From b3376183c0a3fcc0d880accbb3c457966bd2c462 Mon Sep 17 00:00:00 2001
From: Hannah Ward <Hannah.ward9001@gmail.com>
Date: Thu, 9 Mar 2017 16:36:30 +0000
Subject: [PATCH 1/4] fix: Entrypt isn't a word! fixes #59

---
 pymisp/mispevent.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pymisp/mispevent.py b/pymisp/mispevent.py
index 14ae16a..46143b6 100644
--- a/pymisp/mispevent.py
+++ b/pymisp/mispevent.py
@@ -228,7 +228,7 @@ class MISPAttribute(object):
         if self.data:
             to_return['data'] = base64.b64encode(self.data.getvalue()).decode()
             if self.encrypt:
-                to_return['entrypt'] = self.encrypt
+                to_return['encrypt'] = self.encrypt
         to_return = _int_to_str(to_return)
         return to_return
 

From 9aec74b01cf72e09c4049da1f40f226fc71de08a Mon Sep 17 00:00:00 2001
From: Nick Driver <driver.nick@gmail.com>
Date: Thu, 9 Mar 2017 15:57:15 -0500
Subject: [PATCH 2/4] Example using the search() function

Accepts specific parameters from search() instead of just using search_all().
---
 examples/search.py | 51 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 examples/search.py

diff --git a/examples/search.py b/examples/search.py
new file mode 100644
index 0000000..a895f6d
--- /dev/null
+++ b/examples/search.py
@@ -0,0 +1,51 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+from pymisp import PyMISP
+from keys import misp_url, misp_key,misp_verifycert
+import argparse
+import os
+import json
+
+
+def init(url, key):
+    return PyMISP(url, key, misp_verifycert, 'json')
+
+
+def search(m, quiet, url, controller, out=None, **kwargs):
+    result = m.search(controller, **kwargs)
+    if quiet:
+        for e in result['response']:
+            print('{}{}{}\n'.format(url, '/events/view/', e['Event']['id']))
+    elif out is None:
+        for e in result['response']:
+            print(json.dumps(e) + '\n')
+    else:
+        with open(out, 'w') as f:
+            for e in result['response']:
+                f.write(json.dumps(e) + '\n')
+                
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description='Get all the events matching a value for a given param.')
+    parser.add_argument("-p", "--param", required=True, help="Parameter to search (e.g. category, org, etc.)")
+    parser.add_argument("-s", "--search", required=True, help="String to search.")
+    parser.add_argument("-a", "--attributes", action='store_true', help="Search attributes instead of events")
+    parser.add_argument("-q", "--quiet", action='store_true', help="Only display URLs to MISP")
+    parser.add_argument("-o", "--output", help="Output file")
+
+    args = parser.parse_args()
+
+    if args.output is not None and os.path.exists(args.output):
+        print('Output file already exists, abort.')
+        exit(0)
+
+    misp = init(misp_url, misp_key)
+    kwargs = {args.param: args.search}
+
+    if args.attributes:
+        controller='attributes'
+    else:
+        controller='events'
+
+    search(misp, args.quiet, misp_url, controller, args.output, **kwargs)

From 0636b9393e14c9d493ad610406141777e06d6ebf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?D=C3=A9borah=20Servili?=
 <Delta-Sierra@users.noreply.github.com>
Date: Fri, 10 Mar 2017 14:48:11 +0100
Subject: [PATCH 3/4] fix add_domain_ip

---
 pymisp/api.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pymisp/api.py b/pymisp/api.py
index a624e7a..4b7460c 100644
--- a/pymisp/api.py
+++ b/pymisp/api.py
@@ -541,6 +541,8 @@ class PyMISP(object):
         return self.add_named_attribute(event, 'domain', domain, category, to_ids, comment, distribution, proposal)
 
     def add_domain_ip(self, event, domain, ip, category='Network activity', to_ids=True, comment=None, distribution=None, proposal=False):
+        if isinstance(ip, str):
+            ip = [ip]
         composed = list(map(lambda x: '%s|%s' % (domain, x), ip))
         return self.add_named_attribute(event, 'domain|ip', composed, category, to_ids, comment, distribution, proposal)
 

From 97e799e68ac8201b139a0df3993190c9145e61a7 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Fri, 10 Mar 2017 16:32:15 +0100
Subject: [PATCH 4/4] Small change to make travis happy

- attribute_count default changed to 0 in misp
---
 tests/test.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/test.py b/tests/test.py
index bf94b97..f679136 100755
--- a/tests/test.py
+++ b/tests/test.py
@@ -42,7 +42,7 @@ class TestBasic(unittest.TestCase):
         event = self.misp.new_event(0, 1, 0, "This is a test")
         event_id = self._clean_event(event)
         to_check = {u'Event': {u'info': u'This is a test', u'locked': False,
-                               u'attribute_count': None, 'disable_correlation': False, u'analysis': u'0',
+                               u'attribute_count': u'0', 'disable_correlation': False, u'analysis': u'0',
                                u'ShadowAttribute': [], u'published': False,
                                u'distribution': u'0', u'event_creator_email': u'admin@admin.test', u'Attribute': [], u'proposal_email_lock': False,
                                u'Org': {u'name': u'ORGNAME'},