Merge branch 'main' of github.com:MISP/misp-modules into new_module

pull/429/head
chrisr3d 2020-10-22 22:59:21 +02:00
commit 2a2a908f09
3 changed files with 321 additions and 166 deletions
misp_modules/modules/expansion

227
Pipfile.lock generated
View File

@ -57,10 +57,10 @@
}, },
"assemblyline-client": { "assemblyline-client": {
"hashes": [ "hashes": [
"sha256:39c54d9f49a8299de5bffc2422138f0254e2d9ddc49fec7a41b537194e4be29a" "sha256:6a36a654185ba40d10bdd0213a1926aacb4351290824e406cbff6b6b5b251f5f"
], ],
"index": "pypi", "index": "pypi",
"version": "==4.0.0" "version": "==4.0.1"
}, },
"async-timeout": { "async-timeout": {
"hashes": [ "hashes": [
@ -88,12 +88,12 @@
}, },
"beautifulsoup4": { "beautifulsoup4": {
"hashes": [ "hashes": [
"sha256:1edf5e39f3a5bc6e38b235b369128416c7239b34f692acccececb040233032a1", "sha256:4c98143716ef1cb40bf7f39a8e3eec8f8b009509e74904ba3a7b315431577e35",
"sha256:5dfe44f8fddc89ac5453f02659d3ab1668f2c0d9684839f0785037e8c6d9ac8d", "sha256:84729e322ad1d5b4d25f805bfa05b902dd96450f43842c4e99067d5e1369eb25",
"sha256:645d833a828722357038299b7f6879940c11dddd95b900fe5387c258b72bb883" "sha256:fff47e031e34ec82bf17e00da8f592fe7de69aeea38be00523c04623c04fb666"
], ],
"index": "pypi", "index": "pypi",
"version": "==4.9.2" "version": "==4.9.3"
}, },
"blockchain": { "blockchain": {
"hashes": [ "hashes": [
@ -182,11 +182,11 @@
}, },
"configparser": { "configparser": {
"hashes": [ "hashes": [
"sha256:2ca44140ee259b5e3d8aaf47c79c36a7ab0d5e94d70bd4105c03ede7a20ea5a1", "sha256:005c3b102c96f4be9b8f40dafbd4997db003d07d1caa19f37808be8031475f2a",
"sha256:cffc044844040c7ce04e9acd1838b5f2e5fa3170182f6fda4d2ea8b0099dbadd" "sha256:08e8a59ef1817ac4ed810bb8e17d049566dd6e024e7566f6285c756db2bb4ff8"
], ],
"markers": "python_version >= '3.6'", "markers": "python_version >= '3.6'",
"version": "==5.0.0" "version": "==5.0.1"
}, },
"cryptography": { "cryptography": {
"hashes": [ "hashes": [
@ -320,10 +320,10 @@
}, },
"jbxapi": { "jbxapi": {
"hashes": [ "hashes": [
"sha256:a5dc57e418363f5e2ab39f79fdfdb71dbad758cfc2ff254a3eb8e353bc9994ae" "sha256:8458f01a9b4e4245d61f6fa75edef17e2992192975f746c51ed5392ba9aa7ce5"
], ],
"index": "pypi", "index": "pypi",
"version": "==3.10.0" "version": "==3.11.0"
}, },
"json-log-formatter": { "json-log-formatter": {
"hashes": [ "hashes": [
@ -512,25 +512,28 @@
}, },
"pandas": { "pandas": {
"hashes": [ "hashes": [
"sha256:026d764d0b86ee53183aa4c0b90774b6146123eeada4e24946d7d24290777be1", "sha256:206d7c3e5356dcadf082e64dc25c24bc8541718045826074f96346e9d6d05a20",
"sha256:02ec9f5f0b7df7227931a884569ef0b6d32d76789c84bcac1a719dafd1f912e8", "sha256:24f61f40febe47edac271eda45d683e42838b7db2bd0f82574d9800259d2b182",
"sha256:08783a33989a6747317766b75be30a594a9764b9f145bb4bcc06e337930d9807", "sha256:3a038cd5da602b955d335aa80cbaa0e5774f68501ff47b9c21509906981478da",
"sha256:0936991228241db937e87f82ec552a33888dd04a2e0d5a2fa3c689f92fab09e0", "sha256:427be9938b2f79ab298de84f87693914cda238a27cf10580da96caf3dff64115",
"sha256:188cdfbf8399bc144fa95040536b5ce3429d2eda6c9c8b238c987af7df9f128c", "sha256:54f5f564058b0280d588c3758abde82e280702c440db5faf0c686b80336096f9",
"sha256:1edf6c254d2d138188e9987159978ee70e23362fe9197f3f100844a197f7e1e4", "sha256:5a8a84b75ca3a29bb4263b35d5ed9fcaae2b062f014feed8c5daa897339c7d85",
"sha256:474fa53e3b2f3a543cbca81f7457bd1f44e7eb1be7171067636307e21b624e9c", "sha256:84a4ffe668df357e31f98c829536e3a7142c3036c82f996e639f644c5d32eda1",
"sha256:59df9f0276aa4854d8bff28c5e5aeb74d9c6bb4d9f55d272b7124a7df40e47d0", "sha256:882012763668af54b48f1412bab95c5cc0a7ccce5a2a8221cfc3839a6e3394ef",
"sha256:9e135ce9929cd0f0ba24f0545936af17ba935f844d4c3a2b979354a73c9440e0", "sha256:920d30fdff65a079f071db635d282b4f583c2b26f2b58d5dca218aac7c59974d",
"sha256:ab6ea0f3116f408a8a59cd50158bfd19d2a024f4e221f14ab1bcd2da4f0c6fdf", "sha256:a605054fbca71ed1d08bb2aef6f73c84a579bbac956bfe8f9718d5e84cb41248",
"sha256:b64ffd87a2cfd31b40acd4b92cb72ea9a52a48165aec4c140e78fd69c45d1444", "sha256:b11b496c317dbe007898de699fd59eaf687d0fe8c1b7dad109db6010155d28ae",
"sha256:b821f239514a9ce46dd1cd6c9298a03ed58d0235d414ea264aacc1b14916bbe4", "sha256:babbeda2f83b0686c9ad38d93b10516e68cdcd5771007eb80a763e98aaf44613",
"sha256:c9235b37489168ed6b173551c816b50aa89f03c24a8549a8b4d47d8dc79bfb1e", "sha256:c22e40f1b4d162ca18eb6b2c572e63eef220dbc9cc3de0241cefb77972621bb7",
"sha256:eb0ac2fd04428f18b547716f70c699a7cc9c65a6947ed8c7e688d96eb91e3db8", "sha256:ca31ac8578d48da354cf66a473d4d5ff99277ca71d321dc7ea4e6fad3c6bb0fd",
