Browse Source

fix: Avoid creating a signer info object when the pe is not signed

pull/304/head
chrisr3d 3 years ago
parent
commit
72e5f0099d
No known key found for this signature in database GPG Key ID: 6BBED1B63A6D639F
  1. 12
      misp_modules/modules/import_mod/joe_import.py

12
misp_modules/modules/import_mod/joe_import.py

@ -155,16 +155,18 @@ class JoeParser():
pe_object.add_attribute(pe_object_mapping[name], **{'type': 'text', 'value': feature['value']})
sections_number = len(peinfo['sections']['section'])
pe_object.add_attribute('number-sections', **{'type': 'counter', 'value': sections_number})
signerinfo_object = MISPObject('authenticode-signerinfo')
pe_object.add_reference(signerinfo_object.uuid, 'signed-by')
self.misp_event.add_object(**pe_object)
signerinfo_object.add_attribute('program-name', **{'type': 'text', 'value': program_name})
signatureinfo = peinfo['signature']
if signatureinfo['signed']:
signerinfo_object = MISPObject('authenticode-signerinfo')
pe_object.add_reference(signerinfo_object.uuid, 'signed-by')
self.misp_event.add_object(**pe_object)
signerinfo_object.add_attribute('program-name', **{'type': 'text', 'value': program_name})
for feature, mapping in signerinfo_object_mapping.items():
attribute_type, object_relation = mapping
signerinfo_object.add_attribute(object_relation, **{'type': attribute_type, 'value': signatureinfo[feature]})
self.misp_event.add_object(**signerinfo_object)
self.misp_event.add_object(**signerinfo_object)
else:
self.misp_event.add_object(**pe_object)
for section in peinfo['sections']['section']:
section_object = self.parse_pe_section(section)
self.references[pe_object.uuid].append({'idref': section_object.uuid, 'relationship': 'included-in'})

Loading…
Cancel
Save