Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-pymisp for openSUSE:Factory checked in at 2021-03-02 12:32:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-pymisp (Old) and /work/SRC/openSUSE:Factory/.python-pymisp.new.2378 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-pymisp" Tue Mar 2 12:32:28 2021 rev:31 rq:875630 version:2.4.138 Changes: -------- --- /work/SRC/openSUSE:Factory/python-pymisp/python-pymisp.changes 2020-12-09 22:12:51.871154817 +0100 +++ /work/SRC/openSUSE:Factory/.python-pymisp.new.2378/python-pymisp.changes 2021-03-02 12:44:45.564319350 +0100 @@ -1,0 +2,230 @@ +Sat Feb 20 14:20:55 UTC 2021 - Sebastian Wagner <[email protected]> + +- Add a rpmlintrc file to ignore warning about an empty file in the examples of the documentation +- update to version 2.4.138: + - Changes + - Bump version. [Rapha??l Vinot] + - Bump deps. [Rapha??l Vinot] +- update to version 2.4.137.4: + - Changes + - Bump changelog. [Rapha??l Vinot] + - Bump version. [Rapha??l Vinot] + - Bump objects. [Rapha??l Vinot] + - Add kw_params to tags. [Rapha??l Vinot] + - Bump objects. [Rapha??l Vinot] + - Bump template ID in test case. [Rapha??l Vinot] +- update to version 2.4.137.3: + - Changes + - Bump version. [Rapha??l Vinot] + - Bump changelog. [Rapha??l Vinot] + - Bump objects. [Rapha??l Vinot] + - Fix and improve optional dependencies. [Rapha??l Vinot] + - Make brotli optional. [Rapha??l Vinot] +- update to version 2.4.137.2: + - New + - Add in ability to create/update/delete MISP Event Reports. [Tom King] + - Hard delete flag for objects. [Rapha??l Vinot] + - Fail if a duplicate object is added to an event. [Rapha??l Vinot] + - Support brotli compression. [Jakub Onderka] + - Hard delete flag for objects. [Rapha??l Vinot] + - Fail if a duplicate object is added to an event. [Rapha??l Vinot] + - Add in ability to create/update/delete MISP Event Reports. [Tom King] + - Add in ability to create/update/delete MISP Event Reports. [Tom King] + - Hard delete flag for objects. [Rapha??l Vinot] + - Changes + - Bump changelog. [Rapha??l Vinot] + - Bump version. [Rapha??l Vinot] + - Add brotli support in the dependencies. [Rapha??l Vinot] + - Make mypy happy. [Rapha??l Vinot] + - Make clear that to_json returns str. [Rapha??l Vinot] + - Disable correlation on malware-sample for FileObject. [Rapha??l Vinot] + - Bump objects templates. [Rapha??l Vinot] + - Add missing autodoc. [Rapha??l Vinot] + fix #693 + - Add in delete function for a MISP Object. [Tom King] + - Fix return of delete_event_report. [Rapha??l Vinot] + - Remove critical warning if lief is not installed. [Rapha??l Vinot] + Fix https://github.com/MISP/MISP/issues/6908 + - Bump deps. [Rapha??l Vinot] + - Allow response of delete to be pythonify, add in nosetest. [Tom King] + - Add ability to get event reports from the Event ID. [Tom King] + - Remove travis file, GH Actions is better. [Rapha??l Vinot] + - Bump deps. [Rapha??l Vinot] + - Remove critical warning if lief is not installed. [Rapha??l Vinot] + Fix https://github.com/MISP/MISP/issues/6908 + - Add test case fir add_attribute and enforceWarninglist=True. [Rapha??l + Vinot] + - Add testcase with breakOnDuplicate in a MISPObject. [Rapha??l Vinot] + - Bump changelog. [Rapha??l Vinot] + - Bump version. [Rapha??l Vinot] + - Add test case for page/limit in logs search. [Rapha??l Vinot] + - Bump deps. [Rapha??l Vinot] + - Improve docstring for get_event. [Rapha??l Vinot] + fix #686 + - Bump changelog. [Rapha??l Vinot] + - Bump version. [Rapha??l Vinot] + - Show size when the json is not loadable. [Rapha??l Vinot] + - Add authenticode support in generate_file_objects. [Rapha??l Vinot] + - Use lief 0.11.0, generate authenticode entries. [Rapha??l Vinot] + - Bump objects. [Rapha??l Vinot] + - Bump deps, add 3.9 in GH. [Rapha??l Vinot] + - Bump deps. [Rapha??l Vinot] + - Bump deps, objects templates. [Rapha??l Vinot] + - Make clear that to_json returns str. [Rapha??l Vinot] + - Disable correlation on malware-sample for FileObject. [Rapha??l Vinot] + - Bump objects templates. [Rapha??l Vinot] + - Bump deps. [Rapha??l Vinot] + - Add missing autodoc. [Rapha??l Vinot] + fix #693 + - Add in delete function for a MISP Object. [Tom King] + - Bump deps. [Rapha??l Vinot] + - Fix return of delete_event_report. [Rapha??l Vinot] + - Remove travis file, GH Actions is better. [Rapha??l Vinot] + - Bump deps. [Rapha??l Vinot] + - Remove critical warning if lief is not installed. [Rapha??l Vinot] + Fix https://github.com/MISP/MISP/issues/6908 + - Add test case fir add_attribute and enforceWarninglist=True. [Rapha??l + Vinot] + - Add testcase with breakOnDuplicate in a MISPObject. [Rapha??l Vinot] + - Bump changelog. [Rapha??l Vinot] + - Bump version. [Rapha??l Vinot] + - Add test case for page/limit in logs search. [Rapha??l Vinot] + - Bump deps. [Rapha??l Vinot] + - Improve docstring for get_event. [Rapha??l Vinot] + fix #686 + - Bump changelog. [Rapha??l Vinot] + - Bump version. [Rapha??l Vinot] + - Show size when the json is not loadable. [Rapha??l Vinot] + - Add authenticode support in generate_file_objects. [Rapha??l Vinot] + - Use lief 0.11.0, generate authenticode entries. [Rapha??l Vinot] + - Bump objects. [Rapha??l Vinot] + - Bump deps, add 3.9 in GH. [Rapha??l Vinot] + - Bump deps. [Rapha??l Vinot] + - Bump deps, objects templates. [Rapha??l Vinot] + - Allow response of delete to be pythonify, add in nosetest. [Tom King] + - Add ability to get event reports from the Event ID. [Tom King] + - Remove travis file, GH Actions is better. [Rapha??l Vinot] + - Bump deps. [Rapha??l Vinot] + - Remove critical warning if lief is not installed. [Rapha??l Vinot] + Fix https://github.com/MISP/MISP/issues/6908 + - Add test case fir add_attribute and enforceWarninglist=True. [Rapha??l + Vinot] + - Add testcase with breakOnDuplicate in a MISPObject. [Rapha??l Vinot] + - Fix + - Flake error. [Rapha??l Vinot] + - Update testlive accordingly. [Rapha??l Vinot] + - Better warning if lief is outdated. [Rapha??l Vinot] + - Call the AbstractMISP.from_dict at the end of the function to ensure + the edited flag remains false. [Tom King] + - Better warning if lief is outdated. [Rapha??l Vinot] + - Update minimal dependency for lief in setup.py. [Rapha??l Vinot] + - [dev mode only] force older jedi to avoid ipython exception. [Rapha??l + Vinot] + - Add python 3.9 in GH Actions. [Rapha??l Vinot] + - Update testlive accordingly. [Rapha??l Vinot] + - Better warning if lief is outdated. [Rapha??l Vinot] + - Update minimal dependency for lief in setup.py. [Rapha??l Vinot] + - [dev mode only] force older jedi to avoid ipython exception. [Rapha??l + Vinot] + - Add python 3.9 in GH Actions. [Rapha??l Vinot] + - Call the AbstractMISP.from_dict at the end of the function to ensure + the edited flag remains false. [Tom King] +- update to version 2.4.137.1: + - New + - Fail if a duplicate object is added to an event. [Rapha??l Vinot] + - Changes + - Bump changelog. [Rapha??l Vinot] + - Bump version. [Rapha??l Vinot] + - Add test case for page/limit in logs search. [Rapha??l Vinot] + - Bump deps. [Rapha??l Vinot] + - Improve docstring for get_event. [Rapha??l Vinot] + fix #686 + - Bump changelog. [Rapha??l Vinot] + - Fix + - Better warning if lief is outdated. [Rapha??l Vinot] + - Update minimal dependency for lief in setup.py. [Rapha??l Vinot] +- update to version 2.4.137: + - New + - Allow to pass an object template to MISPObject.__init__ [Rapha??l + Vinot] + MISPObject part of #6670 + - Changes + - Bump version. [Rapha??l Vinot] + - Show size when the json is not loadable. [Rapha??l Vinot] + - Add authenticode support in generate_file_objects. [Rapha??l Vinot] + - Use lief 0.11.0, generate authenticode entries. [Rapha??l Vinot] + - Bump objects. [Rapha??l Vinot] + - Bump deps, add 3.9 in GH. [Rapha??l Vinot] + - Bump deps. [Rapha??l Vinot] + - Bump deps, objects templates. [Rapha??l Vinot] + - Add controller argument to get_csv script. [Rapha??l Vinot] + - [test] file object template are now 24. [Alexandre Dulaunoy] + - [test] file object template is now at version 24. [Alexandre Dulaunoy] + - [misp-objects] updated. [Alexandre Dulaunoy] + - [type] favicon-mmh3 is the murmur3 hash of a favicon as used in + Shodan. [Alexandre Dulaunoy] + - [misp-objects] updated to the latest version. [Alexandre Dulaunoy] + - Clarify misp_objects_template_custom. [Rapha??l Vinot] + - Add docstring for misp_objects_template_custom. [Rapha??l Vinot] + - Trigger GH actions on PR. [Rapha??l Vinot] + - Improve documentation of MISPAttribute.malware_binary. [Rapha??l Vinot] + - Remove trailing space. [Rapha??l Vinot] + - On-demand decryption of malware-binary, speeds up pythonify. [Rapha??l + Vinot] + - Force a few packages versions. [Rapha??l Vinot] + - Fix + - [dev mode only] force older jedi to avoid ipython exception. [Rapha??l + Vinot] + - Add python 3.9 in GH Actions. [Rapha??l Vinot] + - Do not fail if extract_msg is missing. [Rapha??l Vinot] + - Properly decode the body depending on the encoding of the email. + [Rapha??l Vinot] + Fix #671 + - Properly match IO in load event. [Rapha??l Vinot] + - Typing on recent mypy. [Rapha??l Vinot] + - Typing edge case. [Rapha??l Vinot] + - Add attribute dict as proposal. [Rapha??l Vinot] + - Other + - Noticed that test data mail_5.msg was malformatted. Replaced with + working test msg. [seamus tuohy] + - Updated emailobject. [seamus tuohy] + Email object no longer requires extra php libraries for install. + Tests have been expanded to improve coverage. + RTF encapsulated HTML and Plain Text will now be de-encapsulated. + The raw MSG binary will now be