mirror of https://github.com/MISP/misp-modules
fix: Pep8 related fixes.
parent
7a7b7b109f
commit
454c9e0f43
|
@ -32,7 +32,7 @@ def handler(q=False):
|
||||||
res = x.query(toquery)
|
res = x.query(toquery)
|
||||||
out = ''
|
out = ''
|
||||||
for v in res:
|
for v in res:
|
||||||
out = out + "{} ".format(v['rdata'])
|
out = out + "{} ".format(v['rdata'])
|
||||||
|
|
||||||
r = {'results': [{'types': mispattributes['output'], 'values': out}]}
|
r = {'results': [{'types': mispattributes['output'], 'values': out}]}
|
||||||
return r
|
return r
|
||||||
|
|
|
@ -28,76 +28,77 @@ limit = 5000 # Default
|
||||||
|
|
||||||
|
|
||||||
def MyHeader(key=False):
|
def MyHeader(key=False):
|
||||||
global limit
|
global limit
|
||||||
if key is False:
|
if key is False:
|
||||||
return None
|
return None
|
||||||
|
|
||||||
return {"Authorization": "Basic %s " % key,
|
return {"Authorization": "Basic %s " % key,
|
||||||
"Accept": "application/json",
|
"Accept": "application/json",
|
||||||
'User-Agent': 'Mozilla 5.0'}
|
'User-Agent': 'Mozilla 5.0'}
|
||||||
|
|
||||||
|
|
||||||
def handler(q=False):
|
def handler(q=False):
|
||||||
global limit
|
global limit
|
||||||
if q is False:
|
if q is False:
|
||||||
return False
|
return False
|
||||||
|
|
||||||
q = json.loads(q)
|
q = json.loads(q)
|
||||||
|
|
||||||
key = q["config"]["apikey"]
|
key = q["config"]["apikey"]
|
||||||
limit = int(q["config"].get("event_limit", 5))
|
limit = int(q["config"].get("event_limit", 5))
|
||||||
|
|
||||||
r = {"results": []}
|
r = {"results": []}
|
||||||
|
|
||||||
if "ip-src" in q:
|
if "ip-src" in q:
|
||||||
r["results"] += apicall("dns", q["ip-src"], key)
|
r["results"] += apicall("dns", q["ip-src"], key)
|
||||||
if "ip-dst" in q:
|
if "ip-dst" in q:
|
||||||
r["results"] += apicall("dns", q["ip-dst"], key)
|
r["results"] += apicall("dns", q["ip-dst"], key)
|
||||||
if "md5" in q:
|
if "md5" in q:
|
||||||
r["results"] += apicall("hash", q["md5"], key)
|
r["results"] += apicall("hash", q["md5"], key)
|
||||||
if "sha1" in q:
|
if "sha1" in q:
|
||||||
r["results"] += apicall("hash", q["sha1"], key)
|
r["results"] += apicall("hash", q["sha1"], key)
|
||||||
if "sha256" in q:
|
if "sha256" in q:
|
||||||
r["results"] += apicall("hash", q["sha256"], key)
|
r["results"] += apicall("hash", q["sha256"], key)
|
||||||
if 'vulnerability' in q:
|
if 'vulnerability' in q:
|
||||||
r["results"] += apicall("vuln", q["vulnerability"], key)
|
r["results"] += apicall("vuln", q["vulnerability"], key)
|
||||||
if "domain" in q:
|
if "domain" in q:
|
||||||
r["results"] += apicall("dns", q["domain"], key)
|
r["results"] += apicall("dns", q["domain"], key)
|
||||||
|
|
||||||
uniq = []
|
uniq = []
|
||||||
for res in r["results"]:
|
for res in r["results"]:
|
||||||
if res not in uniq:
|
if res not in uniq:
|
||||||
uniq.append(res)
|
uniq.append(res)
|
||||||
r["results"] = uniq
|
r["results"] = uniq
|
||||||
return r
|
return r
|
||||||
|
|
||||||
|
|
||||||
def apicall(indicator_type, indicator, key=False):
|
def apicall(indicator_type, indicator, key=False):
|
||||||
try:
|
try:
|
||||||
myURL = BASEurl + (extensions[str(indicator_type)]) % indicator
|
myURL = BASEurl + (extensions[str(indicator_type)]) % indicator
|
||||||
jsondata = requests.get(myURL, headers=MyHeader(key)).json()
|
jsondata = requests.get(myURL, headers=MyHeader(key)).json()
|
||||||
except Exception:
|
except Exception:
|
||||||
jsondata = None
|
jsondata = None
|
||||||
redata = []
|
redata = []
|
||||||
# print(jsondata)
|
# print(jsondata)
|
||||||
if jsondata is not None:
|
if jsondata is not None:
|
||||||
if indicator_type is "hash":
|
