MISP
/
mail_to_misp
mirror of https://github.com/MISP/mail_to_misp
2
0
Fork 0
Code Issues Releases Wiki Activity
221 Commits
5 Branches
2 Tags
3 MiB
Commit Graph

19 Commits (8c2777585a86b0a805a6c67a5c2d1eb560227720)

Author SHA1 Message Date
Adam Bishop 8c2777585a multipart messages can be nested within each other 
An example of something that does this is GPG, when operating in PGP/MIME
mode.

The Python documentation remarks that an attachment is anything that isn't
a body - meaning that if there are multipart messages nested within each
other, the containers will be flagged as an attachment.

When get_content() is called on the attachment, it fails with an unhandled
KeyError as there is no attachment handler for multipart.

This change wraps the get_content() call in a try...catch, and returns if
an attachment type unsupported by the runtime is present.

```
Traceback (most recent call last):
  File "/Users/adamb/mail_to_misp/tests/tests.py", line 89, in test_nested_mime
    self.mail2misp.process_email_body()
  File "./mail2misp/mail2misp.py", line 188, in process_email_body
    self._find_attached_forward()
  File "./mail2misp/mail2misp.py", line 88, in _find_attached_forward
    attachment_content = attachment.get_content()
  File "/usr/local/Cellar/python/3.7.7/Frameworks/Python.framework/Versions/3.7/lib/python3.7/email/message.py", line 1096, in get_content
    return content_manager.get_content(self, *args, **kw)
  File "/usr/local/Cellar/python/3.7.7/Frameworks/Python.framework/Versions/3.7/lib/python3.7/email/contentmanager.py", line 25, in get_content
    raise KeyError(content_type)
KeyError: 'multipart/mixed'
```
 2020-06-07 00:31:56 +01:00
Sascha Rommelfangen d747ede23c add email sender to comment 2019-07-23 14:45:50 +02:00
Sascha Rommelfangen 0f6d95e8a7 tag extraction from subject and bug fix for alternativetags 2019-07-23 13:35:17 +02:00
Sascha Rommelfangen 5347325d8b using subject as comment when urlsonly is enabled 2019-07-22 14:35:51 +02:00
Sascha Rommelfangen bf1fca9a9c handled the case with internalattributes better 2019-07-22 11:31:27 +02:00
Sascha Rommelfangen c30c706a2d add urlonly to event feature added 2019-07-19 12:20:56 +02:00
Raphaël Vinot b9ba7a256f fix: Buggy decode, the email was added twice 2019-07-18 16:12:44 +02:00
Raphaël Vinot 9e2abc260f chg: Bump deps, slight changes. 2019-07-18 15:12:15 +02:00
Sascha Rommelfangen 96594e97ec some "fixes" 2019-07-18 12:46:31 +02:00
Sascha Rommelfangen f84c9eadee added new functionality to update an event 2019-07-18 11:02:42 +02:00
Raphaël Vinot 58ea8a64ca fix: Support new version of pyfaup 2019-01-21 14:39:04 +01:00
Raphaël Vinot 11c99c879b fix: Properly add sightings, meta event attributes 2018-08-03 11:26:11 +02:00
Raphaël Vinot 757f2cb4bf fix: Allow passing 0 to distribution, threat_level and analysis 2018-08-03 10:52:35 +02:00
Raphaël Vinot 45fa0c7323 fix: Properly handle plain text attachments 2018-08-02 17:02:17 +02:00
Raphaël Vinot 03bf3e3506 fix: Proper type detection of attachments 
Fix #27
 2018-08-02 13:42:07 +02:00
Raphaël Vinot 02b1c8ed96 fix: Avoid failure if dns key is not in the config file. 2018-08-02 12:02:18 +02:00
Raphaël Vinot cbf0c07b67 new: Allow to disable DNS lookups 
Fix #26
 2018-08-02 11:55:37 +02:00
Raphaël Vinot c823e5496c fix: benign attachment in FW email 
Fix #25
 2018-08-02 11:51:16 +02:00
Raphaël Vinot c967c5e197 new: Make it a lib, add test cases 2018-05-14 17:42:06 -04:00