Commit Graph

226 Commits (e53e1a06e6a5960be320cc31cae9aa45bd1806b6)

Author SHA1 Message Date
Raphaël Vinot c5c1d84bcf fix: Better warning if lief is outdated. 2021-01-21 11:55:30 +01:00
Raphaël Vinot 76c4f92c17 chg: Use lief 0.11.0, generate authenticode entries 2021-01-19 15:44:58 +01:00
Raphaël Vinot de6125a623 fix: Do not fail if extract_msg is missing 2021-01-11 14:57:22 +01:00
Raphaël Vinot fa95c9d84f fix: Properly decode the body depending on the encoding of the email
Fix #671
2021-01-11 14:15:34 +01:00
Raphaël Vinot c50bbd5d1c chg: Add controller argument to get_csv script 2021-01-11 11:49:12 +01:00
seamus tuohy 87c02da0d7 Updated emailobject.
Email object no longer requires extra php libraries for install.
Tests have been expanded to improve coverage.
RTF encapsulated HTML and Plain Text will now be de-encapsulated.
The raw MSG binary will now be included in the extracted email object.
2020-12-28 13:47:21 -05:00
nighttardis 2a4b215026 adding check if "from" is in the "received" header row 2020-11-30 18:45:53 -06:00
Raphaël Vinot 9046b08a3c fix: Do not fail on PyMISP import when mail-parser is not present 2020-11-24 14:56:29 +01:00
Raphaël Vinot 71fe62b466 fix: Make mail-parser really optional 2020-11-24 12:18:35 +01:00
Raphaël Vinot 9fed66eb2b chg: Make mail-parser an optional dependency 2020-11-24 11:17:23 +01:00
Raphaël Vinot b55370cdad chg: Improve error handling for Outlook emails
Related: #631
2020-11-19 11:38:35 +01:00
Jakub Onderka 9fd3d8a3e3 fix: [emailobject] Correctly parse multiple addresses 2020-10-24 17:24:18 +02:00
Jakub Onderka 055ef16e41 new: Test parsing just email header 2020-10-24 17:24:18 +02:00
Jakub Onderka 5e0ad0a47f new: Test parsing outlook message format 2020-10-24 17:24:18 +02:00
Jakub Onderka f598865ce4 new: Refactored emailobject generator 2020-10-24 17:24:17 +02:00
Jakub Onderka d39d4caf7d new: Export display name from email 2020-10-24 17:16:16 +02:00
Jakub Onderka c2fedc3850 new: Parse date from email 2020-10-24 17:16:16 +02:00
garanews cd785aab09 fix typo
fix typo
2020-10-01 13:45:29 +02:00
Raphaël Vinot 18474a2144 chg: Add comments to ELF, PE, and MachO object generators. 2020-09-15 12:39:59 +02:00
Raphaël Vinot 9c48079d88 new: Method to get the new version of the templates 2020-09-10 15:26:34 +02:00
Raphaël Vinot e3815a41f1 fix: Make flake8 happy 2020-09-09 15:41:42 +02:00
seamus tuohy 07137209e2 Attempt to decode utf-8-sig encoded emails.
eml files downloaded from Windows Online security on some Windows 11
systems are automatically encoded in UTF with a byte order mark (BOM)
at the front of the file. This will cause the email parser to fail.

This is a somewhat isolated problem. It only will affects a small
subset of Windows users who download and re-upload eml files. But,
this small subset of users is the target user-base for the MISP
email module: low expertiese users who wish to quickly share
high-value indicators on an ad-hoc basis.

While this fix could be tacked onto the MISP email module instead of
here, I beleive that this fix is more appropriate in the PyMISP object
code. As the "email" object parser this object should be built to
parse all manner of emails that it may encounter. This includes common
malformations such as this one and, even horrors such as, the .msg
format. This commit adds a generically named "attempt_decoding"
function which can be expanded to address all manner of sins that
are encountered in the future.
2020-09-09 07:45:07 -04:00
deku dd6922fd3a Exclude section correlation .rsrc and zero-filled 2020-08-14 11:13:53 -04:00
Paal Braathen ff62f1c19c Linting/Add missing whitespace 2020-07-28 20:05:42 +02:00
louis f8589061cb chg: Remove standalone default value from MISPObject children c'tor
MISPObject.__init__ sets standalone=True by default, so there is no
need to do it in its child classes.
2020-06-30 12:40:08 +02:00
Troy Ross 17ebfe86ab Previously file object was reporting the libmagic description of a file
instead of the mimetype. According to [MISP DataModels](https://www.misp-project.org/datamodels/#types)
```
mime-type: A media type (also MIME type and content type) is a two-part identifier for file formats and format contents transmitted on the Internet
```
more precisely defined in [RFC2045](https://tools.ietf.org/html/rfc2045) and others.