if indicator_type == "hash":
|
||||||
if "malware" in jsondata:
|
if "malware" in jsondata:
|
||||||
lopointer = jsondata["malware"]
|
lopointer = jsondata["malware"]
|
||||||
redata.append({"type": "text", "values": lopointer["risk"]})
|
redata.append({"type": "text", "values": lopointer["risk"]})
|
||||||
if indicator_type is "dns":
|
if indicator_type == "dns":
|
||||||
if "records" in str(jsondata):
|
if "records" in str(jsondata):
|
||||||
lopointer = jsondata["Passive"]["records"]
|
lopointer = jsondata["Passive"]["records"]
|
||||||
for dataset in lopointer:
|
for dataset in lopointer:
|
||||||
redata.append({"type": "domain", "values": dataset["value"]})
|
redata.append(
|
||||||
|
{"type": "domain", "values": dataset["value"]})
|
||||||
|
|
||||||
return redata
|
return redata
|
||||||
|
|
||||||
|
|
||||||
def introspection():
|
def introspection():
|
||||||
return mispattributes
|
return mispattributes
|
||||||
|
|
||||||
|
|
||||||
def version():
|
def version():
|
||||||
moduleinfo['config'] = moduleconfig
|
moduleinfo['config'] = moduleconfig
|
||||||
return moduleinfo
|
return moduleinfo
|
||||||
|
|
|
@ -16,73 +16,73 @@ responseType = "application/json"
|
||||||
|
|
||||||
|
|
||||||
def handler(q=False):
|
def handler(q=False):
|
||||||
if q is False:
|
if q is False:
|
||||||
return False
|
return False
|
||||||
|
|
||||||
request = json.loads(q)
|
request = json.loads(q)
|
||||||
|
|
||||||
config = {}
|
config = {}
|
||||||
if "config" in request:
|
if "config" in request:
|
||||||
config = request["config"]
|
config = request["config"]
|
||||||
else:
|
else:
|
||||||
config = {"indent_json_export": None}
|
config = {"indent_json_export": None}
|
||||||
|
|
||||||
if config['indent_json_export'] is not None:
|
if config['indent_json_export'] is not None:
|
||||||
try:
|
try:
|
||||||
config['indent_json_export'] = int(config['indent_json_export'])
|
config['indent_json_export'] = int(config['indent_json_export'])
|
||||||
except Exception:
|
except Exception:
|
||||||
config['indent_json_export'] = None
|
config['indent_json_export'] = None
|
||||||
|
|
||||||
if 'data' not in request:
|
if 'data' not in request:
|
||||||
return False
|
return False
|
||||||
|
|
||||||
# ~ Misp json structur
|
# ~ Misp json structur
|
||||||
liteEvent = {'Event': {}}
|
liteEvent = {'Event': {}}
|
||||||
|
|
||||||
for evt in request['data']:
|
for evt in request['data']:
|
||||||
rawEvent = evt['Event']
|
rawEvent = evt['Event']
|
||||||
liteEvent['Event']['info'] = rawEvent['info']
|
liteEvent['Event']['info'] = rawEvent['info']
|
||||||
liteEvent['Event']['Attribute'] = []
|
liteEvent['Event']['Attribute'] = []
|
||||||
|
|
||||||
attrs = evt['Attribute']
|
attrs = evt['Attribute']
|
||||||
for attr in attrs:
|
for attr in attrs:
|
||||||
if 'Internal reference' not in attr['category']:
|
if 'Internal reference' not in attr['category']:
|
||||||
liteAttr = {}
|
liteAttr = {}
|
||||||
liteAttr['category'] = attr['category']
|
liteAttr['category'] = attr['category']
|
||||||
liteAttr['type'] = attr['type']
|
liteAttr['type'] = attr['type']
|
||||||
liteAttr['value'] = attr['value']
|
liteAttr['value'] = attr['value']
|
||||||
liteEvent['Event']['Attribute'].append(liteAttr)
|
liteEvent['Event']['Attribute'].append(liteAttr)
|
||||||
|
|
||||||
return {'response': [],
|
return {'response': [],
|
||||||
'data': str(base64.b64encode(bytes(
|
'data': str(base64.b64encode(bytes(
|
||||||
json.dumps(liteEvent, indent=config['indent_json_export']), 'utf-8')), 'utf-8')}
|
json.dumps(liteEvent, indent=config['indent_json_export']), 'utf-8')), 'utf-8')}
|
||||||
|
|
||||||
|
|
||||||
def introspection():
|
def introspection():
|
||||||
modulesetup = {}
|
modulesetup = {}
|
||||||
try:
|
try:
|
||||||
responseType
|
responseType
|
||||||
modulesetup['responseType'] = responseType
|
modulesetup['responseType'] = responseType
|
||||||
except NameError:
|
except NameError:
|
||||||
pass
|
pass
|
||||||
try:
|
try:
|
||||||
userConfig
|
userConfig
|
||||||
modulesetup['userConfig'] = userConfig
|
modulesetup['userConfig'] = userConfig
|
||||||
except NameError:
|
except NameError:
|
||||||
pass
|
pass
|
||||||
try:
|
try:
|
||||||
outputFileExtension
|
outputFileExtension
|
||||||
modulesetup['outputFileExtension'] = outputFileExtension
|
modulesetup['outputFileExtension'] = outputFileExtension
|
||||||
except NameError:
|
except NameError:
|
||||||
pass
|
pass
|
||||||
try:
|
try:
|
||||||
inputSource
|
inputSource
|
||||||
modulesetup['inputSource'] = inputSource
|
modulesetup['inputSource'] = inputSource
|
||||||
except NameError:
|
except NameError:
|
||||||
pass
|
pass
|
||||||
return modulesetup
|
return modulesetup
|
||||||
|
|
||||||
|
|
||||||
def version():
|
def version():
|
||||||
moduleinfo['config'] = moduleconfig
|
moduleinfo['config'] = moduleconfig
|
||||||
return moduleinfo
|
return moduleinfo
|
||||||
|
|
|
@ -86,7 +86,7 @@ def handler(q=False):
|
||||||
for event in request["data"]:
|
for event in request["data"]:
|
||||||
for attribute in event["Attribute"]:
|
for attribute in event["Attribute"]:
|
||||||
if attribute['type'] in types_to_use:
|
if attribute['type'] in types_to_use:
|
||||||
output = output + handlers[attribute['type']](attribute['value'], config['Period']) + '\n'
|
output = output + handlers[attribute['type']](attribute['value'], config['Period']) + '\n'
|
||||||
r = {"response": [], "data": str(base64.b64encode(bytes(output, 'utf-8')), 'utf-8')}
|
r = {"response": [], "data": str(base64.b64encode(bytes(output, 'utf-8')), 'utf-8')}
|
||||||
return r
|
return r
|
||||||
|
|
||||||
|
|
|
@ -80,7 +80,7 @@ def handler(q=False):
|
||||||
for event in request["data"]:
|
for event in request["data"]:
|
||||||
for attribute in event["Attribute"]:
|
for attribute in event["Attribute"]:
|
||||||
if attribute['type'] in types_to_use:
|
if attribute['type'] in types_to_use:
|
||||||
output = output + handlers[attribute['type']](attribute['value']) + '\n'
|
output = output + handlers[attribute['type']](attribute['value']) + '\n'
|
||||||
r = {"response": [], "data": str(base64.b64encode(bytes(output, 'utf-8')), 'utf-8')}
|
r = {"response": [], "data": str(base64.b64encode(bytes(output, 'utf-8')), 'utf-8')}
|
||||||
return r
|
return r
|
||||||
|
|
||||||
|
|
|
@ -152,36 +152,37 @@ def handler(q=False):
|
||||||
command_line = 'asciidoctor-pdf -'
|
command_line = 'asciidoctor-pdf -'
|
||||||
args = shlex.split(command_line)
|
args = shlex.split(command_line)
|
||||||
with subprocess.Popen(args, stdout=subprocess.PIPE, stdin=subprocess.PIPE) as process:
|
with subprocess.Popen(args, stdout=subprocess.PIPE, stdin=subprocess.PIPE) as process:
|
||||||
cmd_out, cmd_err = process.communicate(input=report.report.encode('utf-8'))
|
cmd_out, cmd_err = process.communicate(
|
||||||
|
input=report.report.encode('utf-8'))
|
||||||
return {'response': [], 'data': str(base64.b64encode(cmd_out), 'utf-8')}
|
return {'response': [], 'data': str(base64.b64encode(cmd_out), 'utf-8')}
|
||||||
|
|
||||||
|
|
||||||
def introspection():
|
def introspection():
|
||||||
modulesetup = {}
|
modulesetup = {}
|
||||||
try:
|
try:
|
||||||
responseType
|
responseType
|
||||||
modulesetup['responseType'] = responseType
|
modulesetup['responseType'] = responseType
|
||||||
except NameError:
|
