mirror of https://github.com/MISP/PyMISP
Compare commits
1 Commits
a350d9d74c
...
5964192676
Author | SHA1 | Date |
---|---|---|
Sami Mokaddem | 5964192676 |
|
@ -32,8 +32,8 @@ logger = logging.getLogger('pymisp')
|
||||||
|
|
||||||
class AnalystDataBehaviorMixin:
|
class AnalystDataBehaviorMixin:
|
||||||
|
|
||||||
def __init__(self, *args, **kwargs) -> None:
|
def __init__(self, **kwargs) -> None:
|
||||||
super().__init__(*args, **kwargs)
|
super().__init__()
|
||||||
self.uuid = str(uuid.uuid4())
|
self.uuid = str(uuid.uuid4())
|
||||||
self.Note: list[MISPNote] = []
|
self.Note: list[MISPNote] = []
|
||||||
self.Opinion: list[MISPOpinion] = []
|
self.Opinion: list[MISPOpinion] = []
|
||||||
|
@ -51,7 +51,7 @@ class AnalystDataBehaviorMixin:
|
||||||
def relationships(self) -> list[MISPRelationship]:
|
def relationships(self) -> list[MISPRelationship]:
|
||||||
return self.Relationship
|
return self.Relationship
|
||||||
|
|
||||||
def add_note(self, note: str, language: str | None = None, **kwargs) -> MISPNote: # type: ignore[no-untyped-def]
|
def add_analyst_note(self, note: str, language: str | None = None, **kwargs) -> MISPNote: # type: ignore[no-untyped-def]
|
||||||
the_note = MISPNote()
|
the_note = MISPNote()
|
||||||
the_note.from_dict(note=note, language=language,
|
the_note.from_dict(note=note, language=language,
|
||||||
object_uuid=self.uuid, object_type=self.classObjectType,
|
object_uuid=self.uuid, object_type=self.classObjectType,
|
||||||
|
@ -60,7 +60,7 @@ class AnalystDataBehaviorMixin:
|
||||||
self.edited = True
|
self.edited = True
|
||||||
return the_note
|
return the_note
|
||||||
|
|
||||||
def add_opinion(self, opinion: int, comment: str | None = None, **kwargs) -> MISPNote: # type: ignore[no-untyped-def]
|
def add_analyst_opinion(self, opinion: int, comment: str | None = None, **kwargs) -> MISPNote: # type: ignore[no-untyped-def]
|
||||||
the_opinion = MISPOpinion()
|
the_opinion = MISPOpinion()
|
||||||
the_opinion.from_dict(opinion=opinion, comment=comment,
|
the_opinion.from_dict(opinion=opinion, comment=comment,
|
||||||
object_uuid=self.uuid, object_type=self.classObjectType,
|
object_uuid=self.uuid, object_type=self.classObjectType,
|
||||||
|
@ -69,9 +69,9 @@ class AnalystDataBehaviorMixin:
|
||||||
self.edited = True
|
self.edited = True
|
||||||
return the_opinion
|
return the_opinion
|
||||||
|
|
||||||
def add_relationship(self, related_object_type: AbstractMISP | str, related_object_uuid: str | None, relationship_type: str, **kwargs) -> MISPNote: # type: ignore[no-untyped-def]
|
def add_analyst_relationship(self, related_object_type: str, related_object_uuid: str, relationship_type: str, **kwargs) -> MISPNote: # type: ignore[no-untyped-def]
|
||||||
the_relationship = MISPRelationship()
|
the_relationship = MISPRelationship()
|
||||||
the_relationship.from_dict(related_object_type=related_object_type, related_object_uuid=related_object_uuid,
|
the_relationship.from_dict(related_object_uuid=related_object_uuid, related_object_type=related_object_type,
|
||||||
relationship_type=relationship_type,
|
relationship_type=relationship_type,
|
||||||
object_uuid=self.uuid, object_type=self.classObjectType,
|
object_uuid=self.uuid, object_type=self.classObjectType,
|
||||||
**kwargs)
|
**kwargs)
|
||||||
|
@ -275,13 +275,11 @@ class MISPSighting(AbstractMISP):
|
||||||
return f'<{self.__class__.__name__}(NotInitialized)'
|
return f'<{self.__class__.__name__}(NotInitialized)'
|
||||||
|
|
||||||
|
|
||||||
