Add a function to validate dnsdbflex output

add dnsdbflex parser. It's rather easy Signed-off-by: aaronkaplan <aaron@lo-res.org>
2021-05-26 12:38:56 +02:00 · 2021-05-26 12:38:56 +02:00 · 4816844d16
parent bbe0a1efa8
commit 4816844d16
2 changed files with 50 additions and 21 deletions
--- a/misp_modules/lib/cof2misp/cof.py
+++ b/misp_modules/lib/cof2misp/cof.py
@ -72,7 +72,8 @@ def is_cof_valid_simple(d: dict) -> bool:
        print("'rdata' is not a list and not a string.", file = sys.stderr)
        return False
    if not ("time_first" in d and "time_last" in d) or ("zone_time_first" in d and "zone_time_last" in d):
-        print("We are missing EITHER ('first_seen' and 'last_seen') OR ('zone_time_first' and zone_time_last') fields", file=sys.stderr)
+        print("We are missing EITHER ('first_seen' and 'last_seen') OR ('zone_time_first' and zone_time_last') fields",
+              file = sys.stderr)
        return False
    # currently we don't check the OPTIONAL fields. Sorry... to be done later.
    return True
@ -93,6 +94,7 @@ def validate_cof(d: dict, strict=True) -> bool:
    else:
        return is_cof_valid_strict(d)

+
 def validate_dnsdbflex(d: dict, strict=True) -> bool:
    """
    Validate if dict d is valid dnsdbflex. It should looks like this:
--- a/misp_modules/modules/import_mod/cof2misp.py
+++ b/misp_modules/modules/import_mod/cof2misp.py
@ -22,7 +22,7 @@ import ndjson
 # from pymisp import MISPObject, MISPEvent, PyMISP
 from pymisp import MISPObject

-from cof2misp.cof import validate_cof
+from cof2misp.cof import validate_cof, validate_dnsdbflex


 create_specific_attributes = False          # this is for https://github.com/MISP/misp-objects/pull/314
@ -147,7 +147,34 @@ def parse_and_insert_dnsdbflex(data: str):
    --------
      none
    """
-    return {"error": "NOT IMPLEMENTED YET"}            # XXX FIXME: need a MISP object for dnsdbflex
+    objects = []
+    try:
+        entries = ndjson.loads(data)
+        for entry in entries:           # iterate over all ndjson lines
+
+            # validate here (simple validation or full JSON Schema validation)
+            if not validate_dnsdbflex(entry):
+                return {"error": "Could not validate the dnsdbflex input '%s'" % entry}
+
+            # Next, extract some fields
+            rrtype = entry['rrtype'].upper()
+            rrname = entry['rrname'].rstrip('.')
+
+            # create a new MISP object, based on the passive-dns object for each nd-JSON line
+            o = MISPObject(name='passive-dns-dnsdbflex', standalone=False, comment='created by cof2misp')
+            o.add_attribute('rrname', value=rrname)
+            o.add_attribute('rrtype', value=rrtype)
+
+            #
+            # add dnsdbflex entry to MISP object
+            #
+            objects.append(o.to_json())
+
+        r = {'results': {'Object': [json.loads(o) for o in objects]}}
+    except Exception as ex:
+        misperrors["error"] = "An error occured during parsing of input: '%s'" % (str(ex),)
+        return misperrors
+    return r


 def is_dnsdbflex(data: str) -> bool: