mirror of https://github.com/MISP/PyMISP
Merge branch 'master' of github.com:MISP/PyMISP
commit
bb9976a062
|
@ -1194,7 +1194,7 @@ class PyMISP(object):
|
||||||
rules = '\n\n'.join([a['value'] for a in result['response']['Attribute']])
|
rules = '\n\n'.join([a['value'] for a in result['response']['Attribute']])
|
||||||
return True, rules
|
return True, rules
|
||||||
|
|
||||||
def download_samples(self, sample_hash=None, event_id=None, all_samples=False):
|
def download_samples(self, sample_hash=None, event_id=None, all_samples=False, unzip=True):
|
||||||
"""Download samples, by hash or event ID. If there are multiple samples in one event, use the all_samples switch"""
|
"""Download samples, by hash or event ID. If there are multiple samples in one event, use the all_samples switch"""
|
||||||
url = urljoin(self.root_url, 'attributes/downloadSample')
|
url = urljoin(self.root_url, 'attributes/downloadSample')
|
||||||
to_post = {'request': {'hash': sample_hash, 'eventID': event_id, 'allSamples': all_samples}}
|
to_post = {'request': {'hash': sample_hash, 'eventID': event_id, 'allSamples': all_samples}}
|
||||||
|
@ -1208,19 +1208,21 @@ class PyMISP(object):
|
||||||
for f in result['result']:
|
for f in result['result']:
|
||||||
decoded = base64.b64decode(f['base64'])
|
decoded = base64.b64decode(f['base64'])
|
||||||
zipped = BytesIO(decoded)
|
zipped = BytesIO(decoded)
|
||||||
try:
|
if unzip:
|
||||||
archive = zipfile.ZipFile(zipped)
|
try:
|
||||||
if f.get('md5') and f['md5'] in archive.infolist():
|
archive = zipfile.ZipFile(zipped)
|
||||||
# New format
|
if f.get('md5') and f['md5'] in archive.namelist():
|
||||||
unzipped = BytesIO(archive.open(f['md5'], pwd=b'infected').read())
|
# New format
|
||||||
else:
|
unzipped = BytesIO(archive.open(f['md5'], pwd=b'infected').read())
|
||||||
# Old format
|
else:
|
||||||
unzipped = BytesIO(archive.open(f['filename'], pwd=b'infected').read())
|
# Old format
|
||||||
details.append([f['event_id'], f['filename'], unzipped])
|
unzipped = BytesIO(archive.open(f['filename'], pwd=b'infected').read())
|
||||||
except zipfile.BadZipfile:
|
details.append([f['event_id'], f['filename'], unzipped])
|
||||||
# In case the sample isn't zipped
|
except zipfile.BadZipfile:
|
||||||
details.append([f['event_id'], f['filename'], zipped])
|
# In case the sample isn't zipped
|
||||||
|
details.append([f['event_id'], f['filename'], zipped])
|
||||||
|
else:
|
||||||
|
details.append([f['event_id'], "{0}.zip".format(f['filename']), zipped])
|
||||||
return True, details
|
return True, details
|
||||||
|
|
||||||
def download_last(self, last):
|
def download_last(self, last):
|
||||||
|
|
Loading…
Reference in New Issue