pymisp 2.5.2.dev1__py3-none-any.whl → 2.5.3__py3-none-any.whl

pymisp/api.py

@@ -216,8 +216,8 @@ class PyMISP:
             if 'errors' in response:
                 logger.warning(response['errors'][0])
             else:
-                pymisp_version_tup = tuple(int(x) for x in __version__.split('.'))
-                recommended_version_tup = tuple(int(x) for x in response['version'].split('.'))
+                pymisp_version_tup = tuple(int(x) for x in __version__.split('.')[:3])
+                recommended_version_tup = tuple(int(x) for x in response['version'].split('.')[:3])
                 if recommended_version_tup < pymisp_version_tup[:3]:
                     logger.info(f"The version of PyMISP recommended by the MISP instance ({response['version']}) is older than the one you're using now ({__version__}). If you have a problem, please upgrade the MISP instance or use an older PyMISP version.")
                 elif pymisp_version_tup[:3] < recommended_version_tup:
@@ -3541,6 +3541,14 @@ class PyMISP:
             response = self._prepare_request('POST', url, data=to_post)
         return response
 
+    def sign_blob(self, blob: str) -> str:
+        """Sign a blob
+
+        :param blob: blob to sign
+        """
+        response = self._prepare_request('POST', '/cryptographicKeys/serverSign', data=blob)
+        return self._check_response(response, lenient_response_type=True)
+
     # ## END Others ###
 
     # ## BEGIN Statistics ###

pymisp/data/misp-objects/objects/opentide/definition.json

@@ -3,19 +3,25 @@
     "name": {
       "description": "Name of the OpenTIDE Object",
       "misp-attribute": "text",
-      "ui-priority": 0
+      "ui-priority": 5
     },
     "opentide-object": {
       "description": "YAML Content of the Opentide Object",
       "misp-attribute": "text",
-      "ui-priority": 3
+      "ui-priority": 0
+    },
+    "opentide-relation": {
+      "description": "UUID of other OpenTIDE Objects with a relation to this Object",
+      "misp-attribute": "text",
+      "multiple": true,
+      "ui-priority": 1
     },
     "opentide-type": {
       "description": "Type of the OpenTIDE Object",
       "disable_correlation": true,
       "misp-attribute": "text",
       "multiple": false,
-      "ui-priority": 2,
+      "ui-priority": 1,
       "values_list": [
         "tvm",
         "cdm",
@@ -25,17 +31,28 @@
     "uuid": {
       "description": "UUID of the OpenTIDE Object",
       "misp-attribute": "text",
-      "ui-priority": 1
+      "ui-priority": 4
+    },
+    "version": {
+      "description": "Version of the OpenTIDE Object",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "sane_default": [
+        "1"
+      ],
+      "ui-priority": 3
     }
   },
   "description": "Object that is a container for threat or detection data, in accordance with the OpenTIDE Framework (https://code.europa.eu/ec-digit-s2/opentide)",
   "meta-category": "misc",
   "name": "opentide",
   "required": [
-    "uuid",
+    "name",
     "opentide-object",
-    "opentide-type"
+    "opentide-type",
+    "uuid",
+    "version"
   ],
   "uuid": "892fd46a-f69e-455c-8c4f-843a4b8f4295",
-  "version": 1
+  "version": 3
 }

pymisp/mispevent.py

@@ -1559,7 +1559,8 @@ class MISPGalaxy(AbstractMISP):
 class MISPEvent(AnalystDataBehaviorMixin):
 
     _fields_for_feed: set[str] = {'uuid', 'info', 'threat_level_id', 'analysis', 'timestamp',
-                                  'publish_timestamp', 'published', 'date', 'extends_uuid'}
+                                  'publish_timestamp', 'published', 'date', 'extends_uuid',
+                                  'protected'}
 
     _analyst_data_object_type = 'Event'
 
