From 93cff2e50e7316d3b3efd858be579f06f54e7ef2 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <mokaddem.sami@gmail.com>
Date: Fri, 5 Nov 2021 11:37:10 +0100
Subject: [PATCH] chg: [feed-generator] Added exclude malware samples option

---
 examples/feed-generator/generate.py         | 13 +++++++++++--
 examples/feed-generator/settings.default.py |  6 ++++++
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/examples/feed-generator/generate.py b/examples/feed-generator/generate.py
index 2ff423d..9449a7a 100755
--- a/examples/feed-generator/generate.py
+++ b/examples/feed-generator/generate.py
@@ -12,6 +12,11 @@ try:
 except ImportError:
     include_deleted = False
 
+try:
+    from settings import exclude_malware_samples
+except ImportError:
+    exclude_malware_samples = False
+
 valid_attribute_distributions = []
 
 
@@ -70,9 +75,13 @@ if __name__ == '__main__':
     for event in events:
         try:
             e = misp.get_event(event.uuid, deleted=include_deleted, pythonify=True)
+            if exclude_malware_samples:
+                for i, attribute in enumerate(e.attributes):
+                    if attribute.type == 'malware-sample':
+                        del e.attributes[i]
             e_feed = e.to_feed(valid_distributions=valid_attribute_distributions, with_meta=True)
-        except Exception as e:
-            print(e, event.uuid)
+        except Exception as err:
+            print(err, event.uuid)
             continue
         if not e_feed:
             print(f'Invalid distribution {e.distribution}, skipping')
diff --git a/examples/feed-generator/settings.default.py b/examples/feed-generator/settings.default.py
index 5df0130..e5de19d 100755
--- a/examples/feed-generator/settings.default.py
+++ b/examples/feed-generator/settings.default.py
@@ -42,3 +42,9 @@ include_deleted = False
 # 5: Inherit Event
 valid_attribute_distribution_levels = ['0', '1', '2', '3', '4', '5']
 
+
+# By default, all attribute passing the filtering rules will be exported.
+# This setting can be used to filter out attributes being of the type `malaware-sample`. 
+# Warning: Keep in mind that if you propagate data (via synchronisation/feeds/...), recipients
+# will not be able to get the malware samples back.
+exclude_malware_samples = False
\ No newline at end of file