included in the extracted email object. + - Adding check if "from" is in the "received" header row. [nighttardis] + - Update `vmray_automation` to stay compatible with the changes made to + `vmray_import` MISP modules. [Jens Thom] ++++ 33 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/python-pymisp/python-pymisp.changes ++++ and /work/SRC/openSUSE:Factory/.python-pymisp.new.2378/python-pymisp.changes Old: ---- python-pymisp-2.4.135.3.tar.gz New: ---- python-pymisp-2.4.138.tar.gz python-pymisp-doc-rpmlintrc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-pymisp.spec ++++++ --- /var/tmp/diff_new_pack.yCBpWM/_old 2021-03-02 12:44:46.304319990 +0100 +++ /var/tmp/diff_new_pack.yCBpWM/_new 2021-03-02 12:44:46.308319994 +0100 @@ -1,7 +1,7 @@ # # spec file for package python-pymisp # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,9 +18,9 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} %define skip_python2 1 -%define misp_objects_revision c234a4b36dac02f4a6b0b800cf90b5bce404a474 +%define misp_objects_revision 2b1c3532dccad651f960ff71defdbc422c40ef0c Name: python-pymisp -Version: 2.4.135.3 +Version: 2.4.138 Release: 0 Summary: Python API for MISP License: BSD-2-Clause @@ -33,21 +33,28 @@ #Source: https://files.pythonhosted.org/packages/source/p/pymisp/pymisp-%%{version}.tar.gz # packaging tool Source2: update-misp-objects.sh +Source3: python-pymisp-doc-rpmlintrc BuildRequires: %{python_module setuptools} BuildRequires: fdupes BuildRequires: python-rpm-macros Requires: python-jsonschema +Requires: python-oletools Requires: python-python-dateutil Requires: python-requests +Recommends: python-extract-msg >= 0.28.0 Recommends: %{name}-doc Recommends: python-magic +Recommends: python-reportlab Suggests: python-pydeep BuildArch: noarch # SECTION tests BuildRequires: %{python_module Deprecated} BuildRequires: %{python_module jsonschema} +BuildRequires: %{python_module oletools} +BuildRequires: %{python_module pytest-runner} BuildRequires: %{python_module python-dateutil} BuildRequires: %{python_module python-magic} +BuildRequires: %{python_module reportlab} BuildRequires: %{python_module requests-mock} BuildRequires: %{python_module requests} # /SECTION @@ -92,7 +99,9 @@ %check export LANG=en_US.UTF-8 -%python_exec setup.py test +# requires optional dependencies which we don't have (extract_msg, RTFDE etc.) +rm tests/test_emailobject.py +%pytest %files %{python_files} %doc README.md ++++++ misp-objects.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/.github/workflows/nosetests.yml new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/.github/workflows/nosetests.yml --- old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/.github/workflows/nosetests.yml 1970-01-01 01:00:00.000000000 +0100 +++ new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/.github/workflows/nosetests.yml 2021-02-04 11:03:01.000000000 +0100 @@ -0,0 +1,35 @@ +name: Python application + +on: [push] + +jobs: + build: + + runs-on: ubuntu-latest + strategy: + matrix: + python-version: [3.6, 3.7, 3.8, 3.9] + + steps: + + - uses: actions/checkout@v2 + + - name: Set up Python ${{matrix.python-version}} + uses: actions/setup-python@v2 + with: + python-version: ${{matrix.python-version}} + + - name: Initialize submodules + run: git submodule update --init --recursive + + - name: Install system dependencies + run: | + sudo apt install jq moreutils + + - name: Install Python dependencies + run: | + python -m pip install --upgrade jsonschema + + - name: Test + run: | + ./validate_all.sh diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/README.md new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/README.md --- old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/README.md 2020-11-24 11:55:30.000000000 +0100 +++ new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/README.md 2021-02-04 11:03:01.000000000 +0100 @@ -1,6 +1,6 @@ # misp-objects -[](https://travis-ci.org/MISP/misp-objects) + MISP objects used in MISP (starting from 2.4.80) system and can be used by other information sharing tool. MISP objects are in addition to MISP attributes to allow advanced combinations of attributes. The creation of these objects @@ -136,6 +136,7 @@ - [objects/covid19-dxy-live-city](objects/covid19-dxy-live-city/definition.json) - COVID 19 from dxy.cn - Aggregation by city. - [objects/covid19-dxy-live-province](objects/covid19-dxy-live-province/definition.json) - COVID 19 from dxy.cn - Aggregation by province. - [objects/cowrie](objects/cowrie/definition.json) - Cowrie honeypot object template. +- [objects/cpe-asset](objects/cpe-asset/definition.json) - An asset which can be defined by a CPE. This can be a generic asset. CPE is a structured naming scheme for information technology systems, software, and