class MISPAttribute(AnalystDataBehaviorMixin, AbstractMISP):
|
class MISPAttribute(AbstractMISP):
|
||||||
_fields_for_feed: set[str] = {'uuid', 'value', 'category', 'type', 'comment', 'data',
|
_fields_for_feed: set[str] = {'uuid', 'value', 'category', 'type', 'comment', 'data',
|
||||||
'deleted', 'timestamp', 'to_ids', 'disable_correlation',
|
'deleted', 'timestamp', 'to_ids', 'disable_correlation',
|
||||||
'first_seen', 'last_seen'}
|
'first_seen', 'last_seen'}
|
||||||
|
|
||||||
classObjectType = 'Attribute'
|
|
||||||
|
|
||||||
def __init__(self, describe_types: dict[str, Any] | None = None, strict: bool = False):
|
def __init__(self, describe_types: dict[str, Any] | None = None, strict: bool = False):
|
||||||
"""Represents an Attribute
|
"""Represents an Attribute
|
||||||
|
|
||||||
|
@ -717,14 +715,12 @@ class MISPObjectReference(AbstractMISP):
|
||||||
return f'<{self.__class__.__name__}(NotInitialized)'
|
return f'<{self.__class__.__name__}(NotInitialized)'
|
||||||
|
|
||||||
|
|
||||||
class MISPObject(AnalystDataBehaviorMixin, AbstractMISP):
|
class MISPObject(AbstractMISP):
|
||||||
|
|
||||||
_fields_for_feed: set[str] = {'name', 'meta-category', 'description', 'template_uuid',
|
_fields_for_feed: set[str] = {'name', 'meta-category', 'description', 'template_uuid',
|
||||||
'template_version', 'uuid', 'timestamp', 'comment',
|
'template_version', 'uuid', 'timestamp', 'comment',
|
||||||
'first_seen', 'last_seen', 'deleted'}
|
'first_seen', 'last_seen', 'deleted'}
|
||||||
|
|
||||||
classObjectType = 'Object'
|
|
||||||
|
|
||||||
def __init__(self, name: str, strict: bool = False, standalone: bool = True, # type: ignore[no-untyped-def]
|
def __init__(self, name: str, strict: bool = False, standalone: bool = True, # type: ignore[no-untyped-def]
|
||||||
default_attributes_parameters: dict[str, Any] = {}, **kwargs) -> None:
|
default_attributes_parameters: dict[str, Any] = {}, **kwargs) -> None:
|
||||||
''' Master class representing a generic MISP object
|
''' Master class representing a generic MISP object
|
||||||
|
@ -1116,7 +1112,7 @@ class MISPObject(AnalystDataBehaviorMixin, AbstractMISP):
|
||||||
return f'<{self.__class__.__name__}(NotInitialized)'
|
return f'<{self.__class__.__name__}(NotInitialized)'
|
||||||
|
|
||||||
|
|
||||||
class MISPEventReport(AnalystDataBehaviorMixin, AbstractMISP):
|
class MISPEventReport(AbstractMISP, AnalystDataBehaviorMixin):
|
||||||
|
|
||||||
_fields_for_feed: set[str] = {'uuid', 'name', 'content', 'timestamp', 'deleted'}
|
_fields_for_feed: set[str] = {'uuid', 'name', 'content', 'timestamp', 'deleted'}
|
||||||
classObjectType = 'EventReport'
|
classObjectType = 'EventReport'
|
||||||
|
@ -1125,6 +1121,22 @@ class MISPEventReport(AnalystDataBehaviorMixin, AbstractMISP):
|
||||||
|
|
||||||
def __init__(self, **kwargs) -> None:
|
def __init__(self, **kwargs) -> None:
|
||||||
super().__init__(**kwargs)
|
super().__init__(**kwargs)
|
||||||
|
# self.uuid = str(uuid.uuid4())
|
||||||
|
# self.Note: list[MISPNote] = []
|
||||||
|
# self.Opinion: list[MISPOpinion] = []
|
||||||
|
# self.Relationship: list[MISPRelationship] = []
|
||||||
|
|
||||||
|
# @property
|
||||||
|
# def notes(self) -> list[MISPNote]:
|
||||||
|
# return self.Note
|
||||||
|
|
||||||
|
# @property
|
||||||
|
# def opinions(self) -> list[MISPOpinion]:
|
||||||
|
# return self.Opinion
|
||||||
|
|
||||||
|
# @property
|
||||||
|
# def relationships(self) -> list[MISPRelationship]:
|
||||||
|
# return self.Relationship
|
||||||
|
|
||||||
