mirror of https://github.com/MISP/PyMISP
fix: Properly get body from message, without headers
Raphaël Vinot
parent
c84afb92d5
commit
e6cb8552c5
|
|
@ -1,7 +1,6 @@
|
|||
#!/usr/bin/env python3
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
from pymisp import ExpandedPyMISP
|
||||
from pymisp import PyMISP
|
||||
from pymisp.tools import EMailObject
|
||||
import traceback
|
||||
from keys import misp_url, misp_key, misp_verifycert # type: ignore
|
||||
|
|
@ -15,7 +14,7 @@ if __name__ == '__main__':
|
|||
parser.add_argument("-p", "--path", required=True, help="Path to process (expanded using glob).")
|
||||
args = parser.parse_args()
|
||||
|
||||
pymisp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert, debug=True)
|
||||
pymisp = PyMISP(misp_url, misp_key, misp_verifycert, debug=True)
|
||||
|
||||
for f in glob.glob(args.path):
|
||||
try:
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ from RTFDE.exceptions import MalformedEncapsulatedRtf, NotEncapsulatedRtf # typ
|
|||
from RTFDE.deencapsulate import DeEncapsulator # type: ignore
|
||||
from oletools.common.codepages import codepage2codec # type: ignore
|
||||
|
||||
from ..exceptions import InvalidMISPObject, PyMISPNotImplementedYet, MISPObjectException, NewAttributeError
|
||||
from ..exceptions import InvalidMISPObject, MISPObjectException, NewAttributeError
|
||||
from .abstractgenerator import AbstractMISPObjectGenerator
|
||||
|
||||
logger = logging.getLogger('pymisp')
|
||||
|
|
@ -269,13 +269,14 @@ class EMailObject(AbstractMISPObjectGenerator):
|
|||
data=self.raw_emails.get('msg'))
|
||||
|
||||
message = self.email
|
||||
body: EmailMessage
|
||||
|
||||
if body := message.get_body(preferencelist=['plain']):
|
||||
comment = f"{body.get_content_type()} body"
|
||||
if self.encapsulated_body == body.get_content_type():
|
||||
comment += " De-Encapsulated from RTF in original msg."
|
||||
self.add_attribute("email-body",
|
||||
body.as_string(),
|
||||
body.get_content(),
|
||||
comment=comment)
|
||||
|
||||
if body := message.get_body(preferencelist=['html']):
|
||||
|
|
@ -283,7 +284,7 @@ class EMailObject(AbstractMISPObjectGenerator):
|
|||
if self.encapsulated_body == body.get_content_type():
|
||||
comment += " De-Encapsulated from RTF in original msg."
|
||||
self.add_attribute("email-body",
|
||||
body.as_string(),
|
||||
body.get_content(),
|
||||
comment=comment)
|
||||
|
||||
headers = [f"{k}: {v}" for k, v in message.items()]
|
||||
|
|
|
|||
Loading…
Reference in New Issue