From 757f2cb4bf573ab3e90b48b88246240ed9f13de0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= <raphael@vinot.info>
Date: Fri, 3 Aug 2018 10:52:35 +0200
Subject: [PATCH] fix: Allow passing 0 to distribution, threat_level and
 analysis

---
 mail2misp/mail2misp.py |  6 +++---
 tests/tests.py         | 11 +++++++++++
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/mail2misp/mail2misp.py b/mail2misp/mail2misp.py
index 5c5d613..7573d00 100644
--- a/mail2misp/mail2misp.py
+++ b/mail2misp/mail2misp.py
@@ -149,11 +149,11 @@ class Mail2MISP():
                                                html.unescape(self.original_mail.get_body(preferencelist=('html', 'plain')).get_payload(decode=True).decode('utf8', 'surrogateescape')), flags=re.MULTILINE)
             # Check if autopublish key is present and valid
             if self.config_from_email_body.get('m2mkey') == self.config.m2m_key:
-                if self.config_from_email_body.get('distribution'):
+                if self.config_from_email_body.get('distribution') is not None:
                     self.misp_event.distribution = self.config_from_email_body.get('distribution')
-                if self.config_from_email_body.get('threat_level'):
+                if self.config_from_email_body.get('threat_level') is not None:
                     self.misp_event.threat_level_id = self.config_from_email_body.get('threat_level')
-                if self.config_from_email_body.get('analysis'):
+                if self.config_from_email_body.get('analysis') is not None:
                     self.misp_event.analysis = self.config_from_email_body.get('analysis')
                 if self.config_from_email_body.get('publish'):
                     self.misp_event.publish()
diff --git a/tests/tests.py b/tests/tests.py
index b80443f..b5cd949 100644
--- a/tests/tests.py
+++ b/tests/tests.py
@@ -69,6 +69,17 @@ class TestMailToMISP(unittest.TestCase):
             self.mail2misp.load_email(BytesIO(f.read()))
         self.mail2misp.process_email_body()
 
+    def test_meta_event(self):
+        config = importlib.import_module('tests.config_forward')
+        self.mail2misp = Mail2MISP('', '', '', config=config, offline=True)
+        with open('tests/mails/test_meta.eml', 'rb') as f:
+            self.mail2misp.load_email(BytesIO(f.read()))
+        self.mail2misp.process_email_body()
+        self.mail2misp.process_body_iocs()
+        self.assertTrue(self.mail2misp.misp_event.publish)
+        self.assertEqual(self.mail2misp.misp_event.distribution, 3)
+        self.assertEqual(self.mail2misp.misp_event.threat_level_id, 2)
+        self.assertEqual(self.mail2misp.misp_event.analysis, 0)
 
 if __name__ == '__main__':
     unittest.main()