From 48fdd5030b07e184bf0a74b6114eadbef4d56b44 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Tue, 11 Feb 2025 13:58:43 +0100 Subject: [PATCH 01/10] fix: [init] `onion_lookup` module added + clean-up of the list --- misp_modules/modules/expansion/__init__.py | 135 +++++++++++++++++---- 1 file changed, 114 insertions(+), 21 deletions(-) diff --git a/misp_modules/modules/expansion/__init__.py b/misp_modules/modules/expansion/__init__.py index e65f837f..529e05e9 100644 --- a/misp_modules/modules/expansion/__init__.py +++ b/misp_modules/modules/expansion/__init__.py @@ -3,27 +3,120 @@ sys.path.append('{}/lib'.format('/'.join((os.path.realpath(__file__)).split('/')[:-3]))) -__all__ = ['cuckoo_submit', 'vmray_submit', 'circl_passivedns', 'circl_passivessl', - 'cluster25_expand', 'countrycode', 'cve', 'cve_advanced', 'cpe', 'dns', 'btc_steroids', 'domaintools', - 'eupi', 'eql', 'farsight_passivedns', 'ipasn', 'passivetotal', 'sourcecache', 'virustotal', - 'shodan', 'reversedns', 'geoip_asn', 'geoip_city', 'geoip_country', 'wiki', 'iprep', - 'threatminer', 'otx', 'threatcrowd', 'vulndb', 'crowdstrike_falcon', - 'yara_syntax_validator', 'hashdd', 'onyphe', 'onyphe_full', 'rbl', - 'xforceexchange', 'sigma_syntax_validator', 'stix2_pattern_syntax_validator', - 'sigma_queries', 'dbl_spamhaus', 'vulners', 'yara_query', 'macaddress_io', - 'intel471', 'backscatter_io', 'btc_scam_check', 'hibp', 'greynoise', 'macvendors', - 'qrcode', 'ocr_enrich', 'pdf_enrich', 'docx_enrich', 'xlsx_enrich', 'pptx_enrich', - 'ods_enrich', 'odt_enrich', 'joesandbox_submit', 'joesandbox_query', 'urlhaus', - 'virustotal_public', 'apiosintds', 'urlscan', 'securitytrails', 'apivoid', - 'assemblyline_submit', 'assemblyline_query', 'ransomcoindb', 'malwarebazaar', - 'lastline_query', 'lastline_submit', 'sophoslabs_intelix', 'cytomic_orion', 'censys_enrich', - 'trustar_enrich', 'recordedfuture', 'html_to_markdown', 'socialscan', 'passive_ssh', - 'qintel_qsentry', 'mwdb', 'hashlookup', 'mmdb_lookup', 'ipqs_fraud_and_risk_scoring', - 'clamav', 'jinja_template_rendering', 'hyasinsight', 'variotdbs', 'crowdsec', - 'extract_url_components', 'ipinfo', 'whoisfreaks', 'ip2locationio', 'stairwell', - 'google_threat_intelligence', 'vulnerability_lookup', 'vysion', 'mcafee_insights_enrich', - 'threatfox', 'yeti', 'abuseipdb', 'vmware_nsx', 'sigmf_expand', 'google_safe_browsing', - 'google_search', 'whois', 'triage_submit', 'virustotal_upload', 'malshare_upload', 'convert_markdown_to_pdf' ] +__all__ = [ + 'cuckoo_submit', + 'vmray_submit', + 'circl_passivedns', + 'circl_passivessl', + 'cluster25_expand', + 'countrycode', + 'cve', + 'cve_advanced', + 'cpe', + 'dns', + 'btc_steroids', + 'domaintools', + 'eupi', + 'eql', + 'farsight_passivedns', + 'ipasn', + 'passivetotal', + 'sourcecache', + 'virustotal', + 'shodan', + 'reversedns', + 'geoip_asn', + 'geoip_city', + 'geoip_country', + 'wiki', + 'iprep', + 'threatminer', + 'otx', + 'threatcrowd', + 'vulndb', + 'crowdstrike_falcon', + 'yara_syntax_validator', + 'hashdd', + 'onyphe', + 'onyphe_full', + 'rbl', + 'xforceexchange', + 'sigma_syntax_validator', + 'stix2_pattern_syntax_validator', + 'sigma_queries', + 'dbl_spamhaus', + 'vulners', + 'yara_query', + 'macaddress_io', + 'intel471', + 'backscatter_io', + 'btc_scam_check', + 'hibp', + 'greynoise', + 'macvendors', + 'qrcode', + 'ocr_enrich', + 'pdf_enrich', + 'docx_enrich', + 'xlsx_enrich', + 'pptx_enrich', + 'ods_enrich', + 'odt_enrich', + 'joesandbox_submit', + 'joesandbox_query', + 'urlhaus', + 'virustotal_public', + 'apiosintds', + 'urlscan', + 'securitytrails', + 'apivoid', + 'assemblyline_submit', + 'assemblyline_query', + 'ransomcoindb', + 'malwarebazaar', + 'lastline_query', + 'lastline_submit', + 'sophoslabs_intelix', + 'cytomic_orion', + 'censys_enrich', + 'trustar_enrich', + 'recordedfuture', + 'html_to_markdown', + 'socialscan', + 'passive_ssh', + 'qintel_qsentry', + 'mwdb', + 'hashlookup', + 'mmdb_lookup', + 'ipqs_fraud_and_risk_scoring', + 'clamav', + 'jinja_template_rendering', + 'hyasinsight', + 'variotdbs', + 'crowdsec', + 'extract_url_components', + 'ipinfo', + 'whoisfreaks', + 'ip2locationio', + 'stairwell', + 'google_threat_intelligence', + 'vulnerability_lookup', + 'vysion', + 'mcafee_insights_enrich', + 'threatfox', + 'yeti', + 'abuseipdb', + 'vmware_nsx', + 'sigmf_expand', + 'google_safe_browsing', + 'google_search', + 'whois', + 'triage_submit', + 'virustotal_upload', + 'malshare_upload', + 'convert_markdown_to_pdf', + 'onion_lookup', +] minimum_required_fields = ('type', 'uuid', 'value') From ab94e11c87af6eb14c526372a5d264e96662a2c1 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Tue, 11 Feb 2025 14:17:45 +0100 Subject: [PATCH 02/10] fix: [onion_lookup] add a `name` field to the module info --- .../modules/expansion/onion_lookup.py | 22 +++++++++++-------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/misp_modules/modules/expansion/onion_lookup.py b/misp_modules/modules/expansion/onion_lookup.py index 0d845ee5..f0621a60 100644 --- a/misp_modules/modules/expansion/onion_lookup.py +++ b/misp_modules/modules/expansion/onion_lookup.py @@ -14,22 +14,24 @@ # 'url', # Any other Attribute type... ], - 'format': 'misp_standard' + 'format': 'misp_standard', } moduleinfo = { 'version': '1', + 'author': 'Sami Mokaddem', + 'name': 'Onion Lookup', 'author': 'MISP', - 'description': 'MISP module using the MISP standard. Uses the onion-lookup service to get information about an onion', + 'description': 'MISP module using the MISP standard. Uses the onion-lookup service to get information about an onion.', 'module-type': [ # possible module-types: 'expansion', 'hover' or both 'expansion', - 'hover' - ] + 'hover', + ], + 'references': ['https://onion.ail-project.org/'], } # config fields that your code expects from the site admin -moduleconfig = [ -] +moduleconfig = [] def getDetails(onion_address): @@ -47,6 +49,8 @@ def getDetails(onion_address): ], } ''' + + def createObject(onion_details): misp_object = MISPObject('tor-hiddenservice') misp_object.comment = 'custom-comment2' @@ -62,7 +66,6 @@ def createObject(onion_details): return misp_object - def enrichOnion(misp_event, attribute): onion_address = attribute['value'] onion_details = getDetails(onion_address) @@ -85,7 +88,9 @@ def handler(q=False): # Input sanity check if not request.get('attribute') or not check_input_attribute(request['attribute']): - return {'error': f'{standard_error_message}, which should contain at least a type, a value and an uuid.'} + return { + 'error': f'{standard_error_message}, which should contain at least a type, a value and an uuid.' + } attribute = request['attribute'] # Make sure the Attribute's type is one of the expected type @@ -112,4 +117,3 @@ def introspection(): def version(): moduleinfo['config'] = moduleconfig return moduleinfo - From 1696b1589d104793b4b7f205a696107c9c58a035 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Tue, 11 Feb 2025 14:22:56 +0100 Subject: [PATCH 03/10] chg: [onion_lookup] logo added --- misp_modules/modules/expansion/onion_lookup.py | 1 + 1 file changed, 1 insertion(+) diff --git a/misp_modules/modules/expansion/onion_lookup.py b/misp_modules/modules/expansion/onion_lookup.py index f0621a60..17dcc89a 100644 --- a/misp_modules/modules/expansion/onion_lookup.py +++ b/misp_modules/modules/expansion/onion_lookup.py @@ -28,6 +28,7 @@ 'hover', ], 'references': ['https://onion.ail-project.org/'], + 'logo': 'onion.png' } # config fields that your code expects from the site admin From 5a6511797d683840492f97d00241c7a411e4f454 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Tue, 11 Feb 2025 14:29:20 +0100 Subject: [PATCH 04/10] chg: [onion_lookup] updated --- documentation/logos/onion.png | Bin 0 -> 8979 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 documentation/logos/onion.png diff --git a/documentation/logos/onion.png b/documentation/logos/onion.png new file mode 100644 index 0000000000000000000000000000000000000000..6516977be38ecca7e264361cf6b027e652392c4c GIT binary patch literal 8979 zcmZ{K1yGwo*KPs<0tJc{DDDsl?(W6itw@Wc#R(2A5~R2UcL|i1LZK8W?(Vb=E`=h+ zp%f_gr{CO}``v%$PO{m&yU)sd&c5e7=Ol0Rb=8OnXb1oR0Fj2eiXo=9`&YoYn9m>C z{t}o9;M3%Yyg1D zGrz?^2GfD-prxh)xc~PmZm&$owBUQHTlfF~#C`t?FoTDf7So6a*U(YL+abUsA|cbq z+n~oRQlX)uXdJL`P~ab8W0rB$8C>M!ZiY7b9OpJ)&vvo$e6V~$mz9mJ>j68C5_N#` zuz<%(-bMJjpz@Y-&U$y(*fXwS1Q`|(E4+_QA@-nI{L4^1+hQ7Y_}9-r!4t1u=Li4f z8P#R8NtZuVvWlqRCADu4-fB1~H3});WiCI0u^TZMkV_uU{Ff&7+yDu~s+aBRs z5Pw0wus8~md@=j4=`)7H?J9Fckgou{k&o;fsD_8&HEOidE6g35UQ8dRbU%r?j z%~h}FlJDle33HW_1CqSUM*0IxM2iI4os24M%*qF<{&I1 zH4@8#sSO^Yd-N++Jy61Qr)Yry_L64{pN2&!-t!|2jPOo4xi7;A0;ml3~wWb z*$6-}C_BrwPJk_Ru{9PRRrQw3X?I3)C%W+6na{^>Q%LbXquelL?3R!#YeGtd`Rjz0 zgJpHdd;^RW=PHM~FRVnHE5wf+5>+~n*ru#isU3?n&g){?k=3l?_6_=KRQ4~oCg8EKC_QN*3sS0m* zyAd(~6M_qe0Z)jI7~2L7_^2Jfln-xQY9z}V<%{r?*!M23hB8`Mz_?KGwa6}l>=yi7 zh=zjZ`2DjkOJ>lwZ>Y;QccdW~%DlZLPBq@io?X+JPFI>dr=Vb>Z6s~;gA=f*Pi(}9 z%qS@gag5Wr@>&Igy1so}Z7uk4wqBoLX10CF>-ra|5+I)#8-mlqXHi#5mNlDdoxO}N zgGFuRMX3$JG6XeHUap4OLgw^aQ!v|$=mu*-GI5P zZ@3)8-P-P@#Yi3Ar3yHL)k(*c)-;M2>M5dd=9hf8X)G;UW1l<=kkM^)w^4Pf@GxGO zPR$0Ux+L^OxQcz{Q@5d_z_JC1nP-Zk_PdcxOsY(0;k8(MfO3i@ufZ3X1?XhvVjV4v z%`)oTbwsJM2ESMn!);h;-jpC6_A*TD@zpMUaYjH&I`wXg!U&m$g4)Zf}${c!d(LHpz{!W zPZUZwp03%iEo#B)Euy&7UMoTx z-V=`Hi++mD-zU_bbZigRI;5uPPiY^yeS_+EBTL$(>x@R@=6Mi&Y@!>}y(G&{}k`jq%K)rb1~X z-+pMjo<(NR(z<|9<4R-FPp$XVbc88|TkEMY;zl+$(T*?L>h?gPx5^lG*4uTD3AWgR z-*C`3TNA(I9!)Vcd|jW>UBZ-Ee|$X~c+-1S+B`HlvFuA%^Ky+*{zBrYWBZAC+5h52f4RR) z3|YGs-|!0DIeK%N=pm~%c*VdFa6#lc_t9=_1z_W|_EiR~!$|@@Ipt}krXj9>Wkb}j z`h|;~i=UU7Cb7=vf>bwOrZ-L1C-5@TKQ(phr?Js{I%+yT9Cr$(O>F13ryjNFJrn$G zyTAVog4Y*ob;w!xL!fOv^yT|r`^y(-zV);FJ%cTi%(G3iqKb}n=pOppv3OCSc;Fp$ zDGBbkFEe5!ACj7&&B%Cld@#l}L2u-}^Hp{ymmDNPPkeV=*`6;qs~Bh@r6s<1qvp~EN+wh}3T5;V zr2L4dj$-jBK_$sK51J^G<0ADVO1rp<6Ybg=o;(MBb#3l%)| zb4NCC-eQ-oM!G+>EHS&nLHPiSPM1iB+QrcM&zM6wa(^Wl*;1AWfLh5stej=y=Z{(V z9A8zHtD!duaNBMPsepZ;RDyygxKNgyi(=X|KnU~Z1(xk+=w}vjPUYaWj=X^VRR4N! z3!)Vf{?PWwkn=tH&0xJ-ny`l*_mm8QJ7P2KyAr;PhQAQXq<6Q{lRj(uvb5rSKRSZN z6E?BZQj~gOmnl@dBl+%Bxg1x$FRxu-vXl9e!r6KGI5Tf5UK)?*X)uvE9Nm%ANzH`y z3Ya%|5=YmR?9qI3&iZJ7OD5yai8(3_>+5T-%zZ)3D)OEVLMAiiBq=1XXpZsM&NQnY ze>)qwy4<+%8q7Q|uMF1EyO>6c_hogQViyK&sRC9mR{W3al2=syoEmvUO2UyMB8|tG z$61SuZe5wNEvi4Bd*Cgjvd{Y0I@`(!G=J?@|c!-FtByNDnS4!>6wt z?e4jH1oyx2IX>3-!}v~3^WU}K({97d8JTMHr@c#YWVyMM)6?_m*bb2-=3Vx+Xxaio zvYK3sUlk6UG3Ut0>D5q~)$qt^$&-TzGa1b46Lhk1ltSLRCuMvpgr*i2e9OQ$IX zOqGWlT_h#qCn^{i?^IU$hb;#udo`ls`{SJq%(HR8i|$;imMvM1T3dn=)NA@S*uf9; zndp-0pL?NnBI=uZ|DM%be6EiU@3zy~V$Ld2F7^d$YdIbbqpJdwf%ShrsN$jPXlk3}Z`T^>1kYf~wM2wix1~&BfI~ z2FTj9TBAU1{qwP3=#np9E*>2?3c~OaO@cZ9HPE15zEgli--75ji2|Bj5we>1Jy~0h z{q@`!zl!%z)Dv^sotB>O{s@#Pz{jqofbGheLf<dXAO5)#$V2B^^`Kh1lb=X=?eKVX?x{!$%@E8`ElHXUEEU8W$CdD-)`$ z=8*p6!qA*7+rY?Qzl0d>rra(=YNmgwsar==K~{cf6QhPkGza&5&bANmV6HMTt3}-r zSHcG7)H5(nS7gtIZ=I{gqjgWjE#97Fzz&;kO!rKG#!iczw|p{s9P{<}Z(`5=fb`ya zb2bpK!g5B-TXGI2cGG&Y%Ur{E@Y@B|kejlL#Dp8R#`gNWqmX+u1gpWyb)k;T-CRL= z<$Mq0^c5AGmcPIJ{pono)WY}S))kA_i|dPX0_JyN zvI>hCDFXIbWbxH>`yYFvB_FYe{MvY^Z)z#Q5&~iORm;0Xd&p_2IrEEmJi~u|mgAqE zmmZ~cVY3kMB8}dIZYx-?J#2FOM_uxgq6KV)`e?8uSfJsAN{*Ho55>=) zQY>`MgbA*LuWlgAsIPfz5|oP$xaqz4=&d>)TZ|z2{fFoua~LdP<;;<8Lg>Bv@syiK z%X3#QVRXlRR^+N%nEw=`I*X3BG`v;++3cxL6sHlbQct;5b(3tkZvXy?%y-*$P#o7D z8FBUY9ha<6(_KKk8xbN#7nB~FvtkUmc~cPZan5d;`q1PkhwS+1o-{FOl8Q3{^TJ2j zGW_uf9(*-3Kr+^$|I)_{vurQX#_6f+^um8dVYN=21k5=8u2qibBRFv1^RrLew$2hHEH$NlA9i-)dE-aE z{FFHv#)Cj6oCj%Rt}c%5B0Raq`adVqpzV_yimT= zvk7UBt^>bBu%_m49r?J-{d;umppJX1FZ)aMSEdx|g{bUtbA0?HbWugsm&E*hxGA(q zdf*%+ed0YI-1Zn6wOZ7Fd$FvYJK38=uO=DNjIZDK!~Sc(pu3}&@&Osc?UW65^u(vh z+d{Y6Lx%P(BZB0?alDnLjMEt<=%^*QjW&gR7@`fwMPePL8M+)b+e`XzJ0+CkMUjB8 zm|y*gm!I-GlrcFQX}+HD#qe@6*}6BkGx`<%9k+vzsR;#w{YZsJAMmFKe2MdsKsr1- zAfx2Z)iS#PEH)mnQpS@um1djXl)gM*y9++-%%BzjP+ZwmbbmRy4Rez%lF8vwtX9<- zhaS#Z#v=`}54-tLMb=n`)XR1dlY;F@huHx~D(eOiF!&Gs_BnmbNr3fIC^{%E&RbCf zw2&?1K7xl2QlgWY33G%{^5&~PiFQu-o2sN7%!5AT1rLpmJDl;poboN8mrkDk{vErA z#XXuoFw|X_17jT@3dfzzw;xGN%HDHlO13bzl=xu$CI#iDgT*`CInUIwn!+%Ub=Nr8 zPs`@w2#cSpWrRmvYXbajmr@v#0<|^G(U)zkEJ3=_@~J7PIX|q_{k(P}k!@=v$8n5X zjDPz}d>Owx`dlm9V1IjT{)|o{fPkd0nk%zK*P^7Gr0|74BtT!c0be zPLQo}UgvM8G)Tk71dfjeAuJ#Yo_?X2Uc0NAz~8?6$<}H#J>9DGUSks`3$YJ@?4~arKYYvrzKqYjIK7UlazFPE%(J z34WMkufgjT2*8k<95V~u-YV07dUhDtC_CK!)BM(^iMn!D0g`FY_(4VzRIZKE)E5>K zp3N3-+K;$FFp&_}9ei8H#7-71&xzwHO^PYhtFU`Gm?%4cV4&Mn6+k?ps30~bUqG2ws^s)~? zP-}ffU0n_gondPnPEsS%d5&w$jgpDFlEkpRWSUzdB3_Iv$!gL46||XaXDv^jye6AA zze!UY>T~eY75z*mt}`-vc5=03ErY|?fi_VDQ;yX#@yx1OSv}Dq06-FitPVN-3mA%*=!kDl@X;LK?)+OF2L& zE}r4ak4#x5B>Vjl1^hoS$fXr+%kqfeB|fGbd!l*m4jYxmsrxbwe;so~2}HV?lMbNG7x}5=r)k zE}dIMCtm$`sflw$*IhU>CTa-`%*hIA*4cVaTI?xRfQi7=fCt+_v8o$kEe)JV1nTWO zDC02W&F8I)P@>b^*b)}SFI!fpThCQShc-+!)5xwACeqQm=4OVPR+1okNPp=SDq6&ij2JG4^*9Qfq`Dx@ zLmFs)9Wk3=1szE5$t?#wOVvy1q{(^z%nhN6xI`TmTVD+vCU4C+)kcc3d?m* z)DhZ9Lqa0FG-jlol2iH<1&W;O2Co|SkcU1zCARu{7Qy`YMaBIi~s$H3`3A| z$%Eilq=N)WPXknj!P%kdn%cr9{h4z@UuH$XQlB;-+3JfiZq=aNtU#a9*gQ&3-9k*D z9!}Et!)wC-oZZ>L|33@SNhB&2NTXE+C>WTTs0q>w*V%c5$6p1Eq^4ylanZ5UBrare zfujx*{dFtDD{S6L{up5?_6Rq)FfQw8hrpF99sUr)Z8luB@WK^_lAMWRBzziK1M_C_ zb8KXRkf4)nBnyTs^?&)}zKC(UzXx4dKobARYo2jzQT>cVq&kfl5&v?C1zFuNCc(s*W`yC9v*Hc zt073n+e5K2hBFyv3BtCAYOQ-ot6{lpJpK@Fm+b=0%*GKTuc|ccpap^1sW5U^YfSxr4nKMAs8Xd;iXCrKOt$CNcR`Jd#i zy6FW4)N(u*<3%A{j9H!F8o&0BEl$@W6sL_hXwlAFyP_o+~Hx;3D4v>(juP4S~efAyvhv?g8AvW*+ z_|gYAzaj#HdI37WuYPU7PIVDo8TV2cP3r~S&uhK=To(~{{O(V4?A#l#vVN)eH8t3?j@k6B_(M`{3d5;qjua#<6c>VtIzivR zAqVrA+1tofOE>ak;>zQ|f1Yo5f4{Yy$3=$&NboO3)8vs7aRVLEJTuTN(RgMp#zdLu zwQ0^;XD$<{VEjypva<>LvZr>s;Fw1K1fT^um-%C_*_u&5*VrCI&R9(j1`{wd7 zOX^&B$c4K`#jmv8?So@MGfCKmA9=CBJ>uEG0V>?iy8!yY*6&X#GT+v0@PUDXKAz8f>vUm zzuMAKQIb$wv6$znhgLxfZ>I0}CvBPOl9&*410dN#trb7AzZAd@R+Pl|rKRrKN!PMU zXF&X=gh{I1t8;B{A0bJf#&nz3y+H~`$k#cto;OP1zt=GVC;rmlD3)q#1C7AIaGR@R z)BX-6lH~rYb-kw!lO4~%%!}cb;m6-vhRjqI2+m@{`LRQ5J>+}*JMXPpg8$aVb~?tI zK~!NHz_a(xq~Iq3fs1ldQhx{Eer$e3e^K26*Ta!skr<;5PD;z!-S}>mx#1^GeqP~` zCQE@8^+TNBZM#+e^3k-*5=F#4mS5Lp50OXodp=PxZsc&FBasx~4pffDiQrdi<+ z^<@Yq!@n8H*o>1k>UHIP1%i3a{%GPqSbK2)yQrbjml-vOdm}p)Ec(uQ2CUA^OiYJS zekO{tNN#plDx^HsTt?S4^Wep=g{WVR51c~?L?FY%6KiuPPBb)Dj~R&T?CzlXx_Hqg zi7bj}I&xhD?zKVr<$;HHd*bD&;LAO|w)EUz-thH4Sim6eIs%|GGb`LRJJ~jrZX24L z`TcCT|9fRP`S2?}d@MutSU_u3u?~3a_c_rvgG_)Xoy1hvmn6QPY48Zvs3FFwU~&Yv z*vcYBFz3~9@~`wSODmnjCMM)WY|6adt89LhYQSxh-hSHD9rRMv{BtNha36RY42S>m zoK4jF_lv>Cd4Q*+P)e@*wl4|*se`Iwa(1mH96FMhu1yq0<$bjxH&Ffw{t^}(jA z6vrpW#Pmr}uDHQ6RYiMyeA!^$+~;jBwPaC22?_=9G!NoZ@Q;OGqNnfENm0%<7MA?E zN+x$)F>cfrw<;x9O#SL@JV{>^i6TOR(~j|&=A#9~SI@~Q_p&Rp>7(Nr_mVp&UslrO zcF($iC+%+5Dg**xmi#u?v)y?~|Mc%IE#OvRt{%xam9LAPy!d8zmwH~GnlSp{Z8Zvs zEHwk4IImrIi7`p!M09R}tW^+wa)?%ulb?ffHDlV~EjmA%T6*xaqn@i=!x!n9O>sr*r%l7&+}P`6BpVA3XLul#7UPw;!zi1I!B( z)vTIVNHUbD(=nvjAy>*D_;X~dV=WIzm;SYCip3F!jQBp^MTIoHaLI+6j`KVl-7>*M zP8#m+xb98ZMU$%0;@DZEF$%17NmF0H4xI7dq!!)XWR#<4;zFHv9)3hav06R3#ZNLa zFKqzQIV(7XUQs1cZyZKQ0hmC)S5E$~!Kk6IHD6?XJ=PX_?D_XGC2t?$gy*kU~aFT-MxKR8g;ScsJ9n#5{y z?O7Jec=Grhu%fYMAVC0SfF|S{6w&O&z4<~Ag&$_{sXNkb%A-pz?6Wl_!LwVT3#-4jDS~l*$0{*ireouF2`Fc~`|22<}F$M(?6c>^Z z77&vZ6Fn?;p1?pJ{?|N4upmc(fRYljRBj*BW%^%TCWaaSCzz`v=GOV$+~KYs&iqdH zez0dA?mqngSLFP{f+9k~f Date: Tue, 11 Feb 2025 14:34:04 +0100 Subject: [PATCH 05/10] chg: [doc] updated --- README.md | 1 + documentation/README.md | 12 ++++++++++++ documentation/mkdocs/expansion.md | 12 ++++++++++++ documentation/mkdocs/index.md | 1 + 4 files changed, 26 insertions(+) diff --git a/README.md b/README.md index 70310a39..10a0d10a 100644 --- a/README.md +++ b/README.md @@ -99,6 +99,7 @@ For further Information see the [license file](https://misp.github.io/misp-modul * [OCR Enrich](https://misp.github.io/misp-modules/expansion/#ocr-enrich) - Module to process some optical character recognition on pictures. * [ODS Enrich](https://misp.github.io/misp-modules/expansion/#ods-enrich) - Module to extract freetext from a .ods document. * [ODT Enrich](https://misp.github.io/misp-modules/expansion/#odt-enrich) - Module to extract freetext from a .odt document. +* [Onion Lookup](https://misp.github.io/misp-modules/expansion/#onion-lookup) - MISP module using the MISP standard. Uses the onion-lookup service to get information about an onion. * [Onyphe Lookup](https://misp.github.io/misp-modules/expansion/#onyphe-lookup) - Module to process a query on Onyphe. * [Onyphe Full Lookup](https://misp.github.io/misp-modules/expansion/#onyphe-full-lookup) - Module to process a full query on Onyphe. * [AlienVault OTX Lookup](https://misp.github.io/misp-modules/expansion/#alienvault-otx-lookup) - Module to get information from AlienVault OTX. diff --git a/documentation/README.md b/documentation/README.md index dda43286..39013b73 100644 --- a/documentation/README.md +++ b/documentation/README.md @@ -1740,6 +1740,18 @@ Module to extract freetext from a .odt document. ----- +#### [Onion Lookup](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/onion_lookup.py) + + + +MISP module using the MISP standard. Uses the onion-lookup service to get information about an onion. +[[source code](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/onion_lookup.py)] + +- **references**: +>https://onion.ail-project.org/ + +----- + #### [Onyphe Lookup](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/onyphe.py) diff --git a/documentation/mkdocs/expansion.md b/documentation/mkdocs/expansion.md index 58ba8238..7a1cf9c4 100644 --- a/documentation/mkdocs/expansion.md +++ b/documentation/mkdocs/expansion.md @@ -1737,6 +1737,18 @@ Module to extract freetext from a .odt document. ----- +#### [Onion Lookup](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/onion_lookup.py) + + + +MISP module using the MISP standard. Uses the onion-lookup service to get information about an onion. +[[source code](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/onion_lookup.py)] + +- **references**: +>https://onion.ail-project.org/ + +----- + #### [Onyphe Lookup](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/onyphe.py) diff --git a/documentation/mkdocs/index.md b/documentation/mkdocs/index.md index 597c4e7d..171740b0 100644 --- a/documentation/mkdocs/index.md +++ b/documentation/mkdocs/index.md @@ -78,6 +78,7 @@ For more information: [Extending MISP with Python modules](https://www.misp-proj * [OCR Enrich](https://misp.github.io/misp-modules/expansion/#ocr-enrich) - Module to process some optical character recognition on pictures. * [ODS Enrich](https://misp.github.io/misp-modules/expansion/#ods-enrich) - Module to extract freetext from a .ods document. * [ODT Enrich](https://misp.github.io/misp-modules/expansion/#odt-enrich) - Module to extract freetext from a .odt document. +* [Onion Lookup](https://misp.github.io/misp-modules/expansion/#onion-lookup) - MISP module using the MISP standard. Uses the onion-lookup service to get information about an onion. * [Onyphe Lookup](https://misp.github.io/misp-modules/expansion/#onyphe-lookup) - Module to process a query on Onyphe. * [Onyphe Full Lookup](https://misp.github.io/misp-modules/expansion/#onyphe-full-lookup) - Module to process a full query on Onyphe. * [AlienVault OTX Lookup](https://misp.github.io/misp-modules/expansion/#alienvault-otx-lookup) - Module to get information from AlienVault OTX. From 0e24228a09d0fe1a5df09ef601ed59c20e8d35f3 Mon Sep 17 00:00:00 2001 From: Christian Studer Date: Wed, 12 Feb 2025 12:00:00 +0100 Subject: [PATCH 06/10] chg: Removed STIX 2 to MISP conversion script & added misp-stix library requirement --- misp_modules/lib/stix2misp.py | 2080 ------------------------- misp_modules/lib/stix2misp_mapping.py | 460 ------ pyproject.toml | 3 +- 3 files changed, 2 insertions(+), 2541 deletions(-) delete mode 100644 misp_modules/lib/stix2misp.py delete mode 100644 misp_modules/lib/stix2misp_mapping.py diff --git a/misp_modules/lib/stix2misp.py b/misp_modules/lib/stix2misp.py deleted file mode 100644 index 0e92aed1..00000000 --- a/misp_modules/lib/stix2misp.py +++ /dev/null @@ -1,2080 +0,0 @@ -#!/usr/bin/env python3 -# -*- coding: utf-8 -*- -# Copyright (C) 2017-2018 CIRCL Computer Incident Response Center Luxembourg (smile gie) -# Copyright (C) 2017-2018 Christian Studer -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . - -import sys -import json -import os -import time -import io -import pymisp -import stix2misp_mapping -from collections import defaultdict -from copy import deepcopy -from pathlib import Path -_misp_dir = Path(os.path.realpath(__file__)).parents[4] -_misp_objects_path = _misp_dir / 'app' / 'files' / 'misp-objects' / 'objects' -_misp_types = pymisp.AbstractMISP().describe_types.get('types') -from pymisp import MISPEvent, MISPObject, MISPAttribute - -_scripts_path = Path(__file__).resolve().parents[1] -sys.path.insert(0, str(_scripts_path / 'cti-python-stix2')) -import stix2 - - -class StixParser(): - _galaxy_types = ('intrusion-set', 'malware', 'threat-actor', 'tool') - _stix2misp_mapping = {'marking-definition': '_load_marking', - 'relationship': '_load_relationship', - 'report': '_load_report', - 'indicator': '_parse_indicator', - 'observed-data': '_parse_observable', - 'identity': '_load_identity'} - _stix2misp_mapping.update({galaxy_type: '_load_galaxy' for galaxy_type in _galaxy_types}) - _special_mapping = {'attack-pattern': 'parse_attack_pattern', - 'course-of-action': 'parse_course_of_action', - 'vulnerability': 'parse_vulnerability'} - _timeline_mapping = {'indicator': ('valid_from', 'valid_until'), - 'observed-data': ('first_observed', 'last_observed')} - - def __init__(self): - super().__init__() - self.misp_event = MISPEvent() - self.relationship = defaultdict(list) - self.tags = set() - self.galaxy = {} - self.marking_definition = {} - - def handler(self, event, filename, args): - self.filename = filename - self.stix_version = f"STIX {event['spec_version'] if event.get('spec_version') else '2.1'}" - try: - event_distribution = args[0] - if not isinstance(event_distribution, int): - event_distribution = int(event_distribution) if event_distribution.isdigit() else 0 - except IndexError: - event_distribution = 0 - try: - attribute_distribution = args[1] - if attribute_distribution == 'event': - attribute_distribution = 5 - if not isinstance(attribute_distribution, int): - attribute_distribution = int(attribute_distribution) if attribute_distribution.isdigit() else 5 - except IndexError: - attribute_distribution = 5 - synonyms_to_tag_names = args[2] if len(args) > 2 else '/var/www/MISP/app/files/scripts/synonymsToTagNames.json' - with open(synonyms_to_tag_names, 'rt', encoding='utf-8') as f: - self._synonyms_to_tag_names = json.loads(f.read()) - self.parse_event(event) - - def _load_galaxy(self, galaxy): - self.galaxy[galaxy['id'].split('--')[1]] = {'tag_names': self.parse_galaxy(galaxy), 'used': False} - - def _load_identity(self, identity): - try: - self.identity[identity['id'].split('--')[1]] = identity['name'] - except AttributeError: - self.identity = {identity['id'].split('--')[1]: identity['name']} - - def _load_marking(self, marking): - tag = self.parse_marking(marking) - self.marking_definition[marking['id'].split('--')[1]] = {'object': tag, 'used': False} - - def _load_relationship(self, relationship): - target_uuid = relationship.target_ref.split('--')[1] - reference = (target_uuid, relationship.relationship_type) - source_uuid = relationship.source_ref.split('--')[1] - self.relationship[source_uuid].append(reference) - - def _load_report(self, report): - try: - self.report[report['id'].split('--')[1]] = report - except AttributeError: - self.report = {report['id'].split('--')[1]: report} - - def save_file(self): - event = self.misp_event.to_json() - with open(f'{self.filename}.stix2', 'wt', encoding='utf-8') as f: - f.write(event) - - ################################################################################ - ## PARSING FUNCTIONS USED BY BOTH SUBCLASSES. ## - ################################################################################ - - def handle_markings(self): - if hasattr(self, 'marking_refs'): - for attribute in self.misp_event.attributes: - if attribute.uuid in self.marking_refs: - for marking_uuid in self.marking_refs[attribute.uuid]: - attribute.add_tag(self.marking_definition[marking_uuid]['object']) - self.marking_definition[marking_uuid]['used'] = True - if self.marking_definition: - for marking_definition in self.marking_definition.values(): - if not marking_definition['used']: - self.tags.add(marking_definition['object']) - if self.tags: - for tag in self.tags: - self.misp_event.add_tag(tag) - - @staticmethod - def _parse_email_body(body, references): - attributes = [] - for body_multipart in body: - reference = references.pop(body_multipart['body_raw_ref']) - feature = body_multipart['content_disposition'].split(';')[0] - if feature in stix2misp_mapping.email_references_mapping: - attribute = deepcopy(stix2misp_mapping.email_references_mapping[feature]) - else: - print(f'Unknown content disposition in the following email body: {body_multipart}', file=sys.stderr) - continue - if isinstance(reference, stix2.v20.observables.Artifact): - attribute.update({ - 'value': body_multipart['content_disposition'].split('=')[-1].strip("'"), - 'data': reference.payload_bin, - 'to_ids': False - }) - else: - attribute.update({ - 'value': reference.name, - 'to_ids': False - }) - attributes.append(attribute) - return attributes - - @staticmethod - def _parse_email_references(email_message, references): - attributes = [] - if hasattr(email_message, 'from_ref'): - reference = references.pop(email_message.from_ref) - attribute = { - 'value': reference.value, - 'to_ids': False - } - attribute.update(stix2misp_mapping.email_references_mapping['from_ref']) - attributes.append(attribute) - for feature in ('to_refs', 'cc_refs'): - if hasattr(email_message, feature): - for ref_id in getattr(email_message, feature): - reference = references.pop(ref_id) - attribute = { - 'value': reference.value, - 'to_ids': False - } - attribute.update(stix2misp_mapping.email_references_mapping[feature]) - attributes.append(attribute) - return attributes - - def parse_galaxies(self): - for galaxy in self.galaxy.values(): - if not galaxy['used']: - for tag_name in galaxy['tag_names']: - self.tags.add(tag_name) - - @staticmethod - def _parse_network_connection_reference(feature_type, feature, value): - if feature == 'type': - return {type: value.format(feature_type) for type, value in stix2misp_mapping.network_traffic_references_mapping[value].items()} - return {feature: value} - - @staticmethod - def _parse_network_traffic_protocol(protocol): - return {'type': 'text', 'value': protocol, 'to_ids': False, - 'object_relation': f'layer{stix2misp_mapping.connection_protocols[protocol]}-protocol'} - - @staticmethod - def _parse_observable_reference(reference, mapping, feature=None): - attribute = { - 'value': reference.value, - 'to_ids': False - } - if feature is not None: - attribute.update({key: value.format(feature) for key, value in getattr(stix2misp_mapping, mapping)[reference._type].items()}) - return attribute - attribute.update({key: value for key, value in getattr(stix2misp_mapping, mapping)[reference._type].items()}) - return attribute - - def parse_pe(self, extension): - pe_object = MISPObject('pe', misp_objects_path_custom=_misp_objects_path) - self.fill_misp_object(pe_object, extension, 'pe_mapping') - for section in extension['sections']: - section_object = MISPObject('pe-section', misp_objects_path_custom=_misp_objects_path) - self.fill_misp_object(section_object, section, 'pe_section_mapping') - if hasattr(section, 'hashes'): - self.fill_misp_object(section_object, section.hashes, 'pe_section_mapping') - self.misp_event.add_object(section_object) - pe_object.add_reference(section_object.uuid, 'includes') - self.misp_event.add_object(pe_object) - return pe_object.uuid - - def parse_relationships(self): - attribute_uuids = tuple(attribute.uuid for attribute in self.misp_event.attributes) - object_uuids = tuple(object.uuid for object in self.misp_event.objects) - for source, references in self.relationship.items(): - if source in object_uuids: - source_object = self.misp_event.get_object_by_uuid(source) - for reference in references: - target, reference = reference - if target in attribute_uuids or target in object_uuids: - source_object.add_reference(target, reference) - elif source in attribute_uuids: - for attribute in self.misp_event.attributes: - if attribute.uuid == source: - for reference in references: - target, reference = reference - if target in self.galaxy: - for tag_name in self.galaxy[target]['tag_names']: - attribute.add_tag(tag_name) - self.galaxy[target]['used'] = True - break - - def parse_report(self, event_uuid=None): - event_infos = set() - self.misp_event.uuid = event_uuid if event_uuid and len(self.report) > 1 else tuple(self.report.keys())[0] - for report in self.report.values(): - if hasattr(report, 'name') and report.name: - event_infos.add(report.name) - if hasattr(report, 'labels') and report.labels: - for label in report.labels: - self.tags.add(label) - if hasattr(report, 'object_marking_refs') and report.object_marking_refs: - for marking_ref in report.object_marking_refs: - marking_ref = marking_ref.split('--')[1] - try: - self.tags.add(self.marking_definition[marking_ref]['object']) - self.marking_definition[marking_ref]['used'] = True - except KeyError: - continue - if hasattr(report, 'external_references'): - for reference in report.external_references: - self.misp_event.add_attribute(**{'type': 'link', 'value': reference['url']}) - if len(event_infos) == 1: - self.misp_event.info = event_infos.pop() - else: - self.misp_event.info = f'Imported with MISP import script for {self.stix_version}' - - @staticmethod - def _parse_user_account_groups(groups): - attributes = [{'type': 'text', 'object_relation': 'group', 'to_ids': False, - 'disable_correlation': True, 'value': group} for group in groups] - return attributes - - ################################################################################ - ## UTILITY FUNCTIONS. ## - ################################################################################ - - @staticmethod - def _choose_with_priority(container, first_choice, second_choice): - return first_choice if first_choice in container else second_choice - - def filter_main_object(self, observable, main_type, test_function='_standard_test_filter'): - references = {} - main_objects = [] - for key, value in observable.items(): - if getattr(self, test_function)(value, main_type): - main_objects.append(value) - else: - references[key] = value - if len(main_objects) > 1: - print(f'More than one {main_type} objects in this observable: {observable}', file=sys.stderr) - return main_objects[0] if main_objects else None, references - - @staticmethod - def getTimestampfromDate(date): - try: - return int(date.timestamp()) - except AttributeError: - return int(time.mktime(time.strptime(date.split('+')[0], "%Y-%m-%dT%H:%M:%S.%fZ"))) - - @staticmethod - def _handle_data(data): - return io.BytesIO(data.encode()) - - @staticmethod - def parse_marking(marking): - marking_type = marking.definition_type - tag = getattr(marking.definition, marking_type) - return "{}:{}".format(marking_type, tag) - - def parse_timeline(self, stix_object): - misp_object = {'timestamp': self.getTimestampfromDate(stix_object.modified)} - try: - first, last = self._timeline_mapping[stix_object._type] - first_seen = getattr(stix_object, first) - if stix_object.created != first_seen and stix_object.modified != first_seen: - misp_object['first_seen'] = first_seen - if hasattr(stix_object, last): - misp_object['last_seen'] = getattr(stix_object, last) - elif hasattr(stix_object, last): - misp_object.update({'first_seen': first_seen, 'last_seen': getattr(stix_object, last)}) - except KeyError: - pass - return misp_object - - @staticmethod - def _process_test_filter(value, main_type): - _is_main_process = any(feature in value for feature in ('parent_ref', 'child_refs')) - return isinstance(value, getattr(stix2.v20.observables, main_type)) and _is_main_process - - @staticmethod - def _standard_test_filter(value, main_type): - return isinstance(value, getattr(stix2.v20.observables, main_type)) - - def update_marking_refs(self, attribute_uuid, marking_refs): - try: - self.marking_refs[attribute_uuid] = tuple(marking.split('--')[1] for marking in marking_refs) - except AttributeError: - self.marking_refs = {attribute_uuid: tuple(marking.split('--')[1] for marking in marking_refs)} - - -class StixFromMISPParser(StixParser): - def __init__(self): - super().