Merge branch 'develop' of github.com:TheHive-Project/Cortex-Analyzers…

… into develop
TheHive-Project · Jun 18, 2018 · e719da3 · e719da3
2 parents 0f1e9b4 + 05b78fc
commit e719da3
Show file tree

Hide file tree

Showing 3 changed files with 67 additions and 42 deletions.
diff --git a/analyzers/MISP/MISP.json b/analyzers/MISP/MISP.json
@@ -5,38 +5,60 @@
   "url": "https://github.com/BSI-CERT-Bund/cortex-analyzers",
   "version": "2.0",
   "description": "Query multiple MISP instances for events containing an observable.",
-  "dataTypeList": ["domain", "ip", "url", "fqdn", "uri_path","user-agent", "hash", "email", "mail", "mail_subject" , "registry", "regexp", "other", "filename"],
+  "dataTypeList": [
+    "domain",
+    "ip",
+    "url",
+    "fqdn",
+    "uri_path",
+    "user-agent",
+    "hash",
+    "email",
+    "mail",
+    "mail_subject",
+    "registry",
+    "regexp",
+    "other",
+    "filename"
+  ],
   "baseConfig": "MISP",
   "command": "MISP/misp.py",
   "configurationItems": [
-      {
-          "name": "url",
-          "description": "URL of MISP servers",
-          "type": "string",
-          "multi": true,
-          "required": true
-      },
-      {
-          "name": "key",
-          "description": "API key for each server",
-          "type": "string",
-          "multi": true,
-          "required": true
-      },
-      {
-          "name": "cert_check",
-          "description": "Verify server certificate",
-          "type": "boolean",
-          "multi": false,
-          "required": true,
-          "defaultValue": true
-      },
-      {
-          "name": "cert_path",
-          "description": "Path to the CA on the system used to check server certificate",
-          "type": "string",
-          "multi": true,
-          "required": false
-      }
+    {
+      "name": "name",
+      "description": "Name of MISP servers",
+      "multi": true,
+      "required": false,
+      "type": "string"
+    },
+    {
+      "name": "url",
+      "description": "URL of MISP servers",
+      "type": "string",
+      "multi": true,
+      "required": true
+    },
+    {
+      "name": "key",
+      "description": "API key for each server",
+      "type": "string",
+      "multi": true,
+      "required": true
+    },
+    {
+      "name": "cert_check",
+      "description": "Verify server certificate",
+      "type": "boolean",
+      "multi": false,
+      "required": true,
+      "defaultValue": true
+    },
+    {
+      "name": "cert_path",
+      "description": "Path to the CA on the system used to check server certificate",
+      "type": "string",
+      "multi": true,
+      "required": false
+    }
   ]
 }
diff --git a/analyzers/MISP/misp.py b/analyzers/MISP/misp.py
@@ -12,7 +12,11 @@ def __init__(self):
         # Fixes #94. Instead of None, the string Unnamed should be passed to MISPClient constructor
         name = self.get_param('config.name', 'Unnamed')
         if self.get_param('config.cert_check', True):
-            ssl = self.get_param('config.cert_path', True)
+            ssl_path = self.get_param('config.cert_path', None)
+            if not ssl_path or ssl_path == '':
+                ssl = True
+            else:
+                ssl = ssl_path
         else:
             ssl = False
         try:

diff --git a/analyzers/MISP/mispclient.py b/analyzers/MISP/mispclient.py
@@ -44,29 +44,28 @@ def __init__(self, url, key, ssl=True, name='Unnamed', proxies=None):
                 if isinstance(ssl, list):
                     if isinstance(ssl[idx], str) and os.path.isfile(ssl[idx]):
                         verify = ssl[idx]
-                    elif isinstance(ssl[idx], str) and not os.path.isfile(ssl[idx]):
+                    elif isinstance(ssl[idx], str) and not os.path.isfile(ssl[idx]) and ssl[idx] != "":
                         raise CertificateNotFoundError('Certificate not found under {}.'.format(ssl[idx]))
                     elif isinstance(ssl[idx], bool):
                         verify = ssl[idx]
-                    else:
-                        raise TypeError('SSL parameter is a not expected type.')
+
                 # Do the same checks again, for the non-list type
-                elif isinstance(ssl, str):
-                    if os.path.isfile(ssl):
-                        verify = ssl
+                elif isinstance(ssl, str) and os.path.isfile(ssl):
+                    verify = ssl
+                elif isinstance(ssl, str) and not os.path.isfile(ssl) and ssl != "":
+                    raise CertificateNotFoundError('Certificate not found under {}.'.format(ssl))
                 elif isinstance(ssl, bool):
                     verify = ssl
-                else:
-                    raise TypeError('SSL parameter is a not expected type.')
                 self.misp_connections.append(pymisp.PyMISP(url=server,
                                                            key=key[idx],
                                                            ssl=verify,
                                                            proxies=proxies))
         else:
             verify = True
-            if isinstance(ssl, str):
-                if os.path.isfile(ssl):
-                    verify = ssl
+            if isinstance(ssl, str) and os.path.isfile(ssl):
+                verify = ssl
+            elif isinstance(ssl, str) and not os.path.isfile(ssl) and ssl != "":
+                raise CertificateNotFoundError('Certificate not found under {}.'.format(ssl))
             elif isinstance(ssl, bool):
                 verify = ssl
             self.misp_connections.append(pymisp.PyMISP(url=url,