packages. - [objects/credential](objects/credential/definition.json) - Credential describes one or more credential(s) including password(s), api key(s) or decryption key(s). - [objects/credit-card](objects/credit-card/definition.json) - A payment card like credit card, debit card or any similar cards which can be used for financial transactions. - [objects/crypto-material](objects/crypto-material/definition.json) - Cryptographic materials such as public or/and private keys. @@ -147,7 +148,7 @@ - [objects/diameter-attack](objects/diameter-attack/definition.json) - Attack as seen on diameter authentication against a GSM, UMTS or LTE network. - [objects/dns-record](objects/dns-record/definition.json) - A set of DNS records observed for a specific domain. - [objects/domain-crawled](objects/domain-crawled/definition.json) - A domain crawled over time. -- [objects/domain-ip](objects/domain-ip/definition.json) - A domain and IP address seen as a tuple in a specific time frame. +- [objects/domain-ip](objects/domain-ip/definition.json) - A domain/hostname and IP address seen as a tuple in a specific time frame. - [objects/elf](objects/elf/definition.json) - Object describing a Executable and Linkable Format. - [objects/elf-section](objects/elf-section/definition.json) - Object describing a section of an Executable and Linkable Format. - [objects/email](objects/email/definition.json) - Email object describing an email with meta-information. @@ -159,6 +160,7 @@ - [objects/facebook-post](objects/facebook-post/definition.json) - Post on a Facebook wall. - [objects/facial-composite](objects/facial-composite/definition.json) - An object which describes a facial composite. - [objects/fail2ban](objects/fail2ban/definition.json) - Fail2ban event. +- [objects/favicon](objects/favicon/definition.json) - A favicon, also known as a shortcut icon, website icon, tab icon, URL icon, or bookmark icon, is a file containing one or more small icons, associated with a particular website or web page. The object template can include the murmur3 hash of the favicon to facilitate correlation. - [objects/file](objects/file/definition.json) - File object describing a file with meta-information. - [objects/forensic-case](objects/forensic-case/definition.json) - An object template to describe a digital forensic case. - [objects/forensic-evidence](objects/forensic-evidence/definition.json) - An object template to describe a digital forensic evidence. @@ -218,6 +220,7 @@ - [objects/geolocation](objects/geolocation/definition.json) - An object to describe a geographic location. - [objects/git-vuln-finder](objects/git-vuln-finder/definition.json) - Export from git-vuln-finder. - [objects/github-user](objects/github-user/definition.json) - GitHub user. +- [objects/gitlab-user](objects/gitlab-user/definition.json) - GitLab user. Gitlab.com user or self-hosted GitLab instance. - [objects/gtp-attack](objects/gtp-attack/definition.json) - GTP attack object as seen on a GSM, UMTS or LTE network. - [objects/http-request](objects/http-request/definition.json) - A single HTTP request header. - [objects/ilr-impact](objects/ilr-impact/definition.json) - Institut Luxembourgeois de Regulation - Impact. @@ -357,6 +360,7 @@ - [objects/youtube-playlist](objects/youtube-playlist/definition.json) - A YouTube playlist. - [objects/youtube-video](objects/youtube-video/definition.json) - A YouTube video. + ## MISP objects relationships The MISP object model is open and allows user to use their own relationships. MISP provides a list of default relationships that can be used if you plan to share your events with other MISP communities. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/objects/authenticode-signerinfo/definition.json new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/authenticode-signerinfo/definition.json --- old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/objects/authenticode-signerinfo/definition.json 2020-11-24 11:55:30.000000000 +0100 +++ new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/authenticode-signerinfo/definition.json 2021-02-04 11:03:01.000000000 +0100 @@ -5,8 +5,20 @@ "misp-attribute": "text", "ui-priority": 0 }, + "digest-base64": { + "description": "Signature created by the signing certificate???s private key", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, "digest_algorithm": { - "description": "Digest algorithm", + "description": "Algorithm used to hash the file.