crt0mega/mvt
1
0
Fork 0
mirror of https://github.com/mvt-project/mvt.git synced 2024-06-27 22:58:57 +00:00
Code Issues Projects Releases Wiki Activity

Pyment to reST

Browse Source
This commit is contained in:
Nex 2021-10-12 18:06:58 +02:00
parent c38df37967
commit 169f5fbc26
4 changed files with 28 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
mvt/common/indicators.py
View File

@ -15,6 +15,8 @@ class IndicatorsFileBadFormat(Exception):
class Indicators: class Indicators:
"""This class is used to parse indicators from a STIX2 file and provide """This class is used to parse indicators from a STIX2 file and provide
functions to compare extracted artifacts to the indicators. functions to compare extracted artifacts to the indicators.
""" """
def __init__(self, log=None): def __init__(self, log=None):
@ -37,6 +39,7 @@ class Indicators:
:param file_path: Path to the STIX2 file to parse :param file_path: Path to the STIX2 file to parse
:type file_path: str :type file_path: str
""" """
self.log.info("Parsing STIX2 indicators file at path %s", self.log.info("Parsing STIX2 indicators file at path %s",
file_path) file_path)
@ -82,6 +85,7 @@ class Indicators:
:type url: str :type url: str
:returns: True if the URL matched an indicator, otherwise False :returns: True if the URL matched an indicator, otherwise False
:rtype: bool :rtype: bool
""" """
# TODO: If the IOC domain contains a subdomain, it is not currently # TODO: If the IOC domain contains a subdomain, it is not currently
# being matched. # being matched.
@ -153,6 +157,7 @@ class Indicators:
:type urls: list :type urls: list
:returns: True if any URL matched an indicator, otherwise False :returns: True if any URL matched an indicator, otherwise False
:rtype: bool :rtype: bool
""" """
if not urls: if not urls:
return False return False
@ -171,6 +176,7 @@ class Indicators:
:type process: str :type process: str
:returns: True if process matched an indicator, otherwise False :returns: True if process matched an indicator, otherwise False
:rtype: bool :rtype: bool
""" """
if not process: if not process:
return False return False
@ -196,6 +202,7 @@ class Indicators:
:type processes: list :type processes: list
:returns: True if process matched an indicator, otherwise False :returns: True if process matched an indicator, otherwise False
:rtype: bool :rtype: bool
""" """
if not processes: if not processes:
return False return False
@ -213,6 +220,7 @@ class Indicators:
:type email: str :type email: str
:returns: True if email address matched an indicator, otherwise False :returns: True if email address matched an indicator, otherwise False
:rtype: bool :rtype: bool
""" """
if not email: if not email:
return False return False
@ -231,6 +239,7 @@ class Indicators:
:type file_path: str :type file_path: str
:returns: True if the file path matched an indicator, otherwise False :returns: True if the file path matched an indicator, otherwise False
:rtype: bool :rtype: bool
""" """
if not file_path: if not file_path:
return False return False

16
mvt/common/module.py
View File

@ -23,8 +23,7 @@ class InsufficientPrivileges(Exception):
pass pass
class MVTModule(object): class MVTModule(object):
"""This class provides a base for all extraction modules. """This class provides a base for all extraction modules."""
"""
enabled = True enabled = True
slug = None slug = None
@ -66,8 +65,7 @@ class MVTModule(object):
return cls(results=results, log=log) return cls(results=results, log=log)
def get_slug(self): def get_slug(self):
"""Use the module's class name to retrieve a slug """Use the module's class name to retrieve a slug"""
"""
if self.slug: if self.slug:
return self.slug return self.slug
@ -77,12 +75,13 @@ class MVTModule(object):
def check_indicators(self): def check_indicators(self):
"""Check the results of this module against a provided list of """Check the results of this module against a provided list of
indicators. indicators.
""" """
raise NotImplementedError raise NotImplementedError
def save_to_json(self): def save_to_json(self):
"""Save the collected results to a json file. """Save the collected results to a json file."""
"""
if not self.output_folder: if not self.output_folder:
return return
@ -112,6 +111,7 @@ class MVTModule(object):
"""Serialize entry as JSON to deduplicate repeated entries """Serialize entry as JSON to deduplicate repeated entries
:param timeline: List of entries from timeline to deduplicate :param timeline: List of entries from timeline to deduplicate
""" """
timeline_set = set() timeline_set = set()
for record in timeline: for record in timeline:
@ -141,8 +141,7 @@ class MVTModule(object):
self.timeline_detected = self._deduplicate_timeline(self.timeline_detected) self.timeline_detected = self._deduplicate_timeline(self.timeline_detected)
def run(self): def run(self):
"""Run the main module procedure. """Run the main module procedure."""
"""
raise NotImplementedError raise NotImplementedError
@ -190,6 +189,7 @@ def save_timeline(timeline, timeline_path):
:param timeline: List of records to order and store :param timeline: List of records to order and store
:param timeline_path: Path to the csv file to store the timeline to :param timeline_path: Path to the csv file to store the timeline to
""" """
with io.open(timeline_path, "a+", encoding="utf-8") as handle: with io.open(timeline_path, "a+", encoding="utf-8") as handle:
csvoutput = csv.writer(handle, delimiter=",", quotechar="\"") csvoutput = csv.writer(handle, delimiter=",", quotechar="\"")

