Fix STIX import module

6 years ago · 5624104b77
parent c676587461
commit 5624104b77
2 changed files with 19 additions and 14 deletions
--- a/misp_modules/modules/import_mod/stiximport.py
+++ b/misp_modules/modules/import_mod/stiximport.py
@ -28,7 +28,7 @@ def handler(q=False):
    q = json.loads(q)

    # It's b64 encoded, so decode that stuff
-    package = str(base64.b64decode(q.get("data", None)), 'utf-8')
+    package = base64.b64decode(q.get("data")).decode('utf-8')

    # If something really weird happened
    if not package:
@ -168,6 +168,9 @@ def buildObservable(o):
        # May as well be useless
        return r

+    if not o.get('object'):
+        return r
+
    props = o["object"]["properties"]

    # If it has an address_value field, it's gonna be an address
@ -195,7 +198,7 @@ def buildObservable(o):
            for hsh in props["hashes"]:
                r["values"].append(hsh["simple_hash_value"]["value"])
                r["types"] = identifyHash(hsh["simple_hash_value"]["value"])
-        
+
    elif "xsi:type" in props:
      # Cybox. Ew.
      try:
@ -208,7 +211,7 @@ def buildObservable(o):
        else:
          print("Ignoring {}".format(type_))
      except:
-        pass 
+        pass
    return r


--- a/tests/test.py
+++ b/tests/test.py
@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
 # -*- coding: utf-8 -*-

 import unittest
@ -7,6 +7,7 @@ import base64
 import json
 import os

+
 class TestModules(unittest.TestCase):

    def setUp(self):
@ -32,13 +33,14 @@ class TestModules(unittest.TestCase):
            print(response.json())

    def test_stix(self):
-        with open("tests/stix.xml", "r") as f:
-            data = json.dumps({"module":"stiximport",
-                    "data":str(base64.b64encode(bytes(f.read(), 'utf-8')), 'utf-8'),
-                    "config": {"max_size": "15000"},
-                   })
+        with open("tests/stix.xml", "rb") as f:
+            content = base64.b64encode(f.read())
+            data = json.dumps({"module": "stiximport",
+                               "data": content.decode('utf-8'),
+                               "config": {"max_size": "15000"},
+                               })
            response = requests.post(self.url + "query", data=data)
-            print(response.json())
+            print('STIX', response.json())

    def test_virustotal(self):
        # This can't actually be tested without disclosing a private
@ -46,11 +48,11 @@ class TestModules(unittest.TestCase):
        # and pass if it can't find one

        if not os.path.exists("tests/bodyvirustotal.json"):
-          return
-        
+            return
+
        with open("tests/bodyvirustotal.json", "r") as f:
-          response = requests.post(self.url + "query", data=f.read()).json()
+            response = requests.post(self.url + "query", data=f.read()).json()
        assert(response)

 if __name__ == '__main__':
-  unittest.main()
+    unittest.main()