pymisp 2.5.3__py3-none-any.whl → 2.5.7__py3-none-any.whl

pymisp/data/misp-objects/objects/spambee-report/definition.json

@@ -0,0 +1,54 @@
+{
+  "attributes": {
+    "feedback-requested": {
+      "description": "User has requested feedback",
+      "disable_correlation": true,
+      "misp-attribute": "boolean",
+      "ui-priority": 0
+    },
+    "feedback-sent": {
+      "description": "Feedback has been sent to user",
+      "disable_correlation": true,
+      "misp-attribute": "boolean",
+      "ui-priority": 0
+    },
+    "feedback-time": {
+      "description": "Timestamp of the feedback",
+      "disable_correlation": true,
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "privacy": {
+      "description": "User has requested privacy",
+      "disable_correlation": true,
+      "misp-attribute": "boolean",
+      "ui-priority": 0
+    },
+    "report-status": {
+      "categories": [
+        "External analysis"
+      ],
+      "description": "Result of the Spambee analysis for the submitted email",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "report-uid": {
+      "categories": [
+        "Internal reference"
+      ],
+      "description": "Internal reference to the Spambee report",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    }
+  },
+  "description": "A Spambee analysis report",
+  "meta-category": "network",
+  "name": "spambee-report",
+  "requiredOneOf": [
+    "report-uid"
+  ],
+  "uuid": "305d6e6c-bb4d-4b9a-abf5-9f34d1322352",
+  "version": 3
+}

pymisp/data/misp-objects/objects/target-system/definition.json

@@ -28,12 +28,12 @@
       "ui-priority": 1
     }
   },
-  "description": "Description about an targeted system, this could potentially be a compromissed internal system",
+  "description": "Description about an targeted system, this could potentially be a compromised internal system",
   "meta-category": "internal",
   "name": "target-system",
   "requiredOneOf": [
     "targeted_machine"
   ],
   "uuid": "3110944f-eca0-4c94-9d61-a84d022228a4",
-  "version": 1
+  "version": 2
 }

pymisp/data/misp-objects/objects/vulnerability/definition.json

@@ -14,13 +14,13 @@
       "ui-priority": 0
     },
     "cvss-score": {
-      "description": "Score of the Common Vulnerability Scoring System (version 3).",
+      "description": "Score of the Common Vulnerability Scoring System.",
       "disable_correlation": true,
       "misp-attribute": "float",
       "ui-priority": 1
     },
     "cvss-string": {
-      "description": "String of the Common Vulnerability Scoring System (version 3).",
+      "description": "String of the Common Vulnerability Scoring System.",
       "disable_correlation": true,
       "misp-attribute": "text",
       "ui-priority": 1
@@ -65,7 +65,8 @@
         "Reviewed",
         "Vulnerability ID Assigned",
         "Reported",
-        "Fixed"
+        "Fixed",
+        "Encoded"
       ],
       "ui-priority": 0
     },
@@ -94,5 +95,5 @@
     "id"
   ],
   "uuid": "81650945-f186-437b-8945-9f31715d32da",
-  "version": 8
+  "version": 9
 }

pymisp/data/misp-objects/relationships/definition.json

@@ -1907,7 +1907,23 @@
         "misp"
       ],
       "name": "releasable-to"
+    },
+    {
+      "description": "The source object is weakened by the target weakness.",
+      "format": [
+        "misp"
+      ],
+      "name": "weakened-by",
+      "opposite": "weakens"
+    },
+    {
+      "description": "The source weakness weakens the target object.",
+      "format": [
+        "misp"
+      ],
+      "name": "weakens",
+      "opposite": "weakened-by"
     }
   ],
-  "version": 50
+  "version": 51
 }

pymisp/data/misp-objects/schema_objects.json

@@ -68,9 +68,9 @@
             "dkim",
             "dkim-signature",
             "dns-soa-email",
+            "dom-hash",
             "domain",
             "domain|ip",
-            "dom-hash",
             "email",
             "email-attachment",
             "email-body",

pymisp/mispevent.py

@@ -60,28 +60,37 @@ class AnalystDataBehaviorMixin(AbstractMISP):
 
