PyPI - intelmq-extensions - Versions diffs - 1.8.1__py3-none-any.whl → 1.9.0__py3-none-any.whl - Mend

intelmq-extensions 1.8.1py3-none-any.whl → 1.9.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

intelmq_extensions/bots/experts/replace_in_dict/__init__.py ADDED Viewed

File without changes

intelmq_extensions/bots/experts/replace_in_dict/expert.py ADDED Viewed

@@ -0,0 +1,42 @@
+# -*- coding: utf-8 -*-
+"""
+ReplaceInDict allow replacing pattern in any text field in a dict field(s)
+"""
+from intelmq.lib.bot import ExpertBot
+from intelmq.lib.exceptions import ConfigurationError, KeyNotExists
+class ReplaceInDictExpertBot(ExpertBot):
+    old_value: str = None
+    new_value: str = None
+    fields: str = None  # actually str | list on newer Python
+    def init(self):
+        if isinstance(self.fields, str):
+            self.fields = self.fields.split(",")
+        for field in self.fields:
+            definition = self.harmonization["event"][field]
+            if definition["type"] != "JSONDict":
+                raise ConfigurationError("Field is not a JSONDict", field)
+    def process(self):
+        event = self.receive_message()
+        for field in self.fields:
+            for name, value in event.finditems(f"{field}."):
+                if isinstance(value, str):
+                    try:
+                        event.change(
+                            name, value.replace(self.old_value, self.new_value)
+                        )
+                    except KeyNotExists:
+                        # Safeguard for an edge case if we would get default value
+                        # of an non-existing field
+                        pass
+        self.send_message(event)
+        self.acknowledge_message()
+BOT = ReplaceInDictExpertBot

intelmq_extensions/tests/bots/experts/replace_in_dict/__init__.py ADDED Viewed

File without changes

intelmq_extensions/tests/bots/experts/replace_in_dict/test_expert.py ADDED Viewed

@@ -0,0 +1,92 @@
+# -*- coding: utf-8 -*-
+"""
+Testing ReplaceInDictExpertBot.
+"""
+import copy
+import unittest
+from intelmq.lib.exceptions import ConfigurationError
+from intelmq_extensions.bots.experts.replace_in_dict.expert import (
+    ReplaceInDictExpertBot,
+)
+from ....base import BotTestCase
+class TestReplaceInDictExpertBot(BotTestCase, unittest.TestCase):
+    """
+    A TestCase for ReplaceInDictExpertBot.
+    """
+    @classmethod
+    def set_bot(cls):
+        cls.bot_reference = ReplaceInDictExpertBot
+        cls.sysconfig = {
+            "old_value": "\\u0000",
+            "new_value": "[nullbyte]",
+            "fields": "extra",
+        }
+        cls.default_input_message = {"__type": "Event"}
+    def test_event_no_changes(self):
+        message = {
+            "__type": "Event",
+            "time.observation": "2015-01-01T00:00:00+00:00",
+            "extra.payload": "foo",
+            "extra.name": "bar",
+            "extra.firmwarerev": 1,
+        }
+        self.input_message = copy.deepcopy(message)
+        self.run_bot()
+        self.assertMessageEqual(0, message)
+    def test_event_no_extra(self):
+        message = {
+            "__type": "Event",
+            "time.observation": "2015-01-01T00:00:00+00:00",
+            "feed.code": "foo",
+        }
+        self.input_message = copy.deepcopy(message)
+        self.run_bot()
+        self.assertMessageEqual(0, message)
+    def test_event_changes_one_dict(self):
+        message = {
+            "__type": "Event",
+            "time.observation": "2015-01-01T00:00:00+00:00",
+            "extra.payload": "foo\\u0000bar\\u0000",
+            "extra.name": "bar ok \\u0001 and not ok \\\\u0000",
+            "extra.firmwarerev": 1,
+            "feed.code": "foo",
+        }
+        self.input_message = copy.deepcopy(message)
+        self.run_bot()
+        message["extra.payload"] = "foo[nullbyte]bar[nullbyte]"
+        message["extra.name"] = "bar ok \\u0001 and not ok \\[nullbyte]"
+        self.assertMessageEqual(0, message)
+    def test_event_multiple_dict_fail_if_not_jsondict(self):
+        with self.assertRaises(ConfigurationError):
+            self.run_bot(
+                parameters={
+                    "fields": "extra,output",
+                }
+            )
+    def test_event_other_fields_not_modified(self):
+        message = {
+            "__type": "Event",
+            "time.observation": "2015-01-01T00:00:00+00:00",
+            "feed.code": "foo\\u0000",
+        }
+        self.input_message = copy.deepcopy(message)
+        self.run_bot()
+        self.assertMessageEqual(0, message)
+if __name__ == "__main__":
+    unittest.main()

