From 8dce7935ae2679540f7eeb8a7d69472f85c7a15a Mon Sep 17 00:00:00 2001 From: chrisr3d Date: Thu, 1 Feb 2018 14:55:48 +0100 Subject: [PATCH] Outputting xml format Also mapping MISP and GoAML types --- misp_modules/modules/export_mod/goaml.py | 65 ++++++++++++++++++++++-- 1 file changed, 61 insertions(+), 4 deletions(-) diff --git a/misp_modules/modules/export_mod/goaml.py b/misp_modules/modules/export_mod/goaml.py index f82590b..82375c2 100644 --- a/misp_modules/modules/export_mod/goaml.py +++ b/misp_modules/modules/export_mod/goaml.py @@ -1,5 +1,5 @@ import json -import pymisp +from pymisp import MISPEvent import base64 misperrors = {'error': 'Error'} @@ -8,15 +8,29 @@ moduleinfo = {'version': '1', 'author': 'Christian Studer', 'module-type': ['export']} moduleconfig = [] mispattributes = {} +outputFileExtension = "xml" +responseType = "application/xml" objects_to_parse = ['bank-account', 'person'] +goAMLmapping = {'bank-account': 't_account', 'text': 'institution_name', 'institution-code': 'institution_code', + 'swift': 'swift', 'branch': 'branch', 'non-banking-institution': 'non_bank_institution', + 'account': 'account', 'currency-code': 'currency_code', 'account-name': 'account_name', + 'iban': 'iban', 'client-number': 'client_number', 'personal-account-type': 'personal_account_type', + 'opened': 'opened', 'closed': 'closed', 'balance': 'balance', 'status-code': 'status_code', + 'beneficiary': 'beneficiary', 'beneficiary-comment': 'beneficiary_comment', 'comments': 'comments', + 'person': 't_person', 'text': 'comments', 'first-name': 'first_name', 'middle-name': 'middle_name', + 'last-name': 'last_name', 'mothers-name': 'mothers_name', 'title': 'title', 'alias': 'alias', + 'date-of-birth': 'birthdate', 'place-of-birth': 'birth_place', 'gender': 'gender', + 'passport-number': 'passport_number', 'passport-country': 'passport_country', + 'social-security-number': 'ssn', 'nationality': 'nationality1'} + class GoAmlGeneration(): def __init__(self): self.document = {} def from_event(self, event): - self.misp_event = pymisp.MISPEvent() + self.misp_event = MISPEvent() self.misp_event.load(event) def parse_objects(self): @@ -27,6 +41,27 @@ class GoAmlGeneration(): obj_dict[attribute.object_relation] = attribute.value self.document[obj.name] = obj_dict + def build_xml(self): + self.xml = "" + if 'bank-account' in self.document: + if 'report-code' in self.document['bank-account']: + self.xml += "{}".format(self.document['bank-account'].pop('report-code').split(' ')[0]) + for a in ('personal-account-type', 'status-code'): + if a in self.document['bank-account']: + self.document['bank-account'][a] = self.document['bank-account'][a].split(' - ')[0] + self.itterate() + self.xml += "" + + def itterate(self): + for t in self.document: + self.xml += "<{}>".format(goAMLmapping[t]) + for k in self.document[t]: + try: + self.xml += "<{0}>{1}".format(goAMLmapping[k], self.document[t][k]) + except KeyError: + pass + self.xml += "".format(goAMLmapping[t]) + def handler(q=False): if q is False: return False @@ -36,11 +71,33 @@ def handler(q=False): exp_doc = GoAmlGeneration() exp_doc.from_event(request['data'][0]) exp_doc.parse_objects() - return {'response': {}, 'data': exp_doc.document} + exp_doc.build_xml() + return {'response': {}, 'data': exp_doc.xml} #return {'response': [], 'data': str(base64.b64encode(bytes(exp_doc.document, 'utf-8')), 'utf-8')} def introspection(): - return + modulesetup = {} + try: + responseType + modulesetup['responseType'] = responseType + except NameError: + pass + try: + userConfig + modulesetup['userConfig'] = userConfig + except NameError: + pass + try: + outputFileExtension + modulesetup['outputFileExtension'] = outputFileExtension + except NameError: + pass + try: + inputSource + mmoduleSetup['inputSource'] = inputSource + except NameError: + pass + return modulesetup def version(): moduleinfo['config'] = moduleconfig