chg: Make pep8 happy

mail_to_misp.py

@@ -13,11 +13,10 @@ try:
     import hashmarker
     import re
     from pyfaup.faup import Faup
-    from pymisp import PyMISP, MISPEvent
+    from pymisp import PyMISP, MISPEvent, MISPObject
     from defang import refang
     import dns.resolver
     import email
-    from email.generator import Generator
     import tempfile
     import socket
     import syslog
@@ -31,6 +30,7 @@ except ImportError as e:
 
 syslog.openlog(logoption=syslog.LOG_PID, facility=syslog.LOG_USER)
 
+
 def is_valid_ipv4_address(address):
     try:
         socket.inet_pton(socket.AF_INET, address)
@@ -44,6 +44,7 @@ def is_valid_ipv4_address(address):
         return False
     return True
 
+
 def is_valid_ipv6_address(address):
     try:
         socket.inet_pton(socket.AF_INET6, address)
@@ -51,8 +52,10 @@ def is_valid_ipv6_address(address):
         return False
     return True
 
+
 def init(url, key):
-    return PyMISP(url, key, misp_verifycert, 'json', debug=True)
+    return PyMISP(url, key, misp_verifycert, 'json', debug=debug)
+
 
 # Add a sighting
 def sight(sighting, value):
@@ -60,6 +63,7 @@ def sight(sighting, value):
         d = {'value': value, 'source': sighting_source}
         misp.set_sightings(d)
 
+
 # Add named attribute and sight if configured
 def add_attribute(event, attribute_type, value, category, ids_flag, warninglist, sighting, comment=None):
     syslog.syslog("Event " + event['Event']['id'] + ": Adding attribute (" + attribute_type + ") " + value)
@@ -67,6 +71,7 @@ def add_attribute(event, attribute_type, value, category, ids_flag, warninglist,
                              comment=comment, to_ids=ids_flag, enforceWarninglist=warninglist)
     sight(sighting, value)
 
+
 syslog.syslog("Job started.")
 debug = config.debug
 stdin_used = False
@@ -95,7 +100,7 @@ if not mail_subject:
     try:
         mail_subject = msg.get('Subject').encode("utf-8", "ignore")
         sub, enc = email.header.decode_header(msg.get('subject'))[0]
-        if enc==None:
+        if enc is None:
             email_subject = sub
         else:
             email_subject = sub.decode(enc)
@@ -123,11 +128,11 @@ stdin_used = True
 
 try:
     email_data = ftfy.fix_text(email_data.decode("utf-8", "ignore"))
-except:
+except Exception:
     email_data = ftfy.fix_text(email_data)
 try:
     email_subject = ftfy.fix_text(email_subject.decode("utf-8", "ignore"))
-except:
+except Exception:
     email_subject = ftfy.fix_text(email_subject)
 
 if debug:
@@ -194,6 +199,7 @@ else:
 # Load the MISP event
 misp_event = MISPEvent()
 misp_event.load(new_event)
+event_id = misp_event.id
 
 # Evaluate classification
 tlp_tag = tlptag_default
@@ -270,17 +276,18 @@ if (len(hashlist_md5) > 0) or (len(hashlist_sha1) > 0) or (len(hashlist_sha256)
 
 # Add IOCs and expanded information to MISP
 for entry in urllist:
+    hip = MISPObject(name='ip-port', strict=False, uuid='9f8cea74-16fe-4968-a2b4-026676949ac7', version='7')
     ids_flag = True
     f.decode(entry)
     domainname = f.get_domain().decode('utf-8', 'ignore')
     hostname = f.get_host().decode('utf-8', 'ignore')
     try:
         schema = f.get_scheme().decode('utf-8', 'ignore')
-    except:
+    except Exception:
         schema = False
     try:
         resource_path = f.get_resource_path().decode('utf-8', 'ignore')
-    except:
+    except Exception:
         resource_path = False
     if debug:
         syslog.syslog(domainname)
@@ -311,25 +318,30 @@ for entry in urllist:
                     syslog.syslog(hostname)
                 try:
                     port = f.get_port().decode('utf-8', 'ignore')
-                except:
+                except Exception:
                     port = None
                 if port:
                     comment = "on port: " + port
                 if is_valid_ipv4_address(hostname):
                     add_attribute(new_event, 'ip-dst', hostname, 'Network activity', ids_flag, enforcewarninglist,
                                   sighting, comment=comment)
+                    hip.add_attribute('ip', type='ip-dst', value=hostname, to_ids=ids_flag, comment=comment)
                 else:
                     add_attribute(new_event, 'hostname', hostname, 'Network activity', ids_flag, enforcewarninglist,
                                   sighting, comment=comment)
+                    hip.add_attribute('hostname', type='hostname', value=hostname, to_ids=ids_flag, comment=comment)
                 try:
                     for rdata in dns.resolver.query(hostname, 'A'):
                         if debug:
                             syslog.syslog(str(rdata))
                         add_attribute(new_event, 'ip-dst', rdata.to_text(), 'Network activity', False, enforcewarninglist,
                                       sighting, comment=hostname)
+                        hip.add_attribute('ip', type='ip-dst', value=rdata.to_text(), to_ids=False)
                 except Exception as e:
                     if debug:
                         syslog.syslog(str(e))
+#    misp_event.add_object(hip)
+#    misp.update_event(event_id, new_event)
 
 # Try to add attachments
 if stdin_used:
@@ -345,7 +357,6 @@ if stdin_used:
             attachment = part.get_payload(decode=True)
             if debug:
                 syslog.syslog(str(attachment)[:200])
-            event_id = misp_event.id
             if m2m_attachment_keyword in email_data:
                 misp.add_attachment(misp_event, output_path, filename=filename, category="External analysis")
             else: