new: Very simple test case for rest search on objects

pymisp/api.py

@@ -1494,6 +1494,7 @@ class PyMISP:
                include_sightings: Optional[bool]=None, includeSightings: Optional[bool]=None,
                include_correlations: Optional[bool]=None, includeCorrelations: Optional[bool]=None,
                include_decay_score: Optional[bool] = None, includeDecayScore: Optional[bool] = None,
+               object_name: Optional[str]=None,
                pythonify: Optional[bool]=False,
                **kwargs) -> Union[Dict, str, List[Union[MISPEvent, MISPAttribute, MISPObject]]]:
         '''Search in the MISP instance
@@ -1531,6 +1532,7 @@ class PyMISP:
         :param include_sightings: [JSON Only - Attribute] Include the sightings of the matching attributes.
         :param include_decay_score: Include the decay score at attribute level.
         :param include_correlations: [JSON Only - attribute] Include the correlations of the matching attributes.
+        :param object_name: [objects controller only] Search for objects with that name
         :param pythonify: Returns a list of PyMISP Objects instead of the plain json output. Warning: it might use a lot of RAM
 
         Deprecated:
@@ -1547,8 +1549,8 @@ class PyMISP:
 
         return_formats = ['openioc', 'json', 'xml', 'suricata', 'snort', 'text', 'rpz', 'csv', 'cache', 'stix', 'stix2', 'yara', 'yara-json', 'attack', 'attack-sightings']
 
-        if controller not in ['events', 'attributes', 'objects', 'sightings']:
+        if controller not in ['events', 'attributes', 'objects']:
-            raise ValueError('controller has to be in {}'.format(', '.join(['events', 'attributes', 'objects', 'sightings'])))
+            raise ValueError('controller has to be in {}'.format(', '.join(['events', 'attributes', 'objects'])))
 
         # Deprecated stuff / synonyms
         if quickFilter is not None:
@@ -1626,6 +1628,7 @@ class PyMISP:
         query['includeSightings'] = self._make_misp_bool(include_sightings)
         query['includeDecayScore'] = self._make_misp_bool(include_decay_score)
         query['includeCorrelations'] = self._make_misp_bool(include_correlations)
+        query['object_name'] = object_name
         url = urljoin(self.root_url, f'{controller}/restSearch')
         response = self._prepare_request('POST', url, data=query)
 

tests/testlive_comprehensive.py

@@ -293,6 +293,24 @@ class TestComprehensive(unittest.TestCase):
             self.admin_misp_connector.delete_event(second)
             self.admin_misp_connector.delete_event(third)
 
+    def test_search_objects(self):
+        '''Search for objects'''
+        try:
+            first = self.create_simple_event()
+            obj = MISPObject('file')
+            obj.add_attribute('filename', 'foo')
+            first.add_object(obj)
+            first = self.user_misp_connector.add_event(first)
+            logger = logging.getLogger('pymisp')
+            logger.setLevel(logging.DEBUG)
+            objects = self.user_misp_connector.search(controller='objects',
+                                                      object_name='file', pythonify=True)
+            self.assertEqual(len(objects), 1)
+            self.assertEqual(objects[0].attributes[0].value, 'foo')
+        finally:
+            # Delete event
+            self.admin_misp_connector.delete_event(first)
+
     def test_search_type_attribute(self):
         '''Search multiple attributes, search attributes with specific types'''
         try: