From a52f1ffa59ed170533bf4a64bf3ebb90538c5680 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Leonard?= <jerome@thehive-project.org>
Date: Thu, 26 Jul 2018 07:57:48 +0200
Subject: [PATCH] #260 add attachments hashes information

---
 analyzers/EmlParser/parse.py               |  5 +++-
 thehive-templates/Eml_Parser_1_0/long.html | 28 ++++++++++++----------
 2 files changed, 20 insertions(+), 13 deletions(-)

diff --git a/analyzers/EmlParser/parse.py b/analyzers/EmlParser/parse.py
index a4dba65c2..65a41df96 100755
--- a/analyzers/EmlParser/parse.py
+++ b/analyzers/EmlParser/parse.py
@@ -5,6 +5,7 @@
 from cortexutils.analyzer import Analyzer
 import magic
 import binascii
+import hashlib
 from pprint import pprint
 
 class EmlParserAnalyzer(Analyzer):
@@ -84,6 +85,7 @@ def parseEml(filepath):
     #attachments
     try:
         for attachment in parsed_eml['attachment']:
+            sha256 = hashlib.sha256()
             attachmentSumUp = dict()
             attachmentSumUp['filename'] = attachment.get('filename', '')
 
@@ -92,7 +94,8 @@ def parseEml(filepath):
             #it has to be calculated, the attachment is in base64
             attachmentSumUp['mime'] = magic.from_buffer(binascii.a2b_base64(attachment['raw']))
             attachmentSumUp['extension'] = attachment.get('extension', '')
-
+            sha256.update(attachment['raw'])
+            attachmentSumUp['sha256'] = sha256.hexdigest()
             result['attachments'].append(attachmentSumUp)
 
     except KeyError as e:
diff --git a/thehive-templates/Eml_Parser_1_0/long.html b/thehive-templates/Eml_Parser_1_0/long.html
index 1291294fc..8ef0358fe 100644
--- a/thehive-templates/Eml_Parser_1_0/long.html
+++ b/thehive-templates/Eml_Parser_1_0/long.html
@@ -42,20 +42,24 @@
                 <div class="bm10">This message file includes
                     <ng-pluralize count="content.attachments.length" when="{'1': '1 attachment', 'other': '{} attachments'}"></ng-pluralize>
                 </div>
-                <table class="table table-hover">
+                <table class="table table-striped table-bordered">
                     <thead>
-                    <tr>
-                        <th>Filename</th>
-                        <th>Mime Type</th>
-                        <th>Extension</th>
-                    </tr>
+                        <tr>
+                            <th class="col-md-2" >Filename</th>
+                            <th >File information</th>
+
+                        </tr>
                     </thead>
-                    <tbody>
-                    <tr ng-repeat="a in content.attachments">
-                        <td class="wrap">{{a.filename}}</td>
-                        <td class="wrap">{{a.mime}}</td>
-                        <td>{{a.extension}}</td>
-                    </tr>
+                    <tbody ng-repeat="a in content.attachments">
+                        <tr>
+                            <td rowspan=2>{{a.filename}}</td>
+                            <td>[SHA256]: {{a.sha256}}</td>
+                        </tr>
+                        <tr>
+                            <td>
+                                {{a.mime}}
+                            </td>
+                        </tr>
                     </tbody>
                 </table>
             </dd>