThreatLevel, Analysis # noqa from .abstract import AbstractMISP, MISPEncode, pymisp_json_default, MISPTag, Distribution, ThreatLevel, Analysis # noqa
from .mispevent import MISPEvent, MISPAttribute, MISPObjectReference, MISPObjectAttribute, MISPObject, MISPUser, MISPOrganisation, MISPSighting, MISPLog, MISPShadowAttribute, MISPWarninglist, MISPTaxonomy, MISPNoticelist, MISPObjectTemplate, MISPSharingGroup, MISPRole, MISPServer, MISPFeed, MISPEventDelegation, MISPUserSetting, MISPInbox, MISPEventBlacklist, MISPOrganisationBlacklist # noqa from .mispevent import MISPEvent, MISPAttribute, MISPObjectReference, MISPObjectAttribute, MISPObject, MISPUser, MISPOrganisation, MISPSighting, MISPLog, MISPShadowAttribute, MISPWarninglist, MISPTaxonomy, MISPNoticelist, MISPObjectTemplate, MISPSharingGroup, MISPRole, MISPServer, MISPFeed, MISPEventDelegation, MISPUserSetting, MISPInbox, MISPEventBlocklist, MISPOrganisationBlocklist # noqa
from .tools import AbstractMISPObjectGenerator # noqa from .tools import AbstractMISPObjectGenerator # noqa
from .tools import Neo4j # noqa from .tools import Neo4j # noqa
from .tools import stix # noqa from .tools import stix # noqa

140
pymisp/api.py
View File

@ -22,7 +22,7 @@ from .mispevent import MISPEvent, MISPAttribute, MISPSighting, MISPLog, MISPObje
MISPUser, MISPOrganisation, MISPShadowAttribute, MISPWarninglist, MISPTaxonomy, \ MISPUser, MISPOrganisation, MISPShadowAttribute, MISPWarninglist, MISPTaxonomy, \
MISPGalaxy, MISPNoticelist, MISPObjectReference, MISPObjectTemplate, MISPSharingGroup, \ MISPGalaxy, MISPNoticelist, MISPObjectReference, MISPObjectTemplate, MISPSharingGroup, \
MISPRole, MISPServer, MISPFeed, MISPEventDelegation, MISPCommunity, MISPUserSetting, \ MISPRole, MISPServer, MISPFeed, MISPEventDelegation, MISPCommunity, MISPUserSetting, \
MISPInbox, MISPEventBlacklist, MISPOrganisationBlacklist MISPInbox, MISPEventBlocklist, MISPOrganisationBlocklist
from .abstract import pymisp_json_default, MISPTag, AbstractMISP, describe_types from .abstract import pymisp_json_default, MISPTag, AbstractMISP, describe_types
SearchType = TypeVar('SearchType', str, int) SearchType = TypeVar('SearchType', str, int)
@ -52,10 +52,10 @@ def get_uuid_or_id_from_abstract_misp(obj: Union[AbstractMISP, int, str, UUID])
# An EventDelegation doesn't have a uuid, we *need* to use the ID # An EventDelegation doesn't have a uuid, we *need* to use the ID
return obj['id'] return obj['id']