The description returned by libmagic is more useful than the generic mime-type,
but I did not find a place to put the description in the current data model.
2020-06-14 10:48:29 -06:00
Raphaël Vinot 5d97d7ee0c new: Add helper and test case for GitVulnFinderObject 2020-05-26 15:37:24 +02:00
Raphaël Vinot b214c7d4c1 chg: Add comment in microblog object 2020-05-12 22:34:25 +02:00
Raphaël Vinot 5df58406ef fix: Catch exception when liblua-5.3 is not present
Related: https://github.com/MISP/misp-modules/issues/398
2020-05-12 13:21:05 +02:00
Raphaël Vinot 35257e538d fix: Make flake8 happy 2020-05-12 11:34:38 +02:00
Raphaël Vinot dcd1db8883 fix: make flake8 happy 2020-05-11 15:40:20 +02:00
VVX7 fff0caa330 chg: [dev] clean up how keys are accessed in self._parameters 2020-05-08 19:54:12 -04:00
VVX7 759e9196de chg: [dev] use isinstance() type check. 2020-05-08 19:31:19 -04:00
VVX7 395d6aabac chg: [dev] fix abstract generator import. add logger. 2020-05-08 19:27:42 -04:00
VVX7 de994fd944 chg: [dev] change type() == list 2020-05-08 16:32:29 -04:00
VVX7 0eb209c7df new: [dev] add microblog object tool 2020-05-08 16:10:09 -04:00
DocArmoryTech 4ee4db16fe
Fixed __query_virustotal return type
__query_virustotal returned a Response object and not the json expected; modified so that report_json is returned instead of report.
2020-04-06 10:46:15 +01:00
Raphaël Vinot 11353f8ae2 fix: Make lief optional again
fix #538
2020-02-07 11:51:48 +01:00
Raphaël Vinot 4e586d0de5 chg: Bump deps, add pep8 test 2020-01-30 11:44:13 +01:00
Raphaël Vinot b0e95fd5af chg: Refactorize typing, validate 2020-01-23 10:27:40 +01:00
Raphaël Vinot 24a8f90ea8 new: Remove python < 3.6 support. 2019-12-18 14:45:14 +01:00
Raphaël Vinot c03b26a18c new: URLObject (requires pyfaup) 2019-12-04 15:18:27 +01:00
Raphaël Vinot 4fed55a09d fix: Rename feed_meta_generator so it clearly fails with python<3.6 2019-11-27 11:10:57 +01:00
Raphaël Vinot 6098cd869f chg: Make the feed generator more generic 2019-11-22 17:36:24 +01:00
Christophe Vandeplas 494e70eb69 fix: prevents exception when lief is not installed 2019-10-30 14:23:37 +01:00
Raphaël Vinot f312f87072 fix: Objects helpers were broken, do not overwrite describe_types 2019-10-08 09:28:33 +02:00
Pierre-Jean Grenier a2aa5646df
chg: Return empty list instead of None
In all cases but one, the 3rd returned object is a (potentially empty) list.
2019-08-08 14:35:51 +02:00
Raphaël Vinot d477a3688c chg: Rename relationship included-in -> includes 2019-07-24 13:57:36 +02:00
Raphaël Vinot b8b384a3c3 Merge branch 'master' of github.com:MISP/PyMISP 2019-07-04 16:57:15 +02:00
Raphaël Vinot 7d5b55fcdc fix: Skip attribute in object when value is empty, skip empty objects. 2019-07-04 16:56:56 +02:00
Raphaël Vinot 7c76d6be39
Merge pull request #409 from 3c7/bugfix/openioc_datatypes
[OpenIOC] Allow the use of content type for RouteEntryItem/Destination
2019-07-04 10:35:40 +02:00
Raphaël Vinot e0fac90310 new: Allow to pass delimiter & quotechar to the CSV loader 2019-07-02 11:55:51 +02:00
0x3c7 7be58af56a
[openioc] changed default mapping for RouteEntryItem/Destination/string. 2019-06-19 12:45:20 +02:00
0x3c7 b7d15380c9
[openioc] Changed mapping for RouteEntryItem/Destination/string to domain instead of url because UrlHistoryItem/URL is mostly used for urls 2019-06-19 07:39:15 +02:00
0x3c7 42a3dcf704
Fixes other mapping to other types 2019-06-19 07:38:15 +02:00
0x3c7 efd8b80adb
[openioc] Allow the use of types in openioc content tags 2019-06-18 16:10:20 +02:00
Raphaël Vinot 3b56b218b5 new: Object generator for ssh authorized_keys files. 2019-05-20 16:40:47 +02:00
Raphaël Vinot 67cb8e9d53 chg: Allow to pass a eml as string to EmailObject 2019-04-24 15:37:40 +02:00
Raphaël Vinot 52402c2acf new: add_attributes method in MISPObject (for multiple attributes) 2019-04-09 17:54:12 +02:00
Raphaël Vinot e5a42b812f new: Add CSV loader
Fix #376
2019-04-03 16:28:31 +02:00
Raphaël Vinot 1e060f669f new: Helper to create MISP Objects for regcheck.org.uk 2019-04-02 17:13:07 +02:00