__init__() - self._stix2misp_mapping.update({'custom_object': '_parse_custom'}) - self._stix2misp_mapping.update({special_type: '_parse_undefined' for special_type in ('attack-pattern', 'course-of-action', 'vulnerability')}) - self._custom_objects = tuple(filename.name.replace('_', '-') for filename in _misp_objects_path.glob('*') if '_' in filename.name) - - def parse_event(self, stix_event): - for stix_object in stix_event.objects: - object_type = stix_object['type'] - if object_type.startswith('x-misp-object'): - object_type = 'custom_object' - if object_type in self._stix2misp_mapping: - getattr(self, self._stix2misp_mapping[object_type])(stix_object) - else: - print(f'not found: {object_type}', file=sys.stderr) - if self.relationship: - self.parse_relationships() - if self.galaxy: - self.parse_galaxies() - if hasattr(self, 'report'): - self.parse_report() - self.handle_markings() - - def _parse_custom(self, custom): - if 'from_object' in custom['labels']: - self.parse_custom_object(custom) - else: - self.parse_custom_attribute(custom) - - def _parse_indicator(self, indicator): - if 'from_object' in indicator['labels']: - self.parse_indicator_object(indicator) - else: - self.parse_indicator_attribute(indicator) - - def _parse_observable(self, observable): - if 'from_object' in observable['labels']: - self.parse_observable_object(observable) - else: - self.parse_observable_attribute(observable) - - def _parse_undefined(self, stix_object): - if any(label.startswith('misp-galaxy:') for label in stix_object.get('labels', [])): - self._load_galaxy(stix_object) - else: - getattr(self, self._special_mapping[stix_object._type])(stix_object) - - ################################################################################ - ## PARSING FUNCTIONS. ## - ################################################################################ - - def fill_misp_object(self, misp_object, stix_object, mapping, - to_call='_fill_observable_object_attribute'): - for feature, value in stix_object.items(): - if feature not in getattr(stix2misp_mapping, mapping): - if feature.startswith('x_misp_'): - attribute = self.parse_custom_property(feature) - if isinstance(value, list): - self._fill_misp_object_from_list(misp_object, attribute, value) - continue - else: - continue - else: - attribute = deepcopy(getattr(stix2misp_mapping, mapping)[feature]) - attribute.update(getattr(self, to_call)(feature, value)) - misp_object.add_attribute(**attribute) - - @staticmethod - def _fill_misp_object_from_list(misp_object, mapping, values): - for value in values: - attribute = {'value': value} - attribute.update(mapping) - misp_object.add_attribute(**attribute) - - def parse_attack_pattern(self, attack_pattern): - misp_object, _ = self.create_misp_object(attack_pattern) - if hasattr(attack_pattern, 'external_references'): - for reference in attack_pattern.external_references: - value = reference['external_id'].split('-')[1] if reference['source_name'] == 'capec' else reference['url'] - misp_object.add_attribute(**{ - 'type': 'text', 'object_relation': 'id', - 'value': value - }) - self.fill_misp_object(misp_object, attack_pattern, 'attack_pattern_mapping', - '_fill_observable_object_attribute') - self.misp_event.add_object(**misp_object) - - def parse_course_of_action(self, course_of_action): - misp_object, _ = self.create_misp_object(course_of_action) - self.fill_misp_object(misp_object, course_of_action, 'course_of_action_mapping', - '_fill_observable_object_attribute') - self.misp_event.add_object(**misp_object) - - def parse_custom_attribute(self, custom): - attribute_type = custom['type'].split('x-misp-object-')[1] - if attribute_type not in _misp_types: - replacement = ' ' if attribute_type == 'named-pipe' else '|' - attribute_type = attribute_type.replace('-', replacement) - attribute = {'type': attribute_type, - 'timestamp': self.getTimestampfromDate(custom['modified']), - 'to_ids': bool(custom['labels'][1].split('=')[1]), - 'value': custom['x_misp_value'], - 'category': self.get_misp_category(custom['labels']), - 'uuid': custom['id'].split('--')[1]} - if custom.get('object_marking_refs'): - self.update_marking_refs(attribute['uuid'], custom['object_marking_refs']) - self.misp_event.add_attribute(**attribute) - - def parse_custom_object(self, custom): - name = custom['type'].split('x-misp-object-')[1] - if name in self._custom_objects: - name = name.replace('-', '_') - misp_object = MISPObject(name, misp_objects_path_custom=_misp_objects_path) - misp_object.timestamp = self.getTimestampfromDate(custom['modified']) - misp_object.uuid = custom['id'].split('--')[1] - try: - misp_object.category = custom['category'] - except KeyError: - misp_object.category = self.get_misp_category(custom['labels']) - for key, value in custom['x_misp_values'].items(): - attribute_type, object_relation = key.replace('_DOT_', '.').split('_') - if isinstance(value, list): - for single_value in value: - misp_object.add_attribute(**{'type': attribute_type, 'value': single_value, - 'object_relation': object_relation}) - else: - misp_object.add_attribute(**{'type': attribute_type, 'value': value, - 'object_relation': object_relation}) - self.misp_event.add_object(**misp_object) - - def parse_galaxy(self, galaxy): - if hasattr(galaxy, 'labels'): - return [label for label in galaxy.labels if label.startswith('misp-galaxy:')] - try: - return self._synonyms_to_tag_names[galaxy.name] - except KeyError: - print(f'Unknown {galaxy._type} name: {galaxy.name}', file=sys.stderr) - return [f'misp-galaxy:{galaxy._type}="{galaxy.name}"'] - - def parse_indicator_attribute(self, indicator): - attribute = self.create_attribute_dict(indicator) - attribute['to_ids'] = True - pattern = indicator.pattern.replace('\\\\', '\\') - if attribute['type'] in ('malware-sample', 'attachment'): - value, data = self.parse_attribute_pattern_with_data(pattern) - attribute.update({feature: value for feature, value in zip(('value', 'data'), (value, io.BytesIO(data.encode())))}) - else: - attribute['value'] = self.parse_attribute_pattern(pattern) - self.misp_event.add_attribute(**attribute) - - def parse_indicator_object(self, indicator): - misp_object, object_type = self.create_misp_object(indicator) - pattern = self._handle_pattern(indicator.pattern).replace('\\\\', '\\').split(' AND ') - try: - attributes = getattr(self, stix2misp_mapping.objects_mapping[object_type]['pattern'])(pattern) - except KeyError: - print(f"Unable to map {object_type} object:\n{indicator}", file=sys.stderr) - return - if isinstance(attributes, tuple): - attributes, target_uuid = attributes - misp_object.add_reference(target_uuid, 'includes') - for attribute in attributes: - misp_object.add_attribute(**attribute) - self.misp_event.add_object(misp_object) - - def parse_observable_attribute(self, observable): - attribute = self.create_attribute_dict(observable) - attribute['to_ids'] = False - objects = observable.objects - value = self.parse_single_attribute_observable(objects, attribute['type']) - if isinstance(value, tuple): - value, data = value - attribute['data'] = data - attribute['value'] = value - self.misp_event.add_attribute(**attribute) - - def parse_observable_object(self, observable): - misp_object, object_type = self.create_misp_object(observable) - observable_object = observable.objects - try: - attributes = getattr(self, stix2misp_mapping.objects_mapping[object_type]['observable'])(observable_object) - except KeyError: - print(f"Unable to map {object_type} object:\n{observable}", file=sys.stderr) - return - if isinstance(attributes, tuple): - attributes, target_uuid = attributes - misp_object.add_reference(target_uuid, 'includes') - for attribute in attributes: - misp_object.add_attribute(**attribute) - self.misp_event.add_object(misp_object) - - def parse_vulnerability(self, vulnerability): - attributes = self.fill_observable_attributes(vulnerability, 'vulnerability_mapping') - if hasattr(vulnerability, 'external_references'): - for reference in vulnerability.external_references: - if reference['source_name'] == 'url': - attributes.append({'type': 'link', 'object_relation': 'references', 'value': reference['url']}) - if len(attributes) > 1: - vulnerability_object, _ = self.create_misp_object(vulnerability) - for attribute in attributes: - vulnerability_object.add_attribute(**attribute) - self.misp_event.add_object(**vulnerability_object) - else: - attribute = self.create_attribute_dict(vulnerability) - attribute['value'] = attributes[0]['value'] - self.misp_event.add_attribute(**attribute) - - ################################################################################ - ## OBSERVABLE PARSING FUNCTIONS ## - ################################################################################ - - @staticmethod - def _define_hash_type(hash_type): - if 'sha' in hash_type: - return f'SHA-{hash_type.split("sha")[1]}' - return hash_type.upper() if hash_type == 'md5' else hash_type - - @staticmethod - def _fetch_file_observable(observable_objects): - for key, observable in observable_objects.items(): - if observable['type'] == 'file': - return key - return '0' - - @staticmethod - def _fill_observable_attribute(attribute_type, object_relation, value): - return {'type': attribute_type, - 'object_relation': object_relation, - 'value': value, - 'to_ids': False} - - def fill_observable_attributes(self, observable, object_mapping): - attributes = [] - for key, value in observable.items(): - if key in getattr(stix2misp_mapping, object_mapping): - attribute = deepcopy(getattr(stix2misp_mapping, object_mapping)[key]) - elif key.startswith('x_misp_'): - attribute = self.parse_custom_property(key) - if isinstance(value, list): - for single_value in value: - single_attribute = {'value': single_value, 'to_ids': False} - single_attribute.update(attribute) - attributes.append(single_attribute) - continue - else: - continue - attribute.update({'value': value, 'to_ids': False}) - attributes.append(attribute) - return attributes - - def _handle_multiple_file_fields(self, file): - attributes = [] - for feature, attribute_type in zip(('filename', 'path', 'fullpath'), ('filename', 'text', 'text')): - key = f'x_misp_multiple_{feature}' - if key in file: - attributes.append(self._fill_observable_attribute(attribute_type, feature, file.pop(key))) - elif f'{key}s' in file: - attributes.extend(self._fill_observable_attribute(attribute_type, feature, value) for value in file.pop(key)) - attributes.extend(self.fill_observable_attributes(file, 'file_mapping')) - return attributes - - def parse_asn_observable(self, observable): - attributes = [] - mapping = 'asn_mapping' - for observable_object in observable.values(): - if isinstance(observable_object, stix2.v20.observables.AutonomousSystem): - attributes.extend(self.fill_observable_attributes(observable_object, mapping)) - else: - attributes.append(self._parse_observable_reference(observable_object, mapping)) - return attributes - - def _parse_attachment(self, observable): - if len(observable) > 1: - return self._parse_name(observable, index='1'), self._parse_payload(observable) - return self._parse_name(observable) - - def parse_credential_observable(self, observable): - return self.fill_observable_attributes(observable['0'], 'credential_mapping') - - def _parse_domain_ip_attribute(self, observable): - return f'{self._parse_value(observable)}|{self._parse_value(observable, index="1")}' - - @staticmethod - def parse_domain_ip_observable(observable): - attributes = [] - for observable_object in observable.values(): - attribute = deepcopy(stix2misp_mapping.domain_ip_mapping[observable_object._type]) - attribute.update({'value': observable_object.value, 'to_ids': False}) - attributes.append(attribute) - return attributes - - @staticmethod - def _parse_email_message(observable, attribute_type): - return observable['0'].get(attribute_type.split('-')[1]) - - def parse_email_observable(self, observable): - email, references = self.filter_main_object(observable, 'EmailMessage') - attributes = self.fill_observable_attributes(email, 'email_mapping') - if hasattr(email, 'additional_header_fields'): - attributes.extend(self.fill_observable_attributes(email.additional_header_fields, 'email_mapping')) - attributes.extend(self._parse_email_references(email, references)) - if hasattr(email, 'body_multipart') and email.body_multipart: - attributes.extend(self._parse_email_body(email.body_multipart, references)) - return attributes - - @staticmethod - def _parse_email_reply_to(observable): - return observable['0'].additional_header_fields.get('Reply-To') - - def parse_file_observable(self, observable): - file, references = self.filter_main_object(observable, 'File') - references = {key: {'object': value, 'used': False} for key, value in references.items()} - file = {key: value for key, value in file.items()} - multiple_fields = any(f'x_misp_multiple_{feature}' in file for feature in ('filename', 'path', 'fullpath')) - attributes = self._handle_multiple_file_fields(file) if multiple_fields else self.fill_observable_attributes(file, 'file_mapping') - if 'hashes' in file: - attributes.extend(self.fill_observable_attributes(file['hashes'], 'file_mapping')) - if 'content_ref' in file: - reference = references[file['content_ref']] - value = f'{reference["object"].name}|{reference["object"].hashes["MD5"]}' - attributes.append({'type': 'malware-sample', 'object_relation': 'malware-sample', 'value': value, - 'to_ids': False, 'data': reference['object'].payload_bin}) - reference['used'] = True - if 'parent_directory_ref' in file: - reference = references[file['parent_directory_ref']] - attributes.append({'type': 'text', 'object_relation': 'path', - 'value': reference['object'].path, 'to_ids': False}) - reference['used'] = True - for reference in references.values(): - if not reference['used']: - attributes.append({ - 'type': 'attachment', - 'object_relation': 'attachment', - 'value': reference['object'].name, - 'data': reference['object'].payload_bin, - 'to_ids': False - }) - return attributes - - def _parse_filename_hash(self, observable, attribute_type, index='0'): - hash_type = attribute_type.split('|')[1] - filename = self._parse_name(observable, index=index) - hash_value = self._parse_hash(observable, hash_type, index=index) - return f'{filename}|{hash_value}' - - def _parse_hash(self, observable, attribute_type, index='0'): - hash_type = self._define_hash_type(attribute_type) - return observable[index]['hashes'].get(hash_type) - - def parse_ip_port_observable(self, observable): - network_traffic, references = self.filter_main_object(observable, 'NetworkTraffic') - attributes = [] - for feature in ('src', 'dst'): - port = f'{feature}_port' - if hasattr(network_traffic, port): - attribute = deepcopy(stix2misp_mapping.ip_port_mapping[port]) - attribute.update({'value': getattr(network_traffic, port), 'to_ids': False}) - attributes.append(attribute) - ref = f'{feature}_ref' - if hasattr(network_traffic, ref): - attributes.append(self._parse_observable_reference(references.pop(getattr(network_traffic, ref)), 'ip_port_references_mapping', feature)) - for reference in references.values(): - attribute = deepcopy(stix2misp_mapping.ip_port_references_mapping[reference._type]) - attribute.update({'value': reference.value, 'to_ids': False}) - attributes.append(attribute) - return attributes - - def _parse_malware_sample(self, observable): - if len(observable) > 1: - value = self._parse_filename_hash(observable, 'filename|md5', '1') - return value, self._parse_payload(observable) - return self._parse_filename_hash(observable, 'filename|md5') - - @staticmethod - def _parse_name(observable, index='0'): - return observable[index].get('name') - - def _parse_network_attribute(self, observable): - port = self._parse_port(observable, index='1') - return f'{self._parse_value(observable)}|{port}' - - def parse_network_connection_observable(self, observable): - network_traffic, references = self.filter_main_object(observable, 'NetworkTraffic') - attributes = self._parse_network_traffic(network_traffic, references) - if hasattr(network_traffic, 'protocols'): - attributes.extend(self._parse_network_traffic_protocol(protocol) for protocol in network_traffic.protocols if protocol in stix2misp_mapping.connection_protocols) - if references: - for reference in references.values(): - attributes.append(self._parse_observable_reference(reference, 'domain_ip_mapping')) - return attributes - - def parse_network_socket_observable(self, observable): - network_traffic, references = self.filter_main_object(observable, 'NetworkTraffic') - attributes = self._parse_network_traffic(network_traffic, references) - if hasattr(network_traffic, 'protocols'): - attributes.append({'type': 'text', 'object_relation': 'protocol', 'to_ids': False, - 'value': network_traffic.protocols[0].strip("'")}) - if hasattr(network_traffic, 'extensions') and network_traffic.extensions: - attributes.extend(self._parse_socket_extension(network_traffic.extensions['socket-ext'])) - if references: - for reference in references.values(): - attributes.append(self._parse_observable_reference(reference, 'domain_ip_mapping')) - return attributes - - def _parse_network_traffic(self, network_traffic, references): - attributes = [] - mapping = 'network_traffic_references_mapping' - for feature in ('src', 'dst'): - port = f'{feature}_port' - if hasattr(network_traffic, port): - attribute = deepcopy(stix2misp_mapping.network_traffic_mapping[port]) - attribute.update({'value': getattr(network_traffic, port), 'to_ids': False}) - attributes.append(attribute) - ref = f'{feature}_ref' - if hasattr(network_traffic, ref): - attributes.append(self._parse_observable_reference(references.pop(getattr(network_traffic, ref)), mapping, feature)) - if hasattr(network_traffic, f'{ref}s'): - for ref in getattr(network_traffic, f'{ref}s'): - attributes.append(self._parse_observable_reference(references.pop(ref), mapping, feature)) - return attributes - - @staticmethod - def _parse_number(observable): - return observable['0'].get('number') - - @staticmethod - def _parse_payload(observable): - return observable['0'].payload_bin - - def parse_pe_observable(self, observable): - key = self._fetch_file_observable(observable) - extension = observable[key]['extensions']['windows-pebinary-ext'] - pe_uuid = self.parse_pe(extension) - return self.parse_file_observable(observable), pe_uuid - - @staticmethod - def _parse_port(observable, index='0'): - port_observable = observable[index] - return port_observable['src_port'] if 'src_port' in port_observable else port_observable['dst_port'] - - def parse_process_observable(self, observable): - process, references = self.filter_main_object(observable, 'Process', test_function='_process_test_filter') - attributes = self.fill_observable_attributes(process, 'process_mapping') - if hasattr(process, 'parent_ref'): - attributes.extend(self.fill_observable_attributes(references[process.parent_ref], 'parent_process_reference_mapping')) - if hasattr(process, 'child_refs'): - for reference in process.child_refs: - attributes.extend(self.fill_observable_attributes(references[reference], 'child_process_reference_mapping')) - if hasattr(process, 'binary_ref'): - reference = references[process.binary_ref] - attribute = deepcopy(stix2misp_mapping.process_image_mapping) - attribute.update({'value': reference.name, 'to_ids': False}) - attributes.append(attribute) - return attributes - - @staticmethod - def _parse_regkey_attribute(observable): - return observable['0'].get('key') - - def parse_regkey_observable(self, observable): - attributes = [] - for key, value in observable['0'].items(): - if key in stix2misp_mapping.regkey_mapping: - attribute = deepcopy(stix2misp_mapping.regkey_mapping[key]) - attribute.update({'value': value.replace('\\\\', '\\'), 'to_ids': False}) - attributes.append(attribute) - if 'values' in observable['0']: - attributes.extend(self.fill_observable_attributes(observable['0']['values'][0], 'regkey_mapping')) - return attributes - - def _parse_regkey_value(self, observable): - regkey = self._parse_regkey_attribute(observable) - return f'{regkey}|{observable["0"]["values"][0].get("data")}' - - def parse_single_attribute_observable(self, observable, attribute_type): - if attribute_type in stix2misp_mapping.attributes_type_mapping: - return getattr(self, stix2misp_mapping.attributes_type_mapping[attribute_type])(observable, attribute_type) - return getattr(self, stix2misp_mapping.attributes_mapping[attribute_type])(observable) - - def _parse_socket_extension(self, extension): - attributes = [] - extension = {key: value for key, value in extension.items()} - if 'x_misp_text_address_family' in extension: - extension.pop('address_family') - for element, value in extension.items(): - if element in stix2misp_mapping.network_socket_extension_mapping: - attribute = deepcopy(stix2misp_mapping.network_socket_extension_mapping[element]) - if element in ('is_listening', 'is_blocking'): - if value is False: - continue - value = element.split('_')[1] - elif element.startswith('x_misp_'): - attribute = self.parse_custom_property(element) - else: - continue - attribute.update({'value': value, 'to_ids': False}) - attributes.append(attribute) - return attributes - - @staticmethod - def parse_url_observable(observable): - attributes = [] - for object in observable.values(): - feature = 'dst_port' if isinstance(object, stix2.v20.observables.NetworkTraffic) else 'value' - attribute = deepcopy(stix2misp_mapping.url_mapping[object._type]) - attribute.update({'value': getattr(object, feature), 'to_ids': False}) - attributes.append(attribute) - return attributes - - def parse_user_account_observable(self, observable): - observable = observable['0'] - attributes = self.fill_observable_attributes(observable, 'user_account_mapping') - if 'extensions' in observable and 'unix-account-ext' in observable['extensions']: - extension = observable['extensions']['unix-account-ext'] - if 'groups' in extension: - attributes.extend(self._parse_user_account_groups(extension['groups'])) - attributes.extend(self.fill_observable_attributes(extension, 'user_account_mapping')) - return attributes - - @staticmethod - def _parse_value(observable, index='0'): - return observable[index].get('value') - - def _parse_x509_attribute(self, observable, attribute_type): - hash_type = attribute_type.split('-')[-1] - return self._parse_hash(observable, hash_type) - - def parse_x509_observable(self, observable): - attributes = self.fill_observable_attributes(observable['0'], 'x509_mapping') - if hasattr(observable['0'], 'hashes') and observable['0'].hashes: - attributes.extend(self.fill_observable_attributes(observable['0'].hashes, 'x509_mapping')) - return attributes - - ################################################################################ - ## PATTERN PARSING FUNCTIONS. ## - ################################################################################ - - def fill_pattern_attributes(self, pattern, object_mapping): - attributes = [] - for pattern_part in pattern: - pattern_type, pattern_value = pattern_part.split(' = ') - if pattern_type not in getattr(stix2misp_mapping, object_mapping): - if 'x_misp_' in pattern_type: - attribute = self.parse_custom_property(pattern_type) - attribute['value'] = pattern_value.strip("'") - attributes.append(attribute) - continue - attribute = deepcopy(getattr(stix2misp_mapping, object_mapping)[pattern_type]) - attribute['value'] = pattern_value.strip("'") - attributes.append(attribute) - return attributes - - def parse_asn_pattern(self, pattern): - return self.fill_pattern_attributes(pattern, 'asn_mapping') - - def parse_credential_pattern(self, pattern): - return self.fill_pattern_attributes(pattern, 'credential_mapping') - - def parse_domain_ip_pattern(self, pattern): - return self.fill_pattern_attributes(pattern, 'domain_ip_mapping') - - def parse_email_pattern(self, pattern): - attributes = [] - attachments = defaultdict(dict) - for pattern_part in pattern: - pattern_type, pattern_value = pattern_part.split(' = ') - if 'body_multipart' in pattern_type: - pattern_type = pattern_type.split('.') - feature = 'data' if pattern_type[-1] == 'payload_bin' else 'value' - attachments[pattern_type[0][-2]][feature] = pattern_value.strip("'") - continue - if pattern_type not in stix2misp_mapping.email_mapping: - if 'x_misp_' in pattern_type: - attribute = self.parse_custom_property(pattern_type) - attribute['value'] = pattern_value.strip("'") - attributes.append(attribute) - continue - attribute = deepcopy(stix2misp_mapping.email_mapping[pattern_type]) - attribute['value'] = pattern_value.strip("'") - attributes.append(attribute) - for attachment in attachments.values(): - if 'data' in attachment: - attribute = {'type': 'attachment', 'object_relation': 'screenshot', 'data': attachment['data']} - else: - attribute = {'type': 'email-attachment', 'object_relation': 'attachment'} - attribute['value'] = attachment['value'] - attributes.append(attribute) - return attributes - - def parse_file_pattern(self, pattern): - attributes = [] - attachment = {} - for pattern_part in pattern: - pattern_type, pattern_value = pattern_part.split(' = ') - if pattern_type in stix2misp_mapping.attachment_types: - attachment[pattern_type] = pattern_value.strip("'") - if pattern_type not in stix2misp_mapping.file_mapping: - continue - attribute = deepcopy(stix2misp_mapping.file_mapping[pattern_type]) - attribute['value'] = pattern_value.strip("'") - attributes.append(attribute) - if 'file:content_ref.payload_bin' in attachment: - filename = self._choose_with_priority(attachment, 'file:content_ref.name', 'file:name') - md5 = self._choose_with_priority(attachment, "file:content_ref.hashes.'MD5'", "file:hashes.'MD5'") - attributes.append({ - 'type': 'malware-sample', - 'object_relation': 'malware-sample', - 'value': f'{attachment[filename]}|{attachment[md5]}', - 'data': attachment['file:content_ref.payload_bin'] - }) - if 'artifact:payload_bin' in attachment: - attributes.append({ - 'type': 'attachment', - 'object_relation': 'attachment', - 'value': attachment['artifact:x_misp_text_name'] if 'artifact:x_misp_text_name' in attachment else attachment['file:name'], - 'data': attachment['artifact:payload_bin'] - }) - return attributes - - def parse_ip_port_pattern(self, pattern): - return self.fill_pattern_attributes(pattern, 'ip_port_mapping') - - def parse_network_connection_pattern(self, pattern): - attributes = [] - references = defaultdict(dict) - for pattern_part in pattern: - pattern_type, pattern_value = pattern_part.split(' = ') - if pattern_type not in stix2misp_mapping.network_traffic_mapping: - pattern_value = pattern_value.strip("'") - if pattern_type.startswith('network-traffic:protocols['): - attributes.append({ - 'type': 'text', 'value': pattern_value, - 'object_relation': f'layer{stix2misp_mapping.connection_protocols[pattern_value]}-protocol' - }) - elif any(pattern_type.startswith(f'network-traffic:{feature}_ref') for feature in ('src', 'dst')): - feature_type, ref = pattern_type.split(':')[1].split('_') - ref, feature = ref.split('.') - ref = f"{feature_type}_{'0' if ref == 'ref' else ref.strip('ref[]')}" - references[ref].update(self._parse_network_connection_reference(feature_type, feature, pattern_value)) - continue - attribute = deepcopy(stix2misp_mapping.network_traffic_mapping[pattern_type]) - attribute['value'] = pattern_value.strip("'") - attributes.append(attribute) - attributes.extend(attribute for attribute in references.values()) - return attributes - - def parse_network_socket_pattern(self, pattern): - attributes = [] - references = defaultdict(dict) - for pattern_part in pattern: - pattern_type, pattern_value = pattern_part.split(' = ') - pattern_value = pattern_value.strip("'") - if pattern_type not in stix2misp_mapping.network_traffic_mapping: - if pattern_type in stix2misp_mapping.network_socket_extension_mapping: - attribute = deepcopy(stix2misp_mapping.network_socket_extension_mapping[pattern_type]) - if pattern_type.startswith("network-traffic:extensions.'socket-ext'.is_"): - if pattern_value != 'True': - continue - pattern_value = pattern_type.split('_')[1] - else: - if pattern_type.startswith('network-traffic:protocols['): - attributes.append({'type': 'text', 'object_relation': 'protocol', 'value': pattern_value}) - elif any(pattern_type.startswith(f'network-traffic:{feature}_ref') for feature in ('src', 'dst')): - feature_type, ref = pattern_type.split(':')[1].split('_') - ref, feature = ref.split('.') - ref = f"{feature_type}_{'0' if ref == 'ref' else ref.strip('ref[]')}" - references[ref].update(self._parse_network_connection_reference(feature_type, feature, pattern_value)) - continue - else: - attribute = deepcopy(stix2misp_mapping.network_traffic_mapping[pattern_type]) - attribute['value'] = pattern_value - attributes.append(attribute) - attributes.extend(attribute for attribute in references.values()) - return attributes - - def parse_pe_pattern(self, pattern): - attributes = [] - sections = defaultdict(dict) - pe = MISPObject('pe', misp_objects_path_custom=_misp_objects_path) - for pattern_part in pattern: - pattern_type, pattern_value = pattern_part.split(' = ') - if ':extensions.' in pattern_type: - if '.sections[' in pattern_type: - pattern_type = pattern_type.split('.') - relation = pattern_type[-1].strip("'") - if relation in stix2misp_mapping.pe_section_mapping: - sections[pattern_type[2][-2]][relation] = pattern_value.strip("'") - else: - pattern_type = pattern_type.split('.')[-1] - if pattern_type not in stix2misp_mapping.pe_mapping: - if pattern_type.startswith('x_misp_'): - attribute = self.parse_custom_property(pattern_type) - attribute['value'] = pattern_value.strip("'") - pe.add_attribute(**attribute) - continue - attribute = deepcopy(stix2misp_mapping.pe_mapping[pattern_type]) - attribute['value'] = pattern_value.strip("'") - pe.add_attribute(**attribute) - else: - if pattern_type not in stix2misp_mapping.file_mapping: - if pattern_type.startswith('x_misp_'): - attribute = self.parse_custom_property(pattern_type) - attribute['value'] = pattern_value.strip("'") - attributes.append(attribute) - continue - attribute = deepcopy(stix2misp_mapping.file_mapping[pattern_type]) - attribute['value'] = pattern_value.strip("'") - attributes.append(attribute) - for section in sections.values(): - pe_section = MISPObject('pe-section', misp_objects_path_custom=_misp_objects_path) - for feature, value in section.items(): - attribute = deepcopy(stix2misp_mapping.pe_section_mapping[feature]) - attribute['value'] = value - pe_section.add_attribute(**attribute) - self.misp_event.add_object(pe_section) - pe.add_reference(pe_section.uuid, 'includes') - self.misp_event.add_object(pe) - return attributes, pe.uuid - - def parse_process_pattern(self, pattern): - return self.fill_pattern_attributes(pattern, 'process_mapping') - - def parse_regkey_pattern(self, pattern): - return self.fill_pattern_attributes(pattern, 'regkey_mapping') - - def parse_url_pattern(self, pattern): - return self.fill_pattern_attributes(pattern, 'url_mapping') - - @staticmethod - def parse_user_account_pattern(pattern): - attributes = [] - for pattern_part in pattern: - pattern_type, pattern_value = pattern_part.split(' = ') - pattern_type = pattern_type.split('.')