"sha256:eeb64c5b3d4f2ea072ca8afdeb2b946cd681a863382ca79734f1b520b8d2fa26", "sha256:ca71a5aa9eeb3ef5b31feca7d9b6369d6b3d0b2e9c85d7a89abe3ecb013f1e86",
"sha256:f7008ec22b92d771b145150978d930a28fab8da3a10131b01bbf39574acdad0b" "sha256:d6b1f9d506dc23da2915bcae5c5968990049c9cec44108bd9855d2c7c89d91dc",
"sha256:d89dbc58aec1544722a8d5046f880b597c497ef8a82c5fe695b4b2effafac5ec",
"sha256:df43ea0e9fd9f9672b0de9cac26d01255ad50481994bf3cb4687c21eec2d7bbc",
"sha256:fd6f05b6101d0e76f3e5c26a47be5be7be96ed84ef3981dc1852e76898e73594"
], ],
"index": "pypi", "index": "pypi",
"version": "==1.1.2" "version": "==1.1.3"
}, },
"pandas-ods-reader": { "pandas-ods-reader": {
"hashes": [ "hashes": [
@ -571,7 +574,11 @@
"sha256:0295442429645fa16d05bd567ef5cff178482439c9aad0411d3f0ce9b88b3a6f", "sha256:0295442429645fa16d05bd567ef5cff178482439c9aad0411d3f0ce9b88b3a6f",
"sha256:5e51ee2b8114def244384eda1c82b10e307ad9778dac5c83fb0943775a653cd8", "sha256:5e51ee2b8114def244384eda1c82b10e307ad9778dac5c83fb0943775a653cd8",
"sha256:8dad18b69f710bf3a001d2bf3afab7c432785d94fcf819c16b5207b1cfd17d38", "sha256:8dad18b69f710bf3a001d2bf3afab7c432785d94fcf819c16b5207b1cfd17d38",
"sha256:edf31f1150778abd4322444c393ab9c7bd2af271dd4dafb4208fb613b1f3cdc9", "sha256:94cf49723928eb6070a892cb39d6c156f7b5a2db4e8971cb958f7b6b104fb4c4",
"sha256:97f9e7953a77d5a70f49b9a48da7776dc51e9b738151b22dacf101641594a626",
"sha256:9ad7f865eebde135d526bb3163d0b23ffff365cf87e767c649550964ad72785d",
"sha256:9c87ef410a58dd54b92424ffd7e28fd2ec65d2f7fc02b76f5e9b2067e355ebf6",
"sha256:a060cf8aa332052df2158e5a119303965be92c3da6f2d93b6878f0ebca80b2f6",
"sha256:c79f9c5fb846285f943aafeafda3358992d64f0ef58566e23484132ecd8d7d63", "sha256:c79f9c5fb846285f943aafeafda3358992d64f0ef58566e23484132ecd8d7d63",
"sha256:1ca594126d3c4def54babee699c055a913efb01e106c309fa6b04405d474d5ae", "sha256:1ca594126d3c4def54babee699c055a913efb01e106c309fa6b04405d474d5ae",
"sha256:6d7741e65835716ceea0fd13a7d0192961212fd59e741a46bbed7a473c634ed6", "sha256:6d7741e65835716ceea0fd13a7d0192961212fd59e741a46bbed7a473c634ed6",
@ -584,8 +591,11 @@
"sha256:25930fadde8019f374400f7986e8404c8b781ce519da27792cbe46eabec00c4d", "sha256:25930fadde8019f374400f7986e8404c8b781ce519da27792cbe46eabec00c4d",
"sha256:97f9e7953a77d5a70f49b9a48da7776dc51e9b738151b22dacf101641594a626", "sha256:97f9e7953a77d5a70f49b9a48da7776dc51e9b738151b22dacf101641594a626",
"sha256:d350f0f2c2421e65fbc62690f26b59b0bcda1b614beb318c81e38647e0f673a1", "sha256:d350f0f2c2421e65fbc62690f26b59b0bcda1b614beb318c81e38647e0f673a1",
"sha256:c92302a33138409e8f1ad16731568c55c9053eee71bb05b6b744067e1b62380f", "sha256:e901964262a56d9ea3c2693df68bc9860b8bdda2b04768821e4c44ae797de117",
"sha256:e901964262a56d9ea3c2693df68bc9860b8bdda2b04768821e4c44ae797de117" "sha256:ec29604081f10f16a7aea809ad42e27764188fc258b02259a03a8ff7ded3808d",
"sha256:edf31f1150778abd4322444c393ab9c7bd2af271dd4dafb4208fb613b1f3cdc9",
"sha256:f7e30c27477dffc3e85c2463b3e649f751789e0f6c8456099eea7ddd53be4a8a",
"sha256:ffe538682dc19cc542ae7c3e504fdf54ca7f86fb8a135e59dd6bc8627eae6cce"
], ],
"index": "pypi", "index": "pypi",
"version": "==7.2.0" "version": "==7.2.0"
@ -630,11 +640,29 @@
}, },
"pycryptodome": { "pycryptodome": {
"hashes": [ "hashes": [
"sha256:02e51e1d5828d58f154896ddfd003e2e7584869c275e5acbe290443575370fba",
"sha256:03d5cca8618620f45fd40f827423f82b86b3a202c8d44108601b0f5f56b04299",
"sha256:0e24171cf01021bc5dc17d6a9d4f33a048f09d62cc3f62541e95ef104588bda4",
"sha256:132a56abba24e2e06a479d8e5db7a48271a73a215f605017bbd476d31f8e71c1",
"sha256:1e655746f539421d923fd48df8f6f40b3443d80b75532501c0085b64afed9df5",
"sha256:2b998dc45ef5f4e5cf5248a6edfcd8d8e9fb5e35df8e4259b13a1b10eda7b16b",
"sha256:360955eece2cd0fa694a708d10303c6abd7b39614fa2547b6bd245da76198beb",
"sha256:39ef9fb52d6ec7728fce1f1693cb99d60ce302aeebd59bcedea70ca3203fda60",
"sha256:4350a42028240c344ee855f032c7d4ad6ff4f813bfbe7121547b7dc579ecc876",
"sha256:50348edd283afdccddc0938cdc674484533912ba8a99a27c7bfebb75030aa856",
"sha256:54bdedd28476dea8a3cd86cb67c0df1f0e3d71cae8022354b0f879c41a3d27b2",
"sha256:55eb61aca2c883db770999f50d091ff7c14016f2769ad7bca3d9b75d1d7c1b68",
"sha256:6276478ada411aca97c0d5104916354b3d740d368407912722bd4d11aa9ee4c2",
"sha256:663f8de2b3df2e744d6e1610506e0ea4e213bde906795953c1e82279c169f0a7",
"sha256:67dcad1b8b201308586a8ca2ffe89df1e4f731d5a4cdd0610cc4ea790351c739", "sha256:67dcad1b8b201308586a8ca2ffe89df1e4f731d5a4cdd0610cc4ea790351c739",
"sha256:39ef9fb52d6ec7728fce1f1693cb99d60ce302aeebd59bcedea70ca3203fda60", "sha256:39ef9fb52d6ec7728fce1f1693cb99d60ce302aeebd59bcedea70ca3203fda60",
"sha256:fbe65d5cfe04ff2f7684160d50f5118bdefb01e3af4718eeb618bfed40f19d94", "sha256:fbe65d5cfe04ff2f7684160d50f5118bdefb01e3af4718eeb618bfed40f19d94",
"sha256:b56638d58a3a4be13229c6a815cd448f9e3ce40c00880a5398471b42ee86f50e", "sha256:b56638d58a3a4be13229c6a815cd448f9e3ce40c00880a5398471b42ee86f50e",
"sha256:709b9f144d23e290b9863121d1ace14a72e01f66ea9c903fbdc690520dfdfcf0", "sha256:709b9f144d23e290b9863121d1ace14a72e01f66ea9c903fbdc690520dfdfcf0",
"sha256:8063a712fba642f78d3c506b0896846601b6de7f5c3d534e388ad0cc07f5a149",
"sha256:80d57177a0b7c14d4594c62bbb47fe2f6309ad3b0a34348a291d570925c97a82",
"sha256:87006cf0d81505408f1ae4f55cf8a5d95a8e029a4793360720ae17c6500f7ecc",
"sha256:9f62d21bc693f3d7d444f17ed2ad7a913b4c37c15cd807895d013c39c0517dfd",
"sha256:a207231a52426de3ff20f5608f0687261a3329d97a036c51f7d4c606a6f30c23", "sha256:a207231a52426de3ff20f5608f0687261a3329d97a036c51f7d4c606a6f30c23",
"sha256:87006cf0d81505408f1ae4f55cf8a5d95a8e029a4793360720ae17c6500f7ecc", "sha256:87006cf0d81505408f1ae4f55cf8a5d95a8e029a4793360720ae17c6500f7ecc",
"sha256:8063a712fba642f78d3c506b0896846601b6de7f5c3d534e388ad0cc07f5a149", "sha256:8063a712fba642f78d3c506b0896846601b6de7f5c3d534e388ad0cc07f5a149",
@ -644,25 +672,12 @@
"sha256:dd302b6ae3965afeb5ef1b0d92486f986c0e65183cd7835973f0b593800590e6", "sha256:dd302b6ae3965afeb5ef1b0d92486f986c0e65183cd7835973f0b593800590e6",
"sha256:50348edd283afdccddc0938cdc674484533912ba8a99a27c7bfebb75030aa856", "sha256:50348edd283afdccddc0938cdc674484533912ba8a99a27c7bfebb75030aa856",
"sha256:c8bf40cf6e281a4378e25846924327e728a887e8bf0ee83b2604a0f4b61692e8", "sha256:c8bf40cf6e281a4378e25846924327e728a887e8bf0ee83b2604a0f4b61692e8",
"sha256:0e24171cf01021bc5dc17d6a9d4f33a048f09d62cc3f62541e95ef104588bda4", "sha256:cecbf67e81d6144a50dc615629772859463b2e4f815d0c082fa421db362f040e",
"sha256:360955eece2cd0fa694a708d10303c6abd7b39614fa2547b6bd245da76198beb",
"sha256:02e51e1d5828d58f154896ddfd003e2e7584869c275e5acbe290443575370fba",
"sha256:54bdedd28476dea8a3cd86cb67c0df1f0e3d71cae8022354b0f879c41a3d27b2",
"sha256:1e655746f539421d923fd48df8f6f40b3443d80b75532501c0085b64afed9df5",
"sha256:f2e045224074d5664dc9cbabbf4f4d4d46f1ee90f24780e3a9a668fd096ff17f",
"sha256:d8074c8448cfd0705dfa71ca333277fce9786d0b9cac75d120545de6253f996a", "sha256:d8074c8448cfd0705dfa71ca333277fce9786d0b9cac75d120545de6253f996a",
"sha256:80d57177a0b7c14d4594c62bbb47fe2f6309ad3b0a34348a291d570925c97a82", "sha256:80d57177a0b7c14d4594c62bbb47fe2f6309ad3b0a34348a291d570925c97a82",
"sha256:132a56abba24e2e06a479d8e5db7a48271a73a215f605017bbd476d31f8e71c1", "sha256:132a56abba24e2e06a479d8e5db7a48271a73a215f605017bbd476d31f8e71c1",
"sha256:ef39c98d9b8c0736d91937d193653e47c3b19ddf4fc3bccdc5e09aaa4b0c5d21", "sha256:ef39c98d9b8c0736d91937d193653e47c3b19ddf4fc3bccdc5e09aaa4b0c5d21",
"sha256:6276478ada411aca97c0d5104916354b3d740d368407912722bd4d11aa9ee4c2", "sha256:f2e045224074d5664dc9cbabbf4f4d4d46f1ee90f24780e3a9a668fd096ff17f",
"sha256:03d5cca8618620f45fd40f827423f82b86b3a202c8d44108601b0f5f56b04299",
"sha256:cecbf67e81d6144a50dc615629772859463b2e4f815d0c082fa421db362f040e",
"sha256:de6e1cd75677423ff64712c337521e62e3a7a4fc84caabbd93207752e831a85a",
"sha256:2b998dc45ef5f4e5cf5248a6edfcd8d8e9fb5e35df8e4259b13a1b10eda7b16b",
"sha256:663f8de2b3df2e744d6e1610506e0ea4e213bde906795953c1e82279c169f0a7",
"sha256:9f62d21bc693f3d7d444f17ed2ad7a913b4c37c15cd807895d013c39c0517dfd",
"sha256:bcd5b8416e73e4b0d48afba3704d8c826414764dafaed7a1a93c442188d90ccc",
"sha256:55eb61aca2c883db770999f50d091ff7c14016f2769ad7bca3d9b75d1d7c1b68",
"sha256:f521178e5a991ffd04182ed08f552daca1affcb826aeda0e1945cd989a9d4345", "sha256:f521178e5a991ffd04182ed08f552daca1affcb826aeda0e1945cd989a9d4345",
"sha256:bec2bcdf7c9ce7f04d718e51887f3b05dc5c1cfaf5d2c2e9065ecddd1b2f6c9a" "sha256:bec2bcdf7c9ce7f04d718e51887f3b05dc5c1cfaf5d2c2e9065ecddd1b2f6c9a"
], ],
@ -685,13 +700,25 @@
"sha256:9fd758e5e2fe02d57860b85da34a1a1e7037155c4eadc2326fc7af02f9cae214", "sha256:9fd758e5e2fe02d57860b85da34a1a1e7037155c4eadc2326fc7af02f9cae214",
"sha256:c315262e26d54a9684e323e37ac9254f481d57fcc4fd94002992460898ef5c04", "sha256:c315262e26d54a9684e323e37ac9254f481d57fcc4fd94002992460898ef5c04",
"sha256:2275a663c9e744ee4eace816ef2d446b3060554c5773a92fbc79b05bf47debda", "sha256:2275a663c9e744ee4eace816ef2d446b3060554c5773a92fbc79b05bf47debda",
