From c098981a40b72d0eb277be5c991e5949adee2fa5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Thu, 7 May 2020 13:59:45 +0200 Subject: [PATCH] new: Very simple test case for rest search on objects --- pymisp/api.py | 7 +++++-- tests/testlive_comprehensive.py | 18 ++++++++++++++++++ 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/pymisp/api.py b/pymisp/api.py index 6f6eb8e..d067bf2 100644 --- a/pymisp/api.py +++ b/pymisp/api.py @@ -1494,6 +1494,7 @@ class PyMISP: include_sightings: Optional[bool]=None, includeSightings: Optional[bool]=None, include_correlations: Optional[bool]=None, includeCorrelations: Optional[bool]=None, include_decay_score: Optional[bool] = None, includeDecayScore: Optional[bool] = None, + object_name: Optional[str]=None, pythonify: Optional[bool]=False, **kwargs) -> Union[Dict, str, List[Union[MISPEvent, MISPAttribute, MISPObject]]]: '''Search in the MISP instance @@ -1531,6 +1532,7 @@ class PyMISP: :param include_sightings: [JSON Only - Attribute] Include the sightings of the matching attributes. :param include_decay_score: Include the decay score at attribute level. :param include_correlations: [JSON Only - attribute] Include the correlations of the matching attributes. + :param object_name: [objects controller only] Search for objects with that name :param pythonify: Returns a list of PyMISP Objects instead of the plain json output. Warning: it might use a lot of RAM Deprecated: @@ -1547,8 +1549,8 @@ class PyMISP: return_formats = ['openioc', 'json', 'xml', 'suricata', 'snort', 'text', 'rpz', 'csv', 'cache', 'stix', 'stix2', 'yara', 'yara-json', 'attack', 'attack-sightings'] - if controller not in ['events', 'attributes', 'objects', 'sightings']: - raise ValueError('controller has to be in {}'.format(', '.join(['events', 'attributes', 'objects', 'sightings']))) + if controller not in ['events', 'attributes', 'objects']: + raise ValueError('controller has to be in {}'.format(', '.join(['events', 'attributes', 'objects']))) # Deprecated stuff / synonyms if quickFilter is not None: @@ -1626,6 +1628,7 @@ class PyMISP: query['includeSightings'] = self._make_misp_bool(include_sightings) query['includeDecayScore'] = self._make_misp_bool(include_decay_score) query['includeCorrelations'] = self._make_misp_bool(include_correlations) + query['object_name'] = object_name url = urljoin(self.root_url, f'{controller}/restSearch') response = self._prepare_request('POST', url, data=query) diff --git a/tests/testlive_comprehensive.py b/tests/testlive_comprehensive.py index ffd1129..73bc244 100644 --- a/tests/testlive_comprehensive.py +++ b/tests/testlive_comprehensive.py @@ -293,6 +293,24 @@ class TestComprehensive(unittest.TestCase): self.admin_misp_connector.delete_event(second) self.admin_misp_connector.delete_event(third) + def test_search_objects(self): + '''Search for objects''' + try: + first = self.create_simple_event() + obj = MISPObject('file') + obj.add_attribute('filename', 'foo') + first.add_object(obj) + first = self.user_misp_connector.add_event(first) + logger = logging.getLogger('pymisp') + logger.setLevel(logging.DEBUG) + objects = self.user_misp_connector.search(controller='objects', + object_name='file', pythonify=True) + self.assertEqual(len(objects), 1) + self.assertEqual(objects[0].attributes[0].value, 'foo') + finally: + # Delete event + self.admin_misp_connector.delete_event(first) + def test_search_type_attribute(self): '''Search multiple attributes, search attributes with specific types''' try: