fix: Proper type detection of attachments

Fix #27
pull/31/head
Raphaël Vinot 2018-08-02 13:42:07 +02:00
parent cdfe86af2a
commit 03bf3e3506
1 changed files with 8 additions and 5 deletions

View File

@ -6,7 +6,7 @@ import syslog
import html import html
from io import BytesIO from io import BytesIO
from ipaddress import ip_address from ipaddress import ip_address
from email import message_from_bytes, policy from email import message_from_bytes, policy, message
from . import urlmarker from . import urlmarker
from . import hashmarker from . import hashmarker
@ -76,19 +76,22 @@ class Mail2MISP():
def _find_attached_forward(self): def _find_attached_forward(self):
forwarded_emails = [] forwarded_emails = []
for attachment in self.original_mail.iter_attachments(): for attachment in self.original_mail.iter_attachments():
attachment_content = attachment.get_content()
# Search for email forwarded as attachment # Search for email forwarded as attachment
# I could have more than one, attaching everything. # I could have more than one, attaching everything.
if attachment.get_filename() and attachment.get_filename().endswith('.eml'): if isinstance(attachment_content, message.EmailMessage):
forwarded_emails.append(self.forwarded_email(pseudofile=BytesIO(attachment.get_content().as_bytes()))) forwarded_emails.append(self.forwarded_email(pseudofile=BytesIO(attachment_content.as_bytes())))
else: else:
if isinstance(attachment_content, str):
attachment_content = BytesIO(attachment_content.encode())
filename = attachment.get_filename() filename = attachment.get_filename()
if not filename: if not filename:
filename = 'missing_filename' filename = 'missing_filename'
if self.config_from_email_body.get('attachment') == self.config.m2m_benign_attachment_keyword: if self.config_from_email_body.get('attachment') == self.config.m2m_benign_attachment_keyword:
# Attach sane file # Attach sane file
self.misp_event.add_attribute('attachment', value=filename, data=BytesIO(attachment.get_content())) self.misp_event.add_attribute('attachment', value=filename, data=BytesIO(attachment_content))
else: else:
f_object, main_object, sections = make_binary_objects(pseudofile=BytesIO(attachment.get_content()), filename=filename, standalone=False) f_object, main_object, sections = make_binary_objects(pseudofile=BytesIO(attachment_content), filename=filename, standalone=False)
self.misp_event.add_object(f_object) self.misp_event.add_object(f_object)
if main_object: if main_object:
self.misp_event.add_object(main_object) self.misp_event.add_object(main_object)