# For the blacklists, we want to return a specific key. # For the blocklists, we want to return a specific key.
if isinstance(obj, MISPEventBlacklist): if isinstance(obj, MISPEventBlocklist):
return obj.event_uuid return obj.event_uuid
if isinstance(obj, MISPOrganisationBlacklist): if isinstance(obj, MISPOrganisationBlocklist):
return obj.org_uuid return obj.org_uuid
if 'uuid' in obj: if 'uuid' in obj:
@ -2184,41 +2184,41 @@ class PyMISP:
# ## END User Settings ### # ## END User Settings ###
# ## BEGIN Blacklists ### # ## BEGIN Blocklists ###
def event_blacklists(self, pythonify: bool = False) -> Union[Dict, List[MISPEventBlacklist]]: def event_blocklists(self, pythonify: bool = False) -> Union[Dict, List[MISPEventBlocklist]]:
"""Get all the blacklisted events""" """Get all the blocklisted events"""
r = self._prepare_request('GET', 'eventBlacklists/index') r = self._prepare_request('GET', 'eventBlocklists/index')
event_blacklists = self._check_json_response(r) event_blocklists = self._check_json_response(r)
if not (self.global_pythonify or pythonify) or 'errors' in event_blacklists: if not (self.global_pythonify or pythonify) or 'errors' in event_blocklists:
return event_blacklists return event_blocklists
to_return = [] to_return = []
for event_blacklist in event_blacklists: for event_blocklist in event_blocklists:
ebl = MISPEventBlacklist() ebl = MISPEventBlocklist()
ebl.from_dict(**event_blacklist) ebl.from_dict(**event_blocklist)
to_return.append(ebl) to_return.append(ebl)
return to_return return to_return
def organisation_blacklists(self, pythonify: bool = False) -> Union[Dict, List[MISPOrganisationBlacklist]]: def organisation_blocklists(self, pythonify: bool = False) -> Union[Dict, List[MISPOrganisationBlocklist]]:
"""Get all the blacklisted organisations""" """Get all the blocklisted organisations"""
r = self._prepare_request('GET', 'orgBlacklists/index') r = self._prepare_request('GET', 'orgBlocklists/index')
organisation_blacklists = self._check_json_response(r) organisation_blocklists = self._check_json_response(r)
if not (self.global_pythonify or pythonify) or 'errors' in organisation_blacklists: if not (self.global_pythonify or pythonify) or 'errors' in organisation_blocklists:
return organisation_blacklists return organisation_blocklists
to_return = [] to_return = []
for organisation_blacklist in organisation_blacklists: for organisation_blocklist in organisation_blocklists:
obl = MISPOrganisationBlacklist() obl = MISPOrganisationBlocklist()
obl.from_dict(**organisation_blacklist) obl.from_dict(**organisation_blocklist)
to_return.append(obl) to_return.append(obl)
return to_return return to_return
def _add_entries_to_blacklist(self, blacklist_type: str, uuids: Union[str, List[str]], **kwargs) -> Dict: def _add_entries_to_blocklist(self, blocklist_type: str, uuids: Union[str, List[str]], **kwargs) -> Dict:
if blacklist_type == 'event': if blocklist_type == 'event':
url = 'eventBlacklists/add' url = 'eventBlocklists/add'
elif blacklist_type == 'organisation': elif blocklist_type == 'organisation':
url = 'orgBlacklists/add' url = 'orgBlocklists/add'
else: else:
raise PyMISPError('blacklist_type can only be "event" or "organisation"') raise PyMISPError('blocklist_type can only be "event" or "organisation"')
if isinstance(uuids, str): if isinstance(uuids, str):
uuids = [uuids] uuids = [uuids]
data = {'uuids': uuids} data = {'uuids': uuids}
@ -2227,66 +2227,66 @@ class PyMISP:
r = self._prepare_request('POST', url, data=data) r = self._prepare_request('POST', url, data=data)
return self._check_json_response(r) return self._check_json_response(r)
def add_event_blacklist(self, uuids: Union[str, List[str]], comment: Optional[str] = None, def add_event_blocklist(self, uuids: Union[str, List[str]], comment: Optional[str] = None,
event_info: Optional[str] = None, event_orgc: Optional[str] = None) -> Dict: event_info: Optional[str] = None, event_orgc: Optional[str] = None) -> Dict:
'''Add a new event in the blacklist''' '''Add a new event in the blocklist'''
return self._add_entries_to_blacklist('event', uuids=uuids, comment=comment, event_info=event_info, event_orgc=event_orgc) return self._add_entries_to_blocklist('event', uuids=uuids, comment=comment, event_info=event_info, event_orgc=event_orgc)