     def add_note(self, note: str, language: str | None = None, **kwargs) -> MISPNote:  # type: ignore[no-untyped-def]
         the_note = MISPNote()
-        the_note.from_dict(note=note, language=language,
-                           object_uuid=self.uuid, object_type=self.analyst_data_object_type,
-                           **kwargs)
+        object_uuid = kwargs.pop('object_uuid', self.uuid)
+        object_type = kwargs.pop('object_type', self.analyst_data_object_type)
+        the_note.from_dict(
+            note=note, language=language, object_uuid=object_uuid,
+            object_type=object_type, contained=True, parent=self, **kwargs
+        )
         self.notes.append(the_note)
         self.edited = True
         return the_note
 
     def add_opinion(self, opinion: int, comment: str | None = None, **kwargs) -> MISPOpinion:  # type: ignore[no-untyped-def]
         the_opinion = MISPOpinion()
-        the_opinion.from_dict(opinion=opinion, comment=comment,
-                              object_uuid=self.uuid, object_type=self.analyst_data_object_type,
-                              **kwargs)
+        object_uuid = kwargs.pop('object_uuid', self.uuid)
+        object_type = kwargs.pop('object_type', self.analyst_data_object_type)
+        the_opinion.from_dict(
+            opinion=opinion, comment=comment, object_uuid=object_uuid,
+            object_type=object_type, contained=True, parent=self, **kwargs
+        )
         self.opinions.append(the_opinion)
         self.edited = True
         return the_opinion
 
     def add_relationship(self, related_object_type: AbstractMISP | str, related_object_uuid: str | None, relationship_type: str, **kwargs) -> MISPRelationship:  # type: ignore[no-untyped-def]
         the_relationship = MISPRelationship()
-        the_relationship.from_dict(related_object_type=related_object_type, related_object_uuid=related_object_uuid,
-                                   relationship_type=relationship_type,
-                                   object_uuid=self.uuid, object_type=self.analyst_data_object_type,
-                                   **kwargs)
+        the_relationship.from_dict(
+            related_object_type=related_object_type,
+            related_object_uuid=related_object_uuid,
+            relationship_type=relationship_type, object_uuid=self.uuid,
+            object_type=self.analyst_data_object_type, contained=True,
+            parent=self, **kwargs
+        )
         self.relationships.append(the_relationship)
         self.edited = True
         return the_relationship
@@ -93,12 +102,8 @@ class AnalystDataBehaviorMixin(AbstractMISP):
         relationships = kwargs.pop('Relationship', [])
         super().from_dict(**kwargs)
         for note in notes:
-            note.pop('object_uuid', None)
-            note.pop('object_type', None)
             self.add_note(**note)
         for opinion in opinions:
-            opinion.pop('object_uuid', None)
-            opinion.pop('object_type', None)
             self.add_opinion(**opinion)
         for relationship in relationships:
             relationship.pop('object_uuid', None)
@@ -2523,6 +2528,18 @@ class MISPAnalystData(AbstractMISP):
                          'Object', 'Note', 'Opinion', 'Relationship', 'Organisation',
                          'SharingGroup'}
 
+    @property
+    def analyst_data_object_type(self) -> str:
+        return self._analyst_data_object_type
+
+    @property
+    def notes(self) -> list[MISPNote]:
+        return self.Note
+
+    @property
+    def opinions(self) -> list[MISPOpinion]:
+        return self.Opinion
+
     @property
     def org(self) -> MISPOrganisation:
         return self.Org
@@ -2538,6 +2555,10 @@ class MISPAnalystData(AbstractMISP):
         else:
             raise PyMISPError('Orgc must be of type MISPOrganisation.')
 
