From 03bf3e3506af85f522ad7ce714a5ba66ab1e89ca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= <raphael@vinot.info>
Date: Thu, 2 Aug 2018 13:42:07 +0200
Subject: [PATCH] fix: Proper type detection of attachments

Fix #27
---
 mail2misp/mail2misp.py | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/mail2misp/mail2misp.py b/mail2misp/mail2misp.py
index 0c984b9..e33109b 100644
--- a/mail2misp/mail2misp.py
+++ b/mail2misp/mail2misp.py
@@ -6,7 +6,7 @@ import syslog
 import html
 from io import BytesIO
 from ipaddress import ip_address
-from email import message_from_bytes, policy
+from email import message_from_bytes, policy, message
 
 from . import urlmarker
 from . import hashmarker
@@ -76,19 +76,22 @@ class Mail2MISP():
     def _find_attached_forward(self):
         forwarded_emails = []
         for attachment in self.original_mail.iter_attachments():
+            attachment_content = attachment.get_content()
             # Search for email forwarded as attachment
             # I could have more than one, attaching everything.
-            if attachment.get_filename() and attachment.get_filename().endswith('.eml'):
-                forwarded_emails.append(self.forwarded_email(pseudofile=BytesIO(attachment.get_content().as_bytes())))
+            if isinstance(attachment_content, message.EmailMessage):
+                forwarded_emails.append(self.forwarded_email(pseudofile=BytesIO(attachment_content.as_bytes())))
             else:
+                if isinstance(attachment_content, str):
+                    attachment_content = BytesIO(attachment_content.encode())
                 filename = attachment.get_filename()
                 if not filename:
                     filename = 'missing_filename'
                 if self.config_from_email_body.get('attachment') == self.config.m2m_benign_attachment_keyword:
                     # Attach sane file
-                    self.misp_event.add_attribute('attachment', value=filename, data=BytesIO(attachment.get_content()))
+                    self.misp_event.add_attribute('attachment', value=filename, data=BytesIO(attachment_content))
                 else:
-                    f_object, main_object, sections = make_binary_objects(pseudofile=BytesIO(attachment.get_content()), filename=filename, standalone=False)
+                    f_object, main_object, sections = make_binary_objects(pseudofile=BytesIO(attachment_content), filename=filename, standalone=False)
                     self.misp_event.add_object(f_object)
                     if main_object:
                         self.misp_event.add_object(main_object)