Do not fail if pymisp is not installed

2017-08-25 16:08:05 +02:00 · 2017-08-25 16:08:05 +02:00 · f06bfd310b
parent 44008d1c0c
commit f06bfd310b
6 changed files with 196 additions and 11 deletions
--- a/examples/generate_file_objects.py
+++ b/examples/generate_file_objects.py
@ -1,11 +1,14 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-

-from pymisp import MISPEncode
-from pymisp.tools import make_binary_objects
 import argparse
 import json

+try:
+    from pymisp import MISPEncode
+    from pymisp.tools import make_binary_objects
+except ImportError:
+    pass

 def check():
    missing_dependencies = {'pydeep': False, 'lief': False, 'magic': False, 'pymisp': False}
--- a/pymisp/init.py
+++ b/pymisp/init.py
@ -1,9 +1,12 @@
 __version__ = '2.4.77'

-from .exceptions import PyMISPError, NewEventError, NewAttributeError, MissingDependency, NoURL, NoKey
-from .api import PyMISP
-from .abstract import AbstractMISP, MISPEncode
-from .mispevent import MISPEvent, MISPAttribute, EncodeUpdate, EncodeFull
-from .tools import Neo4j
-from .tools import stix
-from .tools import MISPObjectGenerator
+try:
+    from .exceptions import PyMISPError, NewEventError, NewAttributeError, MissingDependency, NoURL, NoKey
+    from .api import PyMISP
+    from .abstract import AbstractMISP, MISPEncode
+    from .mispevent import MISPEvent, MISPAttribute, EncodeUpdate, EncodeFull
+    from .tools import Neo4j
+    from .tools import stix
+    from .tools import MISPObjectGenerator
+except ImportError:
+    pass
--- a/pymisp/abstract.py
+++ b/pymisp/abstract.py
@ -1,12 +1,12 @@
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-

-import six  # Remove that import when discarding python2 support.
 import abc
 import json
 from json import JSONEncoder
 import collections

+import six  # Remove that import when discarding python2 support.

 class MISPEncode(JSONEncoder):