def from_dict(self, **kwargs) -> None: # type: ignore[no-untyped-def]
|
def from_dict(self, **kwargs) -> None: # type: ignore[no-untyped-def]
|
||||||
if 'EventReport' in kwargs:
|
if 'EventReport' in kwargs:
|
||||||
|
@ -1170,6 +1182,34 @@ class MISPEventReport(AnalystDataBehaviorMixin, AbstractMISP):
|
||||||
|
|
||||||
super().from_dict(**kwargs)
|
super().from_dict(**kwargs)
|
||||||
|
|
||||||
|
# def add_analyst_note(self, note: str, language: str | None = None, **kwargs) -> MISPNote: # type: ignore[no-untyped-def]
|
||||||
|
# the_note = MISPNote()
|
||||||
|
# the_note.from_dict(note=note, language=language,
|
||||||
|
# object_uuid=self.uuid, object_type='EventReport',
|
||||||
|
# **kwargs)
|
||||||
|
# self.notes.append(the_note)
|
||||||
|
# self.edited = True
|
||||||
|
# return the_note
|
||||||
|
|
||||||
|
# def add_analyst_opinion(self, opinion: int, comment: str | None = None, **kwargs) -> MISPNote: # type: ignore[no-untyped-def]
|
||||||
|
# the_opinion = MISPOpinion()
|
||||||
|
# the_opinion.from_dict(opinion=opinion, comment=comment,
|
||||||
|
# object_uuid=self.uuid, object_type='EventReport',
|
||||||
|
# **kwargs)
|
||||||
|
# self.opinions.append(the_opinion)
|
||||||
|
# self.edited = True
|
||||||
|
# return the_opinion
|
||||||
|
|
||||||
|
# def add_analyst_relationship(self, related_object_type: str, related_object_uuid: str, relationship_type: str, **kwargs) -> MISPNote: # type: ignore[no-untyped-def]
|
||||||
|
# the_relationship = MISPRelationship()
|
||||||
|
# the_relationship.from_dict(related_object_uuid=related_object_uuid, related_object_type=related_object_type,
|
||||||
|
# relationship_type=relationship_type,
|
||||||
|
# object_uuid=self.uuid, object_type='EventReport',
|
||||||
|
# **kwargs)
|
||||||
|
# self.relationships.append(the_relationship)
|
||||||
|
# self.edited = True
|
||||||
|
# return the_relationship
|
||||||
|
|
||||||
def __repr__(self) -> str:
|
def __repr__(self) -> str:
|
||||||
if hasattr(self, 'name'):
|
if hasattr(self, 'name'):
|
||||||
return '<{self.__class__.__name__}(name={self.name})'.format(self=self)
|
return '<{self.__class__.__name__}(name={self.name})'.format(self=self)
|
||||||
|
@ -1508,13 +1548,11 @@ class MISPGalaxy(AbstractMISP):
|
||||||
return f'<{self.__class__.__name__}(NotInitialized)'
|
return f'<{self.__class__.__name__}(NotInitialized)'
|
||||||
|
|
||||||
|
|
||||||
class MISPEvent(AnalystDataBehaviorMixin, AbstractMISP):
|
class MISPEvent(AbstractMISP):
|
||||||
|
|
||||||
_fields_for_feed: set[str] = {'uuid', 'info', 'threat_level_id', 'analysis', 'timestamp',
|
_fields_for_feed: set[str] = {'uuid', 'info', 'threat_level_id', 'analysis', 'timestamp',
|
||||||
'publish_timestamp', 'published', 'date', 'extends_uuid'}
|
'publish_timestamp', 'published', 'date', 'extends_uuid'}
|
||||||
|
|
||||||
classObjectType = 'Event'
|
|
||||||
|
|
||||||
def __init__(self, describe_types: dict[str, Any] | None = None, strict_validation: bool = False, **kwargs) -> None: # type: ignore[no-untyped-def]
|
def __init__(self, describe_types: dict[str, Any] | None = None, strict_validation: bool = False, **kwargs) -> None: # type: ignore[no-untyped-def]
|
||||||
super().__init__(**kwargs)
|
super().__init__(**kwargs)
|
||||||
self.__schema_file = 'schema.json' if strict_validation else 'schema-lax.json'
|
self.__schema_file = 'schema.json' if strict_validation else 'schema-lax.json'
|
||||||
|
@ -2482,12 +2520,10 @@ class MISPAnalystData(AbstractMISP):
|
||||||
self.modified = self.created
|
self.modified = self.created
|
||||||
|
|
||||||
|
|
||||||
class MISPNote(AnalystDataBehaviorMixin, MISPAnalystData):
|
class MISPNote(MISPAnalystData):
|
||||||
|
|
||||||
_fields_for_feed: set[str] = MISPAnalystData._fields_for_feed.union({'note', 'language'})
|
_fields_for_feed: set[str] = MISPAnalystData._fields_for_feed.union({'note', 'language'})
|
||||||
|
|
||||||
classObjectType = 'Note'
|
|
||||||
|
|
||||||
def __init__(self, **kwargs) -> None:
|
def __init__(self, **kwargs) -> None:
|
||||||
self.note: str
|
self.note: str
|
||||||
self.language: str
|
self.language: str
|
||||||
|
@ -2506,12 +2542,10 @@ class MISPNote(AnalystDataBehaviorMixin, MISPAnalystData):
|
||||||
return f'<{self.__class__.__name__}(NotInitialized)'
|
return f'<{self.__class__.__name__}(NotInitialized)'
|
||||||
|
|
||||||
|
|
||||||
class MISPOpinion(AnalystDataBehaviorMixin, MISPAnalystData):
|
class MISPOpinion(MISPAnalystData):
|
||||||
|
|
||||||
_fields_for_feed: set[str] = MISPAnalystData._fields_for_feed.union({'opinion', 'comment'})
|
_fields_for_feed: set[str] = MISPAnalystData._fields_for_feed.union({'opinion', 'comment'})
|
||||||
|
|
||||||
classObjectType = 'Opinion'
|
|
||||||
|
|
||||||
def __init__(self, **kwargs) -> None:
|
def __init__(self, **kwargs) -> None:
|
||||||
self.opinion: int
|
self.opinion: int
|
||||||
self.comment: str
|
self.comment: str
|
||||||
|
@ -2538,12 +2572,10 @@ class MISPOpinion(AnalystDataBehaviorMixin, MISPAnalystData):
|
||||||
return f'<{self.__class__.__name__}(NotInitialized)'
|
return f'<{self.__class__.__name__}(NotInitialized)'
|
||||||
|
|
||||||
|
|
||||||
class MISPRelationship(AnalystDataBehaviorMixin, MISPAnalystData):
|
class MISPRelationship(MISPAnalystData):
|
||||||
|
|
||||||
_fields_for_feed: set[str] = MISPAnalystData._fields_for_feed.union({'related_object_uuid', 'related_object_type', 'relationship_type'})
|
_fields_for_feed: set[str] = MISPAnalystData._fields_for_feed.union({'related_object_uuid', 'related_object_type', 'relationship_type'})
|
||||||
|
|
||||||
classObjectType = 'Relationship'
|
|
||||||
|
|
||||||
def __init__(self, **kwargs) -> None:
|
def __init__(self, **kwargs) -> None:
|
||||||
self.related_object_uuid: str
|
self.related_object_uuid: str
|
||||||
self.related_object_type: str
|
self.related_object_type: str
|
||||||
|
@ -2551,19 +2583,13 @@ class MISPRelationship(AnalystDataBehaviorMixin, MISPAnalystData):
|
||||||
super().__init__(**kwargs)
|
super().__init__(**kwargs)
|
||||||
|
|
||||||
def from_dict(self, **kwargs) -> None:
|
def from_dict(self, **kwargs) -> None:
|
||||||
|
self.related_object_uuid = kwargs.pop('related_object_uuid', None)
|
||||||
|
if self.related_object_uuid is None:
|
||||||
|
raise NewRelationshipError('The target UUID for this relationship is required.')
|
||||||
|
|
||||||
self.related_object_type = kwargs.pop('related_object_type', None)
|
self.related_object_type = kwargs.pop('related_object_type', None)
|
||||||
if self.related_object_type is None:
|
if self.related_object_type is None:
|
||||||
raise NewRelationshipError('The target object type for this relationship is required.')
|
raise NewRelationshipError('The target object type for this relationship is required.')
|
||||||
|
|
||||||
self.related_object_uuid = kwargs.pop('related_object_uuid', None)
|
|
||||||
if self.related_object_uuid is None:
|
|
||||||
if not isinstance(self.related_object_type, AbstractMISP):
|
|
||||||
raise NewRelationshipError('The target UUID for this relationship is required.')