Falconieri bdff7e635f fix: [exportpdf] Doc update 2019-03-14 08:11:30 +01:00
Falconieri ea4ed24f4f fix: [exportpdf] Coding Style 2019-03-14 08:02:45 +01:00
Raphaël Vinot 9d2251cb38 chg: Initial set of refactoring on PDF generator 2019-03-12 15:14:44 +01:00
Falconieri 9d6585cd3a fix: [exportpdf] Custom path for fonts and font package 2019-03-05 11:37:01 +01:00
Raphaël Vinot b8759673b9 chg: Add i8n for pdfexport, without all the fonts in the main repo 2019-03-04 16:06:38 -08:00
Falconieri 1b8921d820 fix: [exportpdf] fix empty object/attribute/galaxy bugs 2019-03-01 11:12:04 +01:00
Falconieri b2c5477cd9 fix: [exportpdf] Add suggestions (UX) 2019-03-01 10:45:44 +01:00
Falconieri ead9cec7d3 fix: [exportpdf] switch page size to A4 2019-03-01 09:56:38 +01:00
Falconieri 39b4677bf9 fix: [exportpdf] switch page size to A4 2019-03-01 09:55:42 +01:00
Falconieri f1d2f3ae1e Merge branch 'master' of github.com:Vincent-CIRCL/PyMISP 2019-03-01 09:22:55 +01:00
Falconieri e6291e71d5 fix: [exportpdf] None if no Galaxies bug 2019-03-01 09:21:48 +01:00
Vincent-CIRCL 83ef1b851e
Merge branch 'master' into master 2019-03-01 09:07:45 +01:00
Falconieri a06c8cf5b8 fix: [reportlab] Galaxies and Clusters printing 2019-03-01 09:06:01 +01:00
Falconieri 24e1a1732c fix: [reportlab] Clusters added. Still UX to perform 2019-02-28 16:34:07 +01:00
Falconieri 79e66363d2 fix: [reportlab] working clusters and galaxies. Not nice however 2019-02-28 15:14:52 +01:00
Falconieri 6031a7d426 chg: [exportpdf] BIG refactoring. Classes, comments, Galaxy starting 2019-02-28 13:44:54 +01:00
Falconieri 9adff0b574 chg: [exportPDF] add basic handling of clusters 2019-02-28 10:58:49 +01:00
Raphaël Vinot 2e93aad34a fix: Make sure install works even without reportlab installed. 2019-02-27 21:16:49 -08:00
Falconieri a9c0ce4107 fix: [exportPDF] Adding facultative text description, sightings, tests cases 2019-02-27 11:48:56 +01:00
Falconieri 10b5496174 fix : [exportpdf] Add Object date 2019-02-26 15:51:06 +01:00
Falconieri 133db6aeaa fix : [exportpdf] Double property printing error fixed 2019-02-26 15:42:49 +01:00
Falconieri 8194c534d7 add : [exportpdf] Objects handling, tests cases,
test files
2019-02-26 15:35:40 +01:00
Falconieri 029ca57b5f fix: [exportpdf] Refactoring, nicer code 2019-02-26 14:28:31 +01:00
Falconieri 29a1b05c1f add: [exportpdf] Handling pictures embedded as attributes 2019-02-26 14:03:25 +01:00
Falconieri cefcc3430c add : [exportpdf] Picture management, manual 2019-02-26 11:13:24 +01:00
Falconieri 2adac8f0d2 chg: [exportpdf] Add metadata, bugfixes cases (too long values, sanitization), links to misp instances 2019-02-25 15:49:53 +01:00
Falconieri 37d3f2f613 fix & add: [exportpdf] Add metadata, fix special cases (too long values, sanitization) 2019-02-22 17:47:22 +01:00
Falconieri 76ef3d058f fix: [pdfexport] Fix tests paths, dependency in pipfile, imports, and 'file' name overwrite in test function 2019-02-22 11:34:41 +01:00
Falconieri 57eccfe7dc add: exportpdf tool working 2019-02-22 10:18:44 +01:00
Falconieri 0fc780994f general improvement : deisgn, exhaustiviness of mispEvent values displayed, good pratice concerning paragraphe/table made 2019-02-20 16:15:56 +01:00
Falconieri 01b2ad9199 update with table basics 2019-02-19 16:00:57 +01:00
Falconieri c7511812f0 Structure of the improvements OK : test file, test folder, report generator 2019-02-19 15:17:00 +01:00
Raphaël Vinot fe91d06b91 chg: Remove dependency on six 2019-02-06 11:31:05 +01:00
Raphaël Vinot fd365943a1 fix: Typo in OpenIOC script
Fix #237
2018-07-16 13:52:51 +02:00
Raphaël Vinot b11ad18d2b chg: Add comments
Fix #242
2018-07-16 13:40:51 +02:00
Raphaël Vinot 42c99054f8 fix: Decoding issue. 2018-05-11 10:20:07 -04:00
Raphaël Vinot 04d3183115 fix: Properly get and decode the body of the email 2018-05-08 11:02:32 +02:00
Raphaël Vinot cb15bdfca1 fix: Provide the extension of the EML file to attach. 2018-05-07 10:18:38 +02:00
Raphaël Vinot 1193e904bf fix: Properly handle attachments 2018-05-04 16:06:48 +02:00