[-1].split('[')[0] if "extensions.'unix-account-ext'" in pattern_type else pattern_type.split(':')[-1] - if pattern_type not in stix2misp_mapping.user_account_mapping: - if pattern_type.startswith('group'): - attributes.append({'type': 'text', 'object_relation': 'group', 'value': pattern_value.strip("'")}) - continue - attribute = deepcopy(stix2misp_mapping.user_account_mapping[pattern_type]) - attribute['value'] = pattern_value.strip("'") - attributes.append(attribute) - return attributes - - def parse_x509_pattern(self, pattern): - return self.fill_pattern_attributes(pattern, 'x509_mapping') - - ################################################################################ - ## UTILITY FUNCTIONS. ## - ################################################################################ - - def create_attribute_dict(self, stix_object): - labels = stix_object['labels'] - attribute_uuid = stix_object.id.split('--')[1] - attribute = {'uuid': attribute_uuid, - 'type': self.get_misp_type(labels), - 'category': self.get_misp_category(labels)} - tags = [{'name': label} for label in labels[3:]] - if tags: - attribute['Tag'] = tags - attribute.update(self.parse_timeline(stix_object)) - if hasattr(stix_object, 'description') and stix_object.description: - attribute['comment'] = stix_object.description - if hasattr(stix_object, 'object_marking_refs'): - self.update_marking_refs(attribute_uuid, stix_object.object_marking_refs) - return attribute - - def create_misp_object(self, stix_object): - labels = stix_object['labels'] - object_type = self.get_misp_type(labels) - misp_object = MISPObject('file' if object_type == 'WindowsPEBinaryFile' else object_type, - misp_objects_path_custom=_misp_objects_path) - misp_object.uuid = stix_object.id.split('--')[1] - if hasattr(stix_object, 'description') and stix_object.description: - misp_object.comment = stix_object.description - misp_object.update(self.parse_timeline(stix_object)) - return misp_object, object_type - - @staticmethod - def _fill_object_attribute(feature, value): - return {'value': str(value) if feature in ('entropy', 'size') else value} - - @staticmethod - def _fill_observable_object_attribute(feature, value): - return {'value': str(value) if feature in ('entropy', 'size') else value, - 'to_ids': False} - - @staticmethod - def get_misp_category(labels): - return labels[1].split('=')[1].strip('"') - - @staticmethod - def get_misp_type(labels): - return labels[0].split('=')[1].strip('"') - - @staticmethod - def parse_attribute_pattern(pattern): - if ' AND ' in pattern: - pattern_parts = pattern.strip('[]').split(' AND ') - if len(pattern_parts) == 3: - _, value1 = pattern_parts[2].split(' = ') - _, value2 = pattern_parts[0].split(' = ') - return '{}|{}'.format(value1.strip("'"), value2.strip("'")) - else: - _, value1 = pattern_parts[0].split(' = ') - _, value2 = pattern_parts[1].split(' = ') - if value1 in ("'ipv4-addr'", "'ipv6-addr'"): - return value2.strip("'") - return '{}|{}'.format(value1.strip("'"), value2.strip("'")) - else: - return pattern.split(' = ')[1].strip("]'") - - def parse_attribute_pattern_with_data(self, pattern): - if 'file:content_ref.payload_bin' not in pattern: - return self.parse_attribute_pattern(pattern) - pattern_parts = pattern.strip('[]').split(' AND ') - if len(pattern_parts) == 3: - filename = pattern_parts[0].split(' = ')[1] - md5 = pattern_parts[1].split(' = ')[1] - return "{}|{}".format(filename.strip("'"), md5.strip("'")), pattern_parts[2].split(' = ')[1].strip("'") - return pattern_parts[0].split(' = ')[1].strip("'"), pattern_parts[1].split(' = ')[1].strip("'") - - @staticmethod - def parse_custom_property(custom_property): - properties = custom_property.split('_') - return {'type': properties[2], 'object_relation': '-'.join(properties[3:])} - - -class ExternalStixParser(StixParser): - def __init__(self): - super().__init__() - self._stix2misp_mapping.update({'attack-pattern': 'parse_attack_pattern', - 'course-of-action': 'parse_course_of_action', - 'vulnerability': 'parse_vulnerability'}) - - ################################################################################ - ## PARSING FUNCTIONS. ## - ################################################################################ - - def parse_event(self, stix_event): - for stix_object in stix_event.objects: - object_type = stix_object['type'] - if object_type in self._stix2misp_mapping: - getattr(self, self._stix2misp_mapping[object_type])(stix_object) - else: - print(f'not found: {object_type}', file=sys.stderr) - if self.relationship: - self.parse_relationships() - if self.galaxy: - self.parse_galaxies() - event_uuid = stix_event.id.split('--')[1] - if hasattr(self, 'report'): - self.parse_report(event_uuid=event_uuid) - else: - self.misp_event.uuid = event_uuid - self.misp_event.info = 'Imported with the STIX to MISP import script.' - self.handle_markings() - - def parse_galaxy(self, galaxy): - galaxy_names = self._check_existing_galaxy_name(galaxy.name) - if galaxy_names is not None: - return galaxy_names - return [f'misp-galaxy:{galaxy._type}="{galaxy.name}"'] - - def _parse_indicator(self, indicator): - pattern = indicator.pattern - if any(relation in pattern for relation in stix2misp_mapping.pattern_forbidden_relations) or all(relation in pattern for relation in (' OR ', ' AND ')): - self.add_stix2_pattern_object(indicator) - separator = ' OR ' if ' OR ' in pattern else ' AND ' - self.parse_usual_indicator(indicator, separator) - - def _parse_observable(self, observable): - types = self._parse_observable_types(observable.objects) - try: - getattr(self, stix2misp_mapping.observable_mapping[types])(observable) - except KeyError: - print(f'Type(s) not supported at the moment: {types}\n', file=sys.stderr) - - def _parse_undefined(self, stix_object): - try: - self.objects_to_parse[stix_object['id'].split('--')[1]] = stix_object - except AttributeError: - self.objects_to_parse = {stix_object['id'].split('--')[1]: stix_object} - - def add_stix2_pattern_object(self, indicator): - misp_object = MISPObject('stix2-pattern', misp_objects_path_custom=_misp_objects_path) - misp_object.uuid = indicator.id.split('--')[1] - misp_object.update(self.parse_timeline(indicator)) - version = f'STIX {indicator.pattern_version}' if hasattr(indicator, 'pattern_version') else 'STIX 2.0' - misp_object.add_attribute(**{'type': 'text', 'object_relation': 'version', 'value': version}) - misp_object.add_attribute(**{'type': 'stix2-pattern', 'object_relation': 'stix2-pattern', - 'value': indicator.pattern}) - self.misp_event.add_object(**misp_object) - - @staticmethod - def fill_misp_object(misp_object, stix_object, mapping): - for key, feature in getattr(stix2misp_mapping, mapping).items(): - if hasattr(stix_object, key): - attribute = deepcopy(feature) - attribute['value'] = getattr(stix_object, key) - misp_object.add_attribute(**attribute) - - @staticmethod - def fill_misp_object_from_dict(misp_object, stix_object, mapping): - for key, feature in getattr(stix2misp_mapping, mapping).items(): - if key in stix_object: - attribute = deepcopy(feature) - attribute['value'] = stix_object[key] - misp_object.add_attribute(**attribute) - - def parse_attack_pattern(self, attack_pattern): - galaxy_names = self._check_existing_galaxy_name(attack_pattern.name) - if galaxy_names is not None: - self.galaxy[attack_pattern['id'].split('--')[1]] = {'tag_names': galaxy_names, 'used': False} - else: - misp_object = self.create_misp_object(attack_pattern) - if hasattr(attack_pattern, 'external_references'): - for reference in attack_pattern.external_references: - source_name = reference['source_name'] - value = reference['external_id'].split('-')[1] if source_name == 'capec' else reference['url'] - attribute = deepcopy(stix2misp_mapping.attack_pattern_references_mapping[source_name]) if source_name in stix2misp_mapping.attack_pattern_references_mapping else stix2misp_mapping.references_attribute_mapping - attribute['value'] = value - misp_object.add_attribute(**attribute) - self.fill_misp_object(misp_object, attack_pattern, 'attack_pattern_mapping') - self.misp_event.add_object(**misp_object) - - def parse_course_of_action(self, course_of_action): - galaxy_names = self._check_existing_galaxy_name(course_of_action.name) - if galaxy_names is not None: - self.galaxy[course_of_action['id'].split('--')[1]] = {'tag_names': galaxy_names, 'used': False} - else: - misp_object = self.create_misp_object(course_of_action) - self.fill_misp_object(misp_object, course_of_action, 'course_of_action_mapping') - self.misp_event.add_object(**misp_object) - - def parse_usual_indicator(self, indicator, separator): - pattern = tuple(part.strip() for part in self._handle_pattern(indicator.pattern).split(separator)) - types = self._parse_pattern_types(pattern) - try: - getattr(self, stix2misp_mapping.pattern_mapping[types])(indicator, separator) - except KeyError: - print(f'Type(s) not supported at the moment: {types}\n', file=sys.stderr) - self.add_stix2_pattern_object(indicator) - - def parse_vulnerability(self, vulnerability): - galaxy_names = self._check_existing_galaxy_name(vulnerability.name) - if galaxy_names is not None: - self.galaxy[vulnerability['id'].split('--')[1]] = {'tag_names': galaxy_names, 'used': False} - else: - attributes = self._get_attributes_from_observable(vulnerability, 'vulnerability_mapping') - if hasattr(vulnerability, 'external_references'): - for reference in vulnerability.external_references: - if reference['source_name'] == 'url': - attribute = deepcopy(stix2misp_mapping.references_attribute_mapping) - attribute['value'] = reference['url'] - attributes.append(attribute) - if len(attributes) == 1 and attributes[0]['object_relation'] == 'id': - attributes[0]['type'] = 'vulnerability' - self.handle_import_case(vulnerability, attributes, 'vulnerability') - - ################################################################################ - ## OBSERVABLE PARSING FUNCTIONS ## - ################################################################################ - - @staticmethod - def _fetch_reference_type(references, object_type): - for key, reference in references.items(): - if isinstance(reference, getattr(stix2.v20.observables, object_type)): - return key - return None - - @staticmethod - def _fetch_user_account_type_observable(observable_objects): - for observable_object in observable_objects.values(): - if hasattr(observable_object, 'extensions') or any(key not in ('user_id', 'credential', 'type') for key in observable_object): - return 'user-account', 'user_account_mapping' - return 'credential', 'credential_mapping' - - @staticmethod - def _get_attributes_from_observable(stix_object, mapping): - attributes = [] - for key, value in stix_object.items(): - if key in getattr(stix2misp_mapping, mapping) and value: - attribute = deepcopy(getattr(stix2misp_mapping, mapping)[key]) - attribute.update({'value': value, 'to_ids': False}) - attributes.append(attribute) - return attributes - - def get_network_traffic_attributes(self, network_traffic, references): - attributes = self._get_attributes_from_observable(network_traffic, 'network_traffic_mapping') - mapping = 'network_traffic_references_mapping' - attributes.extend(self.parse_network_traffic_references(network_traffic, references, mapping)) - if references: - for reference in references.values(): - attributes.append(self._parse_observable_reference(reference, mapping, 'dst')) - return attributes - - @staticmethod - def _handle_attachment_type(stix_object, is_reference, filename): - _has_md5 = hasattr(stix_object, 'hashes') and 'MD5' in stix_object.hashes - if is_reference and _has_md5: - return 'malware-sample', f'{filename}|{stix_object.hashes["MD5"]}' - return 'attachment', filename - - def handle_pe_observable(self, attributes, extension, observable): - pe_uuid = self.parse_pe(extension) - file = self.create_misp_object(observable, 'file') - file.add_reference(pe_uuid, 'includes') - for attribute in attributes: - file.add_attribute(**attribute) - self.misp_event.add_object(file) - - @staticmethod - def _is_reference(network_traffic, reference): - for feature in ('src', 'dst'): - for reference_type in (f'{feature}_{ref}' for ref in ('ref', 'refs')): - if reference in network_traffic.get(reference_type, []): - return True - return False - - @staticmethod - def _network_traffic_has_extension(network_traffic): - if not hasattr(network_traffic, 'extensions'): - return None - if 'socket-ext' in network_traffic.extensions: - return 'parse_socket_extension_observable' - return None - - def parse_asn_observable(self, observable): - autonomous_system, references = self.filter_main_object(observable.objects, 'AutonomousSystem') - mapping = 'asn_mapping' - attributes = self._get_attributes_from_observable(autonomous_system, mapping) - if references: - for reference in references.values(): - attributes.append(self._parse_observable_reference(reference, mapping)) - self.handle_import_case(observable, attributes, 'asn') - - def parse_domain_ip_observable(self, observable): - domain, references = self.filter_main_object(observable.objects, 'DomainName') - mapping = 'domain_ip_mapping' - attributes = [self._parse_observable_reference(domain, mapping)] - if references: - for reference in references.values(): - attributes.append(self._parse_observable_reference(reference, mapping)) - self.handle_import_case(observable, attributes, 'domain-ip') - - def parse_domain_ip_network_traffic_observable(self, observable): - network_traffic, references = self.filter_main_object(observable.objects, 'NetworkTraffic') - extension = self._network_traffic_has_extension(network_traffic) - if extension: - attributes, object_name = getattr(self, extension)(network_traffic, references) - return self.handle_import_case(observable, attributes, object_name) - if self._required_protocols(network_traffic.protocols): - attributes = self.parse_network_connection_object(network_traffic, references) - return self.handle_import_case(observable, attributes, 'network-connection') - attributes, object_name = self.parse_network_traffic_objects(network_traffic, references) - self.handle_import_case(observable, attributes, object_name) - - def parse_domain_network_traffic_observable(self, observable): - network_traffic, references = self.filter_main_object(observable.objects, 'NetworkTraffic') - extension = self._network_traffic_has_extension(network_traffic) - if extension: - attributes, object_name = getattr(self, extension)(network_traffic, references) - return self.handle_import_case(observable, attributes, object_name) - attributes = self.parse_network_connection_object(network_traffic, references) - self.handle_import_case(observable, attributes, 'network-connection') - - def parse_email_address_observable(self, observable): - self.add_attributes_from_observable(observable, 'email-src', 'value') - - def parse_email_observable(self, observable): - email_message, references = self.filter_main_object(observable.objects, 'EmailMessage') - attributes = self._get_attributes_from_observable(email_message, 'email_mapping') - if hasattr(email_message, 'additional_header_fields'): - attributes.extend(self._get_attributes_from_observable(email_message.additional_header_fields, 'email_mapping')) - attributes.extend(self._parse_email_references(email_message, references)) - if hasattr(email_message, 'body_multipart') and email_message.body_multipart: - attributes.extend(self._parse_email_body(email_message.body_multipart, references)) - if references: - print(f'Unable to parse the following observable objects: {references}', file=sys.stderr) - self.handle_import_case(observable, attributes, 'email') - - def parse_file_observable(self, observable): - file_object, references = self.filter_main_object(observable.objects, 'File') - attributes = self._get_attributes_from_observable(file_object, 'file_mapping') - if 'hashes' in file_object: - attributes.extend(self._get_attributes_from_observable(file_object.hashes, 'file_mapping')) - if references: - filename = file_object.name if hasattr(file_object, 'name') else 'unknown_filename' - for key, reference in references.items(): - if isinstance(reference, stix2.v20.observables.Artifact): - _is_content_ref = 'content_ref' in file_object and file_object.content_ref == key - attribute_type, value = self._handle_attachment_type(reference, _is_content_ref, filename) - attribute = { - 'type': attribute_type, - 'object_relation': attribute_type, - 'value': value, - 'to_ids': False - } - if hasattr(reference, 'payload_bin'): - attribute['data'] = reference.payload_bin - attributes.append(attribute) - elif isinstance(reference, stix2.v20.observables.Directory): - attribute = { - 'type': 'text', - 'object_relation': 'path', - 'value': reference.path, - 'to_ids': False - } - attributes.append(attribute) - if hasattr(file_object, 'extensions'): - # Support of more extension types probably in the future - if 'windows-pebinary-ext' in file_object.extensions: - # Here we do not go to the standard route of "handle_import_case" - # because we want to make sure a file object is created - return self.handle_pe_observable(attributes, file_object.extensions['windows-pebinary-ext'], observable) - extension_types = (extension_type for extension_type in file_object.extensions.keys()) - print(f'File extension type(s) not supported at the moment: {", ".join(extension_types)}', file=sys.stderr) - self.handle_import_case(observable, attributes, 'file', _force_object=('file-encoding', 'path')) - - def parse_ip_address_observable(self, observable): - attributes = [] - for observable_object in observable.objects.values(): - attribute = { - 'value': observable_object.value, - 'to_ids': False - } - attribute.update(stix2misp_mapping.ip_attribute_mapping) - attributes.append(attribute) - self.handle_import_case(observable, attributes, 'ip-port') - - def parse_ip_network_traffic_observable(self, observable): - network_traffic, references = self.filter_main_object(observable.objects, 'NetworkTraffic') - extension = self._network_traffic_has_extension(network_traffic) - if extension: - attributes, object_name = getattr(self, extension)(network_traffic, references) - return self.handle_import_case(observable, attributes, object_name) - attributes = self.parse_ip_port_object(network_traffic, references) - self.handle_import_case(observable, attributes, 'ip-port') - - def parse_ip_port_object(self, network_traffic, references): - attributes = self._get_attributes_from_observable(network_traffic, 'network_traffic_mapping') - attributes.extend(self.parse_network_traffic_references(network_traffic, references, 'ip_port_references_mapping')) - if references: - for reference in references.values(): - attributes.append(self._parse_observable_reference(reference, 'domain_ip_mapping')) - return attributes - - def parse_mac_address_observable(self, observable): - self.add_attributes_from_observable(observable, 'mac-address', 'value') - - def parse_network_connection_object(self, network_traffic, references): - attributes = self.get_network_traffic_attributes(network_traffic, references) - attributes.extend(self.parse_protocols(network_traffic.protocols, 'observable object')) - return attributes - - def parse_network_traffic_objects(self, network_traffic, references): - _has_domain = self._fetch_reference_type(references.values(), 'DomainName') - if _has_domain and self._is_reference(network_traffic, _has_domain): - return self.parse_network_connection_object(network_traffic, references), 'network-connection' - return self.parse_ip_port_object(network_traffic, references), 'ip-port' - - def parse_network_traffic_references(self, network_traffic, references, mapping): - attributes = [] - for feature in ('src', 'dst'): - ref = f'{feature}_ref' - if hasattr(network_traffic, ref): - reference = getattr(network_traffic, ref) - attributes.append(self._parse_observable_reference(references.pop(reference), mapping, feature)) - if hasattr(network_traffic, f'{ref}s'): - for reference in getattr(network_traffic, f'{ref}s'): - attributes.append(self._parse_observable_reference(references.pop(reference), mapping, feature)) - return attributes - - def parse_mutex_observable(self, observable): - self.add_attributes_from_observable(observable, 'mutex', 'name') - - def parse_process_observable(self, observable): - process, references = self.filter_main_object(observable.objects, 'Process', test_function='_process_test_filter') - attributes = self._get_attributes_from_observable(process, 'process_mapping') - if hasattr(process, 'parent_ref'): - attributes.extend(self._get_attributes_from_observable(references.pop(process.parent_ref), 'parent_process_reference_mapping')) - if hasattr(process, 'child_refs'): - for reference in process.child_refs: - attributes.extend(self._get_attributes_from_observable(references.pop(reference), 'child_process_reference_mapping')) - if hasattr(process, 'binary_ref'): - reference = references.pop(process.binary_ref) - attribute = { - 'value': reference.name, - 'to_ids': False - } - attribute.update(stix2misp_mapping.process_image_mapping) - attributes.append(attribute) - if references: - print(f'Unable to parse the following observable objects: {references}', file=sys.stderr) - self.handle_import_case(observable, attributes, 'process', _force_object=True) - - def parse_protocols(self, protocols, object_type): - attributes = [] - protocols = (protocol.upper() for protocol in protocols) - for protocol in protocols: - try: - attributes.append(self._parse_network_traffic_protocol(protocol)) - except KeyError: - print(f'Unknown protocol in network-traffic {object_type}: {protocol}', file=sys.stderr) - return attributes - - def parse_regkey_observable(self, observable): - attributes = [] - for observable_object in observable.objects.values(): - attributes.extend(self._get_attributes_from_observable(observable_object, 'regkey_mapping')) - if 'values' in observable_object: - for registry_value in observable_object['values']: - attributes.extend(self._get_attributes_from_observable(registry_value, 'regkey_mapping')) - self.handle_import_case(observable, attributes, 'registry-key') - - def parse_socket_extension_observable(self, network_traffic, references): - attributes = self.get_network_traffic_attributes(network_traffic, references) - for key, value in network_traffic.extensions['socket-ext'].items(): - if key not in stix2misp_mapping.network_socket_extension_mapping: - print(f'Unknown socket extension field in observable object: {key}', file=sys.stderr) - continue - if key.startswith('is_') and not value: - continue - attribute = { - 'value': key.split('_')[1] if key.startswith('is_') else value, - 'to_ids': False - } - attribute.update(stix2misp_mapping.network_socket_extension_mapping[key]) - attributes.append(attribute) - return attributes, 'network-socket' - - def parse_url_observable(self, observable): - network_traffic, references = self.filter_main_object(observable.objects, 'NetworkTraffic') - attributes = self._get_attributes_from_observable(network_traffic, 'network_traffic_mapping') if network_traffic else [] - if references: - for reference in references.values(): - attributes.append(self._parse_observable_reference(reference, 'url_mapping')) - self.handle_import_case(observable, attributes, 'url') - - def parse_user_account_extension(self, extension): - attributes = self._parse_user_account_groups(extension['groups']) if 'groups' in extension else [] - attributes.extend(self._get_attributes_from_observable(extension, 'user_account_mapping')) - return attributes - - def parse_user_account_observable(self, observable): - attributes = [] - object_name, mapping = self._fetch_user_account_type_observable(observable.objects) - for observable_object in observable.objects.values(): - attributes.extend(self._get_attributes_from_observable(observable_object, mapping)) - if hasattr(observable_object, 'extensions') and observable_object.extensions.get('unix-account-ext'): - attributes.extend(self.parse_user_account_extension(observable_object.extensions['unix-account-ext'])) - self.handle_import_case(observable, attributes, object_name) - - def parse_x509_observable(self, observable): - attributes = [] - for observable_object in observable.objects.values(): - attributes.extend(self._get_attributes_from_observable(observable_object, 'x509_mapping')) - if hasattr(observable_object, 'hashes'): - attributes.extend(self._get_attributes_from_observable(observable_object.hashes, 'x509_mapping')) - self.handle_import_case(observable, attributes, 'x509') - - ################################################################################ - ## PATTERN PARSING FUNCTIONS. ## - ################################################################################ - - @staticmethod - def _fetch_user_account_type_pattern(pattern): - for stix_object in pattern: - if 'extensions' in stix_object or all(key not in stix_object for key in ('user_id', 'credential', 'type')): - return 'user-account', 'user_account_mapping' - return 'credential', 'credential_mapping' - - def get_attachment(self, attachment, filename): - attribute = { - 'type': 'attachment', - 'object_relation': 'attachment', - 'value': attachment.pop(filename) - } - data_feature = self._choose_with_priority(attachment, 'file:content_ref.payload_bin', 'artifact:payload_bin') - attribute['data'] = attachment.pop(data_feature) - return attribute - - def get_attributes_from_pattern(self, pattern, mapping, separator): - attributes = [] - for pattern_part in pattern.strip('[]').split(separator): - pattern_type, pattern_value = self.get_type_and_value_from_pattern(pattern_part) - try: - attribute = deepcopy(getattr(stix2misp_mapping, mapping)[pattern_type]) - except KeyError: - print(f'Pattern type not supported at the moment: {pattern_type}', file=sys.stderr) - continue - attribute['value'] = pattern_value - attributes.append(attribute) - return attributes - - def get_malware_sample(self, attachment, filename): - md5_feature = self._choose_with_priority(attachment, "file:content_ref.hashes.'MD5'", "file:hashes.'MD5'") - attribute = { - 'type': 'malware-sample', - 'object_relation': 'malware-sample', - 'value': f'{attachment.pop(filename)}|{attachment.pop(md5_feature)}' - } - data_feature = self._choose_with_priority(attachment, 'file:content_ref.payload_bin', 'artifact:payload_bin') - attribute['data'] = attachment.pop(data_feature) - return attribute - - def _handle_file_attachments(self, attachment): - attributes = [] - if any('content_ref' in feature for feature in attachment.keys()): - attribute_type = 'attachment' - value = attachment['file:name'] if 'file:name' in attachment else 'unknown_filename' - if "file:content_ref.hashes.'MD5'" in attachment: - attribute_type = 'malware-sample' - md5 = attachment.pop("file:content_ref.hashes.'MD5'") - value = f'{value}|{md5}' - data = self._choose_with_priority(attachment, 'file:content_ref.payload_bin', 'artifact:payload_bin') - attribute = { - 'type': attribute_type, - 'object_relation': attribute_type, - 'value': value, - 'data': attachment.pop(data) - } - attributes.append(attribute) - if 'artifact:payload_bin' in attachment: - attribute = { - 'type': 'attachment', - 'object_relation': 'attachment', - 'value': attachment['file:name'], - 'data': attachment.pop('artifact:payload_bin') - } - attributes.append(attribute) - return attributes - - def parse_as_pattern(self, indicator, separator): - attributes = self.get_attributes_from_pattern(indicator.pattern, 'asn_mapping', separator) - self.handle_import_case(indicator, attributes, 'asn') - - def parse_domain_ip_port_pattern(self, indicator, separator): - attributes = [] - references = defaultdict(dict) - for pattern_part in self._handle_pattern(indicator.pattern).split(separator): - pattern_type, pattern_value = self.get_type_and_value_from_pattern(pattern_part) - if pattern_type not in stix2misp_mapping.domain_ip_mapping: - if any(pattern_type.startswith(f'network-traffic:{feature}_ref') for feature in ('src', 'dst')): - feature_type, ref = pattern_type.split(':')[1].split('_') - ref, feature = ref.split('.') - ref = f"{feature_type}_{'0' if ref == 'ref' else ref.strip('ref[]')}" - references[ref].update(self._parse_network_connection_reference(feature_type, feature, pattern_value)) - else: - print(f'Pattern type not currently mapped: {pattern_type}', file=sys.stderr) - continue - attribute = deepcopy(stix2misp_mapping.domain_ip_mapping[pattern_type]) - attribute['value'] = pattern_value - attributes.append(attribute) - if references: - attributes.extend(references.values()) - object_name = 'ip-port' if 'network-traffic' in indicator.pattern else 'domain-ip' - self.handle_import_case(indicator, attributes, object_name) - - def parse_email_address_pattern(self, indicator, separator): - self.add_attributes_from_indicator(indicator, 'email-src', separator) - - def parse_email_message_pattern(self, indicator, separator): - attributes = [] - attachments = defaultdict(dict) - for pattern_part in self._handle_pattern(indicator.pattern).split(separator): - pattern_type, pattern_value = self.get_type_and_value_from_pattern(pattern_part) - if pattern_type not in stix2misp_mapping.email_mapping: - if pattern_type.startswith('email-message:body_multipart'): - features = pattern_type.split('.') - if len(features) == 3 and features[1] == 'body_raw_ref': - index = features[0].split('[')[1].strip(']') if '[' in features[0] else '0' - key = 'data' if features[2] == 'payload_bin' else 'value' - attachments[index][key] = pattern_value - continue - print(f'Pattern type not supported at the moment: {pattern_type}', file=sys.stderr) - continue - attribute = deepcopy(stix2misp_mapping.email_mapping[pattern_type]) - attribute['value'] = pattern_value - attributes.append(attribute) - if attachments: - for attachment in attachments.values(): - attribute = { - 'type': 'attachment', - 'object_relation': 'screenshot' - } if 'data' in attachment else { - 'type': 'email-attachment', - 'object_relation': 'attachment' - } - attribute.update(attachment) - attributes.append(attribute) - self.handle_import_case(indicator, attributes, 'email') - - def parse_file_pattern(self, indicator, separator): - attributes = [] - attachment = {} - extensions = defaultdict(lambda: defaultdict(dict)) - for pattern_part in self._handle_pattern(indicator.pattern).split(separator): - pattern_type, pattern_value = self.get_type_and_value_from_pattern(pattern_part) - if pattern_type in stix2misp_mapping.attachment_types: - attachment[pattern_type] = pattern_value.strip("'") - continue - if pattern_type not in stix2misp_mapping.file_mapping: - if 'extensions' in pattern_type: - features = pattern_type.split('.')[1:] - extension_type = features.pop(0).strip("'") - if 'section' in features[0] and features[0] != 'number_of_sections': - index = features[0].split('[')[1].strip(']') if '[' in features[0] else '0' - extensions[extension_type][f'section_{index}'][features[-1].strip("'")] = pattern_value - else: - extensions[extension_type]['.'