+    @property
+    def parent(self) -> MISPAttribute | MISPEvent | MISPEventReport | MISPObject:
+        return self.__parent
+
     def __new__(cls, *args, **kwargs):
         if cls is MISPAnalystData:
             raise TypeError(f"only children of '{cls.__name__}' may be instantiated")
@@ -2552,8 +2573,54 @@ class MISPAnalystData(AbstractMISP):
         self.created: float | int | datetime
         self.modified: float | int | datetime
         self.SharingGroup: MISPSharingGroup
+        self._analyst_data_object_type: str  # Must be defined in the child class
+
+    def add_note(self, note: str, language: str | None = None, object_uuid: str | None = None, object_type: str | None = None, parent: MISPEvent | MISPAttribute | MISPObject | MISPEventReport | None = None, **kwargs: dict[str, Any]) -> MISPNote:
+        misp_note = MISPNote()
+        if object_uuid is None:
+            object_uuid = self.uuid
+        if object_type is None:
+            object_type = self.analyst_data_object_type
+        if parent is None and hasattr(self, 'parent'):
+            parent = self.parent
+        misp_note.from_dict(
+            note=note, language=language, object_uuid=object_uuid,
+            object_type=object_type, parent=parent, contained=True, **kwargs
+        )
+        if parent is None:
+            if not hasattr(self, 'Note'):
+                self.Note: list[MISPNote] = []
+            self.Note.append(misp_note)
+        else:
+            self.parent.notes.append(misp_note)
+        self.edited = True
+        return misp_note
+
+    def add_opinion(self, opinion: int, comment: str | None = None, object_uuid: str | None = None, object_type: str | None = None, parent: MISPEvent | MISPAttribute | MISPObject | MISPEventReport | None = None, **kwargs: dict[str, Any]) -> MISPOpinion:
+        misp_opinion = MISPOpinion()
+        if object_uuid is None:
+            object_uuid = self.uuid
+        if object_type is None:
+            object_type = self.analyst_data_object_type
+        if parent is None and hasattr(self, 'parent'):
+            parent = self.parent
+        misp_opinion.from_dict(
+            opinion=opinion, comment=comment, object_uuid=object_uuid,
+            object_type=object_type, parent=parent, contained=True, **kwargs
+        )
+        if parent is None:
+            if not hasattr(self, 'Opinion'):
+                self.Opinion: list[MISPOpinion] = []
+            self.Opinion.append(misp_opinion)
+        else:
+            self.parent.opinions.append(misp_opinion)
+        self.edited = True
+        return misp_opinion
 
     def from_dict(self, **kwargs) -> None:  # type: ignore[no-untyped-def]
+        notes = kwargs.pop('Note', [])
+        opinions = kwargs.pop('Opinion', [])
+        self.__parent = kwargs.pop('parent', None)
         self.distribution = kwargs.pop('distribution', None)
         if self.distribution is not None:
             self.distribution = int(self.distribution)
@@ -2607,6 +2674,11 @@ class MISPAnalystData(AbstractMISP):
 
         super().from_dict(**kwargs)
 
+        for note in notes:
+            self.add_note(**note)
+        for opinion in opinions:
+            self.add_opinion(**opinion)
+
     def _set_default(self) -> None:
         if not hasattr(self, 'created'):
             self.created = datetime.timestamp(datetime.now())
@@ -2614,7 +2686,7 @@ class MISPAnalystData(AbstractMISP):
             self.modified = self.created
 
 
-class MISPNote(AnalystDataBehaviorMixin, MISPAnalystData):
+class MISPNote(MISPAnalystData):
 
     _fields_for_feed: set[str] = MISPAnalystData._fields_for_feed.union({'note', 'language'})
 
@@ -2625,8 +2697,8 @@ class MISPNote(AnalystDataBehaviorMixin, MISPAnalystData):
         self.language: str
         super().__init__(**kwargs)
 
-    def from_dict(self, **kwargs) -> None:  # type: ignore[no-untyped-def]
-        if 'Note' in kwargs:
+    def from_dict(self, contained=False, **kwargs) -> None:  # type: ignore[no-untyped-def]
+        if not contained and 'Note' in kwargs:
             kwargs = kwargs['Note']
         self.note = kwargs.pop('note', None)
         if self.note is None:
@@ -2639,7 +2711,7 @@ class MISPNote(AnalystDataBehaviorMixin, MISPAnalystData):
         return f'<{self.__class__.__name__}(NotInitialized)'
 
 
-class MISPOpinion(AnalystDataBehaviorMixin, MISPAnalystData):
+class MISPOpinion(MISPAnalystData):
 
     _fields_for_feed: set[str] = MISPAnalystData._fields_for_feed.union({'opinion', 'comment'})
 
