From 820aef2a74aa9904b12f866c428f6044f2debb1d Mon Sep 17 00:00:00 2001
From: Joanna <gizjar@icloud.com>
Date: Tue, 20 Mar 2018 11:35:49 +0100
Subject: [PATCH 1/2] Created a converter of MISP warning lists to asciidoctor
 format

---
 tools/adoc_warninglists.py | 96 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 96 insertions(+)
 create mode 100644 tools/adoc_warninglists.py

diff --git a/tools/adoc_warninglists.py b/tools/adoc_warninglists.py
new file mode 100644
index 0000000..bc4baef
--- /dev/null
+++ b/tools/adoc_warninglists.py
@@ -0,0 +1,96 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+#
+#
+#    A simple converter of MISP warning lists to asciidoctor format
+#    Copyright (C) 2018 Alexandre Dulaunoy
+#
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU Affero General Public License as
+#    published by the Free Software Foundation, either version 3 of the
+#    License, or (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU Affero General Public License for more details.
+#
+#    You should have received a copy of the GNU Affero General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+
+import os
+import json
+import argparse
+
+thisDir = os.path.dirname(__file__)
+
+lists = []
+
+pathLists = os.path.join(thisDir, '../lists')
+
+for f in os.listdir(pathLists):
+	filename = "{}/{}".format(f,"list.json")
+	lists.append(filename)
+
+lists.sort()
+
+argParser = argparse.ArgumentParser(description='Generate documentation from MISP warning lists', epilog='Available warning lists are {0}'.format(lists))
+argParser.add_argument('-v', action='store_true', help='Verbose mode')
+args = argParser.parse_args()
+
+def header(adoc=False):
+    if adoc is False:
+        return False
+
+    dedication = "\n[dedication]\n== Funding and Support\nThe MISP project is financially and resource supported by https://www.circl.lu/[CIRCL Computer Incident Response Center Luxembourg ].\n\nimage:{images-misp}logo.png[CIRCL logo]\n\nA CEF (Connecting Europe Facility) funding under CEF-TC-2016-3 - Cyber Security has been granted from 1st September 2017 until 31th August 2019 as ***Improving MISP as building blocks for next-generation information sharing***.\n\nimage:{images-misp}en_cef.png[CEF funding]\n\nIf you are interested to co-fund projects around MISP, feel free to get in touch with us.\n\n"
+    doc = adoc
+    doc = doc + ":toc: right\n"
+    doc = doc + ":toclevels: 1\n"
+    doc = doc + ":toc-title: MISP warning lists\n"
+    doc = doc + ":icons: font\n"
+    doc = doc + ":sectanchors:\n"
+    doc = doc + ":sectlinks:\n"
+    doc = doc + ":images-cdn: https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/logos/\n"
+    doc = doc + ":images-misp: https://www.misp-project.org/assets/images/\n"
+    doc = doc + "\n= MISP warning lists\n\n"
+    doc = doc + "= Introduction\n"
+    doc = doc + "\nimage::{images-cdn}misp-logo.png[MISP logo]\n\n"
+    doc = doc + "The MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators, financial fraud or counter-terrorism information. The MISP project includes multiple sub-projects to support the operational requirements of analysts and improve the overall quality of information shared.\n\n"
+    doc = doc + ""
+    doc = "{}{}".format(doc, "\nMISP warning lists are lists of well-known indicators that can be associated to potential false positives, errors or mistakes. The warning lists are integrated in MISP to display an info/warning box at the event and attribute level if such indicators are available in one of the list. The list can be globally enabled or disabled in MISP following the practices of the organization.\n")
+    doc = doc + "The following document is generated from the machine-readable JSON describing the https://github.com/MISP/misp-warninglists[MISP warning lists]."
+    doc = doc + "\n\n"
+    doc = doc + "<<<\n"
+    doc = doc + dedication
+    doc = doc + "<<<\n"
+    doc = doc + "= MISP warning lists\n"
+    return doc
+
+def asciidoc(content=False, adoc=None, t='title', title=''):
+    adoc = adoc + "\n"
+    output = ""
+    if t == 'title':
+        output = '== ' + content
+    elif t == 'info':
+        output = "\n{}.\n\n{} {} {} {}.\n".format(content, 'NOTE:' ,title, 'are warning lists available in JSON format at https://github.com/MISP/misp-warninglists/tree/master/lists.' ,'The JSON format can be freely reused in your application or automatically enabled in https://www.github.com/MISP/MISP[MISP]')
+    elif t == 'description':
+        content = "\n{} \n".format(content)
+    adoc = adoc + output
+    return adoc
+adoc = ""
+print (header(adoc=adoc))
+
+for warninglist in lists:
+    fullPathLists = os.path.join(pathLists, warninglist)
+    with open(fullPathLists) as fp:
+        c = json.load(fp)
+    title = c['name']
+    adoc = asciidoc(content=title, adoc=adoc, t='title')
+    adoc = asciidoc(content=c['description'], adoc=adoc, t='info', title=title)
+    if 'matching_attributes' in c:
+        adoc = asciidoc(content=c['matching_attributes'], adoc=adoc, t='matching_attributes')
+    if 'list' in c:
+        adoc = asciidoc(content=c['list'], adoc=adoc, t='list')
+
+print(adoc)

From 6b815d76f9aae714b13b2103e8f3e657095dbb09 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Tue, 20 Mar 2018 22:34:19 +0100
Subject: [PATCH 2/2] fix: various fixes + add number of elements in each lists

---
 tools/adoc_warninglists.py | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/tools/adoc_warninglists.py b/tools/adoc_warninglists.py
index bc4baef..2c48302 100644
--- a/tools/adoc_warninglists.py
+++ b/tools/adoc_warninglists.py
@@ -73,9 +73,11 @@ def asciidoc(content=False, adoc=None, t='title', title=''):
     if t == 'title':
         output = '== ' + content
     elif t == 'info':
-        output = "\n{}.\n\n{} {} {} {}.\n".format(content, 'NOTE:' ,title, 'are warning lists available in JSON format at https://github.com/MISP/misp-warninglists/tree/master/lists.' ,'The JSON format can be freely reused in your application or automatically enabled in https://www.github.com/MISP/MISP[MISP]')
+        output = "\n{}.\n\n{} {} {} {}.".format(content, 'NOTE:' ,title, 'are warning lists available in JSON format at https://github.com/MISP/misp-warninglists/tree/master/lists.' ,'The JSON format can be freely reused in your application or automatically enabled in https://www.github.com/MISP/MISP[MISP]')
     elif t == 'description':
-        content = "\n{} \n".format(content)
+        output = "\n{} \n".format(content)
+    elif t == 'list':
+        output = "The warning list contains {} elements.\n".format(content)
     adoc = adoc + output
     return adoc
 adoc = ""
@@ -91,6 +93,7 @@ for warninglist in lists:
     if 'matching_attributes' in c:
         adoc = asciidoc(content=c['matching_attributes'], adoc=adoc, t='matching_attributes')
     if 'list' in c:
-        adoc = asciidoc(content=c['list'], adoc=adoc, t='list')
+        cards = len(c['list'])
+    adoc = asciidoc(content=cards, adoc=adoc, t='list')
 
 print(adoc)