def add_organisation_blacklist(self, uuids: Union[str, List[str]], comment: Optional[str] = None, def add_organisation_blocklist(self, uuids: Union[str, List[str]], comment: Optional[str] = None,
org_name: Optional[str] = None) -> Dict: org_name: Optional[str] = None) -> Dict:
'''Add a new organisation in the blacklist''' '''Add a new organisation in the blocklist'''
return self._add_entries_to_blacklist('organisation', uuids=uuids, comment=comment, org_name=org_name) return self._add_entries_to_blocklist('organisation', uuids=uuids, comment=comment, org_name=org_name)
def _update_entries_in_blacklist(self, blacklist_type: str, uuid, **kwargs) -> Dict: def _update_entries_in_blocklist(self, blocklist_type: str, uuid, **kwargs) -> Dict:
if blacklist_type == 'event': if blocklist_type == 'event':
url = f'eventBlacklists/edit/{uuid}' url = f'eventBlocklists/edit/{uuid}'
elif blacklist_type == 'organisation': elif blocklist_type == 'organisation':
url = f'orgBlacklists/edit/{uuid}' url = f'orgBlocklists/edit/{uuid}'
else: else:
raise PyMISPError('blacklist_type can only be "event" or "organisation"') raise PyMISPError('blocklist_type can only be "event" or "organisation"')
data = {k: v for k, v in kwargs.items() if v} data = {k: v for k, v in kwargs.items() if v}
r = self._prepare_request('POST', url, data=data) r = self._prepare_request('POST', url, data=data)
return self._check_json_response(r) return self._check_json_response(r)
def update_event_blacklist(self, event_blacklist: MISPEventBlacklist, event_blacklist_id: Optional[Union[int, str, UUID]] = None, pythonify: bool = False) -> Union[Dict, MISPEventBlacklist]: def update_event_blocklist(self, event_blocklist: MISPEventBlocklist, event_blocklist_id: Optional[Union[int, str, UUID]] = None, pythonify: bool = False) -> Union[Dict, MISPEventBlocklist]:
'''Update an event in the blacklist''' '''Update an event in the blocklist'''
if event_blacklist_id is None: if event_blocklist_id is None:
eblid = get_uuid_or_id_from_abstract_misp(event_blacklist) eblid = get_uuid_or_id_from_abstract_misp(event_blocklist)
else: else:
eblid = get_uuid_or_id_from_abstract_misp(event_blacklist_id) eblid = get_uuid_or_id_from_abstract_misp(event_blocklist_id)
updated_event_blacklist = self._update_entries_in_blacklist('event', eblid, **event_blacklist) updated_event_blocklist = self._update_entries_in_blocklist('event', eblid, **event_blocklist)
if not (self.global_pythonify or pythonify) or 'errors' in updated_event_blacklist: if not (self.global_pythonify or pythonify) or 'errors' in updated_event_blocklist:
return updated_event_blacklist return updated_event_blocklist
e = MISPEventBlacklist() e = MISPEventBlocklist()
e.from_dict(**updated_event_blacklist) e.from_dict(**updated_event_blocklist)
return e return e
def update_organisation_blacklist(self, organisation_blacklist: MISPOrganisationBlacklist, organisation_blacklist_id: Optional[Union[int, str, UUID]] = None, pythonify: bool = False) -> Union[Dict, MISPOrganisationBlacklist]: def update_organisation_blocklist(self, organisation_blocklist: MISPOrganisationBlocklist, organisation_blocklist_id: Optional[Union[int, str, UUID]] = None, pythonify: bool = False) -> Union[Dict, MISPOrganisationBlocklist]:
'''Update an organisation in the blacklist''' '''Update an organisation in the blocklist'''
if organisation_blacklist_id is None: if organisation_blocklist_id is None:
oblid = get_uuid_or_id_from_abstract_misp(organisation_blacklist) oblid = get_uuid_or_id_from_abstract_misp(organisation_blocklist)
else: else:
oblid = get_uuid_or_id_from_abstract_misp(organisation_blacklist_id) oblid = get_uuid_or_id_from_abstract_misp(organisation_blocklist_id)
updated_organisation_blacklist = self._update_entries_in_blacklist('organisation', oblid, **organisation_blacklist) updated_organisation_blocklist = self._update_entries_in_blocklist('organisation', oblid, **organisation_blocklist)
if not (self.global_pythonify or pythonify) or 'errors' in updated_organisation_blacklist: if not (self.global_pythonify or pythonify) or 'errors' in updated_organisation_blocklist:
return updated_organisation_blacklist return updated_organisation_blocklist
o = MISPOrganisationBlacklist() o = MISPOrganisationBlocklist()
o.from_dict(**updated_organisation_blacklist) o.from_dict(**updated_organisation_blocklist)
return o return o