8
mvt/common/url.py
View File

@ -268,6 +268,7 @@ class URL:
:type url: str :type url: str
:returns: Domain name extracted from URL :returns: Domain name extracted from URL
:rtype: str :rtype: str
""" """
# TODO: Properly handle exception. # TODO: Properly handle exception.
try: try:
@ -282,6 +283,7 @@ class URL:
:type url: str :type url: str
:returns: Top-level domain name extracted from URL :returns: Top-level domain name extracted from URL
:rtype: str :rtype: str
""" """
# TODO: Properly handle exception. # TODO: Properly handle exception.
try: try:
@ -292,8 +294,11 @@ class URL:
def check_if_shortened(self) -> bool: def check_if_shortened(self) -> bool:
"""Check if the URL is among list of shortener services. """Check if the URL is among list of shortener services.
:returns: True if the URL is shortened, otherwise False :returns: True if the URL is shortened, otherwise False
:rtype: bool :rtype: bool
""" """
if self.domain.lower() in SHORTENER_DOMAINS: if self.domain.lower() in SHORTENER_DOMAINS:
self.is_shortened = True self.is_shortened = True
@ -301,8 +306,7 @@ class URL:
return self.is_shortened return self.is_shortened
def unshorten(self): def unshorten(self):
"""Unshorten the URL by requesting an HTTP HEAD response. """Unshorten the URL by requesting an HTTP HEAD response."""
"""
res = requests.head(self.url) res = requests.head(self.url)
if str(res.status_code).startswith("30"): if str(res.status_code).startswith("30"):
return res.headers["Location"] return res.headers["Location"]

5
mvt/common/utils.py
View File

@ -16,6 +16,7 @@ def convert_mactime_to_unix(timestamp, from_2001=True):
:param from_2001: bool: Whether to (Default value = True) :param from_2001: bool: Whether to (Default value = True)
:param from_2001: Default value = True) :param from_2001: Default value = True)
:returns: Unix epoch timestamp. :returns: Unix epoch timestamp.
""" """
if not timestamp: if not timestamp:
return None return None
@ -42,6 +43,7 @@ def convert_chrometime_to_unix(timestamp):
:param timestamp: Chrome timestamp as int. :param timestamp: Chrome timestamp as int.
:type timestamp: int :type timestamp: int
:returns: Unix epoch timestamp. :returns: Unix epoch timestamp.
""" """
epoch_start = datetime.datetime(1601, 1 , 1) epoch_start = datetime.datetime(1601, 1 , 1)
delta = datetime.timedelta(microseconds=timestamp) delta = datetime.timedelta(microseconds=timestamp)
@ -55,6 +57,7 @@ def convert_timestamp_to_iso(timestamp):
:type timestamp: int :type timestamp: int
:returns: ISO timestamp string in YYYY-mm-dd HH:MM:SS.ms format. :returns: ISO timestamp string in YYYY-mm-dd HH:MM:SS.ms format.
:rtype: str :rtype: str
""" """
try: try:
return timestamp.strftime("%Y-%m-%d %H:%M:%S.%f") return timestamp.strftime("%Y-%m-%d %H:%M:%S.%f")
@ -67,6 +70,7 @@ def check_for_links(text):
:param text: Any provided text. :param text: Any provided text.
:type text: str :type text: str
:returns: Search results. :returns: Search results.
""" """
return re.findall("(?P<url>https?://[^\s]+)", text, re.IGNORECASE) return re.findall("(?P<url>https?://[^\s]+)", text, re.IGNORECASE)
@ -92,6 +96,7 @@ def keys_bytes_to_string(obj):
:param obj: Object to convert from bytes to string. :param obj: Object to convert from bytes to string.
:returns: Object converted to string. :returns: Object converted to string.
:rtype: str :rtype: str
""" """
new_obj = {} new_obj = {}
if not isinstance(obj, dict): if not isinstance(obj, dict):