|
|
||||||
else:
|
|
||||||
self.related_object_uuid = self.related_object_type.uuid
|
|
||||||
self.related_object_type = self.related_object_type.classObjectType
|
|
||||||
|
|
||||||
if self.related_object_type not in self.valid_object_type:
|
if self.related_object_type not in self.valid_object_type:
|
||||||
raise NewAnalystDataError('The target object type is not a valid type. Actual: {self.related_object_type}.'.format(self=self))
|
raise NewAnalystDataError('The target object type is not a valid type. Actual: {self.related_object_type}.'.format(self=self))
|
||||||
|
|
||||||
|
@ -2573,3 +2599,53 @@ class MISPRelationship(AnalystDataBehaviorMixin, MISPAnalystData):
|
||||||
if hasattr(self, 'related_object_uuid') and hasattr(self, 'object_uuid'):
|
if hasattr(self, 'related_object_uuid') and hasattr(self, 'object_uuid'):
|
||||||
return '<{self.__class__.__name__}(object_uuid={self.object_uuid}, related_object_type={self.related_object_type}, related_object_uuid={self.related_object_uuid}, relationship_type={self.relationship_type})'.format(self=self)
|
return '<{self.__class__.__name__}(object_uuid={self.object_uuid}, related_object_type={self.related_object_type}, related_object_uuid={self.related_object_uuid}, relationship_type={self.relationship_type})'.format(self=self)
|
||||||
return f'<{self.__class__.__name__}(NotInitialized)'
|
return f'<{self.__class__.__name__}(NotInitialized)'
|
||||||
|
|
||||||
|
|
||||||
|
# class AnalystDataBehavior():
|
||||||
|
|
||||||
|
# def __init__(self, **kwargs) -> None:
|
||||||
|
# super().__init__(**kwargs)
|
||||||
|
# self.uuid = str(uuid.uuid4())
|
||||||
|
# self.Note: list[MISPNote] = []
|
||||||
|
# self.Opinion: list[MISPOpinion] = []
|
||||||
|
# self.Relationship: list[MISPRelationship] = []
|
||||||
|
|
||||||
|
# @property
|
||||||
|
# def notes(self) -> list[MISPNote]:
|
||||||
|
# return self.Note
|
||||||
|
|
||||||
|
# @property
|
||||||
|
# def opinions(self) -> list[MISPOpinion]:
|
||||||
|
# return self.Opinion
|
||||||
|
|
||||||
|
# @property
|
||||||
|
# def relationships(self) -> list[MISPRelationship]:
|
||||||
|
# return self.Relationship
|
||||||
|
|
||||||
|
# def add_analyst_note(self, note: str, language: str | None = None, **kwargs) -> MISPNote: # type: ignore[no-untyped-def]
|
||||||
|
# the_note = MISPNote()
|
||||||
|
# the_note.from_dict(note=note, language=language,
|
||||||
|
# object_uuid=self.uuid, object_type=self.classObjectType,
|
||||||
|
# **kwargs)
|
||||||
|
# self.notes.append(the_note)
|
||||||
|
# self.edited = True
|
||||||
|
# return the_note
|
||||||
|
|
||||||
|
# def add_analyst_opinion(self, opinion: int, comment: str | None = None, **kwargs) -> MISPNote: # type: ignore[no-untyped-def]
|
||||||
|
# the_opinion = MISPOpinion()
|
||||||
|
# the_opinion.from_dict(opinion=opinion, comment=comment,
|
||||||
|
# object_uuid=self.uuid, object_type=self.classObjectType,
|
||||||
|
# **kwargs)
|
||||||
|
# self.opinions.append(the_opinion)
|
||||||
|
# self.edited = True
|
||||||
|
# return the_opinion
|
||||||
|
|
||||||
|
# def add_analyst_relationship(self, related_object_type: str, related_object_uuid: str, relationship_type: str, **kwargs) -> MISPNote: # type: ignore[no-untyped-def]
|
||||||
|
# the_relationship = MISPRelationship()
|
||||||
|
# the_relationship.from_dict(related_object_uuid=related_object_uuid, related_object_type=related_object_type,
|
||||||
|
# relationship_type=relationship_type,
|
||||||
|
# object_uuid=self.uuid, object_type=self.classObjectType,
|
||||||
|
# **kwargs)
|
||||||
|
# self.relationships.append(the_relationship)
|
||||||
|
# self.edited = True
|
||||||
|
# return the_relationship
|
Loading…
Reference in New Issue