@@ -2650,8 +2722,8 @@ class MISPOpinion(AnalystDataBehaviorMixin, MISPAnalystData):
         self.comment: str
         super().__init__(**kwargs)
 
-    def from_dict(self, **kwargs) -> None:  # type: ignore[no-untyped-def]
-        if 'Opinion' in kwargs:
+    def from_dict(self, contained=False, **kwargs) -> None:  # type: ignore[no-untyped-def]
+        if not contained and 'Opinion' in kwargs:
             kwargs = kwargs['Opinion']
         self.opinion = kwargs.pop('opinion', None)
         if self.opinion is not None:
@@ -2673,7 +2745,7 @@ class MISPOpinion(AnalystDataBehaviorMixin, MISPAnalystData):
         return f'<{self.__class__.__name__}(NotInitialized)'
 
 
-class MISPRelationship(AnalystDataBehaviorMixin, MISPAnalystData):
+class MISPRelationship(MISPAnalystData):
 
     _fields_for_feed: set[str] = MISPAnalystData._fields_for_feed.union({'related_object_uuid', 'related_object_type', 'relationship_type'})
 
@@ -2685,8 +2757,8 @@ class MISPRelationship(AnalystDataBehaviorMixin, MISPAnalystData):
         self.relationship_type: str
         super().__init__(**kwargs)
 
-    def from_dict(self, **kwargs) -> None:  # type: ignore[no-untyped-def]
-        if 'Relationship' in kwargs:
+    def from_dict(self, contained=False, **kwargs) -> None:  # type: ignore[no-untyped-def]
+        if not contained and 'Relationship' in kwargs:
             kwargs = kwargs['Relationship']
         self.related_object_type = kwargs.pop('related_object_type', None)
         if self.related_object_type is None:

{pymisp-2.5.3.dist-info → pymisp-2.5.7.dist-info}/METADATA

@@ -1,12 +1,11 @@
-Metadata-Version: 2.1
+Metadata-Version: 2.3
 Name: pymisp
-Version: 2.5.3
+Version: 2.5.7
 Summary: Python API for MISP.
-Home-page: https://github.com/MISP/PyMISP
 License: BSD-2-Clause
 Author: Raphaël Vinot
 Author-email: raphael.vinot@circl.lu
-Requires-Python: >=3.9,<4.0
+Requires-Python: >=3.9.2,<4.0
 Classifier: Development Status :: 5 - Production/Stable
 Classifier: Environment :: Console
 Classifier: Intended Audience :: Information Technology
@@ -15,7 +14,6 @@ Classifier: Intended Audience :: Telecommunications Industry
 Classifier: License :: OSI Approved :: BSD License
 Classifier: Operating System :: POSIX :: Linux
 Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
@@ -30,29 +28,27 @@ Provides-Extra: openioc
 Provides-Extra: pdfexport
 Provides-Extra: url
 Provides-Extra: virustotal
-Requires-Dist: RTFDE (>=0.1.1,<0.2.0) ; extra == "email"
-Requires-Dist: Sphinx (>=8,<9) ; (python_version >= "3.10") and (extra == "docs")
-Requires-Dist: beautifulsoup4 (>=4.12.3,<5.0.0) ; extra == "openioc"
-Requires-Dist: deprecated (>=1.2.15,<2.0.0)
-Requires-Dist: docutils (>=0.21.1,<0.22.0) ; (python_version >= "3.10") and (extra == "docs")
-Requires-Dist: extract_msg (>=0.52,<0.53) ; extra == "email"
-Requires-Dist: lief (>=0.15.0,<0.16.0) ; extra == "fileobjects"
-Requires-Dist: oletools (>=0.60.1,<0.61.0) ; extra == "email"
-Requires-Dist: publicsuffixlist (>=1.0.2.20241216,<2.0.0.0)
-Requires-Dist: pydeep2 (>=0.5.1,<0.6.0) ; extra == "fileobjects"
-Requires-Dist: pyfaup (>=1.2,<2.0) ; extra == "url"
-Requires-Dist: python-dateutil (>=2.9.0.post0,<3.0.0)
-Requires-Dist: python-magic (>=0.4.27,<0.5.0) ; extra == "fileobjects"
-Requires-Dist: recommonmark (>=0.7.1,<0.8.0) ; (python_version >= "3.10") and (extra == "docs")
-Requires-Dist: reportlab (>=4.2.5,<5.0.0) ; extra == "pdfexport"
-Requires-Dist: requests (>=2.32.3,<3.0.0)
-Requires-Dist: sphinx-autodoc-typehints (>=2.5.0,<3.0.0) ; (python_version >= "3.10") and (extra == "docs")
-Requires-Dist: urllib3[brotli] ; extra == "brotli"
-Requires-Dist: validators (>=0.34.0,<0.35.0) ; extra == "virustotal"
-Project-URL: Bug Tracker, https://github.com/MISP/PyMISP/issues
+Requires-Dist: RTFDE (>=0.1.2) ; (python_version <= "3.9") and (extra == "email")
+Requires-Dist: beautifulsoup4 (>=4.13.3) ; extra == "openioc"
+Requires-Dist: deprecated (>=1.2.18)
+Requires-Dist: docutils (>=0.21.2) ; (python_version >= "3.11") and (extra == "docs")
+Requires-Dist: extract_msg (>=0.53.1) ; extra == "email"
+Requires-Dist: lief (>=0.16.3) ; extra == "fileobjects"
+Requires-Dist: myst-parser (>=4.0.1) ; (python_version >= "3.11") and (extra == "docs")
+Requires-Dist: oletools (>=0.60.2) ; extra == "email"
+Requires-Dist: pydeep2 (>=0.5.1) ; extra == "fileobjects"
+Requires-Dist: pyfaup (>=1.2) ; extra == "url"
+Requires-Dist: python-dateutil (>=2.9.0.post0)
+Requires-Dist: python-magic (>=0.4.27) ; extra == "fileobjects"
+Requires-Dist: reportlab (>=4.3.1) ; extra == "pdfexport"
+Requires-Dist: requests (>=2.32.3)
+Requires-Dist: sphinx (>=8.2.0) ; (python_version >= "3.11") and (extra == "docs")
+Requires-Dist: sphinx-autodoc-typehints (>=3.1.0) ; (python_version >= "3.11") and (extra == "docs")
+Requires-Dist: urllib3 (>=2.3.0) ; extra == "brotli"
+Requires-Dist: validators (>=0.34.0) ; extra == "virustotal"
 Project-URL: Documentation, https://pymisp.readthedocs.io
 Project-URL: Repository, https://github.com/MISP/PyMISP
-Project-URL: Source, https://github.com/MISP/PyMISP
+Project-URL: issues, https://github.com/MISP/PyMISP/issues
 Description-Content-Type: text/markdown
 
 **IMPORTANT NOTE**: This library will require **at least** Python 3.10 starting the 1st of January 2024. If you have legacy versions of python, please use the latest PyMISP version that will be released in December 2023, and consider updating your system(s). Anything released within the last 2 years will do, starting with Ubuntu 22.04.
@@ -61,7 +57,7 @@ Description-Content-Type: text/markdown
 
 [![Documentation Status](https://readthedocs.org/projects/pymisp/badge/?version=latest)](http://pymisp.readthedocs.io/?badge=latest)
 [![Coverage Status](https://coveralls.io/repos/github/MISP/PyMISP/badge.svg?branch=main)](https://coveralls.io/github/MISP/PyMISP?branch=main)
-[![Python 3.8](https://img.shields.io/badge/python-3.8+-blue.svg)](https://www.python.org/downloads/release/python-380/)
+[![Python 3.9](https://img.shields.io/badge/python-3.9+-blue.svg)](https://www.python.org/downloads/release/python-390/)
 [![PyPi version](https://img.shields.io/pypi/v/pymisp.svg)](https://pypi.python.org/pypi/pymisp/)
 [![Number of PyPI downloads](https://img.shields.io/pypi/dm/pymisp.svg)](https://pypi.python.org/pypi/pymisp/)
 
@@ -248,4 +244,3 @@ python -m pip install --no-index --no-deps packages/*.whl
 
 PyMISP is distributed under an [open source license](./LICENSE). A simplified 2-BSD license.
 
-