Commit Graph

26 Commits (bc16f91d273837688869db26c2b7c13a17d8b682)

Author SHA1 Message Date
eidurorng 5ccb365f93 Quick fix for everything getting classified as external analysis
With the OR statement everything gets classified as external analysis when not running with --urlsonly.
2021-01-25 18:03:18 +00:00
Raphaël Vinot 3818ac92ea new: Add freetext import of the whole body 2021-01-25 17:54:58 +01:00
Raphaël Vinot 8680e5fb64 chg: Cleanup, bump deps, bump readme 2020-06-16 12:03:59 +02:00
Raphaël Vinot 62a596146b
Merge branch 'master' into master 2020-06-07 20:41:47 +02:00
Adam Bishop 8c2777585a multipart messages can be nested within each other
An example of something that does this is GPG, when operating in PGP/MIME
mode.

The Python documentation remarks that an attachment is anything that isn't
a body - meaning that if there are multipart messages nested within each
other, the containers will be flagged as an attachment.

When get_content() is called on the attachment, it fails with an unhandled
KeyError as there is no attachment handler for multipart.

This change wraps the get_content() call in a try...catch, and returns if
an attachment type unsupported by the runtime is present.

```
Traceback (most recent call last):
  File "/Users/adamb/mail_to_misp/tests/tests.py", line 89, in test_nested_mime
    self.mail2misp.process_email_body()
  File "./mail2misp/mail2misp.py", line 188, in process_email_body
    self._find_attached_forward()
  File "./mail2misp/mail2misp.py", line 88, in _find_attached_forward
    attachment_content = attachment.get_content()
  File "/usr/local/Cellar/python/3.7.7/Frameworks/Python.framework/Versions/3.7/lib/python3.7/email/message.py", line 1096, in get_content
    return content_manager.get_content(self, *args, **kw)
  File "/usr/local/Cellar/python/3.7.7/Frameworks/Python.framework/Versions/3.7/lib/python3.7/email/contentmanager.py", line 25, in get_content
    raise KeyError(content_type)
KeyError: 'multipart/mixed'
```
2020-06-07 00:31:56 +01:00
begunrom 92c99c0559 exclude attachements of size 0 bytes
Optionally exclude attachments that are 0 bytes long
2019-11-19 10:13:36 +01:00
begunrom 6070d6428c fixed wrong exception handling
Except block handles 'BaseException'
2019-11-17 09:45:12 +01:00
begunrom 26ef177d58 carrier mail functionality
Implements processing of a carrier mail that contains email attachments. Each email attachment is converted into an individual MISP event.
2019-11-16 16:47:43 +01:00
Sascha Rommelfangen d747ede23c add email sender to comment 2019-07-23 14:45:50 +02:00
Sascha Rommelfangen 0f6d95e8a7 tag extraction from subject and bug fix for alternativetags 2019-07-23 13:35:17 +02:00
Sascha Rommelfangen 5347325d8b using subject as comment when urlsonly is enabled 2019-07-22 14:35:51 +02:00
Sascha Rommelfangen bf1fca9a9c handled the case with internalattributes better 2019-07-22 11:31:27 +02:00
Sascha Rommelfangen c30c706a2d add urlonly to event feature added 2019-07-19 12:20:56 +02:00
Raphaël Vinot b9ba7a256f fix: Buggy decode, the email was added twice 2019-07-18 16:12:44 +02:00
Raphaël Vinot 9e2abc260f chg: Bump deps, slight changes. 2019-07-18 15:12:15 +02:00
Sascha Rommelfangen 96594e97ec some "fixes" 2019-07-18 12:46:31 +02:00
Sascha Rommelfangen f84c9eadee added new functionality to update an event 2019-07-18 11:02:42 +02:00
Raphaël Vinot 58ea8a64ca fix: Support new version of pyfaup 2019-01-21 14:39:04 +01:00
Raphaël Vinot 11c99c879b fix: Properly add sightings, meta event attributes 2018-08-03 11:26:11 +02:00
Raphaël Vinot 757f2cb4bf fix: Allow passing 0 to distribution, threat_level and analysis 2018-08-03 10:52:35 +02:00
Raphaël Vinot 45fa0c7323 fix: Properly handle plain text attachments 2018-08-02 17:02:17 +02:00
Raphaël Vinot 03bf3e3506 fix: Proper type detection of attachments
Fix #27
2018-08-02 13:42:07 +02:00
Raphaël Vinot 02b1c8ed96 fix: Avoid failure if dns key is not in the config file. 2018-08-02 12:02:18 +02:00
Raphaël Vinot cbf0c07b67 new: Allow to disable DNS lookups
Fix #26
2018-08-02 11:55:37 +02:00
Raphaël Vinot c823e5496c fix: benign attachment in FW email
Fix #25
2018-08-02 11:51:16 +02:00
Raphaël Vinot c967c5e197 new: Make it a lib, add test cases 2018-05-14 17:42:06 -04:00