"sha256:2710fc8d83b3352b370db932b3710033b9d630b970ff5aaa3e7458b5336e3b32",
"sha256:35b9c9177a9fe7288b19dd41554c9c8ca1063deb426dd5a02e7e2a7416b6bd11",
"sha256:3b23d63030819b7d9ac7db9360305fd1241e6870ca5b7e8d59fee4db4674a490",
"sha256:3caa32cf807422adf33c10c88c22e9e2e08b9d9d042f12e1e25fe23113dd618f", "sha256:3caa32cf807422adf33c10c88c22e9e2e08b9d9d042f12e1e25fe23113dd618f",
"sha256:58e19560814dabf5d788b95a13f6b98279cf41a49b1e49ee6cf6c79a57adb4c9", "sha256:58e19560814dabf5d788b95a13f6b98279cf41a49b1e49ee6cf6c79a57adb4c9",
"sha256:a2ee8ba99d33e1a434fcd27d7d0aa7964163efeee0730fe2efc9d60edae1fc71", "sha256:8044eae59301dd392fbb4a7c5d64e1aea8ef0be2540549807ecbe703d6233d68",
"sha256:85c108b42e47d4073344ff61d4e019f1d95bb7725ca0fe87d0a2deb237c10e49",
"sha256:89be1bf55e50116fe7e493a7c0c483099770dd7f81b87ac8d04a43b1a203e259",
"sha256:8fcdda24dddf47f716400d54fc7f75cadaaba1dd47cc127e59d752c9c0fc3c48",
"sha256:914fbb18e29c54585e6aa39d300385f90d0fa3b3cc02ed829b08f95c1acf60c2", "sha256:914fbb18e29c54585e6aa39d300385f90d0fa3b3cc02ed829b08f95c1acf60c2",
"sha256:a2bc4e1a2e6ca3a18b2e0be6131a23af76fecb37990c159df6edc7da6df913e3", "sha256:a2bc4e1a2e6ca3a18b2e0be6131a23af76fecb37990c159df6edc7da6df913e3",
"sha256:89be1bf55e50116fe7e493a7c0c483099770dd7f81b87ac8d04a43b1a203e259", "sha256:a2ee8ba99d33e1a434fcd27d7d0aa7964163efeee0730fe2efc9d60edae1fc71",
"sha256:b2d756620078570d3f940c84bc94dd30aa362b795cce8b2723300a8800b87f1c",
"sha256:c0d085c8187a1e4d3402f626c9e438b5861151ab132d8761d9c5ce6491a87761",
"sha256:c315262e26d54a9684e323e37ac9254f481d57fcc4fd94002992460898ef5c04",
"sha256:c990f2c58f7c67688e9e86e6557ed05952669ff6f1343e77b459007d85f7df00",
"sha256:ccbbec59bf4b74226170c54476da5780c9176bae084878fc94d9a2c841218e34",
"sha256:dc2bed32c7b138f1331794e454a953360c8cedf3ee62ae31f063822da6007489", "sha256:dc2bed32c7b138f1331794e454a953360c8cedf3ee62ae31f063822da6007489",
"sha256:ddb1ae2891c8cb83a25da87a3e00111a9654fc5f0b70f18879c41aece45d6182",
"sha256:e070a1f91202ed34c396be5ea842b886f6fa2b90d2db437dc9fb35a26c80c060", "sha256:e070a1f91202ed34c396be5ea842b886f6fa2b90d2db437dc9fb35a26c80c060",
"sha256:c0d085c8187a1e4d3402f626c9e438b5861151ab132d8761d9c5ce6491a87761", "sha256:c0d085c8187a1e4d3402f626c9e438b5861151ab132d8761d9c5ce6491a87761",
"sha256:f60b3484ce4be04f5da3777c51c5140d3fe21cdd6674f2b6568f41c8130bcdeb", "sha256:f60b3484ce4be04f5da3777c51c5140d3fe21cdd6674f2b6568f41c8130bcdeb",
@ -700,12 +727,8 @@
"sha256:4e0b27697fa1621c6d3d3b4edeec723c2e841285de6a8d378c1962da77b349be", "sha256:4e0b27697fa1621c6d3d3b4edeec723c2e841285de6a8d378c1962da77b349be",
"sha256:e4e1c486bf226822c8dceac81d0ec59c0a2399dbd1b9e04f03c3efa3605db677", "sha256:e4e1c486bf226822c8dceac81d0ec59c0a2399dbd1b9e04f03c3efa3605db677",
"sha256:ea4d4b58f9bc34e224ef4b4604a6be03d72ef1f8c486391f970205f6733dbc46", "sha256:ea4d4b58f9bc34e224ef4b4604a6be03d72ef1f8c486391f970205f6733dbc46",
"sha256:48cc2cfc251f04a6142badeb666d1ff49ca6fdfc303fd72579f62b768aaa52b9", "sha256:f5bd6891380e0fb5467251daf22525644fdf6afd9ae8bc2fe065c78ea1882e0d",
"sha256:85c108b42e47d4073344ff61d4e019f1d95bb7725ca0fe87d0a2deb237c10e49", "sha256:f60b3484ce4be04f5da3777c51c5140d3fe21cdd6674f2b6568f41c8130bcdeb"
"sha256:35b9c9177a9fe7288b19dd41554c9c8ca1063deb426dd5a02e7e2a7416b6bd11",
"sha256:e42860fbe1292668b682f6dabd225fbe2a7a4fa1632f0c39881c019e93dea594",
"sha256:17272d06e4b2f6455ee2cbe93e8eb50d9450a5dc6223d06862ee1ea5d1235861",
"sha256:06f5a458624c9b0e04c0086c7f84bcc578567dab0ddc816e0476b3057b18339f"
], ],
"markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'", "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'",
"version": "==3.9.8" "version": "==3.9.8"
@ -756,7 +779,7 @@
"pdfexport" "pdfexport"
], ],
"git": "https://github.com/MISP/PyMISP.git", "git": "https://github.com/MISP/PyMISP.git",
"ref": "77e7111c29f935f5dc4790c7493a3cc91f79131e" "ref": "bacd4c78cd83d3bf45dcf55cd9ad3514747ac985"
}, },
"pyonyphe": { "pyonyphe": {
"editable": true, "editable": true,
@ -923,49 +946,49 @@
}, },
"reportlab": { "reportlab": {
"hashes": [ "hashes": [
"sha256:0734f63685038e8c9dc176fa44676c660f347420b78abe1be81245c8ca48fa0d", "sha256:0145233d3596fa5828972eb474b5a9f3fd5dea45d6f196fe006a7a7a461fcd03",
"sha256:0738973406752c9e36c066ca453b4332ceae110294e8640d2a9b3846c6c381dc", "sha256:04fd4a129393006c4ba9cd9fff56b78ad60fe6702326e9260f55d4abac9f1df2",