.join(features)] = pattern_value - continue - attribute = deepcopy(stix2misp_mapping.file_mapping[pattern_type]) - attribute['value'] = pattern_value - attributes.append(attribute) - if any(key.endswith('payload_bin') for key in attachment.keys()): - attributes.extend(self._handle_file_attachments(attachment)) - if attachment: - for pattern_type, value in attachment.items(): - if pattern_type in stix2misp_mapping.file_mapping: - attribute = deepcopy(stix2misp_mapping.file_mapping[pattern_type]) - attribute['value'] = value - attributes.append(attribute) - if extensions: - file_object = self.create_misp_object(indicator, 'file') - self.parse_file_extension(file_object, attributes, extensions) - else: - self.handle_import_case(indicator, attributes, 'file', _force_object=('file-encoding', 'path')) - - def parse_file_extension(self, file_object, attributes, extensions): - for attribute in attributes: - file_object.add_attribute(**attribute) - if 'windows-pebinary-ext' in extensions: - pe_extension = extensions['windows-pebinary-ext'] - pe_object = MISPObject('pe', misp_objects_path_custom=_misp_objects_path) - sections = self._get_sections(pe_extension) - self.fill_misp_object_from_dict(pe_object, pe_extension, 'pe_mapping') - if sections: - for section in sections: - section_object = MISPObject('pe-section') - self.fill_misp_object_from_dict(section_object, section, 'pe_section_mapping') - self.misp_event.add_object(section_object) - pe_object.add_reference(section_object.uuid, 'includes') - self.misp_event.add_object(pe_object) - file_object.add_reference(pe_object.uuid, 'includes') - self.misp_event.add_object(file_object) - - def parse_ip_address_pattern(self, indicator, separator): - self.add_attributes_from_indicator(indicator, 'ip-dst', separator) - - def parse_mac_address_pattern(self, indicator, separator): - self.add_attributes_from_indicator(indicator, 'mac-address', separator) - - def parse_mutex_pattern(self, indicator, separator): - self.add_attributes_from_indicator(indicator, 'mutex', separator) - - def parse_network_connection_pattern(self, indicator, attributes, references): - attributes.extend(self._parse_network_pattern_references(references, 'network_traffic_references_mapping')) - self.handle_import_case(indicator, attributes, 'network-connection') - - @staticmethod - def _parse_network_pattern_references(references, mapping): - attributes = [] - for feature, reference in references.items(): - feature = feature.split('_')[0] - attribute = {key: value.format(feature) for key, value in getattr(stix2misp_mapping, mapping)[reference['type']].items()} - attribute['value'] = reference['value'] - attributes.append(attribute) - return attributes - - def parse_network_socket_pattern(self, indicator, attributes, references, extension): - attributes.extend(self._parse_network_pattern_references(references, 'network_traffic_references_mapping')) - for key, value in extension.items(): - if key not in stix2misp_mapping.network_socket_extension_mapping: - print(f'Unknown socket extension field in pattern: {key}', file=sys.stderr) - continue - if key.startswith('is_') and not json.loads(value.lower()): - continue - attribute = deepcopy(stix2misp_mapping.network_socket_extension_mapping[key]) - attribute['value'] = key.split('_')[1] if key.startswith('is_') else value - attributes.append(attribute) - self.handle_import_case(indicator, attributes, 'network-socket') - - def parse_network_traffic_pattern(self, indicator, separator): - attributes = [] - protocols = [] - references = defaultdict(dict) - extensions = defaultdict(dict) - for pattern_part in self._handle_pattern(indicator.pattern).split(separator): - pattern_type, pattern_value = self.get_type_and_value_from_pattern(pattern_part) - if pattern_type in stix2misp_mapping.network_traffic_mapping: - attribute = deepcopy(stix2misp_mapping.network_traffic_mapping[pattern_type]) - attribute['value'] = pattern_value.strip("'") - attributes.append(attribute) - continue - if pattern_type.startswith('network-traffic:protocols['): - protocols.append(pattern_value) - elif any(pattern_type.startswith(f'network-traffic:{feature}_ref') for feature in ('src', 'dst')): - feature_type, ref = pattern_type.split(':')[1].split('_') - ref, feature = ref.split('.') - ref = f"{feature_type}_{'0' if ref == 'ref' else ref.strip('ref[]')}" - references[ref].update({feature: pattern_value}) - elif pattern_type.startswith('network-traffic:extensions.'): - _, extension_type, feature = pattern_type.split('.') - extensions[extension_type.strip("'")][feature] = pattern_value - else: - print(f'Pattern type not supported at the moment: {pattern_type}', file=sys.stderr) - if extensions: - if 'socket-ext' in extensions: - return self.parse_network_socket_pattern(indicator, attributes, references, extensions['socket-ext']) - print(f'Unknown network extension(s) in pattern: {", ".join(extensions.keys())}', file=sys.stderr) - if protocols and self._required_protocols(protocols): - attributes.extend(self.parse_protocols(protocols, 'pattern')) - return self.parse_network_connection_pattern(indicator, attributes, references) - attributes.extend(self._parse_network_pattern_references(references, 'ip_port_references_mapping')) - self.handle_import_case(indicator, attributes, 'ip-port') - - def parse_process_pattern(self, indicator, separator): - attributes = [] - parent = {} - child = defaultdict(set) - for pattern_part in self._handle_pattern(indicator.pattern).split(separator): - pattern_type, pattern_value = self.get_type_and_value_from_pattern(pattern_part) - if 'parent_' in pattern_type: - child[pattern_type.split('.')[-1]].add(pattern_value) - elif 'child_' in pattern_type: - parent[pattern_type.split('.')[-1]] = pattern_value - else: - try: - attribute = deepcopy(stix2misp_mapping.process_mapping[pattern_type]) - except KeyError: - print(f'Pattern type not supported at the moment: {pattern_type}', file=sys.stderr) - continue - attribute['value'] = pattern_value - attributes.append(attribute) - if parent: - for key, value in parent.items(): - if key not in stix2misp_mapping.parent_process_reference_mapping: - print(f'Parent process key from pattern not supported at the moment: {key}', file=sys.stderr) - continue - attribute = {'value': value} - attribute.update(stix2misp_mapping.parent_process_reference_mapping[key]) - attributes.append(attribute) - if child: - for key, values in child.items(): - if key not in stix2misp_mapping.child_process_reference_mapping: - print(f'Child process key from pattern not supported at the moment: {key}', file=sys.stderr) - continue - for value in values: - attribute = {'value': value} - attribute.update(stix2misp_mapping.child_process_reference_mapping[key]) - attributes.append(attribute) - self.handle_import_case(indicator, attributes, 'process', _force_object=True) - - def parse_regkey_pattern(self, indicator, separator): - attributes = self.get_attributes_from_pattern(indicator.pattern, 'regkey_mapping', separator) - self.handle_import_case(indicator, attributes, 'registry-key') - - def parse_url_pattern(self, indicator, separator): - attributes = self.get_attributes_from_pattern(indicator.pattern, 'url_mapping', separator) - self.handle_import_case(indicator, attributes, 'url') - - def parse_user_account_pattern(self, indicator, separator): - attributes = [] - pattern = self._handle_pattern(indicator.pattern).split(separator) - object_name, mapping = self._fetch_user_account_type_pattern(pattern) - for pattern_part in pattern: - pattern_type, pattern_value = self.get_type_and_value_from_pattern(pattern_part) - pattern_type = pattern_type.split(':')[1] - if pattern_type.startswith('extensions.'): - pattern_type = pattern_type.split('.')[-1] - if '[' in pattern_type: - pattern_type = pattern_type.split('[')[0] - if pattern_type in ('group', 'groups'): - attributes.append({'type': 'text', 'object_relation': 'group', 'value': pattern_value}) - continue - if pattern_type in getattr(stix2misp_mapping, mapping): - attribute = deepcopy(getattr(stix2misp_mapping, mapping)[pattern_type]) - attribute['value'] = pattern_value - attributes.append(attribute) - self.handle_import_case(indicator, attributes, object_name) - - def parse_x509_pattern(self, indicator, separator): - attributes = self.get_attributes_from_pattern(indicator.pattern, 'x509_mapping', separator) - self.handle_import_case(indicator, attributes, 'x509') - - ################################################################################ - ## UTILITY FUNCTIONS. ## - ################################################################################ - - def add_attributes_from_indicator(self, indicator, attribute_type, separator): - patterns = self._handle_pattern(indicator.pattern).split(separator) - if len(patterns) == 1: - _, value = self.get_type_and_value_from_pattern(patterns[0]) - attribute = MISPAttribute() - attribute.from_dict(**{ - 'uuid': indicator.id.split('--')[1], - 'type': attribute_type, - 'value': value, - 'to_ids': True - }) - attribute.update(self.parse_timeline(indicator)) - self.misp_event.add_attribute(**attribute) - else: - tmp_attribute = self.parse_timeline(indicator) - for pattern in patterns: - _, value = self.get_type_and_value_from_pattern(pattern) - attribute = MISPAttribute() - attribute.from_dict(**{ - 'type': attribute_type, - 'value': value, - 'to_ids': True - }) - attribute.update(tmp_attribute) - self.misp_event.add_attribute(**attribute) - - def add_attributes_from_observable(self, observable, attribute_type, feature): - if len(observable.objects) == 1: - attribute = MISPAttribute() - attribute.from_dict(**{ - 'uuid': observable.id.split('--')[1], - 'type': attribute_type, - 'value': getattr(observable.objects['0'], feature), - 'to_ids': False - }) - attribute.update(self.parse_timeline(observable)) - self.misp_event.add_attribute(**attribute) - else: - tmp_attribute = self.parse_timeline(observable) - for observable_object in observable.objects.values(): - attribute = MISPAttribute() - attribute.from_dict(**{ - 'type': attribute_type, - 'value': getattr(observable_object, feature), - 'to_ids': False - }) - attribute.update(tmp_attribute) - self.misp_event.add_attribute(**attribute) - - def _check_existing_galaxy_name(self, galaxy_name): - if galaxy_name in self._synonyms_to_tag_names: - return self._synonyms_to_tag_names[galaxy_name] - for name, tag_names in self._synonyms_to_tag_names.items(): - if galaxy_name in name: - return tag_names - return None - - def create_misp_object(self, stix_object, name=None): - misp_object = MISPObject(name if name is not None else stix_object.type, - misp_objects_path_custom=_misp_objects_path) - misp_object.uuid = stix_object.id.split('--')[1] - if hasattr(stix_object, 'description') and stix_object.description: - misp_object.comment = stix_object.description - misp_object.update(self.parse_timeline(stix_object)) - return misp_object - - @staticmethod - def _get_sections(pe_extension): - sections = [feature for feature in pe_extension.keys() if feature.startswith('section_')] - return (pe_extension.pop(feature) for feature in sections) - - @staticmethod - def get_type_and_value_from_pattern(pattern): - pattern = pattern.strip('[]') - try: - pattern_type, pattern_value = pattern.split(' = \'') - except ValueError: - pattern_type, pattern_value = pattern.split('=') - return pattern_type.strip(), pattern_value.strip("'") - - def handle_import_case(self, stix_object, attributes, name, _force_object=False): - try: - if len(attributes) > 1 or (_force_object and self._handle_object_forcing(_force_object, attributes[0])): - misp_object = self.create_misp_object(stix_object, name) - for attribute in attributes: - misp_object.add_attribute(**attribute) - self.misp_event.add_object(**misp_object) - else: - attribute = {field: attributes[0][field] for field in stix2misp_mapping.single_attribute_fields if attributes[0].get(field) is not None} - attribute['uuid'] = stix_object.id.split('--')[1] - attribute.update(self.parse_timeline(stix_object)) - if isinstance(stix_object, stix2.v20.Indicator): - attribute['to_ids'] = True - if hasattr(stix_object, 'object_marking_refs'): - self.update_marking_refs(attribute['uuid'], stix_object.object_marking_refs) - self.misp_event.add_attribute(**attribute) - except IndexError: - object_type = 'indicator' if isinstance(stix_object, stix2.Indicator) else 'observable objects' - print(f'No attribute or object could be imported from the following {object_type}: {stix_object}', file=sys.stderr) - - @staticmethod - def _handle_object_forcing(_force_object, attribute): - if isinstance(_force_object, (list, tuple)): - return attribute['object_relation'] in _force_object - return _force_object - - @staticmethod - def _handle_pattern(pattern): - return pattern.strip().strip('[]') - - @staticmethod - def _parse_observable_types(observable_objects): - types = {observable_object._type for observable_object in observable_objects.values()} - return tuple(sorted(types)) - - @staticmethod - def _parse_pattern_types(pattern): - types = {part.split('=')[0].split(':')[0].strip('[') for part in pattern} - return tuple(sorted(types)) - - @staticmethod - def _required_protocols(protocols): - protocols = tuple(protocol.upper() for protocol in protocols) - if any(protocol not in ('TCP', 'IP') for protocol in protocols): - return True - return False - - -def from_misp(stix_objects): - for stix_object in stix_objects: - if stix_object['type'] == "report" and 'misp:tool="misp2stix2"' in stix_object.get('labels', []): - return True - return False - - -def main(args): - filename = args[1] if args[1][0] == '/' else Path(os.path.dirname(args[0]), args[1]) - with open(filename, 'rt', encoding='utf-8') as f: - event = stix2.parse(f.read(), allow_custom=True, interoperability=True) - stix_parser = StixFromMISPParser() if from_misp(event.objects) else ExternalStixParser() - stix_parser.handler(event, filename, args[2:]) - stix_parser.save_file() - print(1) - - -if __name__ == '__main__': - main(sys.argv) diff --git a/misp_modules/lib/stix2misp_mapping.py b/misp_modules/lib/stix2misp_mapping.py deleted file mode 100644 index 706d9903..00000000 --- a/misp_modules/lib/stix2misp_mapping.py +++ /dev/null @@ -1,460 +0,0 @@ -################################################################################ -# ATTRIBUTES AND OBJECTS MAPPING # -################################################################################ - -attributes_mapping = { - 'filename': '_parse_name', - 'ip-src': '_parse_value', - 'ip-dst': '_parse_value', - 'hostname': '_parse_value', - 'domain': '_parse_value', - 'domain|ip': '_parse_domain_ip_attribute', - 'email-src': '_parse_value', - 'email-dst': '_parse_value', - 'email-attachment': '_parse_name', - 'url': '_parse_value', - 'regkey': '_parse_regkey_attribute', - 'regkey|value': '_parse_regkey_value', - 'malware-sample': '_parse_malware_sample', - 'mutex': '_parse_name', - 'uri': '_parse_value', - 'port': '_parse_port', - 'ip-dst|port': '_parse_network_attribute', - 'ip-src|port': '_parse_network_attribute', - 'hostname|port': '_parse_network_attribute', - 'email-reply-to': '_parse_email_reply_to', - 'attachment': '_parse_attachment', - 'mac-address': '_parse_value', - 'AS': '_parse_number' -} - -attributes_type_mapping = { - 'md5': '_parse_hash', - 'sha1': '_parse_hash', - 'sha256': '_parse_hash', - 'filename|md5': '_parse_filename_hash', - 'filename|sha1': '_parse_filename_hash', - 'filename|sha256': '_parse_filename_hash', - 'email-subject': '_parse_email_message', - 'email-body': '_parse_email_message', - 'authentihash': '_parse_hash', - 'ssdeep': '_parse_hash', - 'imphash': '_parse_hash', - 'pehash': '_parse_hash', - 'impfuzzy': '_parse_hash', - 'sha224': '_parse_hash', - 'sha384': '_parse_hash', - 'sha512': '_parse_hash', - 'sha512/224': '_parse_hash', - 'sha512/256': '_parse_hash', - 'tlsh': '_parse_hash', - 'cdhash': '_parse_hash', - 'filename|authentihash': '_parse_filename_hash', - 'filename|ssdeep': '_parse_filename_hash', - 'filename|imphash': '_parse_filename_hash', - 'filename|impfuzzy': '_parse_filename_hash', - 'filename|pehash': '_parse_filename_hash', - 'filename|sha224': '_parse_filename_hash', - 'filename|sha384': '_parse_filename_hash', - 'filename|sha512': '_parse_filename_hash', - 'filename|sha512/224': '_parse_filename_hash', - 'filename|sha512/256': '_parse_filename_hash', - 'filename|tlsh': '_parse_filename_hash', - 'x509-fingerprint-md5': '_parse_x509_attribute', - 'x509-fingerprint-sha1': '_parse_x509_attribute', - 'x509-fingerprint-sha256': '_parse_x509_attribute' -} - -objects_mapping = { - 'asn': { - 'observable': 'parse_asn_observable', - 'pattern': 'parse_asn_pattern'}, - 'credential': { - 'observable': 'parse_credential_observable', - 'pattern': 'parse_credential_pattern'}, - 'domain-ip': { - 'observable': 'parse_domain_ip_observable', - 'pattern': 'parse_domain_ip_pattern'}, - 'email': { - 'observable': 'parse_email_observable', - 'pattern': 'parse_email_pattern'}, - 'file': { - 'observable': 'parse_file_observable', - 'pattern': 'parse_file_pattern'}, - 'ip-port': { - 'observable': 'parse_ip_port_observable', - 'pattern': 'parse_ip_port_pattern'}, - 'network-connection': { - 'observable': 'parse_network_connection_observable', - 'pattern': 'parse_network_connection_pattern'}, - 'network-socket': { - 'observable': 'parse_network_socket_observable', - 'pattern': 'parse_network_socket_pattern'}, - 'process': { - 'observable': 'parse_process_observable', - 'pattern': 'parse_process_pattern'}, - 'registry-key': { - 'observable': 'parse_regkey_observable', - 'pattern': 'parse_regkey_pattern'}, - 'url': { - 'observable': 'parse_url_observable', - 'pattern': 'parse_url_pattern'}, - 'user-account': { - 'observable': 'parse_user_account_observable', - 'pattern': 'parse_user_account_pattern'}, - 'WindowsPEBinaryFile': { - 'observable': 'parse_pe_observable', - 'pattern': 'parse_pe_pattern'}, - 'x509': { - 'observable': 'parse_x509_observable', - 'pattern': 'parse_x509_pattern'} -} - -observable_mapping = { - ('artifact', 'file'): 'parse_file_observable', - ('artifact', 'directory', 'file'): 'parse_file_observable', - ('artifact', 'email-addr', 'email-message', 'file'): 'parse_email_observable', - ('autonomous-system',): 'parse_asn_observable', - ('autonomous-system', 'ipv4-addr'): 'parse_asn_observable', - ('autonomous-system', 'ipv6-addr'): 'parse_asn_observable', - ('autonomous-system', 'ipv4-addr', 'ipv6-addr'): 'parse_asn_observable', - ('directory', 'file'): 'parse_file_observable', - ('domain-name',): 'parse_domain_ip_observable', - ('domain-name', 'ipv4-addr'): 'parse_domain_ip_observable', - ('domain-name', 'ipv6-addr'): 'parse_domain_ip_observable', - ('domain-name', 'ipv4-addr', 'ipv6-addr'): 'parse_domain_ip_observable', - ('domain-name', 'ipv4-addr', 'network-traffic'): 'parse_domain_ip_network_traffic_observable', - ('domain-name', 'ipv6-addr', 'network-traffic'): 'parse_domain_ip_network_traffic_observable', - ('domain-name', 'ipv4-addr', 'ipv6-addr', 'network-traffic'): 'parse_domain_ip_network_traffic_observable', - ('domain-name', 'network-traffic'): 'parse_domain_network_traffic_observable', - ('domain-name', 'network-traffic', 'url'): 'parse_url_observable', - ('email-addr',): 'parse_email_address_observable', - ('email-addr', 'email-message'): 'parse_email_observable', - ('email-addr', 'email-message', 'file'): 'parse_email_observable', - ('email-message',): 'parse_email_observable', - ('file',): 'parse_file_observable', - ('file', 'process'): 'parse_process_observable', - ('ipv4-addr',): 'parse_ip_address_observable', - ('ipv6-addr',): 'parse_ip_address_observable', - ('ipv4-addr', 'network-traffic'): 'parse_ip_network_traffic_observable', - ('ipv6-addr', 'network-traffic'): 'parse_ip_network_traffic_observable', - ('ipv4-addr', 'ipv6-addr', 'network-traffic'): 'parse_ip_network_traffic_observable', - ('mac-addr',): 'parse_mac_address_observable', - ('mutex',): 'parse_mutex_observable', - ('process',): 'parse_process_observable', - ('x509-certificate',): 'parse_x509_observable', - ('url',): 'parse_url_observable', - ('user-account',): 'parse_user_account_observable', - ('windows-registry-key',): 'parse_regkey_observable' -} - -pattern_mapping = { - ('artifact', 'file'): 'parse_file_pattern', - ('artifact', 'directory', 'file'): 'parse_file_pattern', - ('autonomous-system', ): 'parse_as_pattern', - ('autonomous-system', 'ipv4-addr'): 'parse_as_pattern', - ('autonomous-system', 'ipv6-addr'): 'parse_as_pattern', - ('autonomous-system', 'ipv4-addr', 'ipv6-addr'): 'parse_as_pattern', - ('directory',): 'parse_file_pattern', - ('directory', 'file'): 'parse_file_pattern', - ('domain-name',): 'parse_domain_ip_port_pattern', - ('domain-name', 'ipv4-addr'): 'parse_domain_ip_port_pattern', - ('domain-name', 'ipv6-addr'): 'parse_domain_ip_port_pattern', - ('domain-name', 'ipv4-addr', 'ipv6-addr'): 'parse_domain_ip_port_pattern', - ('domain-name', 'ipv4-addr', 'url'): 'parse_url_pattern', - ('domain-name', 'ipv6-addr', 'url'): 'parse_url_pattern', - ('domain-name', 'ipv4-addr', 'ipv6-addr', 'url'): 'parse_url_pattern', - ('domain-name', 'network-traffic'): 'parse_domain_ip_port_pattern', - ('domain-name', 'network-traffic', 'url'): 'parse_url_pattern', - ('email-addr',): 'parse_email_address_pattern', - ('email-message',): 'parse_email_message_pattern', - ('file',): 'parse_file_pattern', - ('ipv4-addr',): 'parse_ip_address_pattern', - ('ipv6-addr',): 'parse_ip_address_pattern', - ('ipv4-addr', 'ipv6-addr'): 'parse_ip_address_pattern', - ('mac-addr',): 'parse_mac_address_pattern', - ('mutex',): 'parse_mutex_pattern', - ('network-traffic',): 'parse_network_traffic_pattern', - ('process',): 'parse_process_pattern', - ('url',): 'parse_url_pattern', - ('user-account',): 'parse_user_account_pattern', - ('windows-registry-key',): 'parse_regkey_pattern', - ('x509-certificate',): 'parse_x509_pattern' -} - -pattern_forbidden_relations = (' LIKE ', ' FOLLOWEDBY ', ' MATCHES ', ' ISSUBSET ', ' ISSUPERSET ', ' REPEATS ') -single_attribute_fields = ('type', 'value', 'to_ids') - - -################################################################################ -# OBSERVABLE OBJECTS AND PATTERNS MAPPING. # -################################################################################ - -address_family_attribute_mapping = {'type': 'text','object_relation': 'address-family'} -as_number_attribute_mapping = {'type': 'AS', 'object_relation': 'asn'} -description_attribute_mapping = {'type': 'text', 'object_relation': 'description'} -asn_subnet_attribute_mapping = {'type': 'ip-src', 'object_relation': 'subnet-announced'} -cc_attribute_mapping = {'type': 'email-dst', 'object_relation': 'cc'} -credential_attribute_mapping = {'type': 'text', 'object_relation': 'password'} -data_attribute_mapping = {'type': 'text', 'object_relation': 'data'} -data_type_attribute_mapping = {'type': 'text', 'object_relation': 'data-type'} -domain_attribute_mapping = {'type': 'domain', 'object_relation': 'domain'} -domain_family_attribute_mapping = {'type': 'text', 'object_relation': 'domain-family'} -dst_port_attribute_mapping = {'type': 'port', 'object_relation': 'dst-port'} -email_attachment_attribute_mapping = {'type': 'email-attachment', 'object_relation': 'attachment'} -email_date_attribute_mapping = {'type': 'datetime', 'object_relation': 'send-date'} -email_subject_attribute_mapping = {'type': 'email-subject', 'object_relation': 'subject'} -encoding_attribute_mapping = {'type': 'text', 'object_relation': 'file-encoding'} -end_datetime_attribute_mapping = {'type': 'datetime', 'object_relation': 'last-seen'} -entropy_mapping = {'type': 'float', 'object_relation': 'entropy'} -filename_attribute_mapping = {'type': 'filename', 'object_relation': 'filename'} -from_attribute_mapping = {'type': 'email-src', 'object_relation': 'from'} -imphash_mapping = {'type': 'imphash', 'object_relation': 'imphash'} -id_attribute_mapping = {'type': 'text', 'object_relation': 'id'} -ip_attribute_mapping = {'type': 'ip-dst', 'object_relation': 'ip'} -issuer_attribute_mapping = {'type': 'text', 'object_relation': 'issuer'} -key_attribute_mapping = {'type': 'regkey', 'object_relation': 'key'} -malware_sample_attribute_mapping = {'type': 'malware-sample', 'object_relation': 'malware-sample'} -mime_type_attribute_mapping = {'type': 'mime-type', 'object_relation': 'mimetype'} -modified_attribute_mapping = {'type': 'datetime', 'object_relation': 'last-modified'} -name_attribute_mapping = {'type': 'text', 'object_relation': 'name'} -network_traffic_ip = {'type': 'ip-{}', 'object_relation': 'ip-{}'} -number_sections_mapping = {'type': 'counter', 'object_relation': 'number-sections'} -password_mapping = {'type': 'text', 'object_relation': 'password'} -path_attribute_mapping = {'type': 'text', 'object_relation': 'path'} -pe_type_mapping = {'type': 'text', 'object_relation': 'type'} -pid_attribute_mapping = {'type': 'text', 'object_relation': 'pid'} -process_command_line_mapping = {'type': 'text', 'object_relation': 'command-line'} -process_creation_time_mapping = {'type': 'datetime', 'object_relation': 'creation-time'} -process_image_mapping = {'type': 'filename', 'object_relation': 'image'} -process_name_mapping = {'type': 'text', 'object_relation': 'name'} -regkey_name_attribute_mapping = {'type': 'text', 'object_relation': 'name'} -references_attribute_mapping = {'type': 'link', 'object_relation': 'references'} -reply_to_attribute_mapping = {'type': 'email-reply-to', 'object_relation': 'reply-to'} -screenshot_attribute_mapping = {'type': 'attachment', 'object_relation': 'screenshot'} -section_name_mapping = {'type': 'text', 'object_relation': 'name'} -serial_number_attribute_mapping = {'type': 'text', 'object_relation': 'serial-number'} -size_attribute_mapping = {'type': 'size-in-bytes', 'object_relation': 'size-in-bytes'} -src_port_attribute_mapping = {'type': 'port', 'object_relation': 'src-port'} -start_datetime_attribute_mapping = {'type': 'datetime', 'object_relation': 'first-seen'} -state_attribute_mapping = {'type': 'text', 'object_relation': 'state'} -summary_attribute_mapping = {'type': 'text', 'object_relation': 'summary'} -to_attribute_mapping = {'type': 'email-dst', 'object_relation': 'to'} -url_attribute_mapping = {'type': 'url', 'object_relation': 'url'} -url_port_attribute_mapping = {'type': 'port', 'object_relation': 'port'} -user_id_mapping = {'type': 'text', 'object_relation': 'username'} -x_mailer_attribute_mapping = {'type': 'email-x-mailer', 'object_relation': 'x-mailer'} -x509_md5_attribute_mapping = {'type': 'x509-fingerprint-md5', 'object_relation': 'x509-fingerprint-md5'} -x509_sha1_attribute_mapping = {'type': 'x509-fingerprint-sha1', 'object_relation': 'x509-fingerprint-sha1'} -x509_sha256_attribute_mapping = {'type': 'x509-fingerprint-sha256', 'object_relation': 'x509-fingerprint-sha256'} -x509_spka_attribute_mapping = {'type': 'text', 'object_relation': 'pubkey-info-algorithm'} # x509 subject public key algorithm -x509_spke_attribute_mapping = {'type': 'text', 'object_relation': 'pubkey-info-exponent'} # x509 subject public key exponent -x509_spkm_attribute_mapping = {'type': 'text', 'object_relation': 'pubkey-info-modulus'} # x509 subject public key modulus -x509_subject_attribute_mapping = {'type': 'text', 'object_relation': 'subject'} -x509_version_attribute_mapping = {'type': 'text', 'object_relation': 'version'} -x509_vna_attribute_mapping = {'type': 'datetime', 'object_relation': 'validity-not-after'} # x509 validity not after -x509_vnb_attribute_mapping = {'type': 'datetime', 'object_relation': 'validity-not-before'} # x509 validity not before - -asn_mapping = {'number': as_number_attribute_mapping, - 'autonomous-system:number': as_number_attribute_mapping, - 'name': description_attribute_mapping, - 'autonomous-system:name': description_attribute_mapping, - 'ipv4-addr': asn_subnet_attribute_mapping, - 'ipv6-addr': asn_subnet_attribute_mapping, - 'ipv4-addr:value': asn_subnet_attribute_mapping, - 'ipv6-addr:value': asn_subnet_attribute_mapping} - -attack_pattern_mapping = {'name': name_attribute_mapping, - 'description': summary_attribute_mapping} - -attack_pattern_references_mapping = {'mitre-attack': references_attribute_mapping, - 'capec': id_attribute_mapping} - -course_of_action_mapping = {'description': description_attribute_mapping, - 'name': name_attribute_mapping} - -credential_mapping = {'credential': credential_attribute_mapping, - 'user-account:credential': credential_attribute_mapping, - 'user_id': user_id_mapping, - 'user-account:user_id': user_id_mapping} - -domain_ip_mapping = {'domain-name': domain_attribute_mapping, - 'domain-name:value': domain_attribute_mapping, - 'ipv4-addr': ip_attribute_mapping, - 'ipv6-addr': ip_attribute_mapping, - 'ipv4-addr:value': ip_attribute_mapping, - 'ipv6-addr:value': ip_attribute_mapping, - 'domain-name:resolves_to_refs[*].value': ip_attribute_mapping, - 'network-traffic:dst_port': dst_port_attribute_mapping, - 'network-traffic:src_port': src_port_attribute_mapping} - -email_mapping = {'date': email_date_attribute_mapping, - 'email-message:date': email_date_attribute_mapping, - 'email-message:to_refs[*].value': to_attribute_mapping, - 'email-message:cc_refs[*].value': cc_attribute_mapping, - 'subject': email_subject_attribute_mapping, - 'email-message:subject': email_subject_attribute_mapping, - 'X-Mailer': x_mailer_attribute_mapping, - 'email-message:additional_header_fields.x_mailer': x_mailer_attribute_mapping, - 'Reply-To': reply_to_attribute_mapping, - 'email-message:additional_header_fields.reply_to': reply_to_attribute_mapping, - 'email-message:from_ref.value': from_attribute_mapping, - 'email-addr:value': to_attribute_mapping} - -email_references_mapping = {'attachment': email_attachment_attribute_mapping, - 'cc_refs': cc_attribute_mapping, - 'from_ref': from_attribute_mapping, - 'screenshot': screenshot_attribute_mapping, - 'to_refs': to_attribute_mapping} - -file_mapping = {'artifact:mime_type': mime_type_attribute_mapping, - 'file:content_ref.mime_type': mime_type_attribute_mapping, - 'mime_type': mime_type_attribute_mapping, - 'file:mime_type': mime_type_attribute_mapping, - 'name': filename_attribute_mapping, - 'file:name': filename_attribute_mapping, - 'name_enc': encoding_attribute_mapping, - 'file:name_enc': encoding_attribute_mapping, - 'file:parent_directory_ref.path': path_attribute_mapping, - 'directory:path': path_attribute_mapping, - 'size': size_attribute_mapping, - 'file:size': size_attribute_mapping} - -network_traffic_mapping = {'dst_port':dst_port_attribute_mapping, - 'src_port': src_port_attribute_mapping, - 'network-traffic:dst_port': dst_port_attribute_mapping, - 'network-traffic:src_port': src_port_attribute_mapping} - -ip_port_mapping = {'value': domain_attribute_mapping, - 'domain-name:value': domain_attribute_mapping, - 'network-traffic:dst_ref.value': {'type': 'ip-dst', 'object_relation': 'ip-dst'}, - 'network-traffic:src_ref.value': {'type': 'ip-src', 'object_relation': 'ip-src'}} -ip_port_mapping.update(network_traffic_mapping) - -ip_port_references_mapping = {'domain-name': domain_attribute_mapping, - 'ipv4-addr': network_traffic_ip, - 'ipv6-addr': network_traffic_ip} - -network_socket_extension_mapping = {'address_family': address_family_attribute_mapping, - "network-traffic:extensions.'socket-ext'.address_family": address_family_attribute_mapping, - 'protocol_family': domain_family_attribute_mapping, - "network-traffic:extensions.'socket-ext'.protocol_family": domain_family_attribute_mapping, - 'is_blocking': state_attribute_mapping, - "network-traffic:extensions.'socket-ext'.is_blocking": state_attribute_mapping, - 'is_listening': state_attribute_mapping, - "network-traffic:extensions.'socket-ext'.is_listening": state_attribute_mapping} - -network_traffic_references_mapping = {'domain-name': {'type': 'hostname', 'object_relation': 'hostname-{}'}, - 'ipv4-addr': network_traffic_ip, - 'ipv6-addr': network_traffic_ip} - -pe_mapping = {'pe_type': pe_type_mapping, 'number_of_sections': number_sections_mapping, 'imphash': imphash_mapping} - -pe_section_mapping = {'name': section_name_mapping, 'size': size_attribute_mapping, 'entropy': entropy_mapping} - -hash_types = ('MD5', 'SHA-1', 'SHA-256', 'SHA-224', 'SHA-384', 'SHA-512', 'ssdeep', 'tlsh') -for hash_type in hash_types: - misp_hash_type = hash_type.replace('-', '').lower() - attribute = {'type': misp_hash_type, 'object_relation': misp_hash_type} - file_mapping[hash_type] = attribute - file_mapping.update({f"file:hashes.'{feature}'": attribute for feature in (hash_type, misp_hash_type)}) - file_mapping.update({f"file:hashes.