fix: Fixed direction of the relationship between files, PEs and their sections

- The file object includes a PE, and the PE
  includes sections, not the other way round
pull/322/head
chrisr3d 3 years ago
parent 42b95c4210
commit e2a0f27d75
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
  1. 4
      misp_modules/lib/joe_parser.py

@ -236,7 +236,7 @@ class JoeParser():
def parse_pe(self, fileinfo, file_object):
peinfo = fileinfo['pe']
pe_object = MISPObject('pe')
file_object.add_reference(pe_object.uuid, 'included-in')
file_object.add_reference(pe_object.uuid, 'includes')
self.misp_event.add_object(**file_object)
for field, mapping in pe_object_fields.items():
attribute_type, object_relation = mapping
@ -267,7 +267,7 @@ class JoeParser():
for section in peinfo['sections']['section']:
section_object = self.parse_pe_section(section)
self.references[pe_object.uuid].append(dict(referenced_uuid=section_object.uuid,
relationship_type='included-in'))
relationship_type='includes'))
self.misp_event.add_object(**section_object)
def parse_pe_section(self, section):

Loading…
Cancel
Save