@@ -1581,6 +1582,7 @@ class MISPEvent(AnalystDataBehaviorMixin):
         self.EventReport: list[MISPEventReport] = []
         self.Tag: list[MISPTag] = []
         self.Galaxy: list[MISPGalaxy] = []
+        self.CryptographicKey: list[MISPCryptographicKey] = []
 
         self.publish_timestamp: float | int | datetime
         self.timestamp: float | int | datetime
@@ -1600,6 +1602,8 @@ class MISPEvent(AnalystDataBehaviorMixin):
 
     def _set_default(self) -> None:
         """There are a few keys that could, or need to be set by default for the feed generator"""
+        if not hasattr(self, 'protected'):
+            self.protected = False
         if not hasattr(self, 'published'):
             self.published = True
         if not hasattr(self, 'uuid'):
@@ -1649,13 +1653,14 @@ class MISPEvent(AnalystDataBehaviorMixin):
                 to_return += attribute.hash_values(algorithm)
         return to_return
 
-    def to_feed(self, valid_distributions: list[int] = [0, 1, 2, 3, 4, 5], with_meta: bool = False, with_distribution: bool=False, with_local_tags: bool = True, with_event_reports: bool = True) -> dict[str, Any]:
+    def to_feed(self, valid_distributions: list[int] = [0, 1, 2, 3, 4, 5], with_meta: bool = False, with_distribution: bool=False, with_local_tags: bool = True, with_event_reports: bool = True, with_cryptographic_keys: bool = True) -> dict[str, Any]:
         """ Generate a json output for MISP Feed.
 
         :param valid_distributions: only makes sense if the distribution key is set; i.e., the event is exported from a MISP instance.
         :param with_distribution: exports distribution and Sharing Group info; otherwise all SharingGroup information is discarded (protecting privacy)
         :param with_local_tags: tag export includes local exportable tags along with global exportable tags
         :param with_event_reports: include event reports in the returned MISP event
+        :param with_cryptographic_keys: include the associated cryptographic keys in the returned protected MISP event
         """
         required = ['info', 'Orgc']
         for r in required:
@@ -1720,6 +1725,13 @@ class MISPEvent(AnalystDataBehaviorMixin):
                     event_report.pop('sharing_group_id', None)
                 to_return['EventReport'].append(event_report.to_dict())
 
+        if with_cryptographic_keys and self.cryptographic_keys:
+            to_return['CryptographicKey'] = []
+            for cryptographic_key in self.cryptographic_keys:
+                cryptographic_key.pop('parent_id', None)
+                cryptographic_key.pop('id', None)
+                to_return['CryptographicKey'].append(cryptographic_key.to_dict())
+
         return {'Event': to_return}
 
     @property
@@ -1756,6 +1768,10 @@ class MISPEvent(AnalystDataBehaviorMixin):
     def event_reports(self) -> list[MISPEventReport]:
         return self.EventReport
 
+    @property
+    def cryptographic_keys(self) -> list[MISPCryptographicKey]:
+        return self.CryptographicKey
+
     @property
     def shadow_attributes(self) -> list[MISPShadowAttribute]:
         return self.ShadowAttribute
@@ -1891,6 +1907,8 @@ class MISPEvent(AnalystDataBehaviorMixin):
             [self.add_galaxy(**e) for e in kwargs.pop('Galaxy')]
         if kwargs.get('EventReport'):
             [self.add_event_report(**e) for e in kwargs.pop('EventReport')]
+        if kwargs.get('CryptographicKey'):
+            [self.add_cryprographic_key(**e) for e in kwargs.pop('CryptographicKey')]
 
         # All other keys
         if kwargs.get('id'):
@@ -2041,6 +2059,15 @@ class MISPEvent(AnalystDataBehaviorMixin):
         self.edited = True
         return event_report
 
+    def add_cryprographic_key(self, parent_type: str, key_data: str, type: str, uuid: str, fingerprint: str, timestamp: str, **kwargs) -> MISPCryptographicKey:  # type: ignore[no-untyped-def]
+        """Add a Cryptographic Key. parent_type, key_data, type, uuid, fingerprint, timestamp are required but you can pass all
+        other parameters supported by MISPEventReport"""
+        cryptographic_key = MISPCryptographicKey()
+        cryptographic_key.from_dict(parent_type=parent_type, key_data=key_data, type=type, uuid=uuid, fingerprint=fingerprint, timestamp=timestamp, **kwargs)
+        self.cryptographic_keys.append(cryptographic_key)
+        self.edited = True
+        return cryptographic_key
+
     def add_galaxy(self, galaxy: MISPGalaxy | dict[str, Any] | None = None, **kwargs) -> MISPGalaxy:  # type: ignore[no-untyped-def]
         """Add a galaxy and sub-clusters into an event, either by passing
         a MISPGalaxy or a dictionary.
@@ -2226,6 +2253,13 @@ class MISPWarninglist(AbstractMISP):
         super().from_dict(**kwargs)
 
