MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

fix: Handling the case of Context included in the csv file exported from MISP

pull/304/head
chrisr3d 2018-08-01 17:59:00 +02:00
parent 92fbcaeff6
commit 7980aa045a
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
misp_modules/modules/import_mod/csvimport.py
View File

@ -22,11 +22,14 @@ duplicatedFields = {'mispType': {'mispComment': 'comment'},
attributesFields = ['type', 'value', 'category', 'to_ids', 'comment', 'distribution'] attributesFields = ['type', 'value', 'category', 'to_ids', 'comment', 'distribution']
misp_standard_csv_header = ['uuid','event_id','category','type','value','comment','to_ids','date', misp_standard_csv_header = ['uuid','event_id','category','type','value','comment','to_ids','date',
'object_relation','object_uuid','object_name','object_meta_category'] 'object_relation','object_uuid','object_name','object_meta_category']
misp_context_additional_fields = ['event_info','event_member_org','event_source_org','event_distribution',
'event_threat_level_id','event_analysis','event_date','event_tag']
delimiters = [',', ';', '|', '/', '\t', ' '] delimiters = [',', ';', '|', '/', '\t', ' ']
class CsvParser(): class CsvParser():
def __init__(self, header, has_header, data): def __init__(self, header, has_header, data):
if data[0].split(',') == misp_standard_csv_header: data_header = data[0].split(',')
if data_header == misp_standard_csv_header or data_header == (misp_standard_csv_header + misp_context_additional_fields):
self.header = misp_standard_csv_header self.header = misp_standard_csv_header
self.from_misp = True self.from_misp = True
self.data = data[1:] self.data = data[1:]
@ -100,10 +103,11 @@ class CsvParser():
attribute_fields = self.header[:1] + self.header[2:8] attribute_fields = self.header[:1] + self.header[2:8]
relation_type = self.header[8] relation_type = self.header[8]
object_fields = self.header[9:] object_fields = self.header[9:]
header_length = len(self.header)
for line in self.data: for line in self.data:
attribute = {} attribute = {}
try: try:
a_uuid,_,category,a_type,value,comment,to_ids,date,relation,o_uuid,o_name,o_meta_category = line.split(',') a_uuid,_,category,a_type,value,comment,to_ids,date,relation,o_uuid,o_name,o_meta_category = line.split(',')[:header_length]
except ValueError: except ValueError:
continue continue
for t, v in zip(attribute_fields, [a_uuid,category,a_type,value,comment,to_ids,date]): for t, v in zip(attribute_fields, [a_uuid,category,a_type,value,comment,to_ids,date]):