#260 add attachments hashes information

TheHive-Project · Jul 26, 2018 · a52f1ff · a52f1ff
1 parent 6963e81
commit a52f1ff
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 13 deletions.
diff --git a/analyzers/EmlParser/parse.py b/analyzers/EmlParser/parse.py
@@ -5,6 +5,7 @@
 from cortexutils.analyzer import Analyzer
 import magic
 import binascii
+import hashlib
 from pprint import pprint
 
 class EmlParserAnalyzer(Analyzer):
@@ -84,6 +85,7 @@ def parseEml(filepath):
     #attachments
     try:
         for attachment in parsed_eml['attachment']:
+            sha256 = hashlib.sha256()
             attachmentSumUp = dict()
             attachmentSumUp['filename'] = attachment.get('filename', '')
 
@@ -92,7 +94,8 @@ def parseEml(filepath):
             #it has to be calculated, the attachment is in base64
             attachmentSumUp['mime'] = magic.from_buffer(binascii.a2b_base64(attachment['raw']))
             attachmentSumUp['extension'] = attachment.get('extension', '')
-
+            sha256.update(attachment['raw'])
+            attachmentSumUp['sha256'] = sha256.hexdigest()
             result['attachments'].append(attachmentSumUp)
 
     except KeyError as e:

diff --git a/thehive-templates/Eml_Parser_1_0/long.html b/thehive-templates/Eml_Parser_1_0/long.html
@@ -42,20 +42,24 @@
                 <div class="bm10">This message file includes
                     <ng-pluralize count="content.attachments.length" when="{'1': '1 attachment', 'other': '{} attachments'}"></ng-pluralize>
                 </div>
-                <table class="table table-hover">
+                <table class="table table-striped table-bordered">
                     <thead>
-                    <tr>
-                        <th>Filename</th>
-                        <th>Mime Type</th>
-                        <th>Extension</th>
-                    </tr>
+                        <tr>
+                            <th class="col-md-2" >Filename</th>
+                            <th >File information</th>
+
+                        </tr>
                     </thead>
-                    <tbody>
-                    <tr ng-repeat="a in content.attachments">
-                        <td class="wrap">{{a.filename}}</td>
-                        <td class="wrap">{{a.mime}}</td>
-                        <td>{{a.extension}}</td>
-                    </tr>
+                    <tbody ng-repeat="a in content.attachments">
+                        <tr>
+                            <td rowspan=2>{{a.filename}}</td>
+                            <td>[SHA256]: {{a.sha256}}</td>
+                        </tr>
+                        <tr>
+                            <td>
+                                {{a.mime}}
+                            </td>
+                        </tr>
                     </tbody>
                 </table>
             </dd>