MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity

fix: Properly get body from message, without headers

pull/1152/head
Raphaël Vinot 2024-02-12 11:41:08 +01:00
parent c84afb92d5
commit e6cb8552c5
2 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
examples/add_email_object.py
View File

@ -1,7 +1,6 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
# -*- coding: utf-8 -*-
from pymisp import ExpandedPyMISP from pymisp import PyMISP
from pymisp.tools import EMailObject from pymisp.tools import EMailObject
import traceback import traceback
from keys import misp_url, misp_key, misp_verifycert # type: ignore from keys import misp_url, misp_key, misp_verifycert # type: ignore
@ -15,7 +14,7 @@ if __name__ == '__main__':
parser.add_argument("-p", "--path", required=True, help="Path to process (expanded using glob).") parser.add_argument("-p", "--path", required=True, help="Path to process (expanded using glob).")
args = parser.parse_args() args = parser.parse_args()
pymisp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert, debug=True) pymisp = PyMISP(misp_url, misp_key, misp_verifycert, debug=True)
for f in glob.glob(args.path): for f in glob.glob(args.path):
try: try:

7
pymisp/tools/emailobject.py
View File

@ -20,7 +20,7 @@ from RTFDE.exceptions import MalformedEncapsulatedRtf, NotEncapsulatedRtf # typ
from RTFDE.deencapsulate import DeEncapsulator # type: ignore from RTFDE.deencapsulate import DeEncapsulator # type: ignore
from oletools.common.codepages import codepage2codec # type: ignore from oletools.common.codepages import codepage2codec # type: ignore
from ..exceptions import InvalidMISPObject, PyMISPNotImplementedYet, MISPObjectException, NewAttributeError from ..exceptions import InvalidMISPObject, MISPObjectException, NewAttributeError
from .abstractgenerator import AbstractMISPObjectGenerator from .abstractgenerator import AbstractMISPObjectGenerator
logger = logging.getLogger('pymisp') logger = logging.getLogger('pymisp')
@ -269,13 +269,14 @@ class EMailObject(AbstractMISPObjectGenerator):
data=self.raw_emails.get('msg')) data=self.raw_emails.get('msg'))
message = self.email message = self.email
body: EmailMessage
if body := message.get_body(preferencelist=['plain']): if body := message.get_body(preferencelist=['plain']):
comment = f"{body.get_content_type()} body" comment = f"{body.get_content_type()} body"
if self.encapsulated_body == body.get_content_type(): if self.encapsulated_body == body.get_content_type():
comment += " De-Encapsulated from RTF in original msg." comment += " De-Encapsulated from RTF in original msg."
self.add_attribute("email-body", self.add_attribute("email-body",
body.as_string(), body.get_content(),
comment=comment) comment=comment)
if body := message.get_body(preferencelist=['html']): if body := message.get_body(preferencelist=['html']):
@ -283,7 +284,7 @@ class EMailObject(AbstractMISPObjectGenerator):
if self.encapsulated_body == body.get_content_type(): if self.encapsulated_body == body.get_content_type():
comment += " De-Encapsulated from RTF in original msg." comment += " De-Encapsulated from RTF in original msg."
self.add_attribute("email-body", self.add_attribute("email-body",
body.as_string(), body.get_content(),
comment=comment) comment=comment)
headers = [f"{k}: {v}" for k, v in message.items()] headers = [f"{k}: {v}" for k, v in message.items()]