{intelmq_extensions-1.8.1.dist-info → intelmq_extensions-1.9.0.dist-info}/METADATA RENAMED Viewed

@@ -1,22 +1,22 @@
 Metadata-Version: 2.4
 Name: intelmq_extensions
-Version: 1.8.1
+Version: 1.9.0
 Summary: Additional bots for IntelMQ
 Author: CERT.at Data & Development Team
 License: AGPLv3
 Project-URL: Repository, https://github.com/certat/intelmq-extensions
 Classifier: Programming Language :: Python :: 3
-Requires-Python: >=3.7
+Requires-Python: >=3.9
 Description-Content-Type: text/markdown
 License-File: LICENSE
-Requires-Dist: rt<3.0.0,>=1.0.9
-Requires-Dist: mergedeep
-Requires-Dist: intelmq
-Requires-Dist: tabulate>=0.7.5
-Requires-Dist: psycopg2-binary
-Requires-Dist: netaddr>=0.7.14
 Requires-Dist: python-termstyle>=0.1.10
+Requires-Dist: intelmq
 Requires-Dist: importlib_metadata; python_version < "3.8"
+Requires-Dist: netaddr>=0.7.14
+Requires-Dist: rt<3.0.0,>=1.0.9
+Requires-Dist: psycopg2-binary
+Requires-Dist: tabulate>=0.7.5
+Requires-Dist: mergedeep
 Provides-Extra: dev
 Requires-Dist: pytest; extra == "dev"
 Requires-Dist: tox>=4; extra == "dev"
@@ -30,14 +30,25 @@ Dynamic: requires-dist
 # IntelMQ Extensions
-This project collects customized bots used primary by CERT.at.
+[![Running tests](https://github.com/certat/intelmq-extensions/actions/workflows/ci.yml/badge.svg)](https://github.com/certat/intelmq-extensions/actions/workflows/ci.yml)
+This project collects customized bots and some helper scripts for
+[IntelMQ](https://github.com/certtools/intelmq) used primary by CERT.at.
+It's a combination of customization previously available in [certat/intelmq](https://github.com/certat/intelmq)
+as well as newer solutions.
 ## Usage
-Install the package on the machine. Then, it's enough to just declare the bot's module
-pointing to this package, e.g. `intelmq_extensions.bots.collectors.xmpp`
+Install the package on the machine or virtualenv, where you have the IntelMQ, using
+`pip install intelmq-extensions`. Then, the bots will be available as any other IntelMQ
+bot in the Manager as well to import using `intelmq.bots.*.certat` namespace, e.g.
+`intelmq.bots.experts.certat.vulnerability_lookup.expert`
+## Documentation
+There is a limited documentation available. Consult bot Python code to see information
+about the usage and available configuration.
 ## Running tests
@@ -58,3 +69,9 @@ This package comes with test runners configured using `tox`. To use them:
     tox -efull-with-docker -- intelmq_extensions/tests/bots/experts/squelcher/test_expert.py::TestSquelcherExpertBot::test_address_match1
 ```
+---
+Part of the development was financed by the European Union.
+![CEF-Logo](https://github.com/certat/intelmq-extensions/blob/main/docs/cef_logo.png?raw=true)

{intelmq_extensions-1.8.1.dist-info → intelmq_extensions-1.9.0.dist-info}/RECORD RENAMED Viewed

@@ -17,6 +17,8 @@ intelmq_extensions/bots/experts/event_group_splitter/__init__.py,sha256=47DEQpj8