 
+class MISPCryptographicKey(AbstractMISP):
+    def from_dict(self, **kwargs) -> None:  # type: ignore[no-untyped-def]
+        if 'CryptographicKey' in kwargs:
+            kwargs = kwargs['CryptographicKey']
+        super().from_dict(**kwargs)
+
+
 class MISPTaxonomy(AbstractMISP):
 
     enabled: bool

{pymisp-2.5.2.dev1.dist-info → pymisp-2.5.3.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: pymisp
-Version: 2.5.2.dev1
+Version: 2.5.3
 Summary: Python API for MISP.
 Home-page: https://github.com/MISP/PyMISP
 License: BSD-2-Clause
@@ -33,12 +33,12 @@ Provides-Extra: virustotal
 Requires-Dist: RTFDE (>=0.1.1,<0.2.0) ; extra == "email"
 Requires-Dist: Sphinx (>=8,<9) ; (python_version >= "3.10") and (extra == "docs")
 Requires-Dist: beautifulsoup4 (>=4.12.3,<5.0.0) ; extra == "openioc"
-Requires-Dist: deprecated (>=1.2.14,<2.0.0)
+Requires-Dist: deprecated (>=1.2.15,<2.0.0)
 Requires-Dist: docutils (>=0.21.1,<0.22.0) ; (python_version >= "3.10") and (extra == "docs")
 Requires-Dist: extract_msg (>=0.52,<0.53) ; extra == "email"
 Requires-Dist: lief (>=0.15.0,<0.16.0) ; extra == "fileobjects"
 Requires-Dist: oletools (>=0.60.1,<0.61.0) ; extra == "email"
-Requires-Dist: publicsuffixlist (>=1.0.2.20241113,<2.0.0.0)
+Requires-Dist: publicsuffixlist (>=1.0.2.20241216,<2.0.0.0)
 Requires-Dist: pydeep2 (>=0.5.1,<0.6.0) ; extra == "fileobjects"
 Requires-Dist: pyfaup (>=1.2,<2.0) ; extra == "url"
 Requires-Dist: python-dateutil (>=2.9.0.post0,<3.0.0)

{pymisp-2.5.2.dev1.dist-info → pymisp-2.5.3.dist-info}/RECORD

@@ -1,6 +1,6 @@
 pymisp/__init__.py,sha256=NxD9URYrwmEvYsZdUDTtBqBuIsvzRjXnRr8QVPsuOGE,4004
 pymisp/abstract.py,sha256=hdf3heAGnEi3rFIxaAsCOKfO4Y1kT_UoDNpr564GiIk,15745
-pymisp/api.py,sha256=zPdJQ3SGmVnANqttYCjNdVaz8CSeo461qAGPPeD6oy4,207815
+pymisp/api.py,sha256=ocZXH-sgLy-q0g7dlxV6TZu0uKo5ZAdwEIja33ZSQ68,208104
 pymisp/data/describeTypes.json,sha256=hoOy6U_FDVmfk9EdaFgGfEe_GMifmRnIrW8FAJ1ylJ4,45889
 pymisp/data/misp-objects/.git,sha256=NZIIWPWRiUFN6wy7MhT0zLzu8WP8PKqbMxWaO0by0dY,55
 pymisp/data/misp-objects/.gitchangelog.rc,sha256=27iB5X06HaLaMpDdZWMkg_YWLyZRm9H1qBOsqFntuV0,10009
@@ -222,7 +222,7 @@ pymisp/data/misp-objects/objects/network-traffic/definition.json,sha256=jZSGhItw
 pymisp/data/misp-objects/objects/news-agency/definition.json,sha256=yo-x2a7rei3tFIwHEisW2Hf3cGAQieEAs1QRGOQjSYE,2090
 pymisp/data/misp-objects/objects/news-media/definition.json,sha256=Mb4TQz-Cj035HtfyuhVyRTCUlxkzCizBZghLxgD6rGA,4024
 pymisp/data/misp-objects/objects/open-data-security/definition.json,sha256=fNTNdk-Hjd83DkmhbhGst6PJv09ZJzuXC6RitsEinZg,3052
-pymisp/data/misp-objects/objects/opentide/definition.json,sha256=vZi8fwy2yiEZ8aLV0UDodxLENeqZoaOMzafyelSYiQI,1056
+pymisp/data/misp-objects/objects/opentide/definition.json,sha256=KAhBYWYMp_PF0lTMjanOBKZirdju2120Y9tNOlpMzy8,1496
 pymisp/data/misp-objects/objects/organization/definition.json,sha256=2Dq4Gs4ynlcaP1rnxfvDCU8cCARO39_Z3azkHYJjhh4,3956
 pymisp/data/misp-objects/objects/original-imported-file/definition.json,sha256=lip2yP3wdLoCGxsiCrNMcBC6nyQJUPcJFZYzlkpxeOA,921
 pymisp/data/misp-objects/objects/paloalto-threat-event/definition.json,sha256=F1qMo6LN32i3e7ODjv38twX3BEzrgdLIqXN9PqL-3x4,2597
@@ -381,7 +381,7 @@ pymisp/data/misp-objects/validate_all.sh,sha256=0wWn-qZS9Pp0voEHK2QBCUxjvlaYj_kb
 pymisp/data/schema-lax.json,sha256=2QICdCbtfXRJkTVjwb7xjF3ypys2wOtrUyE1ZDz_qes,8561
 pymisp/data/schema.json,sha256=79N2hObemthb_syUHksDqM4djFttsWZQDg1sTYZYxys,9178
 pymisp/exceptions.py,sha256=IgGGadv5lnLAvO7Q6AjF0vEbjoWwwDWLYwMn-8pkU_k,1965
-pymisp/mispevent.py,sha256=RF4KJ6-L5x7qLA9glQiQ1FhuYDyFNPu1GXmBRbxntQE,116601
+pymisp/mispevent.py,sha256=n-HvUYM4KT6IvOiDFjsCtWdivIiFDwZDB6anUmkCOyc,118503
 pymisp/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 pymisp/tools/__init__.py,sha256=_KCihYo82e8G5cHV321ak2sgbao2GyFjf4sSTMiN_IM,2233
 pymisp/tools/_psl_faup.py,sha256=JyK8RQm8DPWvNuoF4rQpiE0rBm-Az-sr38Kl46dmWcs,7034
@@ -412,7 +412,7 @@ pymisp/tools/update_objects.py,sha256=sp_XshzgtRjAU0Mqg8FgRTaokjVKLImyQ02xIcPSrH
 pymisp/tools/urlobject.py,sha256=PIucy1356zaljUm1NbeKmEpHpAUK9yiK2lAugcMp2t8,2489
 pymisp/tools/vehicleobject.py,sha256=bs7f4d47IBi2-VumssSM3HlqkH0viyHTLmIHQxe8Iz8,3687
 pymisp/tools/vtreportobject.py,sha256=NsdYzgqm47dywYeW8UnWmEDeIsf07xZreD2iJzFm2wg,3217
-pymisp-2.5.2.dev1.dist-info/LICENSE,sha256=1oPSVvs96qLjbJVi3mPn0yvWs-6aoIF6BNXi6pVlFmY,1615
-pymisp-2.5.2.dev1.dist-info/METADATA,sha256=izTMWvW_GKuVSzP0oewtxgRRh28zOAoy0G0WDmhsxmc,9171
-pymisp-2.5.2.dev1.dist-info/WHEEL,sha256=Nq82e9rUAnEjt98J6MlVmMCZb-t9cYE2Ir1kpBmnWfs,88
-pymisp-2.5.2.dev1.dist-info/RECORD,,
+pymisp-2.5.3.dist-info/LICENSE,sha256=1oPSVvs96qLjbJVi3mPn0yvWs-6aoIF6BNXi6pVlFmY,1615
+pymisp-2.5.3.dist-info/METADATA,sha256=VntgmJQEy43KC2_8Bw6W3wURZMfe6OUTPMlGSWQsnjQ,9166
+pymisp-2.5.3.dist-info/WHEEL,sha256=Nq82e9rUAnEjt98J6MlVmMCZb-t9cYE2Ir1kpBmnWfs,88
+pymisp-2.5.3.dist-info/RECORD,,