def populate(self, json):
item = json['event']
self.event = Event()
self.event.populate(item)
# Check if not a report
if json.get('report', None) or json.get('reference', None):
item = json.get('report', None)
if item:
self.report = Report()
self.report.populate(item)
item = json.get('reference', None)
if item:
self.reference = Reference()
self.reference.populate(item)
else:
item = json.get('observable', None)
if item:
self.observable = Observable()
self.observable.populate(item)
item = json.get('object', None)
if item:
self.object = Object()
self.object.populate(item)
item = json.get('attribute', None)
if item:
self.attribute = Attribute()
self.attribute.populate(item)
class SearchResult(RestBase):
def __init__(self):
RestBase.__init__(self)
self.event = None
self.object = None
self.observable = None
self.attribute = None
self.report = None
self.reference = None
def populate(self, json):
item = json['event']
self.event = Event()
self.event.populate(item)
# Check if not a report
if json.get('report', None) or json.get('reference', None):
item = json.get('report', None)
if item:
self.report = Report()
self.report.populate(item)
item = json.get('reference', None)
if item:
self.reference = Reference()
self.reference.populate(item)
else:
item = json.get('observable', None)
if item:
self.observable = Observable()
self.observable.populate(item)
item = json.get('object', None)
if item:
self.object = Object()
self.object.populate(item)
item = json.get('attribute', None)
if item:
self.attribute = Attribute()
self.attribute.populate(item)
def create_reference(self, id_, uuid, category, type_, value, data, share, event, set_log=True):
reference = Reference()
# workaround for https://github.com/MISP/MISP/issues/452
if uuid not in self.seen_ref_ids:
reference.identifier = uuid
self.seen_ref_ids.append(uuid)
else:
uuid = '{0}'.format(uuid4())
self.seen_ref_ids.append(uuid)
reference.identifier = uuid4()
reference.definition = self.get_reference_definition(category, type_, value, event)
if reference.definition:
reference.definition_id = reference.definition.identifier
if reference.definition.name == 'raw_file':
filename = None
if '|' in value:
splitted = value.split('|')
if len(splitted) == 2:
filename = splitted[0]
if filename is None:
filename = value
# download it
data = self.fetch_attachment(id_, None, event.identifier, filename)
if data:
message = u'Downloaded file "{0}" id:{1} from {2}'.format(filename, id_, self.__get_event_msg(event))
self.syslogger.info(message)
reference.value = ReferenceFile(filename, base64.b64encode(data))
else:
message = u'Failed to downloaded file "{0}" id:{1} from {2}'.format(filename, id_, self.__get_event_msg(event))
self.syslogger.warning(message)
return None
else:
reference.value = value
self.set_properties(reference, share)
if set_log:
self.set_extended_logging(reference, event)
return reference
else:
return None