 intelmq_extensions/bots/experts/event_group_splitter/expert.py,sha256=Jq9v1p94dwbiFKeaulf7pg5XA15hlb967Wwvjp-fZ3g,4095
 intelmq_extensions/bots/experts/event_splitter/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 intelmq_extensions/bots/experts/event_splitter/expert.py,sha256=DcAXwapXMmP-IP7sPwDBWJ9cMu9UCcKh3nJPSDJbGfU,1204
+intelmq_extensions/bots/experts/replace_in_dict/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+intelmq_extensions/bots/experts/replace_in_dict/expert.py,sha256=GyevseD5n5E5cNO_6PZqnK8gZhILplPvLcwyS6iXNks,1375
 intelmq_extensions/bots/experts/squelcher/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 intelmq_extensions/bots/experts/squelcher/expert.py,sha256=cvmA4N5MjC_QazcEmCgW_uffn0P-4jPIPMikjtOcEd0,11022
 intelmq_extensions/bots/experts/vulnerability_lookup/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -69,6 +71,8 @@ intelmq_extensions/tests/bots/experts/event_group_splitter/__init__.py,sha256=47
 intelmq_extensions/tests/bots/experts/event_group_splitter/test_expert.py,sha256=FcuFOzOGctWQ0whG5e7t9_K2Vf7a_doDEl5WoWhDqq8,9124
 intelmq_extensions/tests/bots/experts/event_splitter/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 intelmq_extensions/tests/bots/experts/event_splitter/test_expert.py,sha256=KGjh86BacNiUcJGg8kxggHoJY3ORZPmPFmVPYJK0J6A,2752
+intelmq_extensions/tests/bots/experts/replace_in_dict/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+intelmq_extensions/tests/bots/experts/replace_in_dict/test_expert.py,sha256=aGJ0zGjU4qEKP4HLIF4LnFyze7I__DMrMJz6ynf5bko,2630
 intelmq_extensions/tests/bots/experts/squelcher/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 intelmq_extensions/tests/bots/experts/squelcher/test_expert.py,sha256=oHE3E9q2fMwPVavgZM4Bs8kQCGehpMFEv3biJQs_JJk,17731
 intelmq_extensions/tests/bots/experts/vulnerability_lookup/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -92,9 +96,9 @@ intelmq_extensions/tests/cli/test_intelmqcli.py,sha256=Izy0FHVkj44DCgp4Zm8f1vYTd
 intelmq_extensions/tests/lib/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 intelmq_extensions/tests/lib/base.py,sha256=iD4MuDq0Dh-CqFDgyXf4CfaJgT4AL7XAcNjPGxUlkPM,2560
 intelmq_extensions/tests/lib/test_api_helpers.py,sha256=cO6KNfVjwpYgevyyxxokOAmk7VXo-8T8OCH8hQhf980,3807
-intelmq_extensions-1.8.1.dist-info/licenses/LICENSE,sha256=hIahDEOTzuHCU5J2nd07LWwkLW7Hko4UFO__ffsvB-8,34523
-intelmq_extensions-1.8.1.dist-info/METADATA,sha256=FjXDB14UgCsC5FRaLxnsnGThgiC6p9k7ztXhi9zop5o,1988
-intelmq_extensions-1.8.1.dist-info/WHEEL,sha256=Nw36Djuh_5VDukK0H78QzOX-_FQEo6V37m3nkm96gtU,91
-intelmq_extensions-1.8.1.dist-info/entry_points.txt,sha256=dW_TN7JbkRT4zV7cJoFGIVzAcuqEL9OA1k7fI9Qtipk,3489
-intelmq_extensions-1.8.1.dist-info/top_level.txt,sha256=YVqZnmAiBfQPNdJPAv64Afvc41p3B24Akx2v2-3BFyc,19
-intelmq_extensions-1.8.1.dist-info/RECORD,,
+intelmq_extensions-1.9.0.dist-info/licenses/LICENSE,sha256=hIahDEOTzuHCU5J2nd07LWwkLW7Hko4UFO__ffsvB-8,34523