"sha256:09238d17bc97d63289b9adc2e1c16699f54985bfaf6ca7c681a2b92edda3e577", "sha256:067800caa12ea69e8df0a9206a7eda6697f91a33edb8413b778647d270bc9f34",
"sha256:124b0d449f33464d9b2132d18574d8757b613bea4090a34a99381037e7ec781d", "sha256:106a61093cf6084fbcb1272768f090b06137027e09c5e53c573c6c7b90216066",
"sha256:15e696e490432aea873fe01c042b83f9df87a5cc0c225cd8240dfa80d383466d", "sha256:13afbdca2b0844c19ee6804220bb96630f44ffa2571781de66a04e3f83609295",
"sha256:24c55a6d8229186ebf3587d4d81ddb1b4261975f2cfeef6b8fcc259cbde49a68", "sha256:155887770694a1febb4b1bcd2e2856c931225fa1fe8c5ef6772fce47c07f6204",
"sha256:26c410c6f9b9ccda0b7dc827a494fdff1c87267b7f506e2a6ec8d7ae6f41317d", "sha256:17c906bc410f5eef01795d709ad88663ab98447683d21b6e97bac9b366504a8a",
"sha256:35285ab45b9c5575ebe3642fc772450aa04886713e69270ef80e6589e3232d1f", "sha256:1880282b9a278b4df5139b2083b9116388d9e1fb4a438c60b3cc4ad983da1bc5",
"sha256:4441bed8cd679c4769624a9349c31880a0769a925b5114ff79a43cac2ec25b78", "sha256:2248f9c362f417d108329fdf5083ede1914757534f1b255d6c37a9a6d99c5efe",
"sha256:52e60b52180006da54510ba8a153f278490d6d4a65c63f5240a9e788ca2db2a0", "sha256:2dc571be9d2fec76f8bddb540581429eb16057ff9101767d8b15166ad1de70db",
"sha256:5b4c7329340bef4ee2d773ef48d022a37f6dacfeda5fa1834827d2bc83df53fe", "sha256:35dda0a1994a8fc009bf5826fe34dcdb15e561b05a5a01c506d949accfbdf027",
"sha256:62a8b80af9b479277f6a10db62c60b2c2d3e2e28958ad851521efbbd5659c179", "sha256:3858534058ab99fbedb34ceae31f85bbadeeb8e4dbb78a58927599a6f0422617",
"sha256:67525ae908f0c9812f6bf33578805f5e50689a4ba3a0bc9730338327727b4b2a", "sha256:4710d237fe9f729eacbbb7477d14eea00781704e0cdb83c789e610365e40627f",
"sha256:6e49e1822c0ee2459ac358fb29b36968d839f6dcc2fd6790cd73c4527ce42b7f", "sha256:49e32586d3a814a5f77407c0590504a72743ca278518b3c0f90182430f2d87af",
"sha256:6edd891881e2536c420fcda443ac693d349a27a739a79dc9d75cc80a9854be12", "sha256:4cdb2ab88839f0d36364b71744b742e09699bde9b943aa35da26580831c3f106",
"sha256:726c2ddf51a43c1025979f1a3e27b24d441f9cd4a017887c21321c48d401308d", "sha256:5e995f77124933d3e16ddc09f95ab36793083a1cb08ed2557811f8cfb254434b",
"sha256:7357c7286e638ac9ee572d0b86fbd84d809879ca0231112aa7cece18f9fd5b73", "sha256:73bc92579692609837fb13f271f7436fdb7b6ddebb9e10185452d45814c365c3",
"sha256:7c0ecfee57321dbf25e0a2957056aa24b57c9334ad5e6e044b512a22040967ef", "sha256:7931097db5f18e3ac6909a223e94dd3ad0258541f9802effa5b8f519ef9278e4",
"sha256:7ea16cab0ca2a1373a78e3f723ebb53b6f8bd17b406395f3168b2549861bf763", "sha256:7eb3d96adb309593bded364d25a32b80f9dc18b2f9a4b2001972194027a77eef",
"sha256:7f283fdcd0417a43431886cb4b9adeb3c0dce6b8e701b8258d6ef73e323ee105", "sha256:886bdc7c13e6c6513696eb044000491c787fd53a486aa3adea060d34aa3cd028",
"sha256:847164d15142652a3f11f9101603878136c6a2f663460046d08421c039f6bc7d", "sha256:8c242a2be8d71ff18e11938cf45114d1144544984cd34fea0606f04144d62bea",
"sha256:8499aeb496b6ff6df0602c1395b201d1b40b96d43d29e5c0805c81b55f333ef6", "sha256:8f2759d2a81ee992054e7a1123cadd6baff4edecc1249e503bb6decd6b55e8ee",
"sha256:9894bb2f41950f2cb2d84a46b39d487fc0f8f083730bfe2120be2743b7145fd0", "sha256:9765c0eec5e6927aaccf6bd460fe24a014d35a3979f2c7507644fd5946775921",
"sha256:a4f3eec7985642f139cb9b522e5dd1581186cf9ee016853d4b3b5abf2e5b8bc4", "sha256:9c7173def03fd3048f07bce00d4ca4793efc37239811d9b3eb77edb561363cd2",
"sha256:a5ad4696987fdb42d976093e1b1a585ec2ad42634b5ce94dbb71362dcc758afb", "sha256:a1d0e20cae86c6ba5e6626a9e07eca4d298341adfee778f87d5837bc76912135",
"sha256:a85b0c694104f5e45ede8172c41ba6593554df3db6c50131bb6b7d7a0866d633", "sha256:a5398e7af6136c25a34569132e7e2646c72a2f89e53028ef109fb03b5a2923a6",
"sha256:a8d5bc7413a6b23c8023e2daac879986f35fd55c94ee69f5e94de2afe1a6b40e", "sha256:a690fe672aa51ee3a6ff4c96d2f5d9744d3b6f27c999a795b9c513923f875bfc",
"sha256:aeaa2d1c8e4227ac80ab6768cbb7b807b2185581cb8be52026ba87289f4f8afd", "sha256:b18ea3593d4edc7f05c510ab298d48548d9a4473a643f37661b1669365d7d33c",
"sha256:b4ea035fccca8d98e2106d0d18c11bf58c1c75179c949be6ac169c362543520d", "sha256:b727050ec5dfc4baeded07199d4640156f360ff4624b0194d8e91b234fc0c26b",
"sha256:b8f4ba3560ced143835c65d18c114070dbd9caa9c7250554319f23c3caa63528", "sha256:be53e8423f35d3c80b0560aec034226fdab5623bb4d64b962c3f04b65980b3e0",
"sha256:ba9bcadc5d8ea45d2b009ccff56d89f40c29b0daa373142fa758c892f1699b3d", "sha256:c70e9c9cfdc0596c3912e0d147f42e83c7ac5642ac82d6fe05d85a6326bae14d",
"sha256:bfde3244b5df701ccc7423d7ad8b0b5b138ee84a5aa523a25a4d22f801db7e34", "sha256:ce7c13eb469f864085a546881a3bc9b46e20a73dc1a43b9e84153833e628dee3",