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "encryption_algorithm": { + "description": "Algorithm used to encrypt the digest", "disable_correlation": true, "misp-attribute": "text", "ui-priority": 0 @@ -22,6 +34,12 @@ "misp-attribute": "text", "ui-priority": 0 }, + "serial-number": { + "description": "Serial number of the certificate", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, "signature_algorithm": { "description": "Signature algorithm", "disable_correlation": true, @@ -55,8 +73,9 @@ "name": "authenticode-signerinfo", "requiredOneOf": [ "url", - "program-name" + "program-name", + "issuer" ], "uuid": "965cb0aa-baf1-4cc6-9070-68f5c1698c1e", - "version": 1 + "version": 2 } \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/objects/crypto-material/definition.json new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/crypto-material/definition.json --- old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/objects/crypto-material/definition.json 2020-11-24 11:55:30.000000000 +0100 +++ new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/crypto-material/definition.json 2021-02-04 11:03:01.000000000 +0100 @@ -108,6 +108,11 @@ "misp-attribute": "text", "ui-priority": 1 }, + "public": { + "description": "Public part of the cryptographic materials in PEM format", + "misp-attribute": "text", + "ui-priority": 1 + }, "q": { "description": "Prime Parameter - Q in decimal", "disable_correlation": false, @@ -160,10 +165,11 @@ "generic-symmetric-key", "text", "private", + "public", "p", "q", "modulus" ], "uuid": "50677f82-ec9c-4484-bb29-2519cfe56823", - "version": 3 + "version": 4 } \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/objects/domain-ip/definition.json new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/domain-ip/definition.json --- old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/objects/domain-ip/definition.json 2020-11-24 11:55:30.000000000 +0100 +++ new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/domain-ip/definition.json 2021-02-04 11:03:01.000000000 +0100 @@ -16,6 +16,11 @@ "misp-attribute": "datetime", "ui-priority": 0 }, + "hostname": { + "description": "Hostname related to the IP", + "misp-attribute": "hostname", + "ui-priority": 1 + }, "ip": { "categories": [ "Network activity", @@ -56,13 +61,14 @@ "ui-priority": 1 } }, - "description": "A domain and IP address seen as a tuple in a specific time frame.", + "description": "A domain/hostname and IP address seen as a tuple in a specific time frame.", "meta-category": "network", "name": "domain-ip", - "required": [ + "requiredOneOf": [ "ip", - "domain" + "domain", + "hostname" ], "uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734", - "version": 8 + "version": 9 } \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/objects/email/definition.json new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/email/definition.json --- old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/objects/email/definition.json 2020-11-24 11:55:30.000000000 +0100 +++ new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/email/definition.json 2021-02-04 11:03:01.000000000 +0100 @@ -26,6 +26,7 @@ "description": "Body of the email", "disable_correlation": true, "misp-attribute": "email-body", + "multiple": true, "ui-priority": 1 }, "eml": { @@ -86,6 +87,12 @@ "misp-attribute": "email-mime-boundary", "ui-priority": 0 }, + "msg": { + "description": "Full MSG", + "disable_correlation": true, + "misp-attribute": "attachment", + "ui-priority": 1 + }, "received-header-hostname": { "description": "Extracted hostname from parsed headers", "misp-attribute": "hostname", @@ -204,7 +211,8 @@ "x-mailer", "return-path", "email-body", - "eml" + "eml", + "msg" ], "uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552", "version": 15 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/objects/favicon/definition.json new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/favicon/definition.json --- old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/objects/favicon/definition.json 1970-01-01 01:00:00.000000000 +0100 +++ new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/favicon/definition.json 2021-02-04 11:03:01.000000000 +0100 @@ -0,0 +1,30 @@ +{ + "attributes": { + "favicon": { + "description": "The raw favicon file.", + "misp-attribute": "attachment", + "ui-priority": 0 + }, + "favicon-mmh3": { + "description": "favicon-mmh3 is the murmur3 hash of a favicon as used in Shodan.", + "misp-attribute": "favicon-mmh3", + "ui-priority": 1 + }, + "link": { + "description": "The original link where the favicon was seen.", + "misp-attribute": "link", + "multiple": true, + "ui-priority": 0 + } + }, + "description": "A favicon, also known as a shortcut icon, website icon, tab icon, URL icon, or bookmark icon, is a file containing one or more small icons, associated with a particular website or web page. The object template can include the murmur3 hash of the favicon to facilitate correlation.", + "meta-category": "network", + "name": "favicon", + "requiredOneOf": [ + "favicon", + "favicon-mmh3", + "link" + ], + "uuid": "485892f1-a767-4e9b-b5f8-7f86d1308674", + "version": 1 +} \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/objects/file/definition.json new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/file/definition.json --- old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/objects/file/definition.json 2020-11-24 11:55:30.000000000 +0100 +++ new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/file/definition.json 2021-02-04 11:03:01.000000000 +0100 @@ -451,6 +451,7 @@ "description": "Free text value to attach to the file", "disable_correlation": true, "misp-attribute": "text", + "multiple": true, "recommended": false, "ui-priority": 1 }, @@ -496,5 +497,5 @@ "fullpath" ], "uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", - "version": 23 + "version": 24 } \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/objects/jarm/definition.json new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/jarm/definition.json --- old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/objects/jarm/definition.json 1970-01-01 01:00:00.000000000 +0100 +++ new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/jarm/definition.json 2021-02-04 11:03:01.000000000 +0100 @@ -0,0 +1,48 @@ +{ + "attributes": { + "jarm": { + "description": "JARM Hash of this implementation", + "misp-attribute": "jarm-fingerprint", + "ui-priority": 1 + }, + "reference": { + "description": "Reference to the tool matching this fingerprint", + "disable_correlation": true, + "misp-attribute": "link", + "ui-priority": 0 + }, + "scope": { + "description": "Scope of the tool", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0, + "values_list": [ + "Malicious - C2", + "Malicious - Client", + "Malicious - Unknown", + "Legitimate", + "Undefined" + ] + }, + "tls-implementation": { + "description": "SSL/TLS implementation matching this object", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "tool": { + "description": "Tool having this jarm fingerprint", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + } + }, + "description": "Jarm object to describe an TLS/SSL implementation used for malicious or legitimate use-case.", + "meta-category": "network", + "name": "jarm", + "requiredOneOf": [ + "jarm" + ], + "uuid": "8220ce60-ce3f-4be4-afa9-743f94ec37e0", + "version": 1 +} \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/objects/paste/definition.json new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/paste/definition.json --- old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/objects/paste/definition.json 2020-11-24 11:55:30.000000000 +0100 +++ new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/paste/definition.json 2021-02-04 11:03:01.000000000 +0100 @@ -25,6 +25,7 @@ "values_list": [ "pastebin.com", "pastebin.com_pro", + "pastebin.fr", "pastie.org", "slexy.org", "gist.github.com", @@ -41,6 +42,11 @@ "misp-attribute": "text", "ui-priority": 1 }, + "paste-file": { + "description": "Content of the paste in file", + "misp-attribute": "attachment", + "ui-priority": 0 + }, "title": { "description": "Title of the paste or post.", "misp-attribute": "text", @@ -65,5 +71,5 @@ "paste" ], "uuid": "cedc055c-78aa-49a4-bfd7-4cc30cecef12", - "version": 5 + "version": 6 } \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/objects/pe/definition.json new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/pe/definition.json --- old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/objects/pe/definition.json 2020-11-24 11:55:30.000000000 +0100 +++ new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/pe/definition.json 2021-02-04 11:03:01.000000000 +0100 @@ -1,5 +1,10 @@ { "attributes": { + "authentihash": { + "description": "Authenticode executable signature hash (sha256)", + "misp-attribute": "authentihash", + "ui-priority": 1 + }, "company-name": { "description": "CompanyName in the resources", "disable_correlation": true, @@ -131,5 +136,5 @@ "impfuzzy" ], "uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07", - "version": 6 + "version": 7 } \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/objects/report/definition.json new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/report/definition.json --- old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/objects/report/definition.json 2020-11-24 11:55:30.000000000 +0100 +++ new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/report/definition.json 2021-02-04 11:03:01.000000000 +0100 @@ -9,6 +9,12 @@ "misp-attribute": "text", "ui-priority": 1 }, + "link": { + "description": "Link to the report mentioned", + "misp-attribute": "link", + "multiple": true, + "ui-priority": 100 + }, "report-file(s)": { "description": "Attachment(s) that is related to the report", "misp-attribute": "attachment", @@ -30,8 +36,9 @@ "meta-category": "misc", "name": "report", "required": [ - "summary" + "summary", + "link" ], "uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df", - "version": 1 + "version": 2 } \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/objects/telegram-account/definition.json new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/telegram-account/definition.json --- old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/objects/telegram-account/definition.json 1970-01-01 01:00:00.000000000 +0100 +++ new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/telegram-account/definition.json 2021-02-04 11:03:01.000000000 +0100 @@ -0,0 +1,45 @@ +{ + "attributes": { + "first_name": { + "description": "First name", + "misp-attribute": "text", + "ui-priority": 1 + }, + "id": { + "description": "Telegram user identifier", + "misp-attribute": "text", + "ui-priority": 1 + }, + "last_name": { + "description": "Last name", + "misp-attribute": "text", + "ui-priority": 1 + }, + "phone": { + "description": "Phone associated with the telegram user", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 1 + }, + "username": { + "description": "Telegram username", + "misp-attribute": "text", + "ui-priority": 1 + }, + "verified": { + "description": "Verified", + "misp-attribute": "text", + "ui-priority": 1 + } + }, + "description": "Information related to a telegram account", + "meta-category": "misc", + "name": "telegram-account", + "requiredOneOf": [ + "id", + "phone", + "username" + ], + "uuid": "06f02ecf-5afb-42c5-9cb0-b362e222f52c", + "version": 2 +} \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/objects/trustar_report/definition.json new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/trustar_report/definition.json --- old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/objects/trustar_report/definition.json 2020-11-24 11:55:30.000000000 +0100 +++ new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/trustar_report/definition.json 2021-02-04 11:03:01.000000000 +0100 @@ -84,6 +84,12 @@ "multiple": true, "ui-priority": 1 }, + "THREAT_ACTOR": { + "description": "A string identifying the threat actor.", + "misp-attribute": "threat-actor", + "multiple": true, + "ui-priority": 1 + }, "URL": { "description": "A Uniform Resource Locator (URL) is a reference to a web resource that specifies its location on a computer network and a mechanism for retrieving it.", "misp-attribute": "url", @@ -95,5 +101,5 @@ "meta-category": "network", "name": "trustar_report", "uuid": "8ff46cf1-db04-4453-ba46-d004e1ef6b7a", - "version": 1 + "version": 2 } \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/objects/twitter-post/definition.json new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/twitter-post/definition.json --- old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/objects/twitter-post/definition.json 2020-11-24 11:55:30.000000000 +0100 +++ new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/twitter-post/definition.json 2021-02-04 11:03:01.000000000 +0100 @@ -12,6 +12,11 @@ "multiple": true, "ui-priority": 1 }, + "created-at": { + "description": "Datetime of Tweet publication", + "misp-attribute": "datetime", + "ui-priority": 0 + }, "embedded-link": { "description": "Link in the tweet", "misp-attribute": "url", @@ -73,6 +78,12 @@ "multiple": true, "ui-priority": 1 }, + "media": { + "description": "Media (Photos, videos) present in tweet", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 0 + }, "name": { "description": "Name of the account that posted this tweet.", "misp-attribute": "text", @@ -148,5 +159,5 @@ "attachment" ], "uuid": "d1214031-ce1b-4a35-bd33-644c707bda2e", - "version": 3 + "version": 5 } \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/objects/url/definition.json new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/url/definition.json --- old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/objects/url/definition.json 2020-11-24 11:55:30.000000000 +0100 +++ new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/url/definition.json 2021-02-04 11:03:01.000000000 +0100 @@ -35,6 +35,7 @@ "ip": { "description": "Better type when the host is an IP.", "misp-attribute": "ip-dst", + "multiple": true, "ui-priority": 0 }, "last-seen": { @@ -105,5 +106,5 @@ "resource_path" ], "uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5", - "version": 8 + "version": 9 } \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/objects/virustotal-report/definition.json new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/virustotal-report/definition.json --- old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/objects/virustotal-report/definition.json 2020-11-24 11:55:30.000000000 +0100 +++ new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/virustotal-report/definition.json 2021-02-04 11:03:01.000000000 +0100 @@ -5,6 +5,7 @@ "External analysis" ], "description": "Comment related to this