except NameError:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
try:
|
try:
|
||||||
userConfig
|
userConfig
|
||||||
modulesetup['userConfig'] = userConfig
|
modulesetup['userConfig'] = userConfig
|
||||||
except NameError:
|
except NameError:
|
||||||
pass
|
pass
|
||||||
try:
|
try:
|
||||||
outputFileExtension
|
outputFileExtension
|
||||||
modulesetup['outputFileExtension'] = outputFileExtension
|
modulesetup['outputFileExtension'] = outputFileExtension
|
||||||
except NameError:
|
except NameError:
|
||||||
pass
|
pass
|
||||||
try:
|
try:
|
||||||
inputSource
|
inputSource
|
||||||
modulesetup['inputSource'] = inputSource
|
modulesetup['inputSource'] = inputSource
|
||||||
except NameError:
|
except NameError:
|
||||||
pass
|
pass
|
||||||
return modulesetup
|
return modulesetup
|
||||||
|
|
||||||
|
|
||||||
def version():
|
def version():
|
||||||
moduleinfo['config'] = moduleconfig
|
moduleinfo['config'] = moduleconfig
|
||||||
return moduleinfo
|
return moduleinfo
|
||||||
|
|
|
@ -63,7 +63,7 @@ def handler(q=False):
|
||||||
"comment": getattr(attrib, 'comment', '')}
|
"comment": getattr(attrib, 'comment', '')}
|
||||||
# add tag
|
# add tag
|
||||||
if q.get('config') and q['config'].get('default tag') is not None:
|
if q.get('config') and q['config'].get('default tag') is not None:
|
||||||
toAppend["tags"] = q['config']['default tag'].split(",")
|
toAppend["tags"] = q['config']['default tag'].split(",")
|
||||||
|
|
||||||
r["results"].append(toAppend)
|
r["results"].append(toAppend)
|
||||||
return r
|
return r
|
||||||
|
|
|
@ -325,7 +325,7 @@ def process_analysis_json(analysis_json):
|
||||||
for stored_created_file in process['stored_files']['stored_created_file']:
|
for stored_created_file in process['stored_files']['stored_created_file']:
|
||||||
stored_created_file['@filename'] = cleanup_filepath(stored_created_file['@filename'])
|
stored_created_file['@filename'] = cleanup_filepath(stored_created_file['@filename'])
|
||||||
if stored_created_file['@filename']:
|
if stored_created_file['@filename']:
|
||||||
if stored_created_file['@filesize'] is not '0':
|
if stored_created_file['@filesize'] != '0':
|
||||||
val = '{}|{}'.format(stored_created_file['@filename'], stored_created_file['@md5'])
|
val = '{}|{}'.format(stored_created_file['@filename'], stored_created_file['@md5'])
|
||||||
# print("stored_created_file filename|md5: {}|{} IDS:yes".format(
|
# print("stored_created_file filename|md5: {}|{} IDS:yes".format(
|
||||||
# stored_created_file['@filename'], # filename
|
# stored_created_file['@filename'], # filename
|
||||||
|
@ -346,7 +346,7 @@ def process_analysis_json(analysis_json):
|
||||||
for stored_modified_file in process['stored_files']['stored_modified_file']:
|
for stored_modified_file in process['stored_files']['stored_modified_file']:
|
||||||
stored_modified_file['@filename'] = cleanup_filepath(stored_modified_file['@filename'])
|
stored_modified_file['@filename'] = cleanup_filepath(stored_modified_file['@filename'])
|
||||||
if stored_modified_file['@filename']:
|
if stored_modified_file['@filename']:
|
||||||
if stored_modified_file['@filesize'] is not '0':
|
if stored_modified_file['@filesize'] != '0':
|
||||||
val = '{}|{}'.format(stored_modified_file['@filename'], stored_modified_file['@md5'])
|
val = '{}|{}'.format(stored_modified_file['@filename'], stored_modified_file['@md5'])
|
||||||
# print("stored_modified_file MODIFY FILE: {}\t{}".format(
|
# print("stored_modified_file MODIFY FILE: {}\t{}".format(
|
||||||
# stored_modified_file['@filename'], # filename
|
# stored_modified_file['@filename'], # filename
|
||||||
|
|
Loading…
Reference in New Issue