def delete_event_blacklist(self, event_blacklist: Union[MISPEventBlacklist, str, UUID]) -> Dict: def delete_event_blocklist(self, event_blocklist: Union[MISPEventBlocklist, str, UUID]) -> Dict:
'''Delete a blacklisted event''' '''Delete a blocklisted event'''
event_blacklist_id = get_uuid_or_id_from_abstract_misp(event_blacklist) event_blocklist_id = get_uuid_or_id_from_abstract_misp(event_blocklist)
response = self._prepare_request('POST', f'eventBlacklists/delete/{event_blacklist_id}') response = self._prepare_request('POST', f'eventBlocklists/delete/{event_blocklist_id}')
return self._check_json_response(response) return self._check_json_response(response)
def delete_organisation_blacklist(self, organisation_blacklist: Union[MISPOrganisationBlacklist, str, UUID]) -> Dict: def delete_organisation_blocklist(self, organisation_blocklist: Union[MISPOrganisationBlocklist, str, UUID]) -> Dict:
'''Delete a blacklisted organisation''' '''Delete a blocklisted organisation'''
org_blacklist_id = get_uuid_or_id_from_abstract_misp(organisation_blacklist) org_blocklist_id = get_uuid_or_id_from_abstract_misp(organisation_blocklist)
response = self._prepare_request('POST', f'orgBlacklists/delete/{org_blacklist_id}') response = self._prepare_request('POST', f'orgBlocklists/delete/{org_blocklist_id}')
return self._check_json_response(response) return self._check_json_response(response)
# ## END Blacklists ### # ## END Blocklists ###
# ## BEGIN Global helpers ### # ## BEGIN Global helpers ###

12
pymisp/mispevent.py
View File

@ -1699,30 +1699,30 @@ class MISPInbox(AbstractMISP):
return f'<{self.__class__.__name__}(name={self.type})>' return f'<{self.__class__.__name__}(name={self.type})>'
class MISPEventBlacklist(AbstractMISP): class MISPEventBlocklist(AbstractMISP):
def __init__(self, **kwargs): def __init__(self, **kwargs):
super().__init__(**kwargs) super().__init__(**kwargs)
self.event_uuid: str self.event_uuid: str
def from_dict(self, **kwargs): def from_dict(self, **kwargs):
if 'EventBlacklist' in kwargs: if 'EventBlocklist' in kwargs:
kwargs = kwargs['EventBlacklist'] kwargs = kwargs['EventBlocklist']
super().from_dict(**kwargs) super().from_dict(**kwargs)
def __repr__(self): def __repr__(self):
return f'<{self.__class__.__name__}(event_uuid={self.event_uuid}' return f'<{self.__class__.__name__}(event_uuid={self.event_uuid}'
class MISPOrganisationBlacklist(AbstractMISP): class MISPOrganisationBlocklist(AbstractMISP):
def __init__(self, **kwargs): def __init__(self, **kwargs):
super().__init__(**kwargs) super().__init__(**kwargs)
self.org_uuid: str self.org_uuid: str
def from_dict(self, **kwargs): def from_dict(self, **kwargs):
if 'OrgBlacklist' in kwargs: if 'OrgBlocklist' in kwargs:
kwargs = kwargs['OrgBlacklist'] kwargs = kwargs['OrgBlocklist']
super().from_dict(**kwargs) super().from_dict(**kwargs)
def __repr__(self): def __repr__(self):

30
tests/testlive_comprehensive.py
View File

@ -26,7 +26,7 @@ logger = logging.getLogger('pymisp')
try: try:
from pymisp import register_user, PyMISP, MISPEvent, MISPOrganisation, MISPUser, Distribution, ThreatLevel, Analysis, MISPObject, MISPAttribute, MISPSighting, MISPShadowAttribute, MISPTag, MISPSharingGroup, MISPFeed, MISPServer, MISPUserSetting, MISPEventBlacklist from pymisp import register_user, PyMISP, MISPEvent, MISPOrganisation, MISPUser, Distribution, ThreatLevel, Analysis, MISPObject, MISPAttribute, MISPSighting, MISPShadowAttribute, MISPTag, MISPSharingGroup, MISPFeed, MISPServer, MISPUserSetting, MISPEventBlocklist
from pymisp.tools import CSVLoader, DomainIPObject, ASNObject, GenericObjectGenerator from pymisp.tools import CSVLoader, DomainIPObject, ASNObject, GenericObjectGenerator
from pymisp.exceptions import MISPServerError from pymisp.exceptions import MISPServerError
except ImportError: except ImportError:
@ -2371,57 +2371,57 @@ class TestComprehensive(unittest.TestCase):
self.admin_misp_connector.delete_event(first) self.admin_misp_connector.delete_event(first)
self.admin_misp_connector.delete_tag(tag) self.admin_misp_connector.delete_tag(tag)
def test_blacklists(self): def test_blocklists(self):
first = self.create_simple_event() first = self.create_simple_event()
second = self.create_simple_event() second = self.create_simple_event()
second.Orgc = self.test_org second.Orgc = self.test_org
