initial version of QR code reader

Module accepts attachments and processes pictures. It tries to identify and analyze an existing QR code. Identified values can be inserted into the event.
3 years ago · c85ab8d93c
1 changed files with 86 additions and 0 deletions
--- a/misp_modules/modules/expansion/qrcode.py
+++ b/misp_modules/modules/expansion/qrcode.py
@ -0,0 +1,86 @@
				@@ -0,0 +1,86 @@
+import json
+from pyzbar import pyzbar
+import cv2
+import re
+import binascii
+import np
+
+misperrors = {'error': 'Error'}
+mispattributes = {'input': ['attachment'],
+                  'output': ['url', 'btc']}
+moduleinfo = {'version': '0.1', 'author': 'Sascha Rommelfangen',
+              'description': 'QR code decoder',
+              'module-type': ['expansion', 'hover']}
+
+debug = True
+debug_prefix = "[DEBUG] QR Code module: "
+# format example: bitcoin:1GXZ6v7FZzYBEnoRaG77SJxhu7QkvQmFuh?amount=0.15424
+# format example: http://example.com
+cryptocurrencies = {'bitcoin'}
+schemas = {'http://', 'https://', 'ftp://'}
+moduleconfig = []
+
+def handler(q=False):
+    if q is False:
+        return False
+    q = json.loads(q)
+    filename = q['attachment']
+    try:
+        img_array = np.fromstring(binascii.a2b_base64(q['data']), np.uint8)
+    except:
+        err = "Couldn't fetch attachment (JSON 'data' is empty). Are you using the 'Query enrichment' action?"
+        misperrors['error'] = err
+        print(err)
+        return misperrors
+    image = cv2.imdecode(img_array, cv2.IMREAD_COLOR)
+    if q:
+        barcodes = pyzbar.decode(image)
+    for item in barcodes:
+        try:
+            result = item.data.decode()
+        except Exception as e:
+            print(e)
+            return
+        if debug:
+            print(debug_prefix + result)
+        for item in cryptocurrencies:
+            if item in result:
+                try:
+                    currency, address, extra =  re.split('\:|\?', result)
+                except Exception as e:
+                    print(e)
+                if currency in cryptocurrencies:
+                    try:
+                        amount = re.split('=', extra)[1]
+                        if debug:
+                            print(debug_prefix + address)
+                            print(debug_prefix + amount)
+                        return {'results': [{'types': ['btc'], 'values': address, 'comment': "BTC: " + amount + " from file " + filename}]}
+                    except Exception as e:
+                        print(e)
+                else:
+                    print(address)
+        for item  in schemas:
+            if item in result:
+                try:
+                    url = result
+                    if debug:
+                        print(debug_prefix + url)
+                    return {'results': [{'types': ['url'], 'values': url, 'comment': "from QR code of file " + filename}]}
+                except Exception as e:
+                    print(e)
+            else:
+                try:
+                    return {'results': [{'types': ['text'], 'values': result, 'comment': "from QR code of file " + filename}]}
+                except Exception as e:
+                    print(e)
+    misperrors['error'] = "Couldn't decode QR code in attachment."
+    return misperrors
+
+def introspection():
+    return mispattributes
+
+
+def version():
+    moduleinfo['config'] = moduleconfig
+    return moduleinfo