"sha256:c8ad3619d18b61ab024d519f3e95fac412259b4a6b074aef1b702755ebd6de38", "sha256:d6bd4d59f4b558165f05f9f7dfad37b9d788bcc05c0b37a6b0fcb6165d6893ec",
"sha256:caea1f634b89b19d9a7a474b92ce0c330aef51e8a9e57e193d77e206da4f1534", "sha256:d75114965cc84ee51aaf3d7eda90f3554f3ac67350ebacd1dbb9193a7a525e21",
"sha256:d6ef866c7783b3fedcbd4396617e18cb947349e99d04c7253dfaab0bc38f49e4", "sha256:d78fdb967bd7652515d9a23ff3088e32e32ef96332737696e9eb0fda5602bf81",
"sha256:d853bffa2394bf8da27c0f94fe3121830ebd418e911f09b074d8b08b909ec5e4", "sha256:d930a3de0fa9711b9c960dee92ff2b30c3f69568f00f0244834fe28d5563ea9b",
"sha256:d9ef21229dc82bf76f75858ee02185dd5522abd2a175c9a5cff3add9426cf98b", "sha256:e32af1e47076a3fc77e6be5f7e2c8cbbc82fe493a5cd3f6190c0f8980c401e59",
"sha256:dc1f231ae768baf88bf462a6736e9091606c3326d3b242d22e6df6f0dd9553fc", "sha256:e50de7d196f2d3940f3fdea0f30bf67929686d57285b3779fb071d05a810d65f",
"sha256:de271298f61ce674354826b2a64f932a4f41317460be610909c213ebc44ab988", "sha256:e7b7e4a0ce0f455a4777528a8a316e87cc6cf887eaa2a4e6a0cc103f031c57c2",
"sha256:e28065627fcbed9978d6d1f9bf68b0bec5d7fa40a7ab64bda3149590d4022f91" "sha256:e8dd01462a1bb41b6806aa93a703100d3fbba760f8feca96fcec710db9384a25"
], ],
"index": "pypi", "index": "pypi",
"version": "==3.5.52" "version": "==3.5.53"
}, },
"requests": { "requests": {
"extras": [ "extras": [
@ -1302,11 +1325,11 @@
}, },
"flake8": { "flake8": {
"hashes": [ "hashes": [
"sha256:15e351d19611c887e482fb960eae4d44845013cc142d42896e9862f775d8cf5c", "sha256:749dbbd6bfd0cf1318af27bf97a14e28e5ff548ef8e5b1566ccfb25a11e7c839",
"sha256:f04b9fcbac03b0a3e58c0ab3a0ecc462e023a9faf046d57794184028123aa208" "sha256:aadae8761ec651813c24be05c6f7b4680857ef6afaae4651a4eccaef97ce6c3b"
], ],
"index": "pypi", "index": "pypi",
"version": "==3.8.3" "version": "==3.8.4"
}, },
"idna": { "idna": {
"hashes": [ "hashes": [
@ -1389,11 +1412,11 @@
}, },
"pytest": { "pytest": {
"hashes": [ "hashes": [
"sha256:1cd09785c0a50f9af72220dd12aa78cfa49cbffc356c61eab009ca189e018a33", "sha256:7a8190790c17d79a11f847fba0b004ee9a8122582ebff4729a082c109e81a4c9",
"sha256:d010e24666435b39a4cf48740b039885642b6c273a3f77be3e7e03554d2806b7" "sha256:8f593023c1a0f916110285b6efd7f99db07d59546e3d8c36fc60e2ab05d3be92"
], ],
"index": "pypi", "index": "pypi",
"version": "==6.1.0" "version": "==6.1.1"
}, },
"requests": { "requests": {
"extras": [ "extras": [

View File

@ -3,110 +3,114 @@
-e git+https://github.com/D4-project/BGP-Ranking.git/@fd9c0e03af9b61d4bf0b67ac73c7208a55178a54#egg=pybgpranking&subdirectory=client -e git+https://github.com/D4-project/BGP-Ranking.git/@fd9c0e03af9b61d4bf0b67ac73c7208a55178a54#egg=pybgpranking&subdirectory=client
-e git+https://github.com/D4-project/IPASN-History.git/@fc5e48608afc113e101ca6421bf693b7b9753f9e#egg=pyipasnhistory&subdirectory=client -e git+https://github.com/D4-project/IPASN-History.git/@fc5e48608afc113e101ca6421bf693b7b9753f9e#egg=pyipasnhistory&subdirectory=client
-e git+https://github.com/MISP/PyIntel471.git@0df8d51f1c1425de66714b3a5a45edb69b8cc2fc#egg=pyintel471 -e git+https://github.com/MISP/PyIntel471.git@0df8d51f1c1425de66714b3a5a45edb69b8cc2fc#egg=pyintel471
-e git+https://github.com/MISP/PyMISP.git@b5b40ae2c5225a4b349c26294cfc012309a61352#egg=pymisp[fileobjects,openioc,virustotal,pdfexport] -e git+https://github.com/MISP/PyMISP.git@bacd4c78cd83d3bf45dcf55cd9ad3514747ac985#egg=pymisp[fileobjects,openioc,pdfexport]
-e git+https://github.com/Rafiot/uwhoisd.git@411572840eba4c72dc321c549b36a54ed5cea9de#egg=uwhois&subdirectory=client -e git+https://github.com/Rafiot/uwhoisd.git@783bba09b5a6964f25566089826a1be4b13f2a22#egg=uwhois&subdirectory=client
-e git+https://github.com/cartertemm/ODTReader.git/@49d6938693f6faa3ff09998f86dba551ae3a996b#egg=odtreader -e git+https://github.com/cartertemm/ODTReader.git/@49d6938693f6faa3ff09998f86dba551ae3a996b#egg=odtreader
-e git+https://github.com/sebdraven/pydnstrails@48c1f740025c51289f43a24863d1845ff12fd21a#egg=pydnstrails -e git+https://github.com/sebdraven/pydnstrails@48c1f740025c51289f43a24863d1845ff12fd21a#egg=pydnstrails
-e git+https://github.com/sebdraven/pyonyphe@1ce15581beebb13e841193a08a2eb6f967855fcb#egg=pyonyphe -e git+https://github.com/sebdraven/pyonyphe@1ce15581beebb13e841193a08a2eb6f967855fcb#egg=pyonyphe
-e git+https://github.com/stricaud/faup.git#egg=pyfaup&subdirectory=src/lib/bindings/python aiohttp==3.6.2; python_full_version >= '3.5.3'
