diff --git a/pymisp/tools/create_misp_object.py b/pymisp/tools/create_misp_object.py index dd5950d..976db49 100644 --- a/pymisp/tools/create_misp_object.py +++ b/pymisp/tools/create_misp_object.py @@ -45,9 +45,9 @@ def make_macho_objects(lief_parsed, misp_file): return misp_file, macho_object, macho_sections -def make_binary_objects(filepath): - misp_file = FileObject(filepath) - if HAS_LIEF: +def make_binary_objects(filepath=None, pseudofile=None, filename=None): + misp_file = FileObject(filepath=filepath, pseudofile=pseudofile, filename=filename) + if HAS_LIEF and filepath: try: lief_parsed = lief.parse(filepath) if isinstance(lief_parsed, lief.PE.Binary): @@ -64,6 +64,8 @@ def make_binary_objects(filepath): warnings.warn('\tParser error: ', e) except FileTypeNotImplemented as e: # noqa warnings.warn(e) - else: + if not HAS_LIEF: warnings.warn('Please install lief, documentation here: https://github.com/lief-project/LIEF') + if not filepath: + warnings.warn('LIEF currently requires a filepath and not a pseudo file') return misp_file, None, None diff --git a/pymisp/tools/elfobject.py b/pymisp/tools/elfobject.py index 3a812a4..ee3bd29 100644 --- a/pymisp/tools/elfobject.py +++ b/pymisp/tools/elfobject.py @@ -2,6 +2,7 @@ # -*- coding: utf-8 -*- from .abstractgenerator import AbstractMISPObjectGenerator +from ..exceptions import InvalidMISPObject from io import BytesIO from hashlib import md5, sha1, sha256, sha512 import warnings @@ -33,7 +34,7 @@ class ELFObject(AbstractMISPObjectGenerator): elif isinstance(pseudofile, bytes): self.__elf = lief.ELF.parse(raw=pseudofile) else: - raise Exception('Pseudo file can be BytesIO or bytes got {}'.format(type(pseudofile))) + raise InvalidMISPObject('Pseudo file can be BytesIO or bytes got {}'.format(type(pseudofile))) elif filepath: self.__elf = lief.ELF.parse(filepath) elif parsed: @@ -41,7 +42,7 @@ class ELFObject(AbstractMISPObjectGenerator): if isinstance(parsed, lief.ELF.Binary): self.__elf = parsed else: - raise Exception('Not a lief.ELF.Binary: {}'.format(type(parsed))) + raise InvalidMISPObject('Not a lief.ELF.Binary: {}'.format(type(parsed))) super(ELFObject, self).__init__('elf') self.generate_attributes() # Mark as non_jsonable because we need to add them manually diff --git a/pymisp/tools/fileobject.py b/pymisp/tools/fileobject.py index dd5d025..e75884c 100644 --- a/pymisp/tools/fileobject.py +++ b/pymisp/tools/fileobject.py @@ -1,6 +1,7 @@ #!/usr/bin/env python3 # -*- coding: utf-8 -*- +from ..exceptions import InvalidMISPObject from .abstractgenerator import AbstractMISPObjectGenerator import os from io import BytesIO @@ -29,18 +30,22 @@ class FileObject(AbstractMISPObjectGenerator): warnings.warn("Please install pydeep: pip install git+https://github.com/kbandla/pydeep.git") if not HAS_MAGIC: warnings.warn("Please install python-magic: pip install python-magic.") + if filename: + # Useful in case the file is copied with a pre-defined name by a script but we want to keep the original name + self.__filename = filename + elif filepath: + self.__filename = os.path.basename(filepath) + else: + raise InvalidMISPObject('A file name is required (either in the path, or as a parameter).') + if filepath: - self.filepath = filepath - self.filename = os.path.basename(self.filepath) with open(filepath, 'rb') as f: self.__pseudofile = BytesIO(f.read()) elif pseudofile and isinstance(pseudofile, BytesIO): # WARNING: lief.parse requires a path - self.filepath = None self.