+intelmq_extensions-1.9.0.dist-info/METADATA,sha256=LLNY1-QSCk8YJ-7WVaQtvqXNb7y_JK6Mb-Zgv6UD3ls,2841
+intelmq_extensions-1.9.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+intelmq_extensions-1.9.0.dist-info/entry_points.txt,sha256=Kvg6WqHn9mGadCDWPFey0Bz6QYTT0JG7BuE0X_6MF80,3725
+intelmq_extensions-1.9.0.dist-info/top_level.txt,sha256=YVqZnmAiBfQPNdJPAv64Afvc41p3B24Akx2v2-3BFyc,19
+intelmq_extensions-1.9.0.dist-info/RECORD,,

{intelmq_extensions-1.8.1.dist-info → intelmq_extensions-1.9.0.dist-info}/WHEEL RENAMED Viewed

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (80.7.1)
+Generator: setuptools (80.9.0)
 Root-Is-Purelib: true
 Tag: py3-none-any

{intelmq_extensions-1.8.1.dist-info → intelmq_extensions-1.9.0.dist-info}/entry_points.txt RENAMED Viewed

@@ -6,6 +6,7 @@ intelmq.bots.experts.certat.certat_contact_intern.expert = intelmq_extensions.bo
 intelmq.bots.experts.certat.copy_extra.expert = intelmq_extensions.bots.experts.copy_extra.expert:BOT.run
 intelmq.bots.experts.certat.event_group_splitter.expert = intelmq_extensions.bots.experts.event_group_splitter.expert:BOT.run
 intelmq.bots.experts.certat.event_splitter.expert = intelmq_extensions.bots.experts.event_splitter.expert:BOT.run
+intelmq.bots.experts.certat.replace_in_dict.expert = intelmq_extensions.bots.experts.replace_in_dict.expert:BOT.run
 intelmq.bots.experts.certat.squelcher.expert = intelmq_extensions.bots.experts.squelcher.expert:BOT.run
 intelmq.bots.experts.certat.vulnerability_lookup.expert = intelmq_extensions.bots.experts.vulnerability_lookup.expert:BOT.run
 intelmq.bots.outputs.certat.mattermost.output = intelmq_extensions.bots.outputs.mattermost.output:BOT.run
@@ -21,6 +22,7 @@ intelmq_extensions.bots.experts.certat_contact_intern.expert = intelmq_extension
 intelmq_extensions.bots.experts.copy_extra.expert = intelmq_extensions.bots.experts.copy_extra.expert:BOT.run
 intelmq_extensions.bots.experts.event_group_splitter.expert = intelmq_extensions.bots.experts.event_group_splitter.expert:BOT.run
 intelmq_extensions.bots.experts.event_splitter.expert = intelmq_extensions.bots.experts.event_splitter.expert:BOT.run
+intelmq_extensions.bots.experts.replace_in_dict.expert = intelmq_extensions.bots.experts.replace_in_dict.expert:BOT.run
 intelmq_extensions.bots.experts.squelcher.expert = intelmq_extensions.bots.experts.squelcher.expert:BOT.run
 intelmq_extensions.bots.experts.vulnerability_lookup.expert = intelmq_extensions.bots.experts.vulnerability_lookup.expert:BOT.run
 intelmq_extensions.bots.outputs.mattermost.output = intelmq_extensions.bots.outputs.mattermost.output:BOT.run

{intelmq_extensions-1.8.1.dist-info → intelmq_extensions-1.9.0.dist-info}/licenses/LICENSE RENAMED Viewed

File without changes

{intelmq_extensions-1.8.1.dist-info → intelmq_extensions-1.9.0.dist-info}/top_level.txt RENAMED Viewed

File without changes

intelmq-extensions 1.8.1__py3-none-any.whl → 1.9.0__py3-none-any.whl

intelmq-extensions 1.8.1py3-none-any.whl → 1.9.0py3-none-any.whl