hash", + "disable_correlation": true, "misp-attribute": "text", "multiple": true, "ui-priority": 2 @@ -32,6 +33,7 @@ "Other" ], "description": "First Submission", + "disable_correlation": true, "misp-attribute": "datetime", "ui-priority": 0 }, @@ -40,6 +42,7 @@ "Other" ], "description": "Last Submission", + "disable_correlation": true, "misp-attribute": "datetime", "ui-priority": 0 }, @@ -48,6 +51,7 @@ "External analysis" ], "description": "Permalink Reference", + "disable_correlation": true, "misp-attribute": "link", "ui-priority": 2 } @@ -59,5 +63,5 @@ "permalink" ], "uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", - "version": 3 + "version": 4 } \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/objects/yara/definition.json new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/yara/definition.json --- old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/objects/yara/definition.json 2020-11-24 11:55:30.000000000 +0100 +++ new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/objects/yara/definition.json 2021-02-04 11:03:01.000000000 +0100 @@ -7,6 +7,7 @@ }, "context": { "description": "Context where the YARA rule can be applied", + "disable_correlation": true, "misp-attribute": "text", "sane_default": [ "all", @@ -18,6 +19,7 @@ }, "version": { "description": "Version of the YARA rule depending where the yara rule is known to work as expected.", + "disable_correlation": true, "misp-attribute": "text", "sane_default": [ "3.7.1" @@ -43,5 +45,5 @@ "yara-rule-name" ], "uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", - "version": 4 + "version": 5 } \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/relationships/definition.json new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/relationships/definition.json --- old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/relationships/definition.json 2020-11-24 11:55:30.000000000 +0100 +++ new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/relationships/definition.json 2021-02-04 11:03:01.000000000 +0100 @@ -1019,6 +1019,13 @@ "name": "extends" }, { + "description": "Reprensents an object which writes towards another object or attribute", + "format": [ + "misp" + ], + "name": "writes" + }, + { "description": "Represents the semantic link of an asn object being ranked with a bgp-ranking object", "format": [ "misp" @@ -1117,5 +1124,5 @@ "name": "doxed-by" } ], - "version": 21 + "version": 22 } \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/schema_objects.json new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/schema_objects.json --- old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/schema_objects.json 2020-11-24 11:55:30.000000000 +0100 +++ new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/schema_objects.json 2021-02-04 11:03:01.000000000 +0100 @@ -82,6 +82,7 @@ "email-thread-index", "email-x-mailer", "eppn", + "favicon-mmh3", "filename", "filename|authentihash", "filename|impfuzzy", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/tools/list_of_objects.py new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/tools/list_of_objects.py --- old/misp-objects-c234a4b36dac02f4a6b0b800cf90b5bce404a474/tools/list_of_objects.py 2020-11-24 11:55:30.000000000 +0100 +++ new/misp-objects-2b1c3532dccad651f960ff71defdbc422c40ef0c/tools/list_of_objects.py 2021-02-04 11:03:01.000000000 +0100 @@ -3,7 +3,7 @@ # # # A simple converter of MISP objects to asciidoctor format -# Copyright (C) 2017-2019 Alexandre Dulaunoy +# Copyright (C) 2017-2021 Alexandre Dulaunoy # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as @@ -46,5 +46,5 @@ c = json.load(fp) if not c['description'].endswith('.'): c['description'] = c['description'] + "." - v = "- [objects/{}](objects/{}/definition.json) - {}".format(c['name'], c['name'], c['description']) + v = "- [objects/{}](https://github.com/MISP/misp-objects/blob/main/objects/{}/definition.json) - {}".format(c['name'], c['name'], c['description']) print(v) ++++++ python-pymisp-2.4.135.3.tar.gz -> python-pymisp-2.4.138.tar.gz ++++++ ++++ 5774 lines of diff (skipped) ++++++ python-pymisp-doc-rpmlintrc ++++++ addFilter("python-pymisp-doc.noarch: W: zero-length /usr/share/doc/packages/python-pymisp-doc/examples/feed-generator/output/empty") ++++++ update-misp-objects.sh ++++++ --- /var/tmp/diff_new_pack.yCBpWM/_old 2021-03-02 12:44:46.748320374 +0100 +++ /var/tmp/diff_new_pack.yCBpWM/_new 2021-03-02 12:44:46.748320374 +0100 @@ -3,3 +3,5 @@ version=$(awk '/^Version:/ {print $2}' python-pymisp.spec) revision=$(wget "https://github.com/MISP/PyMISP/tree/v$version/pymisp/data"; -O - | awk '/\/MISP\/misp-objects\/tree\//' | egrep -o "[[:alnum:]]{40}") sed -i "s/^\%define misp_objects_revision.*$/%define misp_objects_revision $revision/" python-pymisp.spec +rm misp-objects.tar.gz +osc service runall download_files