__pseudofile = pseudofile - self.filename = filename else: - raise Exception('File buffer (BytesIO) or a path is required.') + raise InvalidMISPObject('File buffer (BytesIO) or a path is required.') # PY3 way: # super().__init__('file') super(FileObject, self).__init__('file') @@ -50,7 +55,7 @@ class FileObject(AbstractMISPObjectGenerator): self.update_not_jsonable('ObjectReference') def generate_attributes(self): - self.add_attribute('filename', value=self.filename) + self.add_attribute('filename', value=self.__filename) size = self.add_attribute('size-in-bytes', value=len(self.__data)) if int(size.value) > 0: self.add_attribute('entropy', value=self.__entropy_H(self.__data)) @@ -58,7 +63,7 @@ class FileObject(AbstractMISPObjectGenerator): self.add_attribute('sha1', value=sha1(self.__data).hexdigest()) self.add_attribute('sha256', value=sha256(self.__data).hexdigest()) self.add_attribute('sha512', value=sha512(self.__data).hexdigest()) - self.add_attribute('malware-sample', value=self.filename, data=self.__pseudofile) + self.add_attribute('malware-sample', value=self.__filename, data=self.__pseudofile) if HAS_MAGIC: self.add_attribute('mimetype', value=magic.from_buffer(self.__data)) if HAS_PYDEEP: diff --git a/pymisp/tools/machoobject.py b/pymisp/tools/machoobject.py index ccebd9f..15663c9 100644 --- a/pymisp/tools/machoobject.py +++ b/pymisp/tools/machoobject.py @@ -1,6 +1,7 @@ #!/usr/bin/env python3 # -*- coding: utf-8 -*- +from ..exceptions import InvalidMISPObject from .abstractgenerator import AbstractMISPObjectGenerator from io import BytesIO from hashlib import md5, sha1, sha256, sha512 @@ -33,7 +34,7 @@ class MachOObject(AbstractMISPObjectGenerator): elif isinstance(pseudofile, bytes): self.__macho = lief.MachO.parse(raw=pseudofile) else: - raise Exception('Pseudo file can be BytesIO or bytes got {}'.format(type(pseudofile))) + raise InvalidMISPObject('Pseudo file can be BytesIO or bytes got {}'.format(type(pseudofile))) elif filepath: self.__macho = lief.MachO.parse(filepath) elif parsed: @@ -41,7 +42,7 @@ class MachOObject(AbstractMISPObjectGenerator): if isinstance(parsed, lief.MachO.Binary): self.__macho = parsed else: - raise Exception('Not a lief.MachO.Binary: {}'.format(type(parsed))) + raise InvalidMISPObject('Not a lief.MachO.Binary: {}'.format(type(parsed))) # Python3 way # super().__init__('elf') super(MachOObject, self).__init__('macho') diff --git a/pymisp/tools/peobject.py b/pymisp/tools/peobject.py index 2786e45..3467243 100644 --- a/pymisp/tools/peobject.py +++ b/pymisp/tools/peobject.py @@ -1,6 +1,7 @@ #!/usr/bin/env python3 # -*- coding: utf-8 -*- +from ..exceptions import InvalidMISPObject from .abstractgenerator import AbstractMISPObjectGenerator from io import BytesIO from hashlib import md5, sha1, sha256, sha512 @@ -34,7 +35,7 @@ class PEObject(AbstractMISPObjectGenerator): elif isinstance(pseudofile, bytes): self.__pe = lief.PE.parse(raw=pseudofile) else: - raise Exception('Pseudo file can be BytesIO or bytes got {}'.format(type(pseudofile))) + raise InvalidMISPObject('Pseudo file can be BytesIO or bytes got {}'.format(type(pseudofile))) elif filepath: self.__pe = lief.PE.parse(filepath) elif parsed: @@ -42,7 +43,7 @@ class PEObject(AbstractMISPObjectGenerator): if isinstance(parsed, lief.PE.Binary): self.__pe = parsed else: - raise Exception('Not a lief.PE.Binary: {}'.format(type(parsed))) + raise InvalidMISPObject('Not a lief.PE.Binary: {}'.format(type(parsed))) # Python3 way # super().__init__('pe') super(PEObject, self).__init__('pe')