aiohttp==3.4.4 antlr4-python3-runtime==4.8; python_version >= '3'
antlr4-python3-runtime==4.8 ; python_version >= '3'
apiosintds==1.8.3 apiosintds==1.8.3
argparse==1.4.0 argparse==1.4.0
assemblyline-client==3.7.3 assemblyline-client==4.0.1
async-timeout==3.0.1 async-timeout==3.0.1; python_full_version >= '3.5.3'
attrs==19.3.0 attrs==20.2.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'
backscatter==0.2.4 backscatter==0.2.4
beautifulsoup4==4.8.2 beautifulsoup4==4.9.3
blockchain==1.4.4 blockchain==1.4.4
censys==0.0.8 certifi==2020.6.20
certifi==2019.11.28 cffi==1.14.3
cffi==1.14.0
chardet==3.0.4 chardet==3.0.4
click-plugins==1.1.1 click-plugins==1.1.1
click==7.1.1 click==7.1.2; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'
colorama==0.4.3 colorama==0.4.3; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'
cryptography==2.8 configparser==5.0.1; python_version >= '3.6'
cryptography==3.1.1
clamd==1.0.2
decorator==4.4.2 decorator==4.4.2
deprecated==1.2.7 deprecated==1.2.10; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'
dnspython==1.16.0 dnspython==2.0.0
domaintools-api==0.3.3 domaintools-api==0.5.2
enum-compat==0.0.3 enum-compat==0.0.3
ez-setup==0.9 ez-setup==0.9
ezodf==0.3.2 ezodf==0.3.2
future==0.18.2 future==0.18.2; python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'
futures==3.1.1 futures==3.1.1
geoip2==3.0.0 geoip2==4.1.0
httplib2==0.17.0 httplib2==0.18.1
idna-ssl==1.1.0 ; python_version < '3.7' idna-ssl==1.1.0; python_version < '3.7'
idna==2.9 idna==2.10; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'
importlib-metadata==1.6.0 ; python_version < '3.8'
isodate==0.6.0 isodate==0.6.0
jbxapi==3.4.0 jbxapi==3.11.0
json-log-formatter==0.3.0
jsonschema==3.2.0 jsonschema==3.2.0
lief==0.10.1 lief==0.10.1
lxml==4.5.0 lxml==4.5.2
maclookup==1.0.3 maclookup==1.0.3
maxminddb==1.5.2 maxminddb==2.0.2; python_version >= '3.6'
multidict==4.7.5 multidict==4.7.6; python_version >= '3.5'
np==1.0.2 np==1.0.2
numpy==1.18.2 numpy==1.19.2; python_version >= '3.6'
oauth2==1.9.0.post1 oauth2==1.9.0.post1
opencv-python==4.2.0.32 opencv-python==4.4.0.44
pandas-ods-reader==0.0.7 pandas-ods-reader==0.0.7
pandas==1.0.3 pandas==1.1.3
passivetotal==1.0.31 passivetotal==1.0.31
pdftotext==2.1.4 pdftotext==2.1.5
pillow==7.0.0 pillow==7.2.0
progressbar2==3.50.1 progressbar2==3.53.1
psutil==5.7.0 psutil==5.7.2; python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'
pycparser==2.20 pycparser==2.20; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'
pycryptodome==3.9.7 pycryptodome==3.9.8; python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'
pycryptodomex==3.9.7 pycryptodomex==3.9.8; python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'
pydeep==0.4 pydeep==0.4
pyeupi==1.0 pyeupi==1.1
pygeoip==0.3.2 pygeoip==0.3.2
pyopenssl==19.1.0 pyopenssl==19.1.0
pyparsing==2.4.6 pyparsing==2.4.7; python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'
pypdns==1.5.1 pypdns==1.5.1
pypssl==2.1 pypssl==2.1
pyrsistent==0.16.0 pyrsistent==0.17.3; python_version >= '3.5'
pytesseract==0.3.3 pytesseract==0.3.6
python-dateutil==2.8.1 python-baseconv==1.2.2
python-dateutil==2.8.1; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'
python-docx==0.8.10 python-docx==0.8.10
python-magic==0.4.15 python-engineio==3.13.2
python-magic==0.4.18
python-pptx==0.6.18 python-pptx==0.6.18
python-socketio[client]==4.6.0
python-utils==2.4.0 python-utils==2.4.0
pytz==2019.3 pytz==2019.3
pyyaml==5.3.1 pyyaml==5.3.1
pyzbar==0.1.8 pyzbar==0.1.8
pyzipper==0.3.1 ; python_version >= '3.5' pyzipper==0.3.3; python_version >= '3.5'
rdflib==4.2.2 rdflib==5.0.0
redis==3.4.1 redis==3.5.3; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'
reportlab==3.5.42 reportlab==3.5.53
requests-cache==0.5.2 requests-cache==0.5.2
requests[security]==2.23.0 requests[security]==2.24.0
shodan==1.22.0 shodan==1.23.1
sigmatools==0.16.0 sigmatools==0.18.1
six==1.14.0 six==1.15.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'
socketio-client==0.5.6 socketio-client==0.5.7.4
soupsieve==2.0 soupsieve==2.0.1; python_version >= '3.0'
sparqlwrapper==1.8.5 sparqlwrapper==1.8.5
stix2-patterns==1.3.0 stix2-patterns==1.3.1
tabulate==0.8.7 tabulate==0.8.7
tornado==6.0.4 tornado==6.0.4; python_version >= '3.5'
trustar==0.3.28 trustar==0.3.33
url-normalize==1.4.1 tzlocal==2.1
unicodecsv==0.14.1
url-normalize==1.4.2; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'
urlarchiver==0.2 urlarchiver==0.2