to_delete = {'bl_events': [], 'bl_organisations': []} to_delete = {'bl_events': [], 'bl_organisations': []}
try: try:
# test events BL # test events BL
ebl = self.admin_misp_connector.add_event_blacklist(uuids=[first.uuid]) ebl = self.admin_misp_connector.add_event_blocklist(uuids=[first.uuid])
self.assertEqual(ebl['result']['successes'][0], first.uuid, ebl) self.assertEqual(ebl['result']['successes'][0], first.uuid, ebl)
bl_events = self.admin_misp_connector.event_blacklists(pythonify=True) bl_events = self.admin_misp_connector.event_blocklists(pythonify=True)
for ble in bl_events: for ble in bl_events:
if ble.event_uuid == first.uuid: if ble.event_uuid == first.uuid:
to_delete['bl_events'].append(ble) to_delete['bl_events'].append(ble)
break break
else: else:
raise Exception('Unable to find UUID in Events blacklist') raise Exception('Unable to find UUID in Events blocklist')
first = self.user_misp_connector.add_event(first, pythonify=True) first = self.user_misp_connector.add_event(first, pythonify=True)
self.assertEqual(first['errors'][1]['message'], 'Could not add Event', first) self.assertEqual(first['errors'][1]['message'], 'Could not add Event', first)
ble.comment = 'This is a test' ble.comment = 'This is a test'
ble.event_info = 'foo' ble.event_info = 'foo'
ble.event_orgc = 'bar' ble.event_orgc = 'bar'
ble = self.admin_misp_connector.update_event_blacklist(ble, pythonify=True) ble = self.admin_misp_connector.update_event_blocklist(ble, pythonify=True)
self.assertEqual(ble.comment, 'This is a test') self.assertEqual(ble.comment, 'This is a test')
r = self.admin_misp_connector.delete_event_blacklist(ble) r = self.admin_misp_connector.delete_event_blocklist(ble)
self.assertTrue(r['success']) self.assertTrue(r['success'])
# test Org BL # test Org BL
obl = self.admin_misp_connector.add_organisation_blacklist(uuids=self.test_org.uuid) obl = self.admin_misp_connector.add_organisation_blocklist(uuids=self.test_org.uuid)
self.assertEqual(obl['result']['successes'][0], self.test_org.uuid, obl) self.assertEqual(obl['result']['successes'][0], self.test_org.uuid, obl)
bl_orgs = self.admin_misp_connector.organisation_blacklists(pythonify=True) bl_orgs = self.admin_misp_connector.organisation_blocklists(pythonify=True)
for blo in bl_orgs: for blo in bl_orgs:
if blo.org_uuid == self.test_org.uuid: if blo.org_uuid == self.test_org.uuid:
to_delete['bl_organisations'].append(blo) to_delete['bl_organisations'].append(blo)
break break
else: else:
raise Exception('Unable to find UUID in Orgs blacklist') raise Exception('Unable to find UUID in Orgs blocklist')
first = self.user_misp_connector.add_event(first, pythonify=True) first = self.user_misp_connector.add_event(first, pythonify=True)
self.assertEqual(first['errors'][1]['message'], 'Could not add Event', first) self.assertEqual(first['errors'][1]['message'], 'Could not add Event', first)
blo.comment = 'This is a test' blo.comment = 'This is a test'
blo.org_name = 'bar' blo.org_name = 'bar'
blo = self.admin_misp_connector.update_organisation_blacklist(blo, pythonify=True) blo = self.admin_misp_connector.update_organisation_blocklist(blo, pythonify=True)
self.assertEqual(blo.org_name, 'bar') self.assertEqual(blo.org_name, 'bar')
r = self.admin_misp_connector.delete_organisation_blacklist(blo) r = self.admin_misp_connector.delete_organisation_blocklist(blo)
self.assertTrue(r['success']) self.assertTrue(r['success'])
finally: finally:
for ble in to_delete['bl_events']: for ble in to_delete['bl_events']:
self.admin_misp_connector.delete_event_blacklist(ble) self.admin_misp_connector.delete_event_blocklist(ble)
for blo in to_delete['bl_organisations']: for blo in to_delete['bl_organisations']:
self.admin_misp_connector.delete_organisation_blacklist(blo) self.admin_misp_connector.delete_organisation_blocklist(blo)
@unittest.skip("Internal use only") @unittest.skip("Internal use only")
def missing_methods(self): def missing_methods(self):
@ -2461,7 +2461,7 @@ class TestComprehensive(unittest.TestCase):
"attributes/exportSearch", "attributes/exportSearch",
'dashboards', 'dashboards',
'decayingModel', 'decayingModel',
"eventBlacklists/massDelete", "eventBlocklists/massDelete",
"eventDelegations/view", "eventDelegations/view",
"eventDelegations/index", "eventDelegations/index",
"eventGraph/view", "eventGraph/view",