--- a/pymisp/tools/elfobject.py
+++ b/pymisp/tools/elfobject.py
@ -0,0 +1,91 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+from pymisp.tools import MISPObjectGenerator
+from io import BytesIO
+from hashlib import md5, sha1, sha256, sha512
+import warnings
+
+
+try:
+    import lief
+    HAS_LIEF = True
+except ImportError:
+    HAS_LIEF = False
+
+try:
+    import pydeep
+    HAS_PYDEEP = True
+except ImportError:
+    HAS_PYDEEP = False
+
+
+class ELFObject(MISPObjectGenerator):
+
+    def __init__(self, parsed=None, filepath=None, pseudofile=None):
+        if not HAS_PYDEEP:
+            warnings.warn("Please install pydeep: pip install git+https://github.com/kbandla/pydeep.git")
+        if not HAS_LIEF:
+            raise ImportError('Please install lief, documentation here: https://github.com/lief-project/LIEF')
+        if pseudofile:
+            if isinstance(pseudofile, BytesIO):
+                self.elf = lief.ELF.parse(raw=pseudofile.getvalue())
+            elif isinstance(pseudofile, bytes):
+                self.elf = lief.ELF.parse(raw=pseudofile)
+            else:
+                raise Exception('Pseudo file can be BytesIO or bytes got {}'.format(type(pseudofile)))
+        elif filepath:
+            self.elf = lief.ELF.parse(filepath)
+        elif parsed:
+            # Got an already parsed blob
+            if isinstance(parsed, lief.ELF.Binary):
+                self.elf = parsed
+            else:
+                raise Exception('Not a lief.ELF.Binary: {}'.format(type(parsed)))
+        # Python3 way
+        # super().__init__('elf')
+        super(ELFObject, self).__init__('elf')
+        self.generate_attributes()
+
+    def generate_attributes(self):
+        # General information
+        self._create_attribute('type', value=str(self.elf.header.file_type).split('.')[1])
+        self._create_attribute('entrypoint-address', value=self.elf.entrypoint)
+        self._create_attribute('arch', value=str(self.elf.header.machine_type).split('.')[1])
+        self._create_attribute('os_abi', value=str(self.elf.header.identity_os_abi).split('.')[1])
+        # Sections
+        self.sections = []
+        if self.elf.sections:
+            pos = 0
+            for section in self.elf.sections:
+                s = ELFSectionObject(section)
+                self.add_reference(s.uuid, 'included-in', 'Section {} of ELF'.format(pos))
+                pos += 1
+                self.sections.append(s)
+        self._create_attribute('number-sections', value=len(self.sections))
+
+
+class ELFSectionObject(MISPObjectGenerator):
+
+    def __init__(self, section):
+        # Python3 way
+        # super().__init__('pe-section')
+        super(ELFSectionObject, self).__init__('elf-section')
+        self.section = section
+        self.data = bytes(self.section.content)
+        self.generate_attributes()
+
+    def generate_attributes(self):
+        self._create_attribute('name', value=self.section.name)
+        self._create_attribute('type', value=str(self.section.type).split('.')[1])
+        print(self.section.flags)
+        # self._create_attribute('flag', value=str(self.section.flags).split('.')[1])
+        size = self._create_attribute('size-in-bytes', value=self.section.size)
+        if int(size.value) > 0:
+            self._create_attribute('entropy', value=self.section.entropy)
+            self._create_attribute('md5', value=md5(self.data).hexdigest())
+            self._create_attribute('sha1', value=sha1(self.data).hexdigest())
+            self._create_attribute('sha256', value=sha256(self.data).hexdigest())
+            self._create_attribute('sha512', value=sha512(self.data).hexdigest())
+            if HAS_PYDEEP:
+                self._create_attribute('ssdeep', value=pydeep.hash_buf(self.data).decode())
--- a/pymisp/tools/machoobject.py
+++ b/pymisp/tools/machoobject.py
@ -0,0 +1,88 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+from pymisp.tools import MISPObjectGenerator
+from io import BytesIO
+from hashlib import md5, sha1, sha256, sha512
+import warnings
+
+
+try:
+    import lief
+    HAS_LIEF = True
+except ImportError:
+    HAS_LIEF = False
+
+try:
+    import pydeep
+    HAS_PYDEEP = True
+except ImportError:
+    HAS_PYDEEP = False
+
+
+class MachOObject(MISPObjectGenerator):
+
+    def __init__(self, parsed=None, filepath=None, pseudofile=None):
+        if not HAS_PYDEEP:
+            warnings.warn("Please install pydeep: pip install git+https://github.com/kbandla/pydeep.git")
+        if not HAS_LIEF:
+            raise ImportError('Please install lief, documentation here: https://github.com/lief-project/LIEF')
+        if pseudofile:
+            if isinstance(pseudofile, BytesIO):
+                self.macho = lief.MachO.parse(raw=pseudofile.getvalue())
+            elif isinstance(pseudofile, bytes):
+                self.macho = lief.MachO.parse(raw=pseudofile)
+            else:
+                raise Exception('Pseudo file can be BytesIO or bytes got {}'.format(type(pseudofile)))
+        elif filepath:
+            self.macho = lief.MachO.parse(filepath)
+        elif parsed:
+            # Got an already parsed blob
+            if isinstance(parsed, lief.MachO.Binary):
+                self.macho = parsed
+            else:
+                raise Exception('Not a lief.MachO.Binary: {}'.format(type(parsed)))
+        # Python3 way
+        # super().__init__('elf')
+        super(MachOObject, self).__init__('macho')
+        self.generate_attributes()
+
+    def generate_attributes(self):
+        self._create_attribute('type', value=str(self.macho.header.file_type).split('.')[1])
+        self._create_attribute('name', value=self.macho.name)
+        # General information
+        if self.macho.has_entrypoint:
+            self._create_attribute('entrypoint-address', value=self.macho.entrypoint)
+        # Sections
+        self.sections = []
+        if self.macho.sections:
+            pos = 0
+            for section in self.macho.sections:
+                s = MachOSectionObject(section)
+                self.add_reference(s.uuid, 'included-in', 'Section {} of MachO'.format(pos))
+                pos += 1
+                self.sections.append(s)
+        self._create_attribute('number-sections', value=len(self.sections))
+
+
+class MachOSectionObject(MISPObjectGenerator):
+
+    def __init__(self, section):
+        # Python3 way
+        # super().__init__('pe-section')
+        super(MachOSectionObject, self).__init__('macho-section')
+        self.section = section
+        self.data = bytes(self.section.content)
+        self.generate_attributes()
+
+    def generate_attributes(self):
+        self._create_attribute('name', value=self.section.name)
+        size = self._create_attribute('size-in-bytes', value=self.section.size)
+        if int(size.value) > 0:
+            self._create_attribute('entropy', value=self.section.entropy)
+            self._create_attribute('md5', value=md5(self.data).hexdigest())
+            self._create_attribute('sha1', value=sha1(self.data).hexdigest())
+            self._create_attribute('sha256', value=sha256(self.data).hexdigest())
+            self._create_attribute('sha512', value=sha512(self.data).hexdigest())
+            if HAS_PYDEEP:
+                self._create_attribute('ssdeep', value=pydeep.hash_buf(self.data).decode())
--- a/setup.py
+++ b/setup.py
@ -27,7 +27,7 @@ setup(
        'Topic :: Internet',
    ],
    test_suite="tests",
-    install_requires=['requests', 'python-dateutil', 'jsonschema'],
+    install_requires=['six', 'requests', 'python-dateutil', 'jsonschema'],
    include_package_data=True,
    package_data={'pymisp': ['data/*.json', 'data/misp-objects/schema_objects.json',
                             'data/misp-objects/schema_relationships.json',