urllib3==1.25.8 urllib3==1.25.10; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_version < '4'
validators==0.14.0 validators==0.14.0
vt-graph-api==1.0.1 vt-graph-api==1.0.1
vulners==1.5.5 vulners==1.5.8
wand==0.5.9 wand==0.6.3
websocket-client==0.57.0 websocket-client==0.57.0
wrapt==1.12.1 wrapt==1.12.1
xlrd==1.2.0 xlrd==1.2.0
xlsxwriter==1.2.8 xlsxwriter==1.3.6
yara-python==3.8.1 yara-python==3.8.1
yarl==1.4.2 yarl==1.6.0; python_version >= '3.5'
zipp==3.1.0

View File

@ -0,0 +1,128 @@
import base64
import io
import json
import logging
import sys
import zipfile
import clamd
from . import check_input_attribute, standard_error_message
from typing import Optional
from pymisp import MISPEvent, MISPObject
log = logging.getLogger("clamav")
log.setLevel(logging.DEBUG)
sh = logging.StreamHandler(sys.stdout)
sh.setLevel(logging.DEBUG)
fmt = logging.Formatter(
"%(asctime)s - %(name)s - %(levelname)s - %(message)s"
)
sh.setFormatter(fmt)
log.addHandler(sh)
moduleinfo = {
"version": "0.1",
"author": "Jakub Onderka",
"description": "Submit file to ClamAV",
"module-type": ["expansion"]
}
moduleconfig = ["connection"]
mispattributes = {
"input": ["attachment", "malware-sample"],
"format": "misp_standard"
}
def create_response(original_attribute: dict, software: str, signature: Optional[str] = None) -> dict:
misp_event = MISPEvent()
if signature:
misp_event.add_attribute(**original_attribute)
av_signature_object = MISPObject("av-signature")
av_signature_object.add_attribute("signature", signature)
av_signature_object.add_attribute("software", software)
av_signature_object.add_reference(original_attribute["uuid"], "belongs-to")
misp_event.add_object(av_signature_object)
event = json.loads(misp_event.to_json())
results = {key: event[key] for key in ('Attribute', 'Object') if (key in event and event[key])}
return {"results": results}
def connect_to_clamav(connection_string: str) -> clamd.ClamdNetworkSocket:
if connection_string.startswith("unix://"):
return clamd.ClamdUnixSocket(connection_string.replace("unix://", ""))
elif ":" in connection_string:
host, port = connection_string.split(":")
return clamd.ClamdNetworkSocket(host, int(port))
else:
raise Exception("ClamAV connection string is invalid. It must be unix socket path with 'unix://' prefix or IP:PORT.")
def handler(q=False):
if q is False:
return False
request = json.loads(q)
connection_string: str = request["config"].get("connection")
if not connection_string:
return {"error": "No ClamAV connection string provided"}
attribute = request.get("attribute")
if not attribute:
return {"error": "No attribute provided"}
if not check_input_attribute(request['attribute']):
return {'error': f'{standard_error_message}, which should contain at least a type, a value and an uuid.'}
if attribute["type"] not in mispattributes["input"]:
return {"error": "Invalid attribute type provided, expected 'malware-sample' or 'attachment'"}
attribute_data = attribute.get("data")
if not attribute_data:
return {"error": "No attribute data provided"}
try:
clamav = connect_to_clamav(connection_string)
software_version = clamav.version()
except Exception:
logging.exception("Could not connect to ClamAV")
return {"error": "Could not connect to ClamAV"}
try:
data = base64.b64decode(attribute_data, validate=True)
except Exception:
logging.exception("Provided data is not valid base64 encoded string")
return {"error": "Provided data is not valid base64 encoded string"}
if attribute["type"] == "malware-sample":
try:
with zipfile.ZipFile(io.BytesIO(data)) as zipf:
data = zipf.read(zipf.namelist()[0], pwd=b"infected")
except Exception:
logging.exception("Could not extract malware sample from ZIP file")
return {"error": "Could not extract malware sample from ZIP file"}
try:
status, reason = clamav.instream(io.BytesIO(data))["stream"]
except Exception:
logging.exception("Could not send attribute data to ClamAV. Maybe file is too big?")
return {"error": "Could not send attribute data to ClamAV. Maybe file is too big?"}
if status == "ERROR":
return {"error": "ClamAV returned error message: {}".format(reason)}
elif status == "OK":
return {"results": {}}
elif status == "FOUND":
return create_response(attribute, software_version, reason)
else:
return {"error": "ClamAV returned invalid status {}: {}".format(status, reason)}
def introspection():
return mispattributes
def version():
moduleinfo["config"] = moduleconfig
return moduleinfo