{feature}": attribute for feature in (hash_type, misp_hash_type)}) - pe_section_mapping[hash_type] = attribute - pe_section_mapping[misp_hash_type] = attribute - -process_mapping = {'name': process_name_mapping, - 'process:name': process_name_mapping, - 'pid': pid_attribute_mapping, - 'process:pid': pid_attribute_mapping, - 'created': process_creation_time_mapping, - 'process:created': process_creation_time_mapping, - 'command_line': process_command_line_mapping, - 'process:command_line': process_command_line_mapping, - 'process:parent_ref.pid': {'type': 'text', 'object_relation': 'parent-pid'}, - 'process:child_refs[*].pid': {'type': 'text', 'object_relation': 'child-pid'}, - 'process:binary_ref.name': process_image_mapping} - -child_process_reference_mapping = {'pid': {'type': 'text', 'object_relation': 'child-pid'}} - -parent_process_reference_mapping = {'command_line': {'type': 'text', 'object_relation': 'parent-command-line'}, - 'pid': {'type': 'text', 'object_relation': 'parent-pid'}, - 'process-name': {'type': 'text', 'object_relation': 'parent-process-name'}} - -regkey_mapping = {'data': data_attribute_mapping, - 'windows-registry-key:values.data': data_attribute_mapping, - 'data_type': data_type_attribute_mapping, - 'windows-registry-key:values.data_type': data_type_attribute_mapping, - 'modified': modified_attribute_mapping, - 'windows-registry-key:modified': modified_attribute_mapping, - 'name': regkey_name_attribute_mapping, - 'windows-registry-key:values.name': regkey_name_attribute_mapping, - 'key': key_attribute_mapping, - 'windows-registry-key:key': key_attribute_mapping, - 'windows-registry-key:value': {'type': 'text', 'object_relation': 'hive'} - } - -url_mapping = {'url': url_attribute_mapping, - 'url:value': url_attribute_mapping, - 'domain-name': domain_attribute_mapping, - 'domain-name:value': domain_attribute_mapping, - 'network-traffic': url_port_attribute_mapping, - 'network-traffic:dst_port': url_port_attribute_mapping, - 'ipv4-addr:value': ip_attribute_mapping, - 'ipv6-addr:value': ip_attribute_mapping - } - -user_account_mapping = {'account_created': {'type': 'datetime', 'object_relation': 'created'}, - 'account_expires': {'type': 'datetime', 'object_relation': 'expires'}, - 'account_first_login': {'type': 'datetime', 'object_relation': 'first_login'}, - 'account_last_login': {'type': 'datetime', 'object_relation': 'last_login'}, - 'account_login': user_id_mapping, - 'account_type': {'type': 'text', 'object_relation': 'account-type'}, - 'can_escalate_privs': {'type': 'boolean', 'object_relation': 'can_escalate_privs'}, - 'credential': credential_attribute_mapping, - 'credential_last_changed': {'type': 'datetime', 'object_relation': 'password_last_changed'}, - 'display_name': {'type': 'text', 'object_relation': 'display-name'}, - 'gid': {'type': 'text', 'object_relation': 'group-id'}, - 'home_dir': {'type': 'text', 'object_relation': 'home_dir'}, - 'is_disabled': {'type': 'boolean', 'object_relation': 'disabled'}, - 'is_privileged': {'type': 'boolean', 'object_relation': 'privileged'}, - 'is_service_account': {'type': 'boolean', 'object_relation': 'is_service_account'}, - 'shell': {'type': 'text', 'object_relation': 'shell'}, - 'user_id': {'type': 'text', 'object_relation': 'user-id'}} - -vulnerability_mapping = {'name': id_attribute_mapping, - 'description': summary_attribute_mapping} - -x509_mapping = {'issuer': issuer_attribute_mapping, - 'x509-certificate:issuer': issuer_attribute_mapping, - 'serial_number': serial_number_attribute_mapping, - 'x509-certificate:serial_number': serial_number_attribute_mapping, - 'subject': x509_subject_attribute_mapping, - 'x509-certificate:subject': x509_subject_attribute_mapping, - 'subject_public_key_algorithm': x509_spka_attribute_mapping, - 'x509-certificate:subject_public_key_algorithm': x509_spka_attribute_mapping, - 'subject_public_key_exponent': x509_spke_attribute_mapping, - 'x509-certificate:subject_public_key_exponent': x509_spke_attribute_mapping, - 'subject_public_key_modulus': x509_spkm_attribute_mapping, - 'x509-certificate:subject_public_key_modulus': x509_spkm_attribute_mapping, - 'validity_not_before': x509_vnb_attribute_mapping, - 'x509-certificate:validity_not_before': x509_vnb_attribute_mapping, - 'validity_not_after': x509_vna_attribute_mapping, - 'x509-certificate:validity_not_after': x509_vna_attribute_mapping, - 'version': x509_version_attribute_mapping, - 'x509-certificate:version': x509_version_attribute_mapping, - 'SHA-1': x509_sha1_attribute_mapping, - "x509-certificate:hashes.'sha1'": x509_sha1_attribute_mapping, - 'SHA-256': x509_sha256_attribute_mapping, - "x509-certificate:hashes.'sha256'": x509_sha256_attribute_mapping, - 'MD5': x509_md5_attribute_mapping, - "x509-certificate:hashes.'md5'": x509_md5_attribute_mapping, - } - -attachment_types = ('file:content_ref.name', 'file:content_ref.payload_bin', - 'artifact:x_misp_text_name', 'artifact:payload_bin', - "file:hashes.'MD5'", "file:content_ref.hashes.'MD5'", - 'file:name') - -connection_protocols = {"IP": "3", "ICMP": "3", "ARP": "3", - "TCP": "4", "UDP": "4", - "HTTP": "7", "HTTPS": "7", "FTP": "7"} diff --git a/pyproject.toml b/pyproject.toml index 6de595d7..b9e36659 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -60,6 +60,8 @@ maclookup = "*" markdownify = "*" matplotlib = "*" mattermostdriver = "*" +misp-lib-stix2 = "*" +misp-stix = "*" mwdblib = "*" ndjson = "*" np = "*" @@ -91,7 +93,6 @@ sigmatools = "*" sigmf = "*" slack-sdk = "*" sparqlwrapper = "*" -stix2 = "*" tau-clients = "*" taxii2-client = "*" urlarchiver = "*" From 3bb66bab3927cee3ab1d8e1996fd6a4ba8ee974a Mon Sep 17 00:00:00 2001 From: Christian Studer Date: Wed, 12 Feb 2025 12:13:26 +0100 Subject: [PATCH 07/10] fix: [taxii21] Updated module - Using `misp-stix` to convert STIX 2 content gathered from TAXII - Introducing the `required` field for user config to avoid MISP to barf on empty optional fields --- misp_modules/modules/import_mod/taxii21.py | 37 ++++++++++++---------- 1 file changed, 21 insertions(+), 16 deletions(-) diff --git a/misp_modules/modules/import_mod/taxii21.py b/misp_modules/modules/import_mod/taxii21.py index 2991497a..fcfd7ac4 100644 --- a/misp_modules/modules/import_mod/taxii21.py +++ b/misp_modules/modules/import_mod/taxii21.py @@ -4,13 +4,15 @@ import collections import itertools import json -import misp_modules.lib.stix2misp -from pathlib import Path import re -import stix2.v20 +import requests import taxii2client import taxii2client.exceptions -import requests +from pathlib import Path +from misp_stix_converter import ( + ExternalSTIX2toMISPParser, InternalSTIX2toMISPParser, _is_stix2_from_misp) +from stix2.v20 import Bundle as Bundle_v20 +from stix2.v21 import Bundle as Bundle_v21 class ConfigError(Exception): @@ -24,13 +26,13 @@ class ConfigError(Exception): misperrors = {'error': 'Error'} moduleinfo = { - 'version': '0.1', + 'version': '0.2', 'author': 'Abc', 'description': 'Import content from a TAXII 2.1 server', 'module-type': ['import'], 'name': 'TAXII 2.1 Import', 'logo': '', - 'requirements': [], + 'requirements': ['misp-lib-stix2', 'misp-stix'], 'features': '', 'references': [], 'input': '', @@ -40,7 +42,7 @@ class ConfigError(Exception): mispattributes = { 'inputSource': [], 'output': ['MISP objects'], - 'format': 'misp_standard', + 'format': 'misp_standard' } @@ -48,6 +50,7 @@ class ConfigError(Exception): "url": { "type": "String", "message": "A TAXII 2.1 collection URL", + "required": True }, "added_after": { "type": "String", @@ -234,9 +237,9 @@ def _get_config(config): # STIX->MISP converter currently only supports STIX 2.0, so let's force # spec_version="2.0". if not spec_version: - spec_version = "2.0" - elif spec_version != "2.0": - raise ConfigError('Only spec_version="2.0" is supported for now.') + spec_version = "2.1" + if spec_version not in ("2.0", "2.1"): + raise ConfigError('Only spec versions "2.0" and "2.1" are valid versions.') if (username and not password) or (not username and password): raise ConfigError( @@ -307,14 +310,16 @@ def _query_taxii(config): # memory usage. stix_objects = list(limited_stix_objects) - # The STIX 2.0 converter wants a 2.0 bundle. (Hope the TAXII server isn't - # returning 2.1 objects!) - bundle20 = stix2.v20.Bundle(stix_objects, allow_custom=True) + bundle = (Bundle_v21 if config.spec_version == '2.1' else Bundle_v20)( + stix_objects, allow_custom=True + ) - converter = misp_modules.lib.stix2misp.ExternalStixParser() - converter.handler( - bundle20, None, [0, "event", str(_synonymsToTagNames_path)] + converter = ( + InternalSTIX2toMISPParser() if _is_stix2_from_misp(bundle.objects) + else ExternalSTIX2toMISPParser() ) + converter.load_stix_bundle(bundle) + converter.parse_stix_bundle(single_event=True) attributes = [ _pymisp_to_json_serializable(attr) From 658fcce317ffa3cedb92da12dad9b519d3ffdba9 Mon Sep 17 00:00:00 2001 From: Christian Studer Date: Wed, 12 Feb 2025 14:21:57 +0100 Subject: [PATCH 08/10] fix: [import modules] Added some `required` fields for required user config --- .../modules/import_mod/lastline_import.py | 5 +++-- .../modules/import_mod/openiocimport.py | 19 +++++++++++-------- .../modules/import_mod/vmray_import.py | 3 ++- 3 files changed, 16 insertions(+), 11 deletions(-) diff --git a/misp_modules/modules/import_mod/lastline_import.py b/misp_modules/modules/import_mod/lastline_import.py index 7acd4f8a..f8d91733 100644 --- a/misp_modules/modules/import_mod/lastline_import.py +++ b/misp_modules/modules/import_mod/lastline_import.py @@ -17,8 +17,9 @@ "analysis_link": { "type": "String", "errorMessage": "Expected analysis link", - "message": "The link to a Lastline analysis" - }, + "message": "The link to a Lastline analysis", + "required": True + } } inputSource = [] diff --git a/misp_modules/modules/import_mod/openiocimport.py b/misp_modules/modules/import_mod/openiocimport.py index f1946bd5..3d4ce057 100755 --- a/misp_modules/modules/import_mod/openiocimport.py +++ b/misp_modules/modules/import_mod/openiocimport.py @@ -4,14 +4,17 @@ from pymisp.tools import openioc misperrors = {'error': 'Error'} -userConfig = {'not save ioc': {'type': 'Boolean', - 'message': 'If you check this box, IOC file will not save as an attachment in MISP' - }, - 'default tag': { - 'type': 'String', - 'message': 'Add tags spaced by a comma (tlp:white,misp:threat-level="no-risk")', - 'validation': '0'} - } +userConfig = { + 'not save ioc': { + 'type': 'Boolean', + 'message': 'If you check this box, IOC file will not save as an attachment in MISP' + }, + 'default tag': { + 'type': 'String', + 'message': 'Add tags spaced by a comma (tlp:white,misp:threat-level="no-risk")', + 'validation': '0' + } +} inputSource = ['file'] diff --git a/misp_modules/modules/import_mod/vmray_import.py b/misp_modules/modules/import_mod/vmray_import.py index 72d58a8a..ed196bb5 100644 --- a/misp_modules/modules/import_mod/vmray_import.py +++ b/misp_modules/modules/import_mod/vmray_import.py @@ -44,6 +44,7 @@ "Sample ID": { "type": "Integer", "errorMessage": "The VMRay sample ID to download the reports", + "required": True }, "VTI": { "type": "Boolean", @@ -57,7 +58,7 @@ }, "Artifacts": { "type": "Boolean", - "message": "Include other Artifacts", + "message": "Include other Artifacts" }, "Analysis Details": { "type": "Boolean", From 0209a052d6dda6424ddeabe88575733bf36543c3 Mon Sep 17 00:00:00 2001 From: Christian Studer Date: Wed, 12 Feb 2025 16:47:54 +0100 Subject: [PATCH 09/10] chg: [poetry] Bumped lock file with latest versions --- poetry.lock | 777 +++++++++++++++++++++++++++++++++++++++++++++---- pyproject.toml | 4 +- 2 files changed, 722 insertions(+), 59 deletions(-) diff --git a/poetry.lock b/poetry.lock index 08cf24cb..5c887041 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1,4 +1,4 @@ -# This file is automatically @generated by Poetry 1.8.3 and should not be changed by hand. +# This file is automatically @generated by Poetry 2.0.1 and should not be changed by hand. [[package]] name = "aiohappyeyeballs" @@ -6,6 +6,8 @@ version = "2.4.3" description = "Happy Eyeballs for asyncio" optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "aiohappyeyeballs-2.4.3-py3-none-any.whl", hash = "sha256:8a7a83727b2756f394ab2895ea0765a0a8c475e3c71e98d43d76f22b4b435572"}, {file = "aiohappyeyeballs-2.4.3.tar.gz", hash = "sha256:75cf88a15106a5002a8eb1dab212525c00d1f4c0fa96e551c9fbe6f09a621586"}, @@ -17,6 +19,8 @@ version = "3.11.7" description = "Async http client/server framework (asyncio)" optional = false python-versions = ">=3.9" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "aiohttp-3.11.7-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:8bedb1f6cb919af3b6353921c71281b1491f948ca64408871465d889b4ee1b66"}, {file = "aiohttp-3.11.7-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:f5022504adab881e2d801a88b748ea63f2a9d130e0b2c430824682a96f6534be"}, @@ -115,6 +119,8 @@ version = "1.3.1" description = "aiosignal: a list of registered asynchronous callbacks" optional = false python-versions = ">=3.7" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "aiosignal-1.3.1-py3-none-any.whl", hash = "sha256:f8376fb07dd1e86a584e4fcdec80b36b7f81aac666ebc724e2c090300dd83b17"}, {file = "aiosignal-1.3.1.tar.gz", hash = "sha256:54cd96e15e1649b75d6c87526a6ff0b6c1b0dd3459f43d9ca11d48c339b68cfc"}, @@ -129,6 +135,8 @@ version = "0.7.0" description = "Reusable constraint types to use with typing.Annotated" optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "annotated_types-0.7.0-py3-none-any.whl", hash = "sha256:1f02e8b43a8fbbc3f3e0d4f0f4bfc8131bcb4eebe8849b8e5c773f3a1c582a53"}, {file = "annotated_types-0.7.0.tar.gz", hash = "sha256:aff07c09a53a08bc8cfccb9c85b05f1aa9a2a6f23728d790723543408344ce89"}, @@ -140,6 +148,8 @@ version = "2.1.0" description = "Produce colored terminal text with an xml-like markup" optional = false python-versions = ">=3.6" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "ansimarkup-2.1.0-py3-none-any.whl", hash = "sha256:51ab9f3157125c53e93d8fd2e92df37dfa1757c9f2371ed48554e111c7d4401a"}, {file = "ansimarkup-2.1.0.tar.gz", hash = "sha256:7b3e3d93fecc5b64d23a6e8eb96dbc8b0b576a211829d948afb397d241a8c51b"}, @@ -158,6 +168,8 @@ version = "4.9.3" description = "ANTLR 4.9.3 runtime for Python 3.7" optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "antlr4-python3-runtime-4.9.3.tar.gz", hash = "sha256:f224469b4168294902bb1efa80a8bf7855f24c99aef99cbefc1bcd3cce77881b"}, ] @@ -168,6 +180,8 @@ version = "4.6.2.post1" description = "High level compatibility layer for multiple asynchronous event loop implementations" optional = false python-versions = ">=3.9" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "anyio-4.6.2.post1-py3-none-any.whl", hash = "sha256:6d170c36fba3bdd840c73d3868c1e777e33676a69c3a72cf0a0d5d6d8009b61d"}, {file = "anyio-4.6.2.post1.tar.gz", hash = "sha256:4c8bc31ccdb51c7f7bd251f51c609e038d63e34219b44aa86e47576389880b4c"}, @@ -190,6 +204,8 @@ version = "2.0.3" description = "On demand query API for OSINT.digitalside.it project. You can query for souspicious domains, urls, IPv4 and file hashes." optional = false python-versions = ">3.5.2" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "apiosintDS-2.0.3-py3-none-any.whl", hash = "sha256:e80163a69f8ca0f9fc01bd37b4c6f5937bdc828be8754a79da1da2958dac7493"}, ] @@ -206,6 +222,8 @@ version = "1.4.4" description = "A small Python module for determining appropriate platform-specific dirs, e.g. a \"user data dir\"." optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "appdirs-1.4.4-py2.py3-none-any.whl", hash = "sha256:a841dacd6b99318a741b166adb07e19ee71a274450e68237b4650ca1055ab128"}, {file = "appdirs-1.4.4.tar.gz", hash = "sha256:7d5d0167b2b1ba821647616af46a749d1c653740dd0d2415100fe26e27afdf41"}, @@ -217,6 +235,8 @@ version = "4.9.3" description = "Assemblyline v4 client library" optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "assemblyline_client-4.9.3-py2.py3-none-any.whl", hash = "sha256:f14de17f9a5cd922ea78c02cbb8ab616de39b569bc61c2210321948c17870d83"}, ] @@ -240,6 +260,8 @@ version = "5.0.1" description = "Timeout context manager for asyncio programs" optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_full_version < \"3.11.3\"" files = [ {file = "async_timeout-5.0.1-py3-none-any.whl", hash = "sha256:39e3809566ff85354557ec2398b55e096c8364bacac9405a7a1fa429e77fe76c"}, {file = "async_timeout-5.0.1.tar.gz", hash = "sha256:d9321a7a3d5a6a5e187e824d2fa0793ce379a202935782d555d6e9d2735677d3"}, @@ -251,6 +273,8 @@ version = "24.2.0" description = "Classes Without Boilerplate" optional = false python-versions = ">=3.7" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "attrs-24.2.0-py3-none-any.whl", hash = "sha256:81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2"}, {file = "attrs-24.2.0.tar.gz", hash = "sha256:5cfb1b9148b5b086569baec03f20d7b6bf3bcacc9a42bebf87ffaaca362f6346"}, @@ -270,6 +294,8 @@ version = "2.16.0" description = "Internationalization utilities" optional = false python-versions = ">=3.8" +groups = ["docs"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "babel-2.16.0-py3-none-any.whl", hash = "sha256:368b5b98b37c06b7daf6696391c3240c938b37767d4584413e8438c5c435fa8b"}, {file = "babel-2.16.0.tar.gz", hash = "sha256:d1f3554ca26605fe173f3de0c65f750f5a42f924499bf134de6423582298e316"}, @@ -284,6 +310,8 @@ version = "1.11.1" description = "Function decoration for backoff and retry" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "backoff-1.11.1-py2.py3-none-any.whl", hash = "sha256:61928f8fa48d52e4faa81875eecf308eccfb1016b018bb6bd21e05b5d90a96c5"}, {file = "backoff-1.11.1.tar.gz", hash = "sha256:ccb962a2378418c667b3c979b504fdeb7d9e0d29c0579e3b13b86467177728cb"}, @@ -295,6 +323,8 @@ version = "1.2.0" description = "Backport of CPython tarfile module" optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\"" files = [ {file = "backports.tarfile-1.2.0-py3-none-any.whl", hash = "sha256:77e284d754527b01fb1e6fa8a1afe577858ebe4e9dad8919e34c862cb399bc34"}, {file = "backports_tarfile-1.2.0.tar.gz", hash = "sha256:d75e02c268746e1b8144c278978b6e98e85de6ad16f8e4b0844a154557eca991"}, @@ -310,6 +340,8 @@ version = "0.2.4" description = "Client to interact with Backscatter.io services." optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "backscatter-0.2.4-py3-none-any.whl", hash = "sha256:afb0efcf5d2551dac953ec4c38fb710b274b8e811775650e02c1ef42cafb14c8"}, {file = "backscatter-0.2.4.tar.gz", hash = "sha256:7a0d1aa3661635de81e2a09b15d53e35cbe399a111cc58a70925f80e6874abd3"}, @@ -325,6 +357,8 @@ version = "4.12.3" description = "Screen-scraping library" optional = false python-versions = ">=3.6.0" +groups = ["main", "unstable"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "beautifulsoup4-4.12.3-py3-none-any.whl", hash = "sha256:b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed"}, {file = "beautifulsoup4-4.12.3.tar.gz", hash = "sha256:74e3d1928edc070d21748185c46e3fb33490f22f52a3addee9aee0f4f7781051"}, @@ -346,6 +380,8 @@ version = "0.23.1" description = "The bidirectional mapping library for Python." optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "bidict-0.23.1-py3-none-any.whl", hash = "sha256:5dae8d4d79b552a71cbabc7deb25dfe8ce710b17ff41711e13010ead2abfc3e5"}, {file = "bidict-0.23.1.tar.gz", hash = "sha256:03069d763bc387bbd20e7d49914e75fc4132a41937fa3405417e1a5a2d006d71"}, @@ -357,6 +393,8 @@ version = "1.4.4" description = "Blockchain API library (v1)" optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "blockchain-1.4.4.tar.gz", hash = "sha256:dbaa3eebb6f81b4245005739da802c571b09f98d97eb66520afd95d9ccafebe2"}, ] @@ -371,6 +409,8 @@ version = "5.5.0" description = "Extensible memoizing collections and decorators" optional = false python-versions = ">=3.7" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "cachetools-5.5.0-py3-none-any.whl", hash = "sha256:02134e8439cdc2ffb62023ce1debca2944c3f289d66bb17ead3ab3dede74b292"}, {file = "cachetools-5.5.0.tar.gz", hash = "sha256:2cc24fb4cbe39633fb7badd9db9ca6295d766d9c2995f245725a46715d050f2a"}, @@ -382,6 +422,8 @@ version = "24.1.2" description = "Composable complex class support for attrs and dataclasses." optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "cattrs-24.1.2-py3-none-any.whl", hash = "sha256:67c7495b760168d931a10233f979b28dc04daf853b30752246f4f8471c6d68d0"}, {file = "cattrs-24.1.2.tar.gz", hash = "sha256:8028cfe1ff5382df59dd36474a86e02d817b06eaf8af84555441bac915d2ef85"}, @@ -408,6 +450,8 @@ version = "2.0.9" description = "An easy-to-use and lightweight API wrapper for Censys APIs (censys.io)." optional = false python-versions = ">=3.6.2,<4.0" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "censys-2.0.9-py3-none-any.whl", hash = "sha256:ffda72c7b3172bf781660838d5f65a8babd9b083afd0aff862a7e335c90fb79a"}, {file = "censys-2.0.9.tar.gz", hash = "sha256:5a062f2b97f806879896c6a2a350fd36cae5724ae240abf0c2de40895b043a61"}, @@ -424,6 +468,8 @@ version = "2024.8.30" description = "Python package for providing Mozilla's CA Bundle." optional = false python-versions = ">=3.6" +groups = ["main", "docs", "test", "unstable"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "certifi-2024.8.30-py3-none-any.whl", hash = "sha256:922820b53db7a7257ffbda3f597266d435245903d80737e34f8a45ff3e3230d8"}, {file = "certifi-2024.8.30.tar.gz", hash = "sha256:bec941d2aa8195e248a60b31ff9f0558284cf01a52591ceda73ea9afffd69fd9"}, @@ -435,6 +481,8 @@ version = "1.17.1" description = "Foreign Function Interface for Python calling C code." optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "platform_python_implementation != \"PyPy\" and (python_version <= \"3.11\" or python_version >= \"3.12\")" files = [ {file = "cffi-1.17.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14"}, {file = "cffi-1.17.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:8f2cdc858323644ab277e9bb925ad72ae0e67f69e804f4898c070998d50b1a67"}, @@ -514,6 +562,8 @@ version = "5.2.0" description = "Universal encoding detector for Python 3" optional = false python-versions = ">=3.7" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "chardet-5.2.0-py3-none-any.whl", hash = "sha256:e1cf59446890a00105fe7b7912492ea04b6e6f06d4b742b2c788469e34c82970"}, {file = "chardet-5.2.0.tar.gz", hash = "sha256:1b3b6ff479a8c414bc3fa2c0852995695c4a026dcd6d0633b2dd092ca39c1cf7"}, @@ -525,6 +575,8 @@ version = "3.4.0" description = "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet." optional = false python-versions = ">=3.7.0" +groups = ["main", "docs", "test", "unstable"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "charset_normalizer-3.4.0-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6"}, {file = "charset_normalizer-3.4.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:0de7b687289d3c1b3e8660d0741874abe7888100efe14bd0f9fd7141bcbda92b"}, @@ -639,6 +691,8 @@ version = "1.0.2" description = "Clamd is a python interface to Clamd (Clamav daemon)." optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "clamd-1.0.2-py2.py3-none-any.whl", hash = "sha256:5c32546b7d1eb00fd6be00a889d79e00fbf980ed082826ccfa369bce3dcff5e7"}, {file = "clamd-1.0.2.tar.gz", hash = "sha256:d82a2fd814684a35a1b31feadafb2e69c8ebde9403613f6bdaa5d877c0f29560"}, @@ -650,6 +704,8 @@ version = "8.1.7" description = "Composable command line interface toolkit" optional = false python-versions = ">=3.7" +groups = ["main", "docs"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "click-8.1.7-py3-none-any.whl", hash = "sha256:ae74fb96c20a0277a1d615f1e4d73c8414f5a98db8b799a7931d1582f3390c28"}, {file = "click-8.1.7.tar.gz", hash = "sha256:ca9853ad459e787e2192211578cc907e7594e294c7ccc834310722b41b9ca6de"}, @@ -664,6 +720,8 @@ version = "1.2.4" description = "click_default_group" optional = false python-versions = ">=2.7" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "click_default_group-1.2.4-py2.py3-none-any.whl", hash = "sha256:9b60486923720e7fc61731bdb32b617039aba820e22e1c88766b1125592eaa5f"}, {file = "click_default_group-1.2.4.tar.gz", hash = "sha256:eb3f3c99ec0d456ca6cd2a7f08f7d4e91771bef51b01bdd9580cc6450fe1251e"}, @@ -681,6 +739,8 @@ version = "1.1.1" description = "An extension module for click to enable registering CLI commands via setuptools entry-points." optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "click-plugins-1.1.1.tar.gz", hash = "sha256:46ab999744a9d831159c3411bb0c79346d94a444df9a3a3742e9ed63645f264b"}, {file = "click_plugins-1.1.1-py2.py3-none-any.whl", hash = "sha256:5d262006d3222f5057fd81e1623d4443e41dcda5dc815c06b442aa3c02889fc8"}, @@ -698,6 +758,8 @@ version = "0.3.0" description = "REPL plugin for Click" optional = false python-versions = ">=3.6" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "click-repl-0.3.0.tar.gz", hash = "sha256:17849c23dba3d667247dc4defe1757fff98694e90fe37474f3feebb69ced26a9"}, {file = "click_repl-0.3.0-py3-none-any.whl", hash = "sha256:fb7e06deb8da8de86180a33a9da97ac316751c094c6899382da7feeeeb51b812"}, @@ -716,6 +778,8 @@ version = "2.1.13" description = "Hosted coverage reports for GitHub, Bitbucket and Gitlab" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" +groups = ["test"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "codecov-2.1.13-py2.py3-none-any.whl", hash = "sha256:c2ca5e51bba9ebb43644c43d0690148a55086f7f5e6fd36170858fa4206744d5"}, {file = "codecov-2.1.13.tar.gz", hash = "sha256:2362b685633caeaf45b9951a9b76ce359cd3581dd515b430c6c3f5dfb4d92a8c"}, @@ -731,10 +795,12 @@ version = "0.4.6" description = "Cross-platform colored terminal text." optional = false python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,!=3.6.*,>=2.7" +groups = ["main", "docs", "test"] files = [ {file = "colorama-0.4.6-py2.py3-none-any.whl", hash = "sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6"}, {file = "colorama-0.4.6.tar.gz", hash = "sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44"}, ] +markers = {main = "python_version <= \"3.11\" or python_version >= \"3.12\"", docs = "python_version <= \"3.11\" or python_version >= \"3.12\"", test = "sys_platform == \"win32\" and (python_version <= \"3.11\" or python_version >= \"3.12\")"} [[package]] name = "colorclass" @@ -742,6 +808,8 @@ version = "2.2.2" description = "Colorful worry-free console applications for Linux, Mac OS X, and Windows." optional = false python-versions = ">=2.6" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "colorclass-2.2.2-py2.py3-none-any.whl", hash = "sha256:6f10c273a0ef7a1150b1120b6095cbdd68e5cf36dfd5d0fc957a2500bbf99a55"}, {file = "colorclass-2.2.2.tar.gz", hash = "sha256:6d4fe287766166a98ca7bc6f6312daf04a0481b1eda43e7173484051c0ab4366"}, @@ -753,6 +821,8 @@ version = "0.9.1" description = "Python parser for the CommonMark Markdown spec" optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "commonmark-0.9.1-py2.py3-none-any.whl", hash = "sha256:da2f38c92590f83de410ba1a3cbceafbc74fee9def35f9251ba9a971d6d66fd9"}, {file = "commonmark-0.9.1.tar.gz", hash = "sha256:452f9dc859be7f06631ddcb328b6919c67984aca654e5fefb3914d54691aed60"}, @@ -767,6 +837,8 @@ version = "1.0.6" description = "Compressed Rich Text Format (RTF) compression and decompression package" optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "compressed_rtf-1.0.6.tar.gz", hash = "sha256:c1c827f1d124d24608981a56e8b8691eb1f2a69a78ccad6440e7d92fde1781dd"}, ] @@ -777,6 +849,8 @@ version = "7.1.0" description = "Updated configparser from stdlib for earlier Pythons." optional = false python-versions = ">=3.8" +groups = ["main", "unstable"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "configparser-7.1.0-py3-none-any.whl", hash = "sha256:98e374573c4e10e92399651e3ba1c47a438526d633c44ee96143dec26dad4299"}, {file = "configparser-7.1.0.tar.gz", hash = "sha256:eb82646c892dbdf773dae19c633044d163c3129971ae09b49410a303b8e0a5f7"}, @@ -792,6 +866,8 @@ version = "1.3.0" description = "Python library for calculating contours of 2D quadrilateral grids" optional = false python-versions = ">=3.9" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "contourpy-1.3.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:880ea32e5c774634f9fcd46504bf9f080a41ad855f4fef54f5380f5133d343c7"}, {file = "contourpy-1.3.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:76c905ef940a4474a6289c71d53122a4f77766eef23c03cd57016ce19d0f7b42"}, @@ -876,6 +952,8 @@ version = "7.6.8" description = "Code coverage measurement for Python" optional = false python-versions = ">=3.9" +groups = ["test"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "coverage-7.6.8-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:b39e6011cd06822eb964d038d5dff5da5d98652b81f5ecd439277b32361a3a50"}, {file = "coverage-7.6.8-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:63c19702db10ad79151a059d2d6336fe0c470f2e18d0d4d1a57f7f9713875dcf"}, @@ -950,6 +1028,8 @@ version = "1.4.6" description = "The CrowdStrike Falcon SDK for Python" optional = false python-versions = ">=3.7" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "crowdstrike_falconpy-1.4.6-py3-none-any.whl", hash = "sha256:f927508ed221bca5736f0f4d697d6e070753ac64419cbbde212b5ee463f667ff"}, {file = "crowdstrike_falconpy-1.4.6.tar.gz", hash = "sha256:01d134570d0b3682e01de9474e56cbcda7bc7ba02413dcf32c1f4d9077859fa8"}, @@ -968,6 +1048,8 @@ version = "43.0.3" description = "cryptography is a package which provides cryptographic recipes and primitives to Python developers." optional = false python-versions = ">=3.7" +groups = ["main"] +markers = "(platform_python_implementation != \"PyPy\" or sys_platform == \"linux\" or platform_system != \"Windows\" and platform_system != \"Darwin\") and (python_version >= \"3.12\" or python_version <= \"3.11\")" files = [ {file = "cryptography-43.0.3-cp37-abi3-macosx_10_9_universal2.whl", hash = "sha256:bf7a1932ac4176486eab36a19ed4c0492da5d97123f1406cf15e41b05e787d2e"}, {file = "cryptography-43.0.3-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:63efa177ff54aec6e1c0aefaa1a241232dcd37413835a9b674b6e3f0ae2bfd3e"}, @@ -1011,12 +1093,32 @@ ssh = ["bcrypt (>=3.1.5)"] test = ["certifi", "cryptography-vectors (==43.0.3)", "pretend", "pytest (>=6.2.0)", "pytest-benchmark", "pytest-cov", "pytest-xdist"] test-randomorder = ["pytest-randomly"] +[[package]] +name = "cybox" +version = "2.1.0.21" +description = "A Python library for parsing and generating CybOX content." +optional = false +python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" +files = [ + {file = "cybox-2.1.0.21-py2.py3-none-any.whl", hash = "sha256:19a588bcdce8f3a088f7d5edd3e8862c11b701bb3d64257b18f3092deb9c3b7a"}, + {file = "cybox-2.1.0.21.tar.gz", hash = "sha256:8b12110180aceed0f85f8d6c1860a32a679c261f097d909384a81b3b73ff9716"}, +] + +[package.dependencies] +lxml = {version = ">=2.2.3", markers = "python_version == \"2.7\" or python_version >= \"3.5\""} +mixbox = ">=1.0.2" +python-dateutil = "*" + [[package]] name = "cycler" version = "0.12.1" description = "Composable style cycles" optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "cycler-0.12.1-py3-none-any.whl", hash = "sha256:85cef7cff222d8644161529808465972e51340599459b8ac3ccbac5a854e0d30"}, {file = "cycler-0.12.1.tar.gz", hash = "sha256:88bb128f02ba341da8ef447245a9e138fae777f6a23943da4540077d3601eb1c"}, @@ -1032,6 +1134,8 @@ version = "1.2.15" description = "Python @deprecated decorator to deprecate old python classes, functions or methods." optional = false python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,>=2.7" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "Deprecated-1.2.15-py2.py3-none-any.whl", hash = "sha256:353bc4a8ac4bfc96800ddab349d89c25dec1079f65fd53acdcc1e0b975b21320"}, {file = "deprecated-1.2.15.tar.gz", hash = "sha256:683e561a90de76239796e6b6feac66b99030d2dd3fcf61ef996330f14bbb9b0d"}, @@ -1049,6 +1153,8 @@ version = "1.7.6" description = "Small utility to convert a python dictionary into an XML string" optional = false python-versions = ">=3.5" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "dict2xml-1.7.6-py3-none-any.whl", hash = "sha256:841a0c1720e4bfa121e958b805f1062fccf5af2970e7a1f81d7fa056f49e5065"}, {file = "dict2xml-1.7.6.tar.gz", hash = "sha256:3e4811f4ef7fca86dede6acf382268ff9bc5735a4aa0e21b465f6eb0c4e81732"}, @@ -1063,6 +1169,8 @@ version = "1.1.4" description = "Client for DNSDB API version 2 with Flexible Search" optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "dnsdb2-1.1.4.tar.gz", hash = "sha256:428e9808f5e3fcdaeacc40edc9d5d14837a20fa7f11b87543348ef285b87af5a"}, ] @@ -1079,6 +1187,8 @@ version = "2.7.0" description = "DNS toolkit" optional = false python-versions = ">=3.9" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "dnspython-2.7.0-py3-none-any.whl", hash = "sha256:b4c34b7d10b51bcc3a5071e7b8dee77939f1e878477eeecc965e9835f63c6c86"}, {file = "dnspython-2.7.0.tar.gz", hash = "sha256:ce9c432eda0dc91cf618a5cedf1a4e142651196bbcd2c80e89ed5a907e5cfaf1"}, @@ -1099,6 +1209,8 @@ version = "2.1.0" description = "DomainTools Official Python API" optional = false python-versions = ">=3.6" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "domaintools_api-2.1.0-py2.py3-none-any.whl", hash = "sha256:44adabd440d92e216e4b38ec795633ba9ee595bbb85a703340da4edf2006e8eb"}, {file = "domaintools_api-2.1.0.tar.gz", hash = "sha256:d2202128a0c6d542e37b7ca6dfa46b972e77fae7032df40d6c65de4d937c86d8"}, @@ -1118,6 +1230,8 @@ version = "0.98.3" description = "EasyGUI is a module for very simple, very easy GUI programming in Python. EasyGUI is different from other GUI generators in that EasyGUI is NOT event-driven. Instead, all GUI interactions are invoked by simple function calls." optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "easygui-0.98.3-py2.py3-none-any.whl", hash = "sha256:33498710c68b5376b459cd3fc48d1d1f33822139eb3ed01defbc0528326da3ba"}, {file = "easygui-0.98.3.tar.gz", hash = "sha256:d653ff79ee1f42f63b5a090f2f98ce02335d86ad8963b3ce2661805cafe99a04"}, @@ -1129,6 +1243,8 @@ version = "1.1.1" description = "Additional EBCDIC codecs" optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "ebcdic-1.1.1-py2.py3-none-any.whl", hash = "sha256:33b4cb729bc2d0bf46cc1847b0e5946897cb8d3f53520c5b9aa5fa98d7e735f1"}, ] @@ -1139,6 +1255,8 @@ version = "0.0.3" description = "enum/enum34 compatibility package" optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "enum-compat-0.0.3.tar.gz", hash = "sha256:3677daabed56a6f724451d585662253d8fb4e5569845aafa8bb0da36b1a8751e"}, {file = "enum_compat-0.0.3-py3-none-any.whl", hash = "sha256:88091b617c7fc3bbbceae50db5958023c48dc40b50520005aa3bf27f8f7ea157"}, @@ -1150,6 +1268,8 @@ version = "2.0.0" description = "An implementation of lxml.xmlfile for the standard library" optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "et_xmlfile-2.0.0-py3-none-any.whl", hash = "sha256:7a91720bc756843502c3b7504c77b8fe44217c85c537d85037f0f536151b2caa"}, {file = "et_xmlfile-2.0.0.tar.gz", hash = "sha256:dab3f4764309081ce75662649be815c4c9081e88f0837825f90fd28317d4da54"}, @@ -1161,6 +1281,8 @@ version = "1.2.2" description = "Backport of PEP 654 (exception groups)" optional = false python-versions = ">=3.7" +groups = ["main", "test"] +markers = "python_version < \"3.11\"" files = [ {file = "exceptiongroup-1.2.2-py3-none-any.whl", hash = "sha256:3111b9d131c238bec2f8f516e123e14ba243563fb135d3fe885990585aa7795b"}, {file = "exceptiongroup-1.2.2.tar.gz", hash = "sha256:47c2edf7c6738fafb49fd34290706d1a1a2f4d1c6df275526b62cbb4aa5393cc"}, @@ -1175,6 +1297,8 @@ version = "0.52.0" description = "Extracts emails and attachments saved in Microsoft Outlook's .msg files" optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "extract_msg-0.52.0-py3-none-any.whl", hash = "sha256:93c919846bac2a6034cf7d0dcf8e825d640b6ddb8539e42f7f1817869cd1eeaf"}, {file = "extract_msg-0.52.0.tar.gz", hash = "sha256:c21c548c43e1f0cdce5616102d33e590e2b46fbdc9d04f21af4eb62dcbf296dd"}, @@ -1202,6 +1326,8 @@ version = "0.3.2" description = "A Python package to create/manipulate OpenDocumentFormat files." optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "ezodf-0.3.2.tar.gz", hash = "sha256:000da534f689c6d55297a08f9e2ed7eada9810d194d31d164388162fb391122d"}, ] @@ -1212,6 +1338,8 @@ version = "1.5.1" description = "Up-to-date simple useragent faker with real world database" optional = false python-versions = "*" +groups = ["unstable"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "fake-useragent-1.5.1.tar.gz", hash = "sha256:6387269f5a2196b5ba7ed8935852f75486845a1c95c50e72460e6a8e762f5c49"}, {file = "fake_useragent-1.5.1-py3-none-any.whl", hash = "sha256:57415096557c8a4e23b62a375c21c55af5fd4ba30549227f562d2c4f5b60e3b3"}, @@ -1226,6 +1354,8 @@ version = "3.16.1" description = "A platform independent file lock." optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "filelock-3.16.1-py3-none-any.whl", hash = "sha256:2082e5703d51fbf98ea75855d9d5527e33d8ff23099bec374a134febee6946b0"}, {file = "filelock-3.16.1.tar.gz", hash = "sha256:c249fbfcd5db47e5e2d6d62198e565475ee65e4831e2561c8e313fa7eb961435"}, @@ -1242,6 +1372,8 @@ version = "7.1.1" description = "the modular source code checker: pep8 pyflakes and co" optional = false python-versions = ">=3.8.1" +groups = ["test"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "flake8-7.1.1-py2.py3-none-any.whl", hash = "sha256:597477df7860daa5aa0fdd84bf5208a043ab96b8e96ab708770ae0364dd03213"}, {file = "flake8-7.1.1.tar.gz", hash = "sha256:049d058491e228e03e67b390f311bbf88fce2dbaa8fa673e7aea87b7198b8d38"}, @@ -1258,6 +1390,8 @@ version = "4.55.0" description = "Tools to manipulate font files" optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "fonttools-4.55.0-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:51c029d4c0608a21a3d3d169dfc3fb776fde38f00b35ca11fdab63ba10a16f61"}, {file = "fonttools-4.55.