mirror of https://github.com/MISP/misp-modules
fix: Testing if some fields exist before trying to import them
- Testing for pe itself, pe versions and pe signaturepull/304/head
parent
fc8a56d1d9
commit
d195b554a5
|
@ -85,16 +85,20 @@ class JoeParser():
|
||||||
for field, mapping in file_object_mapping.items():
|
for field, mapping in file_object_mapping.items():
|
||||||
attribute_type, object_relation = mapping
|
attribute_type, object_relation = mapping
|
||||||
file_object.add_attribute(object_relation, **{'type': attribute_type, 'value': fileinfo[field]})
|
file_object.add_attribute(object_relation, **{'type': attribute_type, 'value': fileinfo[field]})
|
||||||
|
self.fileinfo_uuid = file_object.uuid
|
||||||
|
if not fileinfo.get('pe'):
|
||||||
|
self.misp_event.add_object(**file_object)
|
||||||
|
return
|
||||||
|
peinfo = fileinfo['pe']
|
||||||
pe_object = MISPObject('pe')
|
pe_object = MISPObject('pe')
|
||||||
file_object.add_reference(pe_object.uuid, 'included-in')
|
file_object.add_reference(pe_object.uuid, 'included-in')
|
||||||
self.misp_event.add_object(**file_object)
|
self.misp_event.add_object(**file_object)
|
||||||
self.fileinfo_uuid = file_object.uuid
|
|
||||||
peinfo = fileinfo['pe']
|
|
||||||
for field, mapping in pe_object_fields.items():
|
for field, mapping in pe_object_fields.items():
|
||||||
attribute_type, object_relation = mapping
|
attribute_type, object_relation = mapping
|
||||||
pe_object.add_attribute(object_relation, **{'type': attribute_type, 'value': peinfo[field]})
|
pe_object.add_attribute(object_relation, **{'type': attribute_type, 'value': peinfo[field]})
|
||||||
pe_object.add_attribute('compilation-timestamp', **{'type': 'datetime', 'value': int(peinfo['timestamp'].split()[0], 16)})
|
pe_object.add_attribute('compilation-timestamp', **{'type': 'datetime', 'value': int(peinfo['timestamp'].split()[0], 16)})
|
||||||
program_name = fileinfo['filename']
|
program_name = fileinfo['filename']
|
||||||
|
if peinfo['versions']:
|
||||||
for feature in peinfo['versions']['version']:
|
for feature in peinfo['versions']['version']:
|
||||||
name = feature['name']
|
name = feature['name']
|
||||||
if name == 'InternalName':
|
if name == 'InternalName':
|
||||||
|
@ -107,6 +111,7 @@ class JoeParser():
|
||||||
self.misp_event.add_object(**pe_object)
|
self.misp_event.add_object(**pe_object)
|
||||||
signerinfo_object.add_attribute('program-name', **{'type': 'text', 'value': program_name})
|
signerinfo_object.add_attribute('program-name', **{'type': 'text', 'value': program_name})
|
||||||
signatureinfo = peinfo['signature']
|
signatureinfo = peinfo['signature']
|
||||||
|
if signatureinfo['signed']:
|
||||||
for feature, mapping in signerinfo_object_mapping.items():
|
for feature, mapping in signerinfo_object_mapping.items():
|
||||||
attribute_type, object_relation = mapping
|
attribute_type, object_relation = mapping
|
||||||
signerinfo_object.add_attribute(object_relation, **{'type': attribute_type, 'value': signatureinfo[feature]})
|
signerinfo_object.add_attribute(object_relation, **{'type': attribute_type, 'value': signatureinfo[feature]})
|
||||||
|
|
Loading…
Reference in New Issue