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:bca35b4e411362feab28e576ea10f11268b1aeed883b9f22ed05675b1e06ac69"}, @@ -1331,6 +1465,8 @@ version = "1.5.0" description = "A list-like structure which implements collections.abc.MutableSequence" optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "frozenlist-1.5.0-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:5b6a66c18b5b9dd261ca98dffcb826a525334b2f29e7caa54e182255c5f6a65a"}, {file = "frozenlist-1.5.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:d1b3eb7b05ea246510b43a7e53ed1653e55c2121019a97e60cad7efb881a97bb"}, @@ -1432,6 +1568,8 @@ version = "1.0.0" description = "Clean single-source support for Python 3 and 2" optional = false python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*" +groups = ["main", "unstable"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "future-1.0.0-py3-none-any.whl", hash = "sha256:929292d34f5872e70396626ef385ec22355a1fae8ad29e1a734c3e43f9fbc216"}, {file = "future-1.0.0.tar.gz", hash = "sha256:bd2968309307861edae1458a4f8a4f3598c03be43b97521076aebf5d94c07b05"}, @@ -1443,6 +1581,8 @@ version = "4.8.1" description = "MaxMind GeoIP2 API" optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "geoip2-4.8.1-py3-none-any.whl", hash = "sha256:9317bd75d899d3d942face75a003e73d39006e7fc6c7f9c3db91ae28fbf6a464"}, {file = "geoip2-4.8.1.tar.gz", hash = "sha256:9aea2eab4b3e6252f47456528ae9c35b104c45277639c13fce1be87c92f84257"}, @@ -1462,6 +1602,8 @@ version = "2.1.0" description = "Copy your docs directly to the gh-pages branch." optional = false python-versions = "*" +groups = ["docs"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "ghp-import-2.1.0.tar.gz", hash = "sha256:9c535c4c61193c2df8871222567d7fd7e5014d835f97dc7b7439069e2413d343"}, {file = "ghp_import-2.1.0-py3-none-any.whl", hash = "sha256:8337dd7b50877f163d4c0289bc1f1c7f127550241988d568c1db512c4324a619"}, @@ -1479,6 +1621,8 @@ version = "1.1.14" description = "Search in google" optional = false python-versions = "*" +groups = ["unstable"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [] develop = false @@ -1503,6 +1647,8 @@ version = "2.3.0" description = "Abstraction to interact with GreyNoise API." optional = false python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,>=3.0" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "greynoise-2.3.0-py3-none-any.whl", hash = "sha256:92a9471fa98a9a3c0c9e93a15cb990dab963e2e3f1ceb1a200785906be24d4fd"}, {file = "greynoise-2.3.0.tar.gz", hash = "sha256:b33bf61db840ff3e62a2fd987dfb01fe32d23f23e6fc21b002b214529daf11d8"}, @@ -1527,6 +1673,8 @@ version = "0.14.0" description = "A pure-Python, bring-your-own-I/O implementation of HTTP/1.1" optional = false python-versions = ">=3.7" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "h11-0.14.0-py3-none-any.whl", hash = "sha256:e3fe4ac4b851c468cc8363d500db52c2ead036020723024a109d37346efaa761"}, {file = "h11-0.14.0.tar.gz", hash = "sha256:8f19fbbe99e72420ff35c00b27a34cb9937e902a8b810e2c88300c6f0a3b699d"}, @@ -1538,6 +1686,8 @@ version = "1.0.7" description = "A minimal low-level HTTP client." optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "httpcore-1.0.7-py3-none-any.whl", hash = "sha256:a3fff8f43dc260d5bd363d9f9cf1830fa3a458b332856f34282de498ed420edd"}, {file = "httpcore-1.0.7.tar.gz", hash = "sha256:8551cb62a169ec7162ac7be8d4817d561f60e08eaa485234898414bb5a8a0b4c"}, @@ -1559,6 +1709,8 @@ version = "0.22.0" description = "A comprehensive HTTP client library." optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "httplib2-0.22.0-py3-none-any.whl", hash = "sha256:14ae0a53c1ba8f3d37e9e27cf37eabb0fb9980f435ba405d546948b009dd64dc"}, {file = "httplib2-0.22.0.tar.gz", hash = "sha256:d7a10bc5ef5ab08322488bde8c726eeee5c8618723fdb399597ec58f3d82df81"}, @@ -1573,6 +1725,8 @@ version = "0.27.2" description = "The next generation HTTP client." optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "httpx-0.27.2-py3-none-any.whl", hash = "sha256:7bb2708e112d8fdd7829cd4243970f0c223274051cb35ee80c03301ee29a3df0"}, {file = "httpx-0.27.2.tar.gz", hash = "sha256:f7c2be1d2f3c3c3160d441802406b206c2b76f5947b11115e6df10c6c65e66c2"}, @@ -1598,6 +1752,8 @@ version = "3.10" description = "Internationalized Domain Names in Applications (IDNA)" optional = false python-versions = ">=3.6" +groups = ["main", "docs", "test", "unstable"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "idna-3.10-py3-none-any.whl", hash = "sha256:946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3"}, {file = "idna-3.10.tar.gz", hash = "sha256:12f65c9b470abda6dc35cf8e63cc574b1c52b11df2c86030af0ac09b01b13ea9"}, @@ -1612,10 +1768,12 @@ version = "8.5.0" description = "Read metadata from Python packages" optional = false python-versions = ">=3.8" +groups = ["main", "docs"] files = [ {file = "importlib_metadata-8.5.0-py3-none-any.whl", hash = "sha256:45e54197d28b7a7f1559e60b95e7c567032b602131fbd588f1497f47880aa68b"}, {file = "importlib_metadata-8.5.0.tar.gz", hash = "sha256:71522656f0abace1d072b9e5481a48f07c138e00f079c38c8f883823f9c26bd7"}, ] +markers = {main = "python_version <= \"3.11\"", docs = "python_version < \"3.10\""} [package.dependencies] zipp = ">=3.20" @@ -1635,6 +1793,8 @@ version = "6.4.5" description = "Read resources from Python packages" optional = false python-versions = ">=3.8" +groups = ["main", "unstable"] +markers = "python_version < \"3.10\"" files = [ {file = "importlib_resources-6.4.5-py3-none-any.whl", hash = "sha256:ac29d5f956f01d5e4bb63102a5a19957f1b9175e45649977264a1416783bb717"}, {file = "importlib_resources-6.4.5.tar.gz", hash = "sha256:980862a1d16c9e147a59603677fa2aa5fd82b87f223b6cb870695bcfce830065"}, @@ -1657,6 +1817,8 @@ version = "2.0.0" description = "brain-dead simple config-ini parsing" optional = false python-versions = ">=3.7" +groups = ["test"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "iniconfig-2.0.0-py3-none-any.whl", hash = "sha256:b6a85871a79d2e3b22d2d1b94ac2824226a63c6b741c88f7ae975f18b6778374"}, {file = "iniconfig-2.0.0.tar.gz", hash = "sha256:2d91e135bf72d31a410b17c16da610a82cb55f6b0477d1a902134b24a455b8b3"}, @@ -1668,6 +1830,8 @@ version = "0.7.2" description = "An ISO 8601 date/time/duration parser and formatter" optional = false python-versions = ">=3.7" +groups = ["main"] +markers = "python_version < \"3.11\"" files = [ {file = "isodate-0.7.2-py3-none-any.whl", hash = "sha256:28009937d8031054830160fce6d409ed342816b543597cece116d966c6d99e15"}, {file = "isodate-0.7.2.tar.gz", hash = "sha256:4cd1aa0f43ca76f4a6c6c0292a85f40b35ec2e43e315b59f06e6d32171a953e6"}, @@ -1679,6 +1843,8 @@ version = "3.4.0" description = "Utility functions for Python class constructs" optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "jaraco.classes-3.4.0-py3-none-any.whl", hash = "sha256:f662826b6bed8cace05e7ff873ce0f9283b5c924470fe664fff1c2f00f581790"}, {file = "jaraco.classes-3.4.0.tar.gz", hash = "sha256:47a024b51d0239c0dd8c8540c6c7f484be3b8fcf0b2d85c13825780d3b3f3acd"}, @@ -1697,6 +1863,8 @@ version = "6.0.1" description = "Useful decorators and context managers" optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "jaraco.context-6.0.1-py3-none-any.whl", hash = "sha256:f797fc481b490edb305122c9181830a3a5b76d84ef6d1aef2fb9b47ab956f9e4"}, {file = "jaraco_context-6.0.1.tar.gz", hash = "sha256:9bae4ea555cf0b14938dc0aee7c9f32ed303aa20a3b73e7dc80111628792d1b3"}, @@ -1715,6 +1883,8 @@ version = "4.1.0" description = "Functools like those found in stdlib" optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "jaraco.functools-4.1.0-py3-none-any.whl", hash = "sha256:ad159f13428bc4acbf5541ad6dec511f91573b90fba04df61dafa2a1231cf649"}, {file = "jaraco_functools-4.1.0.tar.gz", hash = "sha256:70f7e0e2ae076498e212562325e805204fc092d7b4c17e0e86c959e249701a9d"}, @@ -1737,6 +1907,8 @@ version = "3.23.0" description = "API for Joe Sandbox" optional = false python-versions = "!=3.0,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,>=2.7" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "jbxapi-3.23.0-py2.py3-none-any.whl", hash = "sha256:bf50e59ce542013bcd5ec9dd6a1c23f331301b053cce27296c6149af7bbc65e2"}, {file = "jbxapi-3.23.0.tar.gz", hash = "sha256:200590caaa5cfb64ffb36388e6af64d9d9dd83be02155e4a0c64ccbc1cba0b04"}, @@ -1752,6 +1924,8 @@ version = "0.8.0" description = "Low-level, pure Python DBus protocol wrapper." optional = false python-versions = ">=3.7" +groups = ["main"] +markers = "sys_platform == \"linux\" and (python_version <= \"3.11\" or python_version >= \"3.12\")" files = [ {file = "jeepney-0.8.0-py3-none-any.whl", hash = "sha256:c0a454ad016ca575060802ee4d590dd912e35c122fa04e70306de3d076cce755"}, {file = "jeepney-0.8.0.tar.gz", hash = "sha256:5efe48d255973902f6badc3ce55e2aa6c5c3b3bc642059ef3a91247bcfcc5806"}, @@ -1767,6 +1941,8 @@ version = "3.1.4" description = "A very fast and expressive template engine." optional = false python-versions = ">=3.7" +groups = ["main", "docs"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "jinja2-3.1.4-py3-none-any.whl", hash = "sha256:bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d"}, {file = "jinja2-3.1.4.tar.gz", hash = "sha256:4a3aee7acbbe7303aede8e9648d13b8bf88a429282aa6122a993f0ac800cb369"}, @@ -1784,6 +1960,8 @@ version = "1.1" description = "JSON log formatter" optional = false python-versions = ">=3.6" +groups = ["unstable"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "json_log_formatter-1.1.tar.gz", hash = "sha256:fe8fd801c58c1234df86211720921f60149105ef8d1e2a72966bb61da9bed584"}, ] @@ -1794,6 +1972,8 @@ version = "4.23.0" description = "An implementation of JSON Schema validation for Python" optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "jsonschema-4.23.0-py3-none-any.whl", hash = "sha256:fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566"}, {file = "jsonschema-4.23.0.tar.gz", hash = "sha256:d71497fef26351a33265337fa77ffeb82423f3ea21283cd9467bb03999266bc4"}, @@ -1815,6 +1995,8 @@ version = "2024.10.1" description = "The JSON Schema meta-schemas and vocabularies, exposed as a Registry" optional = false python-versions = ">=3.9" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "jsonschema_specifications-2024.10.1-py3-none-any.whl", hash = "sha256:a09a0680616357d9a0ecf05c12ad234479f549239d0f5b55f3deea67475da9bf"}, {file = "jsonschema_specifications-2024.10.1.tar.gz", hash = "sha256:0f38b83639958ce1152d02a7f062902c41c8fd20d558b0c34344292d417ae272"}, @@ -1829,6 +2011,8 @@ version = "25.5.0" description = "Store and access your passwords safely." optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "keyring-25.5.0-py3-none-any.whl", hash = "sha256:e67f8ac32b04be4714b42fe84ce7dad9c40985b9ca827c592cc303e7c26d9741"}, {file = "keyring-25.5.0.tar.gz", hash = "sha256:4c753b3ec91717fe713c4edd522d625889d8973a349b0e582622f49766de58e6"}, @@ -1858,6 +2042,8 @@ version = "1.4.7" description = "A fast implementation of the Cassowary constraint solver" optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "kiwisolver-1.4.7-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:8a9c83f75223d5e48b0bc9cb1bf2776cf01563e00ade8775ffe13b0b6e1af3a6"}, {file = "kiwisolver-1.4.7-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:58370b1ffbd35407444d57057b57da5d6549d2d854fa30249771775c63b5fe17"}, @@ -1981,6 +2167,8 @@ version = "1.1.9" description = "a modern parsing library" optional = false python-versions = ">=3.6" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "lark-1.1.9-py3-none-any.whl", hash = "sha256:a0dd3a87289f8ccbb325901e4222e723e7d745dbfc1803eaf5f3d2ace19cf2db"}, {file = "lark-1.1.9.tar.gz", hash = "sha256:15fa5236490824c2c4aba0e22d2d6d823575dcaf4cdd1848e34b6ad836240fba"}, @@ -1994,51 +2182,55 @@ regex = ["regex"] [[package]] name = "lief" -version = "0.15.1" +version = "0.16.3" description = "Library to instrument executable formats" optional = false python-versions = ">=3.8" -files = [ - {file = "lief-0.15.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:a80246b96501b2b1d4927ceb3cb817eda9333ffa9e07101358929a6cffca5dae"}, - {file = "lief-0.15.1-cp310-cp310-macosx_11_0_x86_64.whl", hash = "sha256:84bf310710369544e2bb82f83d7fdab5b5ac422651184fde8bf9e35f14439691"}, - {file = "lief-0.15.1-cp310-cp310-manylinux_2_28_x86_64.whl", hash = "sha256:8fb58efb77358291109d2675d5459399c0794475b497992d0ecee18a4a46a207"}, - {file = "lief-0.15.1-cp310-cp310-manylinux_2_33_aarch64.whl", hash = "sha256:d5852a246361bbefa4c1d5930741765a2337638d65cfe30de1b7d61f9a54b865"}, - {file = "lief-0.15.1-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:12e53dc0253c303df386ae45487a2f0078026602b36d0e09e838ae1d4dbef958"}, - {file = "lief-0.15.1-cp310-cp310-win32.whl", hash = "sha256:38b9cee48f42c355359ad7e3ff18bf1ec95e518238e4e8fb25657a49169dbf4c"}, - {file = "lief-0.15.1-cp310-cp310-win_amd64.whl", hash = "sha256:ddf2ebd73766169594d631b35f84c49ef42871de552ad49f36002c60164d0aca"}, - {file = "lief-0.15.1-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:20508c52de0dffcee3242253541609590167a3e56150cbacb506fdbb822206ef"}, - {file = "lief-0.15.1-cp311-cp311-macosx_11_0_x86_64.whl", hash = "sha256:0750c892fd3b7161a3c2279f25fe1844427610c3a5a4ae23f65674ced6f93ea5"}, - {file = "lief-0.15.1-cp311-cp311-manylinux_2_28_x86_64.whl", hash = "sha256:a8634ea79d6d9862297fadce025519ab25ff01fcadb333cf42967c6295f0d057"}, - {file = "lief-0.15.1-cp311-cp311-manylinux_2_33_aarch64.whl", hash = "sha256:1e11e046ad71fe8c81e1a8d1d207fe2b99c967d33ce79c3d3915cb8f5ecacf52"}, - {file = "lief-0.15.1-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:674b620cdf1d686f52450fd97c1056d4c92e55af8217ce85a1b2efaf5b32140b"}, - {file = "lief-0.15.1-cp311-cp311-win32.whl", hash = "sha256:dbdcd70fd23c90017705b7fe6c716f0a69c01d0d0ea7a2ff653d83dc4a61fefb"}, - {file = "lief-0.15.1-cp311-cp311-win_amd64.whl", hash = "sha256:e9b96a37bf11ca777ff305d85d957eabad2a92a6e577b6e2fb3ab79514e5a12e"}, - {file = "lief-0.15.1-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:1a96f17c2085ef38d12ad81427ae8a5d6ad76f0bc62a1e1f5fe384255cd2cc94"}, - {file = "lief-0.15.1-cp312-cp312-macosx_11_0_x86_64.whl", hash = "sha256:d780af1762022b8e01b613253af490afea3864fbd6b5a49c6de7cea8fde0443d"}, - {file = "lief-0.15.1-cp312-cp312-manylinux_2_28_x86_64.whl", hash = "sha256:d0f10d80202de9634a16786b53ba3a8f54ae8b9a9e124a964d83212444486087"}, - {file = "lief-0.15.1-cp312-cp312-manylinux_2_33_aarch64.whl", hash = "sha256:864f17ecf1736296e6d5fc38b11983f9d19a5e799f094e21e20d58bfb1b95b80"}, - {file = "lief-0.15.1-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:c2ec738bcafee8a569741f4a749f0596823b12f10713306c7d0cbbf85759f51c"}, - {file = "lief-0.15.1-cp312-cp312-win32.whl", hash = "sha256:db38619edf70e27fb3686b8c0f0bec63ad494ac88ab51660c5ecd2720b506e41"}, - {file = "lief-0.15.1-cp312-cp312-win_amd64.whl", hash = "sha256:28bf0922de5fb74502a29cc47930d3a052df58dc23ab6519fa590e564f194a60"}, - {file = "lief-0.15.1-cp313-cp313-manylinux_2_28_x86_64.whl", hash = "sha256:0616e6048f269d262ff93d67c497ebff3c1d3965ffb9427b0f2b474764fd2e8c"}, - {file = "lief-0.15.1-cp313-cp313-manylinux_2_33_aarch64.whl", hash = "sha256:6a08b2e512a80040429febddc777768c949bcd53f6f580e902e41ec0d9d936b8"}, - {file = "lief-0.15.1-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:fcd489ff80860bcc2b2689faa330a46b6d66f0ee3e0f6ef9e643e2b996128a06"}, - {file = "lief-0.15.1-cp313-cp313-win32.whl", hash = "sha256:0d10e5b22e86bbf2d1e3877b604ffd8860c852b6bc00fca681fe1432f5018fe9"}, - {file = "lief-0.15.1-cp313-cp313-win_amd64.whl", hash = "sha256:5af7dcb9c3f44baaf60875df6ba9af6777db94776cc577ee86143bcce105ba2f"}, - {file = "lief-0.15.1-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:f9757ff0c7c3d6f66e5fdcc6a9df69680fad0dc2707d64a3428f0825dfce1a85"}, - {file = "lief-0.15.1-cp38-cp38-macosx_11_0_x86_64.whl", hash = "sha256:8ac3cd099be2580d0e15150b1d2f5095c38f150af89993ddf390d7897ee8135f"}, - {file = "lief-0.15.1-cp38-cp38-manylinux_2_28_x86_64.whl", hash = "sha256:4dedeab498c312a29b58f16b739895f65fa54b2a21b8d98b111e99ad3f7e30a8"}, - {file = "lief-0.15.1-cp38-cp38-manylinux_2_33_aarch64.whl", hash = "sha256:b9217578f7a45f667503b271da8481207fb4edda8d4a53e869fb922df6030484"}, - {file = "lief-0.15.1-cp38-cp38-musllinux_1_2_x86_64.whl", hash = "sha256:82e6308ad8bd4bc7eadee3502ede13a5bb398725f25513a0396c8dba850f58a1"}, - {file = "lief-0.15.1-cp38-cp38-win32.whl", hash = "sha256:dde1c8f8ebe0ee9db4f2302c87ae3cacb9898dc412e0d7da07a8e4e834ac5158"}, - {file = "lief-0.15.1-cp38-cp38-win_amd64.whl", hash = "sha256:a079a76bca23aa73c850ab5beb7598871a1bf44662658b952cead2b5ddd31bee"}, - {file = "lief-0.15.1-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:785a3aa14575f046ed9c8d44ea222ea14c697cd03b5331d1717b5b0cf4f72466"}, - {file = "lief-0.15.1-cp39-cp39-macosx_11_0_x86_64.whl", hash = "sha256:d7044553cf07c8a2ab6e21874f07585610d996ff911b9af71dc6085a89f59daa"}, - {file = "lief-0.15.1-cp39-cp39-manylinux_2_28_x86_64.whl", hash = "sha256:13285c3ff5ef6de2421d85684c954905af909db0ad3472e33c475e5f0f657dcf"}, - {file = "lief-0.15.1-cp39-cp39-manylinux_2_33_aarch64.whl", hash = "sha256:932f880ee8a130d663a97a9099516d8570b1b303af7816e70a02f9931d5ef4c2"}, - {file = "lief-0.15.1-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:de9453f94866e0f2c36b6bd878625880080e7e5800788f5cbc06a76debf283b9"}, - {file = "lief-0.15.1-cp39-cp39-win32.whl", hash = "sha256:4e47324736d6aa559421720758de4ce12d04fb56bdffa3dcc051fe8cdd42ed17"}, - {file = "lief-0.15.1-cp39-cp39-win_amd64.whl", hash = "sha256:382a189514c0e6ebfb41e0db6106936c7ba94d8400651276add2899ff3570585"}, +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" +files = [ + {file = "lief-0.16.3-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:0fca20122c27a86efb5d083fef6514fb2fbd910965654cb8568f2db8dfe2678f"}, + {file = "lief-0.16.3-cp310-cp310-macosx_11_0_x86_64.whl", hash = "sha256:17e78fc2790fd4ebd15cf9fd86abf0d7fa91aa229d70707f0bc0391ba522129c"}, + {file = "lief-0.16.3-cp310-cp310-manylinux2014_aarch64.whl", hash = "sha256:6bd8fe4d8b907cd7e024789ba3070e417e9bff50ac13698b43b4d992f30f32d2"}, + {file = "lief-0.16.3-cp310-cp310-manylinux_2_28_x86_64.whl", hash = "sha256:d3811e76a2da6e5e351cc2dd09ea34c1fc30e5dd2d6cbbfcd5344dfeb39e0119"}, + {file = "lief-0.16.3-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:978469619f5e8c3faa5bcbb94a89df49565a427b2e75267924f76a7f42cd2a0f"}, + {file = "lief-0.16.3-cp310-cp310-win32.whl", hash = "sha256:9e6cf12c2e032e61f8a60512877b3408cf7c0bc8b76f6bc3e830435397a6555d"}, + {file = "lief-0.16.3-cp310-cp310-win_amd64.whl", hash = "sha256:6b4370508c8b82173e961372310e9c3d410c314cb60dadd80f2acb1a20197265"}, + {file = "lief-0.16.3-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:edf5e1479195920b654e3e1eb6863d466a67fd1bbd2ecc7dcbf2eeeb05353a0c"}, + {file = "lief-0.16.3-cp311-cp311-macosx_11_0_x86_64.whl", hash = "sha256:988889a7e837d12f400011bf6fb91197a94abda51e2e7c135e31ba09b032c718"}, + {file = "lief-0.16.3-cp311-cp311-manylinux2014_aarch64.whl", hash = "sha256:789bf8fd6cf64fe678b4273797e882c0bd81b702f75c3775c9f175225e1ecad7"}, + {file = "lief-0.16.3-cp311-cp311-manylinux_2_28_x86_64.whl", hash = "sha256:73a7bcaf2c2d1819e2c46b3548d29e8bc2c0547be30beb8394ea58c19afa6cab"}, + {file = "lief-0.16.3-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:be2e7074c8bf0c10fcb1afd8dedb404c86c700123a856208d03ce9dd018392d5"}, + {file = "lief-0.16.3-cp311-cp311-win32.whl", hash = "sha256:8fafd992eb9dfca9d8e39e4b4218682bcbf60fd88f43bf198ce8cb20a6674b2e"}, + {file = "lief-0.16.3-cp311-cp311-win_amd64.whl", hash = "sha256:4eb179e9a34a37edbe72c80c0ef7a93cd9ebee4e8fe27165f96841a9d00e1adb"}, + {file = "lief-0.16.3-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:17a57cc7accb27ef84a2af395dfcd1ff5c1dabb27a90fda269327678a18a22f0"}, + {file = "lief-0.16.3-cp312-cp312-macosx_11_0_x86_64.whl", hash = "sha256:1e79e7ad2bd822c19303b722e5239976521bc1777a2ddadccdc65db68eb5088d"}, + {file = "lief-0.16.3-cp312-cp312-manylinux2014_aarch64.whl", hash = "sha256:c2b205a5f2bb7c2e355ca5ccc71801774af1d40758fa1e338f72678367321efe"}, + {file = "lief-0.16.3-cp312-cp312-manylinux_2_28_x86_64.whl", hash = "sha256:684f49352123230603369eea032a49f7fe0992624c5ba2120edbd62d974893be"}, + {file = "lief-0.16.3-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:bf85ff0b4f1c70c3a37c9be5a38c213c84cef6691083fd1ffa6980a4a0d5a410"}, + {file = "lief-0.16.3-cp312-cp312-win32.whl", hash = "sha256:e7ba797829584c5cc1c8a736b2f1587f09b1f3030239c968c7664649fb79ae15"}, + {file = "lief-0.16.3-cp312-cp312-win_amd64.whl", hash = "sha256:70c1f5f66bd4eeead2853a7a80d941b4dd03e3791c68c5351b0d39c78cfa9afe"}, + {file = "lief-0.16.3-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:95d09183fb4db9dd1534eecc8b36b714bcddf2831cd6c56499b10346e48b2a77"}, + {file = "lief-0.16.3-cp313-cp313-macosx_11_0_x86_64.whl", hash = "sha256:366205cf382cc246e36d855c7286af6a9e85994fbac47a0a00c206c4f21c998f"}, + {file = "lief-0.16.3-cp313-cp313-manylinux2014_aarch64.whl", hash = "sha256:6ec906f209e275fd57bc2b003bee6f0e70b9ceabf5d93bcea8de0684735cbe8c"}, + {file = "lief-0.16.3-cp313-cp313-manylinux_2_28_x86_64.whl", hash = "sha256:e0b151eccbeda0fe666448c0801022ec5aa92b7383c0a0e8ca586931fd1bfff0"}, + {file = "lief-0.16.3-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:2eb80b1344a009e27702a7ee0ffa7013d792c0d7237e6871fe28210eac8446c0"}, + {file = "lief-0.16.3-cp313-cp313-win32.whl", hash = "sha256:aefbe78b06d9e89387ab8fc069d1cb34252f5916cf35eaa21088b21b74b99d08"}, + {file = "lief-0.16.3-cp313-cp313-win_amd64.whl", hash = "sha256:52dc05445d8019b61a9ab8c6eb9d6238c4346ac692dcecca76d5f329a999216e"}, + {file = "lief-0.16.3-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:9d7583d11d596afc723b664390d61e1e6d7988b3ad160bfb7438f2cd43099170"}, + {file = "lief-0.16.3-cp38-cp38-macosx_11_0_x86_64.whl", hash = "sha256:bca81d5e2be50925f8e04bb14f02496a14572bb1e326405468afb8a8c11ec508"}, + {file = "lief-0.16.3-cp38-cp38-manylinux2014_aarch64.whl", hash = "sha256:51df4e1c1bc52caa90d5ad63dfd587cd737dde1274f6935bf034f7628c87d5a4"}, + {file = "lief-0.16.3-cp38-cp38-manylinux_2_28_x86_64.whl", hash = "sha256:b76cf0b8dcce6e3ca88f6e721d471b8ae02192f662c896204285c9561a602e1b"}, + {file = "lief-0.16.3-cp38-cp38-musllinux_1_2_x86_64.whl", hash = "sha256:e924ee22ae6dd5ac660768b46e42ef19bba2a6faf680adcd70aebc536e1ecffb"}, + {file = "lief-0.16.3-cp38-cp38-win32.whl", hash = "sha256:489a3e77805ebd31f38c9a2786cfddf65c8cca428fa017f7ee38b006143fd3a0"}, + {file = "lief-0.16.3-cp38-cp38-win_amd64.whl", hash = "sha256:558570ffbb356a8a8f8e2e35cc37edb08ef019ec5fc087f4ed764573071a0901"}, + {file = "lief-0.16.3-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:bb2d0eb59919f3ca8562a8fbae55e4d07194135063f05cfe314c8405cd2d4cce"}, + {file = "lief-0.16.3-cp39-cp39-macosx_11_0_x86_64.whl", hash = "sha256:f18573e16b53ff9626eaa242e8d00a9780107d39a41eb4698c07a965c2267fc9"}, + {file = "lief-0.16.3-cp39-cp39-manylinux2014_aarch64.whl", hash = "sha256:6f5155f382f3da85262465817196a3890124c2483b52a2a15acfdc006155296f"}, + {file = "lief-0.16.3-cp39-cp39-manylinux_2_28_x86_64.whl", hash = "sha256:3a473aa8557df517d7d520235cd785d0a83d543eda0090ca657a7899980695a0"}, + {file = "lief-0.16.3-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:0b7dc44137c35e4e7c55278369f6148c8893128d694ddce1d28f4822967e5756"}, + {file = "lief-0.16.3-cp39-cp39-win32.whl", hash = "sha256:d29480db4cbf212c7deca4b544e4eef6923d1203083518ab0f0f597411e80e51"}, + {file = "lief-0.16.3-cp39-cp39-win_amd64.whl", hash = "sha256:e0ebd06459fad54c5ad9a3caf3e3a7e3010811f51068cbd550c4ae1ee28a9b89"}, ] [[package]] @@ -2047,6 +2239,8 @@ version = "5.3.0" description = "Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API." optional = false python-versions = ">=3.6" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "lxml-5.3.0-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:dd36439be765e2dde7660212b5275641edbc813e7b24668831a5c8ac91180656"}, {file = "lxml-5.3.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:ae5fe5c4b525aa82b8076c1a59d642c17b6e8739ecf852522c6321852178119d"}, @@ -2201,6 +2395,8 @@ version = "1.0.3" description = "Python client library for macaddress.io API." optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "maclookup-1.0.3-py2.py3-none-any.whl", hash = "sha256:33bf8eaebe3b1e4ab4ae9277dd93c78024e0ebf6b3c42f76c37695bc26ce287a"}, {file = "maclookup-1.0.3.tar.gz", hash = "sha256:795e792cd3e03c9bdad77e52904d43ff71d3ac03b360443f99d4bae08a6bffef"}, @@ -2213,12 +2409,36 @@ python-dateutil = "*" [package.extras] dev = ["mock", "tox"] +[[package]] +name = "maec" +version = "4.1.0.17" +description = "An API for parsing and creating MAEC content." +optional = false +python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" +files = [ + {file = "maec-4.1.0.17-py2.py3-none-any.whl", hash = "sha256:e6566684e606749ff75ef03f7c3454c6fff8f350fa159b4ef17cdd0e5c632ae6"}, + {file = "maec-4.1.0.17.tar.gz", hash = "sha256:d163626a11f27e046c3013d313e5b53ba97f8a9f2f563ac523be55dda6420235"}, +] + +[package.dependencies] +cybox = ">=2.1.0.13,<2.1.1.0" +lxml = {version = ">=2.2.3", markers = "python_version == \"2.7\" or python_version >= \"3.5\""} +mixbox = ">=1.0.4" + +[package.extras] +docs = ["Sphinx", "sphinx-rtd-theme"] +test = ["nose", "tox"] + [[package]] name = "markdown" version = "3.7" description = "Python implementation of John Gruber's Markdown." optional = false python-versions = ">=3.8" +groups = ["docs"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "Markdown-3.7-py3-none-any.whl", hash = "sha256:7eb6df5690b81a1d7942992c97fad2938e956e79df20cbc6186e9c3a77b1c803"}, {file = "markdown-3.7.tar.gz", hash = "sha256:2ae2471477cfd02dbbf038d5d9bc226d40def84b4fe2986e49b59b6b472bbed2"}, @@ -2237,6 +2457,8 @@ version = "0.8.1" description = "A Python-Markdown extension which provides an 'include' function" optional = false python-versions = ">=3.7" +groups = ["docs"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "markdown-include-0.8.1.tar.gz", hash = "sha256:1d0623e0fc2757c38d35df53752768356162284259d259c486b4ab6285cdbbe3"}, {file = "markdown_include-0.8.1-py3-none-any.whl", hash = "sha256:32f0635b9cfef46997b307e2430022852529f7a5b87c0075c504283e7cc7db53"}, @@ -2254,6 +2476,8 @@ version = "0.14.0" description = "Convert HTML to markdown." optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "markdownify-0.14.0-py3-none-any.whl", hash = "sha256:aa8382e6b5f5508974106c8b22a22a33ca6dbbff24172d751519252d8908ae29"}, {file = "markdownify-0.14.0.tar.gz", hash = "sha256:d373eeac3ab6fa28bb1cdcb6432663e5aee85eae3cc4909f70f55a0a9cd1aea4"}, @@ -2269,6 +2493,8 @@ version = "3.0.2" description = "Safely add untrusted strings to HTML/XML markup." optional = false python-versions = ">=3.9" +groups = ["main", "docs"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "MarkupSafe-3.0.2-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:7e94c425039cde14257288fd61dcfb01963e658efbc0ff54f5306b06054700f8"}, {file = "MarkupSafe-3.0.2-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:9e2d922824181480953426608b81967de705c3cef4d1af983af849d7bd619158"}, @@ -2339,6 +2565,8 @@ version = "3.9.2" description = "Python plotting package" optional = false python-versions = ">=3.9" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "matplotlib-3.9.2-cp310-cp310-macosx_10_12_x86_64.whl", hash = "sha256:9d78bbc0cbc891ad55b4f39a48c22182e9bdaea7fc0e5dbd364f49f729ca1bbb"}, {file = "matplotlib-3.9.2-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:c375cc72229614632c87355366bdf2570c2dac01ac66b8ad048d2dabadf2d0d4"}, @@ -2403,6 +2631,8 @@ version = "7.3.2" description = "A Python Mattermost Driver" optional = false python-versions = ">=3.5" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "mattermostdriver-7.3.2-py3-none-any.whl", hash = "sha256:8c6f15da34873b6c88da8fa8da0342f94bef77fcd16294befd92fea7e008cd97"}, {file = "mattermostdriver-7.3.2.tar.gz", hash = "sha256:2e4d7b4a17d3013e279c6f993746ea18cd60b45d8fa3be24f47bc2de22b9b3b4"}, @@ -2418,6 +2648,8 @@ version = "2.6.2" description = "Reader for the MaxMind DB format" optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "maxminddb-2.6.2-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:7cfdf5c29a2739610700b9fea7f8d68ce81dcf30bb8016f1a1853ef889a2624b"}, {file = "maxminddb-2.6.2-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:05e873eb82281cef6e787bd40bd1d58b2e496a21b3689346f0d0420988b3cbb1"}, @@ -2496,6 +2728,8 @@ version = "0.7.0" description = "McCabe checker, plugin for flake8" optional = false python-versions = ">=3.6" +groups = ["test"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "mccabe-0.7.0-py2.py3-none-any.whl", hash = "sha256:6c2d30ab6be0e4a46919781807b4f0d834ebdd6c6e3dca0bda5a15f863427b6e"}, {file = "mccabe-0.7.0.tar.gz", hash = "sha256:348e0240c33b60bbdf4e523192ef919f28cb2c3d7d5c7794f74009290f236325"}, @@ -2507,17 +2741,86 @@ version = "1.3.4" description = "A deep merge function for 🐍." optional = false python-versions = ">=3.6" +groups = ["docs"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "mergedeep-1.3.4-py3-none-any.whl", hash = "sha256:70775750742b25c0d8f36c55aed03d24c3384d17c951b3175d898bd778ef0307"}, {file = "mergedeep-1.3.4.tar.gz", hash = "sha256:0096d52e9dad9939c3d975a774666af186eda617e6ca84df4c94dec30004f2a8"}, ] +[[package]] +name = "misp-lib-stix2" +version = "3.0.1.2" +description = "Produce and consume STIX 2 JSON content" +optional = false +python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" +files = [ + {file = "misp_lib_stix2-3.0.1.2-py2.py3-none-any.whl", hash = "sha256:6172a1b540e78129ff0b845a43bd3483e0c5f928a8d1ba370cb552eaab721841"}, + {file = "misp_lib_stix2-3.0.1.2.tar.gz", hash = "sha256:9da014b096fae6c2d9d96dcaac1672658fe7bca963ade04c3c9bde5684a5266f"}, +] + +[package.dependencies] +pytz = "*" +requests = "*" +simplejson = "*" +stix2-patterns = ">=1.2.0" + +[package.extras] +semantic = ["haversine", "rapidfuzz"] +taxii = ["taxii2-client (>=2.3.0)"] + +[[package]] +name = "misp-stix" +version = "2025.1.10" +description = "Python scripts used by MISP to export MISP format into STIX and to import STIX into MISP format." +optional = false +python-versions = "<4.0,>=3.9" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" +files = [ + {file = "misp_stix-2025.1.10-py3-none-any.whl", hash = "sha256:76a853435aedae7ed448ec0bf1b0dc65cfbb6241cd4dec9ba6ccd3ec8a412576"}, + {file = "misp_stix-2025.1.10.tar.gz", hash = "sha256:12180e27fc795d5e208f6e9c682eb406477aae1685fa9e7d5dee98e8dbecc1b0"}, +] + +[package.dependencies] +cybox = ">=2.1.0,<3.0.0" +maec = ">=4.1.0,<5.0.0" +misp-lib-stix2 = ">=3.0.1,<4.0.0" +mixbox = ">=1.0.3,<2.0.0" +pymisp = ">=2.5.4,<3.0.0" +setuptools = "*" +stix = ">=1.2.0,<2.0.0" +stix-edh = "1.0.3" + +[[package]] +name = "mixbox" +version = "1.0.5" +description = "Utility library for cybox, maec, and stix packages" +optional = false +python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" +files = [ + {file = "mixbox-1.0.5-py2.py3-none-any.whl", hash = "sha256:170551ec415a0705b3c26c92e3f75fe1cdc95cc7f71f2b6ada4248fb1e96d035"}, + {file = "mixbox-1.0.5.tar.gz", hash = "sha256:13c618a36967a6906d09e9e5be952656c78279b0e9cb5527e9360416e4d1c057"}, +] + +[package.dependencies] +lxml = "*" +ordered-set = "*" +python-dateutil = "*" +weakrefmethod = ">=1.0.3" + [[package]] name = "mkdocs" version = "1.6.1" description = "Project documentation with Markdown." optional = false python-versions = ">=3.8" +groups = ["docs"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "mkdocs-1.6.1-py3-none-any.whl", hash = "sha256:db91759624d1647f3f34aa0c3f327dd2601beae39a366d6e064c03468d35c20e"}, {file = "mkdocs-1.6.1.tar.gz", hash = "sha256:7b432f01d928c084353ab39c57282f29f92136665bdd6abf7c1ec8d822ef86f2"}, @@ -2549,6 +2852,8 @@ version = "0.2.0" description = "MkDocs extension that lists all dependencies according to a mkdocs.yml file" optional = false python-versions = ">=3.8" +groups = ["docs"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "mkdocs_get_deps-0.2.0-py3-none-any.whl", hash = "sha256:2bf11d0b133e77a0dd036abeeb06dec8775e46efa526dc70667d8863eefc6134"}, {file = "mkdocs_get_deps-0.2.0.tar.gz", hash = "sha256:162b3d129c7fad9b19abfdcb9c1458a651628e4b1dea628ac68790fb3061c60c"}, @@ -2566,6 +2871,8 @@ version = "9.5.45" description = "Documentation that simply works" optional = false python-versions = ">=3.8" +groups = ["docs"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "mkdocs_material-9.5.45-py3-none-any.whl", hash = "sha256:a9be237cfd0be14be75f40f1726d83aa3a81ce44808dc3594d47a7a592f44547"}, {file = "mkdocs_material-9.5.45.tar.gz", hash = "sha256:286489cf0beca4a129d91d59d6417419c63bceed1ce5cd0ec1fc7e1ebffb8189"}, @@ -2595,6 +2902,8 @@ version = "1.3.1" description = "Extension pack for Python Markdown and MkDocs Material." optional = false python-versions = ">=3.8" +groups = ["docs"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "mkdocs_material_extensions-1.3.1-py3-none-any.whl", hash = "sha256:adff8b62700b25cb77b53358dad940f3ef973dd6db797907c49e3c2ef3ab4e31"}, {file = "mkdocs_material_extensions-1.3.1.tar.gz", hash = "sha256:10c9511cea88f568257f960358a467d12b970e1f7b2c0e5fb2bb48cab1928443"}, @@ -2606,6 +2915,8 @@ version = "10.5.0" description = "More routines for operating on iterables, beyond itertools" optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "more-itertools-10.5.0.tar.gz", hash = "sha256:5482bfef7849c25dc3c6dd53a6173ae4795da2a41a80faea6700d9f5846c5da6"}, {file = "more_itertools-10.5.0-py3-none-any.whl", hash = "sha256:037b0d3203ce90cca8ab1defbbdac29d5f993fc20131f3664dc8d6acfa872aef"}, @@ -2617,6 +2928,8 @@ version = "5.4.2" description = "Python tool and library for decrypting and encrypting MS Office files using a password or other keys" optional = false python-versions = "<4.0,>=3.8" +groups = ["main"] +markers = "(platform_python_implementation != \"PyPy\" or platform_system != \"Windows\" and platform_system != \"Darwin\") and (python_version <= \"3.11\" or python_version >= \"3.12\")" files = [ {file = "msoffcrypto_tool-5.4.2-py3-none-any.whl", hash = "sha256:274fe2181702d1e5a107ec1b68a4c9fea997a44972ae1cc9ae0cb4f6a50fef0e"}, {file = "msoffcrypto_tool-5.4.2.tar.gz", hash = "sha256:44b545adba0407564a0cc3d6dde6ca36b7c0fdf352b85bca51618fa1d4817370"}, @@ -2632,6 +2945,8 @@ version = "6.1.0" description = "multidict implementation" optional = false python-versions = ">=3.8" +groups = ["main", "unstable"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "multidict-6.1.0-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60"}, {file = "multidict-6.1.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:99f826cbf970077383d7de805c0681799491cb939c25450b9b5b3ced03ca99f1"}, @@ -2736,6 +3051,8 @@ version = "4.5.0" description = "MWDB API bindings for Python" optional = false python-versions = ">=3.7" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "mwdblib-4.5.0-py3-none-any.whl", hash = "sha256:94fc48ad92a3cd44badc894ed5f4c70fd3ce4fbdd3a567f499ae85db9c5f7048"}, ] @@ -2753,6 +3070,8 @@ version = "0.3.1" description = "JsonDecoder for ndjson" optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "ndjson-0.3.1-py2.py3-none-any.whl", hash = "sha256:839c22275e6baa3040077b83c005ac24199b94973309a8a1809be962c753a410"}, {file = "ndjson-0.3.1.tar.gz", hash = "sha256:bf9746cb6bb1cb53d172cda7f154c07c786d665ff28341e4e689b796b229e5d6"}, @@ -2764,6 +3083,8 @@ version = "1.3.7" description = "nose extends unittest to make testing easier" optional = false python-versions = "*" +groups = ["test"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "nose-1.3.7-py2-none-any.whl", hash = "sha256:dadcddc0aefbf99eea214e0f1232b94f2fa9bd98fa8353711dacb112bfcbbb2a"}, {file = "nose-1.3.7-py3-none-any.whl", hash = "sha256:9ff7c6cc443f8c51994b34a667bbcf45afd6d945be7477b52e97516fd17c53ac"}, @@ -2776,6 +3097,8 @@ version = "1.0.2" description = "np = numpy++: numpy with added convenience functionality" optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "np-1.0.2.tar.gz", hash = "sha256:781265283f3823663ad8fb48741aae62abcf4c78bc19f908f8aa7c1d3eb132f8"}, ] @@ -2786,6 +3109,8 @@ version = "1.26.4" description = "Fundamental package for array computing in Python" optional = false python-versions = ">=3.9" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "numpy-1.26.4-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:9ff0f4f29c51e2803569d7a51c2304de5554655a60c5d776e35b4a41413830d0"}, {file = "numpy-1.26.4-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:2e4ee3380d6de9c9ec04745830fd9e2eccb3e6cf790d39d7b98ffd19b0dd754a"}, @@ -2831,6 +3156,8 @@ version = "1.9.0.post1" description = "library for OAuth version 1.9" optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "oauth2-1.9.0.post1-py2.py3-none-any.whl", hash = "sha256:15b5c42301f46dd63113f1214b0d81a8b16254f65a86d3c32a1b52297f3266e6"}, {file = "oauth2-1.9.0.post1.tar.gz", hash = "sha256:c006a85e7c60107c7cc6da1b184b5c719f6dd7202098196dfa6e55df669b59bf"}, @@ -2845,6 +3172,8 @@ version = "0.0.3" description = "Lightweight python module to allow extracting text from OpenDocument (odt) files." optional = false python-versions = "*" +groups = ["unstable"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [] develop = false @@ -2860,6 +3189,8 @@ version = "0.47" description = "Python package to parse, read and write Microsoft OLE2 files (Structured Storage or Compound Document, Microsoft Office)" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "olefile-0.47-py2.py3-none-any.whl", hash = "sha256:543c7da2a7adadf21214938bb79c83ea12b473a4b6ee4ad4bf854e7715e13d1f"}, {file = "olefile-0.47.zip", hash = "sha256:599383381a0bf3dfbd932ca0ca6515acd174ed48870cbf7fee123d698c192c1c"}, @@ -2874,6 +3205,8 @@ version = "0.60.2" description = "Python tools to analyze security characteristics of MS Office and OLE files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), for Malware Analysis and Incident Response #DFIR" optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "oletools-0.60.2-py2.py3-none-any.whl", hash = "sha256:72ad8bd748fd0c4e7b5b4733af770d11543ebb2bf2697455f99f975fcd50cc96"}, {file = "oletools-0.60.2.zip", hash = "sha256:ad452099f4695ffd8855113f453348200d195ee9fa341a09e197d66ee7e0b2c3"}, @@ -2896,6 +3229,8 @@ version = "4.10.0.84" description = "Wrapper package for OpenCV python bindings." optional = false python-versions = ">=3.6" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "opencv-python-4.10.0.84.tar.gz", hash = "sha256:72d234e4582e9658ffea8e9cae5b63d488ad06994ef12d81dc303b17472f3526"}, {file = "opencv_python-4.10.0.84-cp37-abi3-macosx_11_0_arm64.whl", hash = "sha256:fc182f8f4cda51b45f01c64e4cbedfc2f00aff799debebc305d8d0210c43f251"}, @@ -2908,11 +3243,11 @@ files = [ [package.dependencies] numpy = [ + {version = ">=1.21.0", markers = "python_version == \"3.9\" and platform_system == \"Darwin\" and platform_machine == \"arm64\""}, {version = ">=1.26.0", markers = "python_version >= \"3.12\""}, {version = ">=1.23.5", markers = "python_version >= \"3.11\" and python_version < \"3.12\""}, {version = ">=1.21.4", markers = "python_version >= \"3.10\" and platform_system == \"Darwin\" and python_version < \"3.11\""}, {version = ">=1.21.2", markers = "platform_system != \"Darwin\" and python_version >= \"3.10\" and python_version < \"3.11\""}, - {version = ">=1.21.0", markers = "python_version == \"3.9\" and platform_system == \"Darwin\" and platform_machine == \"arm64\""}, {version = ">=1.19.3", markers = "platform_system == \"Linux\" and platform_machine == \"aarch64\" and python_version >= \"3.8\" and python_version < \"3.10\" or python_version > \"3.9\" and python_version < \"3.10\" or python_version >= \"3.9\" and platform_system != \"Darwin\" and python_version < \"3.10\" or python_version >= \"3.9\" and platform_machine != \"arm64\" and python_version < \"3.10\""}, ] @@ -2922,6 +3257,8 @@ version = "3.1.5" description = "A Python library to read/write Excel 2010 xlsx/xlsm files" optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "openpyxl-3.1.5-py2.py3-none-any.whl", hash = "sha256:5282c12b107bffeef825f4617dc029afaf41d0ea60823bbb665ef3079dc79de2"}, {file = "openpyxl-3.1.5.tar.gz", hash = "sha256:cf0e3cf56142039133628b5acffe8ef0c12bc902d2aadd3e0fe5878dc08d1050"}, @@ -2930,12 +3267,30 @@ files = [ [package.dependencies] et-xmlfile = "*" +[[package]] +name = "ordered-set" +version = "4.1.0" +description = "An OrderedSet is a custom MutableSet that remembers its order, so that every" +optional = false +python-versions = ">=3.7" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" +files = [ + {file = "ordered-set-4.1.0.tar.gz", hash = "sha256:694a8e44c87657c59292ede72891eb91d34131f6531463aab3009191c77364a8"}, + {file = "ordered_set-4.1.0-py3-none-any.whl", hash = "sha256:046e1132c71fcf3330438a539928932caf51ddbc582496833e23de611de14562"}, +] + +[package.extras] +dev = ["black", "mypy", "pytest"] + [[package]] name = "packaging" version = "24.2" description = "Core utilities for Python packages" optional = false python-versions = ">=3.8" +groups = ["main", "docs", "test"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "packaging-24.2-py3-none-any.whl", hash = "sha256:09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759"}, {file = "packaging-24.2.tar.gz", hash = "sha256:c228a6dc5e932d346bc5739379109d49e8853dd8223571c7c5b55260edc0b97f"}, @@ -2947,6 +3302,8 @@ version = "0.5.7" description = "Divides large result sets into pages for easier browsing" optional = false python-versions = "*" +groups = ["docs"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "paginate-0.5.7-py2.py3-none-any.whl", hash = "sha256:b885e2af73abcf01d9559fd5216b57ef722f8c42affbb63942377668e35c7591"}, {file = "paginate-0.5.7.tar.gz", hash = "sha256:22bd083ab41e1a8b4f3690544afb2c60c25e5c9a63a30fa2f483f6c60c8e5945"}, @@ -2962,6 +3319,8 @@ version = "2.2.3" description = "Powerful data structures for data analysis, time series, and statistics" optional = false python-versions = ">=3.9" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "pandas-2.2.3-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:1948ddde24197a0f7add2bdc4ca83bf2b1ef84a1bc8ccffd95eda17fd836ecb5"}, {file = "pandas-2.2.3-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:381175499d3802cde0eabbaf6324cce0c4f5d52ca6f8c377c29ad442f50f6348"}, @@ -3009,9 +3368,9 @@ files = [ [package.dependencies] numpy = [ + {version = ">=1.22.4", markers = "python_version < \"3.11\""}, {version = ">=1.26.0", markers = "python_version >= \"3.12\""}, {version = ">=1.23.2", markers = "python_version == \"3.11\""}, - {version = ">=1.22.4", markers = "python_version < \"3.11\""}, ] python-dateutil = ">=2.8.2" pytz = ">=2020.1" @@ -3048,6 +3407,8 @@ version = "1.0.1" description = "Read in .ods and .fods files and return a pandas.DataFrame." optional = false python-versions = "<3.13,>=3.9" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "pandas_ods_reader-1.0.1-py3-none-any.whl", hash = "sha256:35a254ec95665fb654b573d7131787bf177e9126b06746ea3c17b1b972abc79b"}, {file = "pandas_ods_reader-1.0.1.tar.gz", hash = "sha256:e87806d72bba31845de9f0dfa6c5621a5aa9b120cb84049544fee0e8baad8f9c"}, @@ -3064,6 +3425,8 @@ version = "2.4" description = "Pandoc Documents for Python" optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "pandoc-2.4.tar.gz", hash = "sha256:ecd1f8cbb7f4180c6b5db4a17a7c1a74df519995f5f186ef81ce72a9cbd0dd9a"}, ] @@ -3078,6 +3441,8 @@ version = "2.5.9" description = "Library for the RiskIQ PassiveTotal and Illuminate API" optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "passivetotal-2.5.9-py3-none-any.whl", hash = "sha256:070c408181bf294f1cf4d49bd7184a00c9419b2bac7a3405f247f786db45ed8f"}, {file = "passivetotal-2.5.9.tar.gz", hash = "sha256:f5f1b7843257bc1ed5ae951c48902eb809a4a632947a57d6f8ad199428b13251"}, @@ -3098,6 +3463,8 @@ version = "0.12.1" description = "Utility library for gitignore style pattern matching of file paths." optional = false python-versions = ">=3.8" +groups = ["docs"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "pathspec-0.12.1-py3-none-any.whl", hash = "sha256:a0d503e138a4c123b27490a4f7beda6a01c6f288df0e4a8b79c7eb0dc7b4cc08"}, {file = "pathspec-0.12.1.tar.gz", hash = "sha256:a482d51503a1ab33b1c67a6c3813a26953dbdc71c31dacaef9a838c4e29f5712"}, @@ -3109,6 +3476,8 @@ version = "1.2.6" description = "A VBA p-code disassembler" optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "pcodedmp-1.2.6-py2.py3-none-any.whl", hash = "sha256:4441f7c0ab4cbda27bd4668db3b14f36261d86e5059ce06c0828602cbe1c4278"}, {file = "pcodedmp-1.2.6.tar.gz", hash = "sha256:025f8c809a126f45a082ffa820893e6a8d990d9d7ddb68694b5a9f0a6dbcd955"}, @@ -3124,6 +3493,8 @@ version = "2.2.2" description = "Simple PDF text extraction" optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "pdftotext-2.2.2.tar.gz", hash = "sha256:2a9aa89bc62022408781b39d188fabf5a3ad1103b6630f32c4e27e395f7966ee"}, ] @@ -3134,6 +3505,8 @@ version = "11.0.0" description = "Python Imaging Library (Fork)" optional = false python-versions = ">=3.9" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "pillow-11.0.0-cp310-cp310-macosx_10_10_x86_64.whl", hash = "sha256:6619654954dc4936fcff82db8eb6401d3159ec6be81e33c6000dfd76ae189947"}, {file = "pillow-11.0.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:b3c5ac4bed7519088103d9450a1107f76308ecf91d6dabc8a33a2fcfb18d0fba"}, @@ -3226,6 +3599,8 @@ version = "4.3.6" description = "A small Python package for determining appropriate platform-specific dirs, e.g. a `user data dir`." optional = false python-versions = ">=3.8" +groups = ["main", "docs"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "platformdirs-4.3.6-py3-none-any.whl", hash = "sha256:73e575e1408ab8103900836b97580d5307456908a03e92031bab39e4554cc3fb"}, {file = "platformdirs-4.3.6.tar.gz", hash = "sha256:357fb2acbc885b0419afd3ce3ed34564c13c9b95c89360cd9563f73aa5e2b907"}, @@ -3242,6 +3617,8 @@ version = "1.5.0" description = "plugin and hook calling mechanisms for python" optional = false python-versions = ">=3.8" +groups = ["test"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "pluggy-1.5.0-py3-none-any.whl", hash = "sha256:44e1ad92c8ca002de6377e165f3e0f1be63266ab4d554740532335b9d75ea669"}, {file = "pluggy-1.5.0.tar.gz", hash = "sha256:2cffa88e94fdc978c4c574f15f9e59b7f4201d439195c3715ca9e2486f1d0cf1"}, @@ -3257,6 +3634,8 @@ version = "1.9.0" description = "Plumbum: shell combinators library" optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "plumbum-1.9.0-py3-none-any.whl", hash = "sha256:9fd0d3b0e8d86e4b581af36edf3f3bbe9d1ae15b45b8caab28de1bcb27aaa7f5"}, {file = "plumbum-1.9.0.tar.gz", hash = "sha256:e640062b72642c3873bd5bdc3effed75ba4d3c70ef6b6a7b907357a84d909219"}, @@ -3277,6 +3656,8 @@ version = "3.11" description = "Python Lex & Yacc" optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "ply-3.11-py2.py3-none-any.whl", hash = "sha256:096f9b8350b65ebd2fd1346b12452efe5b9607f7482813ffca50c22722a807ce"}, {file = "ply-3.11.tar.gz", hash = "sha256:00c7c1aaa88358b9c765b6d3000c6eec0ba42abca5351b095321aef446081da3"}, @@ -3288,6 +3669,8 @@ version = "4.5.0" description = "A Python Progressbar library to provide visual (yet text based) progress to long running operations." optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "progressbar2-4.5.0-py3-none-any.whl", hash = "sha256:625c94a54e63915b3959355e6d4aacd63a00219e5f3e2b12181b76867bf6f628"}, {file = "progressbar2-4.5.0.tar.gz", hash = "sha256:6662cb624886ed31eb94daf61e27583b5144ebc7383a17bae076f8f4f59088fb"}, @@ -3306,6 +3689,8 @@ version = "3.0.48" description = "Library for building powerful interactive command lines in Python" optional = false python-versions = ">=3.7.0" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "prompt_toolkit-3.0.48-py3-none-any.whl", hash = "sha256:f49a827f90062e411f1ce1f854f2aedb3c23353244f8108b89283587397ac10e"}, {file = "prompt_toolkit-3.0.48.tar.gz", hash = "sha256:d6623ab0477a80df74e646bdbc93621143f5caf104206aa29294d53de1a03d90"}, @@ -3320,6 +3705,8 @@ version = "0.2.0" description = "Accelerated property cache" optional = false python-versions = ">=3.8" +groups = ["main", "unstable"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "propcache-0.2.0-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:c5869b8fd70b81835a6f187c5fdbe67917a04d7e52b6e7cc4e5fe39d55c39d58"}, {file = "propcache-0.2.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:952e0d9d07609d9c5be361f33b0d6d650cd2bae393aabb11d9b719364521984b"}, @@ -3427,6 +3814,8 @@ version = "6.1.0" description = "Cross-platform lib for process and system monitoring in Python." optional = false python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,>=2.7" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "psutil-6.1.0-cp27-cp27m-macosx_10_9_x86_64.whl", hash = "sha256:ff34df86226c0227c52f38b919213157588a678d049688eded74c76c8ba4a5d0"}, {file = "psutil-6.1.0-cp27-cp27m-manylinux2010_i686.whl", hash = "sha256:c0e0c00aa18ca2d3b2b991643b799a15fc8f0563d2ebb6040f64ce8dc027b942"}, @@ -3453,13 +3842,15 @@ test = ["pytest", "pytest-xdist", "setuptools"] [[package]] name = "publicsuffixlist" -version = "1.0.2.20241124" +version = "1.0.2.20250212" description = "publicsuffixlist implement" optional = false python-versions = ">=3.5" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ - {file = "publicsuffixlist-1.0.2.20241124-py2.py3-none-any.whl", hash = "sha256:0cd9c04d517ed4d09d1cb12aca54344847b4173c17ba2a8341a3a029e7e8ca0c"}, - {file = "publicsuffixlist-1.0.2.20241124.tar.gz", hash = "sha256:7e02704c4540e78f77d88f867e74ee7a30291a3caea5b391277c683e6ee7c0e6"}, + {file = "publicsuffixlist-1.0.2.20250212-py2.py3-none-any.whl", hash = "sha256:7473201f1e74f2241378d8f50275978de2bf7363d305509ba9c4e0afed723c38"}, + {file = "publicsuffixlist-1.0.2.20250212.tar.gz", hash = "sha256:ac546cba26dff0e5a881ba906cc56dc1847dd22b52aee5af4cd6208c1dc3b0e4"}, ] [package.extras] @@ -3472,6 +3863,8 @@ version = "2.12.1" description = "Python style guide checker" optional = false python-versions = ">=3.8" +groups = ["test"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "pycodestyle-2.12.1-py2.py3-none-any.whl", hash = "sha256:46f0fb92069a7c28ab7bb558f05bfc0110dac69a0cd23c61ea0040283a9d78b3"}, {file = "pycodestyle-2.12.1.tar.gz", hash = "sha256:6838eae08bbce4f6accd5d5572075c63626a15ee3e6f842df996bf62f6d73521"}, @@ -3483,6 +3876,8 @@ version = "24.6.1" description = "ISO country, subdivision, language, currency and script definitions and their translations" optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "pycountry-24.6.1-py3-none-any.whl", hash = "sha256:f1a4fb391cd7214f8eefd39556d740adcc233c778a27f8942c8dca351d6ce06f"}, {file = "pycountry-24.6.1.tar.gz", hash = "sha256:b61b3faccea67f87d10c1f2b0fc0be714409e8fcdcc1315613174f6466c10221"}, @@ -3494,6 +3889,8 @@ version = "2.22" description = "C parser in Python" optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "platform_python_implementation != \"PyPy\" and (python_version <= \"3.11\" or python_version >= \"3.12\")" files = [ {file = "pycparser-2.22-py3-none-any.whl", hash = "sha256:c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc"}, {file = "pycparser-2.22.tar.gz", hash = "sha256:491c8be9c040f5390f5bf44a5b07752bd07f56edf992381b05c701439eec10f6"}, @@ -3505,6 +3902,8 @@ version = "3.21.0" description = "Cryptographic library for Python" optional = false python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,>=2.7" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "pycryptodome-3.21.0-cp27-cp27m-macosx_10_9_x86_64.whl", hash = "sha256:dad9bf36eda068e89059d1f07408e397856be9511d7113ea4b586642a429a4fd"}, {file = "pycryptodome-3.21.0-cp27-cp27m-manylinux2010_i686.whl", hash = "sha256:a1752eca64c60852f38bb29e2c86fca30d7672c024128ef5d70cc15868fa10f4"}, @@ -3546,6 +3945,8 @@ version = "3.21.0" description = "Cryptographic library for Python" optional = false python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,>=2.7" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "pycryptodomex-3.21.0-cp27-cp27m-macosx_10_9_x86_64.whl", hash = "sha256:dbeb84a399373df84a69e0919c1d733b89e049752426041deeb30d68e9867822"}, {file = "pycryptodomex-3.21.0-cp27-cp27m-manylinux2010_i686.whl", hash = "sha256:a192fb46c95489beba9c3f002ed7d93979423d1b2a53eab8771dbb1339eb3ddd"}, @@ -3587,6 +3988,8 @@ version = "2.10.1" description = "Data validation using Python type hints" optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "pydantic-2.10.1-py3-none-any.whl", hash = "sha256:a8d20db84de64cf4a7d59e899c2caf0fe9d660c7cfc482528e7020d7dd189a7e"}, {file = "pydantic-2.10.1.tar.gz", hash = "sha256:a4daca2dc0aa429555e0656d6bf94873a7dc5f54ee42b1f5873d666fb3f35560"}, @@ -3607,6 +4010,8 @@ version = "2.27.1" description = "Core functionality for Pydantic validation and serialization" optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "pydantic_core-2.27.1-cp310-cp310-macosx_10_12_x86_64.whl", hash = "sha256:71a5e35c75c021aaf400ac048dacc855f000bdfed91614b4a726f7432f1f3d6a"}, {file = "pydantic_core-2.27.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:f82d068a2d6ecfc6e054726080af69a6764a10015467d7d7b9f66d6ed5afa23b"}, @@ -3719,6 +4124,8 @@ version = "0.5.1" description = "Python bindings for ssdeep" optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "pydeep2-0.5.1-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e14b310b820d895a7354be7fd025de874892df249cbfb3ad8a524459e1511fd8"}, {file = "pydeep2-0.5.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:2283893e25826b547dd1e5c71a010e86ddfd7270e2f2b8c90973c1d7984c7eb7"}, @@ -3743,6 +4150,8 @@ version = "1.0" description = "" optional = false python-versions = "*" +groups = ["unstable"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [] develop = false @@ -3758,6 +4167,8 @@ version = "1.1" description = "Revival version of pyeti, the API for Yeti Threat Intel Platform." optional = false python-versions = ">=3.6" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "pyeti_python3-1.1-py3-none-any.whl", hash = "sha256:2b2011fadacf799bd99bcb5c3feec4ffafc031bb81e1ab713cd977948ca7d698"}, ] @@ -3772,6 +4183,8 @@ version = "1.3.0" description = "Python API for the European Union anti-phishing initiative." optional = false python-versions = ">=3.8,<4.0" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "pyeupi-1.3.0-py3-none-any.whl", hash = "sha256:495248912ff3635d1c3e8b9c6e012add117178440fdd6c8d75cb2019990df996"}, {file = "pyeupi-1.3.0.tar.gz", hash = "sha256:a262d8f1c6697c2d9fd462725217e33efa54f0a0c8104ce07fb8a3be781e4d72"}, @@ -3789,6 +4202,8 @@ version = "1.2" description = "Python bindings for the faup library" optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "pyfaup-1.2-py2.py3-none-any.whl", hash = "sha256:75f96f7da86ffb5402d3fcc2dbf98a511e792cf9100c159e34cdba8996ddc7f9"}, {file = "pyfaup-1.2.tar.gz", hash = "sha256:5648bc3ebd80239aec927aedfc218c3a6ff36de636cc53822bfeb70b0869b1e7"}, @@ -3800,6 +4215,8 @@ version = "3.2.0" description = "passive checker of Python programs" optional = false python-versions = ">=3.8" +groups = ["test"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "pyflakes-3.2.0-py2.py3-none-any.whl", hash = "sha256:84b5be138a2dfbb40689ca07e2152deb896a65c3a3e24c251c5c62489568074a"}, {file = "pyflakes-3.2.0.tar.gz", hash = "sha256:1c61603ff154621fb2a9172037d84dca3500def8c8b630657d1701f026f8af3f"}, @@ -3811,6 +4228,8 @@ version = "0.3.2" description = "Pure Python GeoIP API" optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "pygeoip-0.3.2-py2.py3-none-any.whl", hash = "sha256:1938b9dac7b00d77f94d040b9465ea52c938f3fcdcd318b5537994f3c16aef96"}, {file = "pygeoip-0.3.2.tar.gz", hash = "sha256:f22c4e00ddf1213e0fae36dc60b46ee7c25a6339941ec1a975539014c1f9a96d"}, @@ -3822,6 +4241,8 @@ version = "2.18.0" description = "Pygments is a syntax highlighting package written in Python." optional = false python-versions = ">=3.8" +groups = ["main", "docs"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "pygments-2.18.0-py3-none-any.whl", hash = "sha256:b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a"}, {file = "pygments-2.18.0.tar.gz", hash = "sha256:786ff802f32e91311bff3889f6e9a86e81505fe99f2735bb6d60ae0c5004f199"}, @@ -3836,6 +4257,8 @@ version = "0.1.1" description = "Python client for Intel471" optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "pyintel471-0.1.1-py3-none-any.whl", hash = "sha256:4e30246d3a5904d437d3653d8c7d82a4fe74b1973b95665d94275a070cab2231"}, {file = "pyintel471-0.1.1.tar.gz", hash = "sha256:81e20fcc09b27d346977492edea693536d5709da5abae78993beaa3e09baff22"}, @@ -3847,6 +4270,8 @@ version = "2.1.2" description = "Python client for IP ASN History" optional = false python-versions = ">=3.8,<4.0" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "pyipasnhistory-2.1.2-py3-none-any.whl", hash = "sha256:7743de1bb7e735f9b907a3cff8ab189a1d8b5517b56b64f151fc4793b2863e35"}, {file = "pyipasnhistory-2.1.2.tar.gz", hash = "sha256:10aed86bfbaedc8a119cdd5f59eca646938eb266c717f10394ba9fc2199f0281"}, @@ -3864,6 +4289,8 @@ version = "10.12" description = "Extension pack for Python Markdown." optional = false python-versions = ">=3.8" +groups = ["docs"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "pymdown_extensions-10.12-py3-none-any.whl", hash = "sha256:49f81412242d3527b8b4967b990df395c89563043bc51a3d2d7d500e52123b77"}, {file = "pymdown_extensions-10.12.tar.gz", hash = "sha256:b0ee1e0b2bef1071a47891ab17003bfe5bf824a398e13f49f8ed653b699369a7"}, @@ -3878,22 +4305,24 @@ extra = ["pygments (>=2.12)"] [[package]] name = "pymisp" -version = "2.5.2" +version = "2.5.4" description = "Python API for MISP." optional = false python-versions = "<4.0,>=3.9" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ - {file = "pymisp-2.5.2-py3-none-any.whl", hash = "sha256:bcce077f8ccbe73958d47c778b30d7a9b2fb4b249cba2e3188a06df5be6cd2e1"}, - {file = "pymisp-2.5.2.tar.gz", hash = "sha256:ca512c9754ad962be30dcef265da9f194835d70414935440abe5b0485a2b0109"}, + {file = "pymisp-2.5.4-py3-none-any.whl", hash = "sha256:e1a9e8a691430c8e4ac115ddceb4ffc0cdfff7124104cb6a50ca6262597c06cb"}, + {file = "pymisp-2.5.4.tar.gz", hash = "sha256:368fef2152d9d276d8b476b0f1c72376e9ead49bf58631e31bdb5d7ed86d603f"}, ] [package.dependencies] beautifulsoup4 = {version = ">=4.12.3,<5.0.0", optional = true, markers = "extra == \"openioc\""} deprecated = ">=1.2.15,<2.0.0" extract_msg = {version = ">=0.52,<0.53", optional = true, markers = "extra == \"email\""} -lief = {version = ">=0.15.0,<0.16.0", optional = true, markers = "extra == \"fileobjects\""} +lief = {version = ">=0.16.0,<0.17.0", optional = true, markers = "extra == \"fileobjects\""} oletools = {version = ">=0.60.1,<0.61.0", optional = true, markers = "extra == \"email\""} -publicsuffixlist = ">=1.0.2.20241113,<2.0.0.0" +publicsuffixlist = ">=1.0.2.20241218,<2.0.0.0" pydeep2 = {version = ">=0.5.1,<0.6.0", optional = true, markers = "extra == \"fileobjects\""} pyfaup = {version = ">=1.2,<2.0", optional = true, markers = "extra == \"url\""} python-dateutil = ">=2.9.0.post0,<3.0.0" @@ -3906,7 +4335,7 @@ RTFDE = {version = ">=0.1.1,<0.2.0", optional = true, markers = "extra == \"emai brotli = ["urllib3[brotli]"] docs = ["Sphinx (>=8,<9)", "docutils (>=0.21.1,<0.22.0)", "recommonmark (>=0.7.1,<0.8.0)", "sphinx-autodoc-typehints (>=2.5.0,<3.0.0)"] email = ["RTFDE (>=0.1.1,<0.2.0)", "extract_msg (>=0.52,<0.53)", "oletools (>=0.60.1,<0.61.0)"] -fileobjects = ["lief (>=0.15.0,<0.16.0)", "pydeep2 (>=0.5.1,<0.6.0)", "python-magic (>=0.4.27,<0.5.0)"] +fileobjects = ["lief (>=0.16.0,<0.17.0)", "pydeep2 (>=0.5.1,<0.6.0)", "python-magic (>=0.4.27,<0.5.0)"] openioc = ["beautifulsoup4 (>=4.12.3,<5.0.0)"] pdfexport = ["reportlab (>=4.2.5,<5.0.0)"] url = ["pyfaup (>=1.2,<2.0)"] @@ -3918,6 +4347,8 @@ version = "2.0" description = "" optional = false python-versions = "*" +groups = ["unstable"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [] develop = false @@ -3933,6 +4364,8 @@ version = "3.2.0" description = "pyparsing module - Classes and methods to define and execute parsing grammars" optional = false python-versions = ">=3.9" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "pyparsing-3.2.0-py3-none-any.whl", hash = "sha256:93d9577b88da0bbea8cc8334ee8b918ed014968fd2ec383e868fb8afb1ccef84"}, {file = "pyparsing-3.2.0.tar.gz", hash = "sha256:cbf74e27246d595d9a74b186b810f6fbb86726dbf3b9532efb343f6d7294fe9c"}, @@ -3947,6 +4380,8 @@ version = "2.2.7" description = "Python API for PDNS." optional = false python-versions = "<4.0,>=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "pypdns-2.2.7-py3-none-any.whl", hash = "sha256:5a7cdabba5587ca144487a3531a18ce499c456f48ba26a4bf1be747e90dffd7b"}, {file = "pypdns-2.2.7.tar.gz", hash = "sha256:124485c61ea6ed7d9680ebabc77b6ee1ad0b57d515d1249acc61f9ab618b3bdb"}, @@ -3965,6 +4400,8 @@ version = "2.2" description = "Python API for PSSL." optional = false python-versions = ">=3.6,<4.0" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "pypssl-2.2-py3-none-any.whl", hash = "sha256:88cedaa4191b50154951fce98396521ad6c1d7e3eb914343e7a12ec0df1882a8"}, {file = "pypssl-2.2.tar.gz", hash = "sha256:249ea2152827c10e746fe94c2957c0a525f8ed7ca9db2cd972690a3a136d7bb7"}, @@ -3980,6 +4417,8 @@ version = "0.1.3" description = "Google Safe Browsing API python wrapper" optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "pysafebrowsing-0.1.3-py3-none-any.whl", hash = "sha256:156d3eb259194e2fa155d6c3c60b2bbba7b8f3235b26f964d91353b40e87b5c5"}, {file = "pysafebrowsing-0.1.3.tar.gz", hash = "sha256:9e8e0b1bc98d12ad3dd00e1c65dcc0a0ef6f38fe5afb361884d52a2d705d2032"}, @@ -3995,6 +4434,8 @@ version = "0.3.13" description = "Python-tesseract is a python wrapper for Google's Tesseract-OCR" optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "pytesseract-0.3.13-py3-none-any.whl", hash = "sha256:7a99c6c2ac598360693d83a416e36e0b33a67638bb9d77fdcac094a3589d4b34"}, {file = "pytesseract-0.3.13.tar.gz", hash = "sha256:4bf5f880c99406f52a3cfc2633e42d9dc67615e69d8a509d74867d3baddb5db9"}, @@ -4010,6 +4451,8 @@ version = "8.3.3" description = "pytest: simple powerful testing with Python" optional = false python-versions = ">=3.8" +groups = ["test"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "pytest-8.3.3-py3-none-any.whl", hash = "sha256:a6853c7375b2663155079443d2e45de913a911a11d669df02a50814944db57b2"}, {file = "pytest-8.3.3.tar.gz", hash = "sha256:70b98107bd648308a7952b06e6ca9a50bc660be218d53c257cc1fc94fda10181"}, @@ -4032,6 +4475,8 @@ version = "1.2.2" description = "Convert numbers from base 10 integers to base X strings and back again." optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "python-baseconv-1.2.2.tar.gz", hash = "sha256:0539f8bd0464013b05ad62e0a1673f0ac9086c76b43ebf9f833053527cd9931b"}, ] @@ -4042,6 +4487,8 @@ version = "2.9.0.post0" description = "Extensions to the standard Python datetime module" optional = false python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,>=2.7" +groups = ["main", "docs", "unstable"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "python-dateutil-2.9.0.post0.tar.gz", hash = "sha256:37dd54208da7e1cd875388217d5e00ebd4179249f90fb72437e91a35459a0ad3"}, {file = "python_dateutil-2.9.0.post0-py2.py3-none-any.whl", hash = "sha256:a8b2bc7bffae282281c8140a97d3aa9c14da0b136dfe83f850eea9a5f7470427"}, @@ -4056,6 +4503,8 @@ version = "1.1.2" description = "Create, read, and update Microsoft Word .docx files." optional = false python-versions = ">=3.7" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "python_docx-1.1.2-py3-none-any.whl", hash = "sha256:08c20d6058916fb19853fcf080f7f42b6270d89eac9fa5f8c15f691c0017fabe"}, {file = "python_docx-1.1.2.tar.gz", hash = "sha256:0cf1f22e95b9002addca7948e16f2cd7acdfd498047f1941ca5d293db7762efd"}, @@ -4071,6 +4520,8 @@ version = "4.10.1" description = "Engine.IO server and client for Python" optional = false python-versions = ">=3.6" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "python_engineio-4.10.1-py3-none-any.whl", hash = "sha256:445a94004ec8034960ab99e7ce4209ec619c6e6b6a12aedcb05abeab924025c0"}, {file = "python_engineio-4.10.1.tar.gz", hash = "sha256:166cea8dd7429638c5c4e3a4895beae95196e860bc6f29ed0b9fe753d1ef2072"}, @@ -4090,6 +4541,8 @@ version = "0.4.27" description = "File type identification using libmagic" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "python-magic-0.4.27.tar.gz", hash = "sha256:c1ba14b08e4a5f5c31a302b7721239695b2f0f058d125bd5ce1ee36b9d9d3c3b"}, {file = "python_magic-0.4.27-py2.py3-none-any.whl", hash = "sha256:c212960ad306f700aa0d01e5d7a325d20548ff97eb9920dcd29513174f0294d3"}, @@ -4101,6 +4554,8 @@ version = "1.0.2" description = "Create, read, and update PowerPoint 2007+ (.pptx) files." optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "python_pptx-1.0.2-py3-none-any.whl", hash = "sha256:160838e0b8565a8b1f67947675886e9fea18aa5e795db7ae531606d68e785cba"}, {file = "python_pptx-1.0.2.tar.gz", hash = "sha256:479a8af0eaf0f0d76b6f00b0887732874ad2e3188230315290cd1f9dd9cc7095"}, @@ -4118,6 +4573,8 @@ version = "5.11.4" description = "Socket.IO server and client for Python" optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "python_socketio-5.11.4-py3-none-any.whl", hash = "sha256:42efaa3e3e0b166fc72a527488a13caaac2cefc76174252486503bd496284945"}, {file = "python_socketio-5.11.4.tar.gz", hash = "sha256:8b0b8ff2964b2957c865835e936310190639c00310a47d77321a594d1665355e"}, @@ -4140,6 +4597,8 @@ version = "3.8.2" description = "Python Utils is a module with some convenient utilities not included with the standard Python install" optional = false python-versions = ">3.8.0" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "python-utils-3.8.2.tar.gz", hash = "sha256:c5d161e4ca58ce3f8c540f035e018850b261a41e7cb98f6ccf8e1deb7174a1f1"}, {file = "python_utils-3.8.2-py2.py3-none-any.whl", hash = "sha256:ad0ccdbd6f856d015cace07f74828b9840b5c4072d9e868a7f6a14fd195555a8"}, @@ -4159,6 +4618,8 @@ version = "2024.2" description = "World timezone definitions, modern and historical" optional = false python-versions = "*" +groups = ["main", "unstable"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "pytz-2024.2-py2.py3-none-any.whl", hash = "sha256:31c7c1817eb7fae7ca4b8c7ee50c72f93aa2dd863de768e1ef4245d426aa0725"}, {file = "pytz-2024.2.tar.gz", hash = "sha256:2aa355083c50a0f93fa581709deac0c9ad65cca8a9e9beac660adcbd493c798a"}, @@ -4170,6 +4631,8 @@ version = "308" description = "Python for Window Extensions" optional = false python-versions = "*" +groups = ["main"] +markers = "platform_system == \"Windows\" and platform_python_implementation != \"PyPy\" and (python_version >= \"3.12\" or python_version <= \"3.11\")" files = [ {file = "pywin32-308-cp310-cp310-win32.whl", hash = "sha256:796ff4426437896550d2981b9c2ac0ffd75238ad9ea2d3bfa67a1abd546d262e"}, {file = "pywin32-308-cp310-cp310-win_amd64.whl", hash = "sha256:4fc888c59b3c0bef905ce7eb7e2106a07712015ea1c8234b703a088d46110e8e"}, @@ -4197,6 +4660,8 @@ version = "0.2.3" description = "A (partial) reimplementation of pywin32 using ctypes/cffi" optional = false python-versions = ">=3.6" +groups = ["main"] +markers = "sys_platform == \"win32\" and (python_version <= \"3.11\" or python_version >= \"3.12\")" files = [ {file = "pywin32-ctypes-0.2.3.tar.gz", hash = "sha256:d162dc04946d704503b2edc4d55f3dba5c1d539ead017afa00142c38b9885755"}, {file = "pywin32_ctypes-0.2.3-py3-none-any.whl", hash = "sha256:8a1513379d709975552d202d942d9837758905c8d01eb82b8bcc30918929e7b8"}, @@ -4208,6 +4673,8 @@ version = "6.0.2" description = "YAML parser and emitter for Python" optional = false python-versions = ">=3.8" +groups = ["main", "docs", "unstable"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "PyYAML-6.0.2-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086"}, {file = "PyYAML-6.0.2-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:29717114e51c84ddfba879543fb232a6ed60086602313ca38cce623c1d62cfbf"}, @@ -4270,6 +4737,8 @@ version = "0.1" description = "A custom YAML tag for referencing environment variables in YAML files. " optional = false python-versions = ">=3.6" +groups = ["docs"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "pyyaml_env_tag-0.1-py3-none-any.whl", hash = "sha256:af31106dec8a4d68c60207c1886031cbf839b68aa7abccdb19868200532c2069"}, {file = "pyyaml_env_tag-0.1.tar.gz", hash = "sha256:70092675bda14fdec33b31ba77e7543de9ddc88f2e5b99160396572d11525bdb"}, @@ -4284,6 +4753,8 @@ version = "0.1.9" description = "Read one-dimensional barcodes and QR codes from Python 2 and 3." optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "pyzbar-0.1.9-py2.py3-none-any.whl", hash = "sha256:4559628b8192feb25766d954b36a3753baaf5c97c03135aec7e4a026036b475d"}, {file = "pyzbar-0.1.9-py2.py3-none-win32.whl", hash = "sha256:8f4c5264c9c7c6b9f20d01efc52a4eba1ded47d9ba857a94130afe33703eb518"}, @@ -4299,6 +4770,8 @@ version = "0.3.6" description = "AES encryption for zipfile." optional = false python-versions = ">=3.4" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "pyzipper-0.3.6-py2.py3-none-any.whl", hash = "sha256:6d097f465bfa47796b1494e12ea65d1478107d38e13bc56f6e58eedc4f6c1a87"}, {file = "pyzipper-0.3.6.tar.gz", hash = "sha256:0adca90a00c36a93fbe49bfa8c5add452bfe4ef85a1b8e3638739dd1c7b26bfc"}, @@ -4313,6 +4786,8 @@ version = "7.1.1" description = "RDFLib is a Python library for working with RDF, a simple yet powerful language for representing information." optional = false python-versions = "<4.0.0,>=3.8.1" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "rdflib-7.1.1-py3-none-any.whl", hash = "sha256:e590fa9a2c34ba33a667818b5a84be3fb8a4d85868f8038f17912ec84f912a25"}, {file = "rdflib-7.1.1.tar.gz", hash = "sha256:164de86bd3564558802ca983d84f6616a4a1a420c7a17a8152f5016076b2913e"}, @@ -4335,6 +4810,8 @@ version = "1.20" description = "Flexible python implementation of red black trees" optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "red-black-tree-mod-1.20.tar.gz", hash = "sha256:2448e6fc9cbf1be204c753f352c6ee49aa8156dbf1faa57dfc26bd7705077e0a"}, ] @@ -4345,6 +4822,8 @@ version = "5.2.0" description = "Python client for Redis database and key-value store" optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "redis-5.2.0-py3-none-any.whl", hash = "sha256:ae174f2bb3b1bf2b09d54bf3e51fbc1469cf6c10aa03e21141f51969801a7897"}, {file = "redis-5.2.0.tar.gz", hash = "sha256:0b1087665a771b1ff2e003aa5bdd354f15a70c9e25d5a7dbf9c722c16528a7b0"}, @@ -4363,6 +4842,8 @@ version = "0.35.1" description = "JSON Referencing + Python" optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "referencing-0.35.1-py3-none-any.whl", hash = "sha256:eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de"}, {file = "referencing-0.35.1.tar.gz", hash = "sha256:25b42124a6c8b632a425174f24087783efb348a6f1e0008e63cd4466fedf703c"}, @@ -4378,6 +4859,8 @@ version = "2024.11.6" description = "Alternative regular expression module, to replace re." optional = false python-versions = ">=3.8" +groups = ["docs"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "regex-2024.11.6-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:ff590880083d60acc0433f9c3f713c51f7ac6ebb9adf889c79a261ecf541aa91"}, {file = "regex-2024.11.6-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:658f90550f38270639e83ce492f27d2c8d2cd63805c65a13a14d36ca126753f0"}, @@ -4481,6 +4964,8 @@ version = "4.2.5" description = "The Reportlab Toolkit" optional = false python-versions = "<4,>=3.7" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "reportlab-4.2.5-py3-none-any.whl", hash = "sha256:eb2745525a982d9880babb991619e97ac3f661fae30571b7d50387026ca765ee"}, {file = "reportlab-4.2.5.tar.gz", hash = "sha256:5cf35b8fd609b68080ac7bbb0ae1e376104f7d5f7b2d3914c7adc63f2593941f"}, @@ -4501,6 +4986,8 @@ version = "2.32.3" description = "Python HTTP for Humans." optional = false python-versions = ">=3.8" +groups = ["main", "docs", "test", "unstable"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "requests-2.32.3-py3-none-any.whl", hash = "sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6"}, {file = "requests-2.32.3.tar.gz", hash = "sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760"}, @@ -4522,6 +5009,8 @@ version = "1.2.1" description = "A persistent cache for python requests" optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "requests_cache-1.2.1-py3-none-any.whl", hash = "sha256:1285151cddf5331067baa82598afe2d47c7495a1334bfe7a7d329b43e9fd3603"}, {file = "requests_cache-1.2.1.tar.gz", hash = "sha256:68abc986fdc5b8d0911318fbb5f7c80eebcd4d01bfacc6685ecf8876052511d1"}, @@ -4552,6 +5041,8 @@ version = "2.1.0" description = "File transport adapter for Requests" optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "requests_file-2.1.0-py2.py3-none-any.whl", hash = "sha256:cf270de5a4c5874e84599fc5778303d496c10ae5e870bfa378818f35d21bda5c"}, {file = "requests_file-2.1.0.tar.gz", hash = "sha256:0f549a3f3b0699415ac04d167e9cb39bccfb730cb832b4d20be3d9867356e658"}, @@ -4566,6 +5057,8 @@ version = "10.16.2" description = "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal" optional = false python-versions = ">=3.6.2,<4.0.0" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "rich-10.16.2-py3-none-any.whl", hash = "sha256:c59d73bd804c90f747c8d7b1d023b88f2a9ac2454224a4aeaf959b21eeb42d03"}, {file = "rich-10.16.2.tar.gz", hash = "sha256:720974689960e06c2efdb54327f8bf0cdbdf4eae4ad73b6c94213cad405c371b"}, @@ -4585,6 +5078,8 @@ version = "0.21.0" description = "Python bindings to Rust's persistent data structures (rpds)" optional = false python-versions = ">=3.9" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "rpds_py-0.21.0-cp310-cp310-macosx_10_12_x86_64.whl", hash = "sha256:a017f813f24b9df929674d0332a374d40d7f0162b326562daae8066b502d0590"}, {file = "rpds_py-0.21.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:20cc1ed0bcc86d8e1a7e968cce15be45178fd16e2ff656a243145e0b439bd250"}, @@ -4684,6 +5179,8 @@ version = "0.1.2" description = "A library for extracting HTML content from RTF encapsulated HTML as commonly found in the exchange MSG email format." optional = false python-versions = "~=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "RTFDE-0.1.2-py3-none-any.whl", hash = "sha256:f6d1450c99b04e930da130e8b419aa33b1f953623e1b94ad5c0f67f0362eb737"}, ] @@ -4702,6 +5199,8 @@ version = "0.18.6" description = "ruamel.yaml is a YAML parser/emitter that supports roundtrip preservation of comments, seq/map flow style, and map key order" optional = false python-versions = ">=3.7" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "ruamel.yaml-0.18.6-py3-none-any.whl", hash = "sha256:57b53ba33def16c4f3d807c0ccbc00f8a6081827e81ba2491691b76882d0c636"}, {file = "ruamel.yaml-0.18.6.tar.gz", hash = "sha256:8b27e6a217e786c6fbe5634d8f3f11bc63e0f80f6a5890f28863d9c45aac311b"}, @@ -4720,6 +5219,8 @@ version = "0.2.12" description = "C version of reader, parser and emitter for ruamel.yaml derived from libyaml" optional = false python-versions = ">=3.9" +groups = ["main"] +markers = "platform_python_implementation == \"CPython\" and (python_version <= \"3.11\" or python_version >= \"3.12\")" files = [ {file = "ruamel.yaml.clib-0.2.12-cp310-cp310-macosx_13_0_arm64.whl", hash = "sha256:11f891336688faf5156a36293a9c362bdc7c88f03a8a027c2c1d8e0bcde998e5"}, {file = "ruamel.yaml.clib-0.2.12-cp310-cp310-manylinux2014_aarch64.whl", hash = "sha256:a606ef75a60ecf3d924613892cc603b154178ee25abb3055db5062da811fd969"}, @@ -4727,6 +5228,7 @@ files = [ {file = "ruamel.yaml.clib-0.2.12-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:f66efbc1caa63c088dead1c4170d148eabc9b80d95fb75b6c92ac0aad2437d76"}, {file = "ruamel.yaml.clib-0.2.12-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:22353049ba4181685023b25b5b51a574bce33e7f51c759371a7422dcae5402a6"}, {file = "ruamel.yaml.clib-0.2.12-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:932205970b9f9991b34f55136be327501903f7c66830e9760a8ffb15b07f05cd"}, + {file = "ruamel.yaml.clib-0.2.12-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:a52d48f4e7bf9005e8f0a89209bf9a73f7190ddf0489eee5eb51377385f59f2a"}, {file = "ruamel.yaml.clib-0.2.12-cp310-cp310-win32.whl", hash = "sha256:3eac5a91891ceb88138c113f9db04f3cebdae277f5d44eaa3651a4f573e6a5da"}, {file = "ruamel.yaml.clib-0.2.12-cp310-cp310-win_amd64.whl", hash = "sha256:ab007f2f5a87bd08ab1499bdf96f3d5c6ad4dcfa364884cb4549aa0154b13a28"}, {file = "ruamel.yaml.clib-0.2.12-cp311-cp311-macosx_13_0_arm64.whl", hash = "sha256:4a6679521a58256a90b0d89e03992c15144c5f3858f40d7c18886023d7943db6"}, @@ -4735,6 +5237,7 @@ files = [ {file = "ruamel.yaml.clib-0.2.12-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:811ea1594b8a0fb466172c384267a4e5e367298af6b228931f273b111f17ef52"}, {file = "ruamel.yaml.clib-0.2.12-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:cf12567a7b565cbf65d438dec6cfbe2917d3c1bdddfce84a9930b7d35ea59642"}, {file = "ruamel.yaml.clib-0.2.12-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:7dd5adc8b930b12c8fc5b99e2d535a09889941aa0d0bd06f4749e9a9397c71d2"}, + {file = "ruamel.yaml.clib-0.2.12-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:1492a6051dab8d912fc2adeef0e8c72216b24d57bd896ea607cb90bb0c4981d3"}, {file = "ruamel.yaml.clib-0.2.12-cp311-cp311-win32.whl", hash = "sha256:bd0a08f0bab19093c54e18a14a10b4322e1eacc5217056f3c063bd2f59853ce4"}, {file = "ruamel.yaml.clib-0.2.12-cp311-cp311-win_amd64.whl", hash = "sha256:a274fb2cb086c7a3dea4322ec27f4cb5cc4b6298adb583ab0e211a4682f241eb"}, {file = "ruamel.yaml.clib-0.2.12-cp312-cp312-macosx_14_0_arm64.whl", hash = "sha256:20b0f8dc160ba83b6dcc0e256846e1a02d044e13f7ea74a3d1d56ede4e48c632"}, @@ -4743,6 +5246,7 @@ files = [ {file = "ruamel.yaml.clib-0.2.12-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:749c16fcc4a2b09f28843cda5a193e0283e47454b63ec4b81eaa2242f50e4ccd"}, {file = "ruamel.yaml.clib-0.2.12-cp312-cp312-musllinux_1_1_i686.whl", hash = "sha256:bf165fef1f223beae7333275156ab2022cffe255dcc51c27f066b4370da81e31"}, {file = "ruamel.yaml.clib-0.2.12-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:32621c177bbf782ca5a18ba4d7af0f1082a3f6e517ac2a18b3974d4edf349680"}, + {file = "ruamel.yaml.clib-0.2.12-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:b82a7c94a498853aa0b272fd5bc67f29008da798d4f93a2f9f289feb8426a58d"}, {file = "ruamel.yaml.clib-0.2.12-cp312-cp312-win32.whl", hash = "sha256:e8c4ebfcfd57177b572e2040777b8abc537cdef58a2120e830124946aa9b42c5"}, {file = "ruamel.yaml.clib-0.2.12-cp312-cp312-win_amd64.whl", hash = "sha256:0467c5965282c62203273b838ae77c0d29d7638c8a4e3a1c8bdd3602c10904e4"}, {file = "ruamel.yaml.clib-0.2.12-cp313-cp313-macosx_14_0_arm64.whl", hash = "sha256:4c8c5d82f50bb53986a5e02d1b3092b03622c02c2eb78e29bec33fd9593bae1a"}, @@ -4751,6 +5255,7 @@ files = [ {file = "ruamel.yaml.clib-0.2.12-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:96777d473c05ee3e5e3c3e999f5d23c6f4ec5b0c38c098b3a5229085f74236c6"}, {file = "ruamel.yaml.clib-0.2.12-cp313-cp313-musllinux_1_1_i686.whl", hash = "sha256:3bc2a80e6420ca8b7d3590791e2dfc709c88ab9152c00eeb511c9875ce5778bf"}, {file = "ruamel.yaml.clib-0.2.12-cp313-cp313-musllinux_1_1_x86_64.whl", hash = "sha256:e188d2699864c11c36cdfdada94d781fd5d6b0071cd9c427bceb08ad3d7c70e1"}, + {file = "ruamel.yaml.clib-0.2.12-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:4f6f3eac23941b32afccc23081e1f50612bdbe4e982012ef4f5797986828cd01"}, {file = "ruamel.yaml.clib-0.2.12-cp313-cp313-win32.whl", hash = "sha256:6442cb36270b3afb1b4951f060eccca1ce49f3d087ca1ca4563a6eb479cb3de6"}, {file = "ruamel.yaml.clib-0.2.12-cp313-cp313-win_amd64.whl", hash = "sha256:e5b8daf27af0b90da7bb903a876477a9e6d7270be6146906b276605997c7e9a3"}, {file = "ruamel.yaml.clib-0.2.12-cp39-cp39-macosx_12_0_arm64.whl", hash = "sha256:fc4b630cd3fa2cf7fce38afa91d7cfe844a9f75d7f0f36393fa98815e911d987"}, @@ -4759,6 +5264,7 @@ files = [ {file = "ruamel.yaml.clib-0.2.12-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:e2f1c3765db32be59d18ab3953f43ab62a761327aafc1594a2a1fbe038b8b8a7"}, {file = "ruamel.yaml.clib-0.2.12-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:d85252669dc32f98ebcd5d36768f5d4faeaeaa2d655ac0473be490ecdae3c285"}, {file = "ruamel.yaml.clib-0.2.12-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:e143ada795c341b56de9418c58d028989093ee611aa27ffb9b7f609c00d813ed"}, + {file = "ruamel.yaml.clib-0.2.12-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:2c59aa6170b990d8d2719323e628aaf36f3bfbc1c26279c0eeeb24d05d2d11c7"}, {file = "ruamel.yaml.clib-0.2.12-cp39-cp39-win32.whl", hash = "sha256:beffaed67936fbbeffd10966a4eb53c402fafd3d6833770516bf7314bc6ffa12"}, {file = "ruamel.yaml.clib-0.2.12-cp39-cp39-win_amd64.whl", hash = "sha256:040ae85536960525ea62868b642bdb0c2cc6021c9f9d507810c0c604e66f5a7b"}, {file = "ruamel.yaml.clib-0.2.12.tar.gz", hash = "sha256:6c8fbb13ec503f99a91901ab46e0b07ae7941cd527393187039aec586fdfd36f"}, @@ -4770,6 +5276,8 @@ version = "3.3.3" description = "Python bindings to FreeDesktop.org Secret Service API" optional = false python-versions = ">=3.6" +groups = ["main"] +markers = "sys_platform == \"linux\" and (python_version <= \"3.11\" or python_version >= \"3.12\")" files = [ {file = "SecretStorage-3.3.3-py3-none-any.whl", hash = "sha256:f356e6628222568e3af06f2eba8df495efa13b3b63081dafd4f7d9a7b7bc9f99"}, {file = "SecretStorage-3.3.3.tar.gz", hash = "sha256:2403533ef369eca6d2ba81718576c5e0f564d5cca1b58f73a8b23e7d4eeebd77"}, @@ -4785,6 +5293,8 @@ version = "2.53.6" description = "Python bindings for Selenium" optional = false python-versions = "*" +groups = ["unstable"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "selenium-2.53.6-py2.py3-none-any.whl", hash = "sha256:5071f43daa2e698d60d5633ab0a6630cc68a852b360be99144f1c4c1ace2746c"}, {file = "selenium-2.53.6.tar.gz", hash = "sha256:f507181f13768d73b98dd9647a466ea5758ef5c7f07b62a285d2bd8de9b27016"}, @@ -4796,6 +5306,8 @@ version = "75.6.0" description = "Easily download, build, install, upgrade, and uninstall Python packages" optional = false python-versions = ">=3.9" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "setuptools-75.6.0-py3-none-any.whl", hash = "sha256:ce74b49e8f7110f9bf04883b730f4765b774ef3ef28f722cce7c273d253aaf7d"}, {file = "setuptools-75.6.0.tar.gz", hash = "sha256:8199222558df7c86216af4f84c30e9b34a61d8ba19366cc914424cdbd28252f6"}, @@ -4816,6 +5328,8 @@ version = "1.5.4" description = "Tool to Detect Surrounding Shell" optional = false python-versions = ">=3.7" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "shellingham-1.5.4-py2.py3-none-any.whl", hash = "sha256:7ecfff8f2fd72616f7481040475a65b2bf8af90a56c89140852d1120324e8686"}, {file = "shellingham-1.5.4.tar.gz", hash = "sha256:8dbca0739d487e5bd35ab3ca4b36e11c4078f3a234bfce294b0a0291363404de"}, @@ -4827,6 +5341,8 @@ version = "1.31.0" description = "Python library and command-line utility for Shodan (https://developer.shodan.io)" optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "shodan-1.31.0.tar.gz", hash = "sha256:c73275386ea02390e196c35c660706a28dd4d537c5a21eb387ab6236fac251f6"}, ] @@ -4845,6 +5361,8 @@ version = "0.23.1" description = "Tools for the Generic Signature Format for SIEM Systems" optional = false python-versions = "~=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "sigmatools-0.23.1.tar.gz", hash = "sha256:3ff0ba97d9d3ea00cabc3020d38ba5e70d0c6fb1271502b590c1e5b49fbd71de"}, ] @@ -4865,6 +5383,8 @@ version = "1.2.3" description = "Easily interact with Signal Metadata Format (SigMF) recordings." optional = false python-versions = ">=3.7" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "sigmf-1.2.3.tar.gz", hash = "sha256:14aa9a72edb2169aab122c30e6f7398ade6a61498361740bda1707e558c98fab"}, ] @@ -4883,6 +5403,8 @@ version = "1.1.0" description = "Simple WebSocket server and client for Python" optional = false python-versions = ">=3.6" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "simple_websocket-1.1.0-py3-none-any.whl", hash = "sha256:4af6069630a38ed6c561010f0e11a5bc0d4ca569b36306eb257cd9a192497c8c"}, {file = "simple_websocket-1.1.0.tar.gz", hash = "sha256:7939234e7aa067c534abdab3a9ed933ec9ce4691b0713c78acb195560aa52ae4"}, @@ -4901,6 +5423,8 @@ version = "3.19.3" description = "Simple, fast, extensible JSON encoder/decoder for Python" optional = false python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,>=2.5" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "simplejson-3.19.3-cp27-cp27m-manylinux1_i686.whl", hash = "sha256:f39caec26007a2d0efab6b8b1d74873ede9351962707afab622cc2285dd26ed0"}, {file = "simplejson-3.19.3-cp27-cp27m-manylinux1_x86_64.whl", hash = "sha256:83c87706265ae3028e8460d08b05f30254c569772e859e5ba61fe8af2c883468"}, @@ -5020,6 +5544,8 @@ version = "1.16.0" description = "Python 2 and 3 compatibility utilities" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*" +groups = ["main", "docs", "unstable"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "six-1.16.0-py2.py3-none-any.whl", hash = "sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254"}, {file = "six-1.16.0.tar.gz", hash = "sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926"}, @@ -5031,6 +5557,8 @@ version = "3.33.4" description = "The Slack API Platform SDK for Python" optional = false python-versions = ">=3.6" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "slack_sdk-3.33.4-py2.py3-none-any.whl", hash = "sha256:9f30cb3c9c07b441c49d53fc27f9f1837ad1592a7e9d4ca431f53cdad8826cc6"}, {file = "slack_sdk-3.33.4.tar.gz", hash = "sha256:5e109847f6b6a22d227609226ba4ed936109dc00675bddeb7e0bee502d3ee7e0"}, @@ -5045,6 +5573,8 @@ version = "1.3.1" description = "Sniff out which async library your code is running under" optional = false python-versions = ">=3.7" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "sniffio-1.3.1-py3-none-any.whl", hash = "sha256:2f6da418d1f1e0fddd844478f41680e794e6051915791a034ff65e5f100525a2"}, {file = "sniffio-1.3.1.tar.gz", hash = "sha256:f4324edc670a0f49750a81b895f35c3adb843cca46f0530f79fc1babb23789dc"}, @@ -5056,6 +5586,8 @@ version = "1.4.2" description = "Open-source intelligence tool for checking email address and username usage on online platforms" optional = false python-versions = ">=3.6" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "socialscan-1.4.2-py3-none-any.whl", hash = "sha256:47f042bb2ab1afb77c2cf2f31e6ab43afa91ff87849a79307cf753dfc7b84f20"}, {file = "socialscan-1.4.2.tar.gz", hash = "sha256:d03eb63177c516b1b8eb1fbca3d25753bb6d68b56e7325a96414b8b319c5daad"}, @@ -5075,6 +5607,8 @@ version = "0.5.7.4" description = "A socket.io client library" optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "socketIO-client-0.5.7.4.tar.gz", hash = "sha256:ef2e362a85ef2816fb224d727319c4b743d63b4dd9e1da99c622c9643fc4e2a0"}, ] @@ -5090,6 +5624,8 @@ version = "1.0.1" description = "" optional = false python-versions = ">=3.7.0,<4.0.0" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "softenum-1.0.1-py3-none-any.whl", hash = "sha256:df6459434d79ed397a28a39c3f7ea2a21b94d7fb3bad8452361a5f01b22793c1"}, {file = "softenum-1.0.1.tar.gz", hash = "sha256:6c7d9c2b49937b1ba637b2cc3c57db1e470ed7ca9457109b4833a5824bbc1476"}, @@ -5101,6 +5637,8 @@ version = "2.6" description = "A modern CSS selector implementation for Beautiful Soup." optional = false python-versions = ">=3.8" +groups = ["main", "unstable"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "soupsieve-2.6-py3-none-any.whl", hash = "sha256:e72c4ff06e4fb6e4b5a9f0f55fe6e81514581fca1515028625d0f299c602ccc9"}, {file = "soupsieve-2.6.tar.gz", hash = "sha256:e2e68417777af359ec65daac1057404a3c8a5455bb8abc36f1a9866ab1a51abb"}, @@ -5112,6 +5650,8 @@ version = "2.0.0" description = "SPARQL Endpoint interface to Python" optional = false python-versions = ">=3.7" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "SPARQLWrapper-2.0.0-py3-none-any.whl", hash = "sha256:c99a7204fff676ee28e6acef327dc1ff8451c6f7217dcd8d49e8872f324a8a20"}, {file = "SPARQLWrapper-2.0.0.tar.gz", hash = "sha256:3fed3ebcc77617a4a74d2644b86fd88e0f32e7f7003ac7b2b334c026201731f1"}, @@ -5126,12 +5666,49 @@ docs = ["sphinx (<5)", "sphinx-rtd-theme"] keepalive = ["keepalive (>=0.5)"] pandas = ["pandas (>=1.3.5)"] +[[package]] +name = "stix" +version = "1.2.0.11" +description = "An API for parsing and generating STIX content." +optional = false +python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" +files = [ + {file = "stix-1.2.0.11-py2.py3-none-any.whl", hash = "sha256:a3825e34781d491ac3526111f053db85a2be4549e0c8ce56e05e5eeb5f495e53"}, + {file = "stix-1.2.0.11.tar.gz", hash = "sha256:b23a1ca70227e17f42cd0a9f109737f321175f6fe97be5cb24fd4d189dbb1601"}, +] + +[package.dependencies] +cybox = ">=2.1.0.13,<2.1.1.0" +lxml = {version = ">=2.2.3", markers = "python_version == \"2.7\" or python_version >= \"3.5\""} +mixbox = ">=1.0.4" +python-dateutil = "*" + +[[package]] +name = "stix-edh" +version = "1.0.3" +description = "An EDH marking extension API for python-stix." +optional = false +python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" +files = [ + {file = "stix_edh-1.0.3-py2.py3-none-any.whl", hash = "sha256:709483e53bbd8b77b0267f1cef9879d757f200f196149050b0a805e6b0623d9d"}, +] + +[package.dependencies] +mixbox = ">=1.0.5" +stix = ">=1.1.1.8,<1.2.1.0" + [[package]] name = "stix2" version = "3.0.1" description = "Produce and consume STIX 2 JSON content" optional = false python-versions = ">=3.6" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "stix2-3.0.1-py2.py3-none-any.whl", hash = "sha256:827acf0b5b319c1b857c9db0d54907bb438b2b32312d236c891a305ad49b0ba2"}, {file = "stix2-3.0.1.tar.gz", hash = "sha256:2a2718dc3451c84c709990b2ca220cc39c75ed23e0864d7e8d8190a9365b0cbf"}, @@ -5153,6 +5730,8 @@ version = "2.0.0" description = "Validate STIX 2 Patterns." optional = false python-versions = ">=3.6" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "stix2-patterns-2.0.0.tar.gz", hash = "sha256:07750c5a5af2c758e9d2aa4dde9d8e04bcd162ac2a9b0b4c4de4481d443efa08"}, {file = "stix2_patterns-2.0.0-py2.py3-none-any.whl", hash = "sha256:ca4d68b2db42ed99794a418388769d2676ca828e9cac0b8629e73cd3f68f6458"}, @@ -5173,6 +5752,8 @@ version = "0.9.0" description = "Pretty-print tabular data" optional = false python-versions = ">=3.7" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "tabulate-0.9.0-py3-none-any.whl", hash = "sha256:024ca478df22e9340661486f85298cff5f6dcdba14f3813e8830015b9ed1948f"}, {file = "tabulate-0.9.0.tar.gz", hash = "sha256:0095b12bf5966de529c0feb1fa08671671b3368eec77d7ef7ab114be2c068b3c"}, @@ -5187,6 +5768,8 @@ version = "0.3.3" description = "Set of clients to interface with various VMware products" optional = false python-versions = ">=3.9" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "tau_clients-0.3.3-py3-none-any.whl", hash = "sha256:49f34c0b586a28cc5627f3b90f5bfe9c1ab59a12e76c745894c4489b03651891"}, {file = "tau_clients-0.3.3.tar.gz", hash = "sha256:d329a1bb6881e687f2596deff685b4b9372fe42929a26c60c1088f5e7b82f741"}, @@ -5206,6 +5789,8 @@ version = "2.3.0" description = "TAXII 2 Client Library" optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "taxii2-client-2.3.0.tar.gz", hash = "sha256:fb3bf895e2eaff3cd08bb7aad75c9d30682ffc00b9f3add77de3a67dc6b895a3"}, {file = "taxii2_client-2.3.0-py2.py3-none-any.whl", hash = "sha256:b4212b8a8bab170cd5dc386ca3ea36bc44b53932f1da30db150abeef00bce7b9"}, @@ -5226,6 +5811,8 @@ version = "2.5.0" description = "ANSI color formatting for output in terminal" optional = false python-versions = ">=3.9" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "termcolor-2.5.0-py3-none-any.whl", hash = "sha256:37b17b5fc1e604945c2642c872a3764b5d547a48009871aea3edd3afa180afb8"}, {file = "termcolor-2.5.0.tar.gz", hash = "sha256:998d8d27da6d48442e8e1f016119076b690d962507531df4890fcd2db2ef8a6f"}, @@ -5240,6 +5827,8 @@ version = "5.1.3" description = "Accurately separates a URL's subdomain, domain, and public suffix, using the Public Suffix List (PSL). By default, this includes the public ICANN TLDs and their exceptions. You can optionally support the Public Suffix List's private domains as well." optional = false python-versions = ">=3.9" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "tldextract-5.1.3-py3-none-any.whl", hash = "sha256:78de310cc2ca018692de5ddf320f9d6bd7c5cf857d0fd4f2175f0cdf4440ea75"}, {file = "tldextract-5.1.3.tar.gz", hash = "sha256:d43c7284c23f5dc8a42fd0fee2abede2ff74cc622674e4cb07f514ab3330c338"}, @@ -5261,6 +5850,8 @@ version = "2.1.0" description = "A lil' TOML parser" optional = false python-versions = ">=3.8" +groups = ["test"] +markers = "python_version < \"3.11\"" files = [ {file = "tomli-2.1.0-py3-none-any.whl", hash = "sha256:a5c57c3d1c56f5ccdf89f6523458f60ef716e210fc47c4cfb188c5ba473e0391"}, {file = "tomli-2.1.0.tar.gz", hash = "sha256:3f646cae2aec94e17d04973e4249548320197cfabdf130015d023de4b74d8ab8"}, @@ -5272,6 +5863,8 @@ version = "6.4.2" description = "Tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed." optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "tornado-6.4.2-cp38-abi3-macosx_10_9_universal2.whl", hash = "sha256:e828cce1123e9e44ae2a50a9de3055497ab1d0aeb440c5ac23064d9e44880da1"}, {file = "tornado-6.4.2-cp38-abi3-macosx_10_9_x86_64.whl", hash = "sha256:072ce12ada169c5b00b7d92a99ba089447ccc993ea2143c9ede887e0937aa803"}, @@ -5292,6 +5885,8 @@ version = "4.67.0" description = "Fast, Extensible Progress Meter" optional = false python-versions = ">=3.7" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "tqdm-4.67.0-py3-none-any.whl", hash = "sha256:0cd8af9d56911acab92182e88d763100d4788bdf421d251616040cc4d44863be"}, {file = "tqdm-4.67.0.tar.gz", hash = "sha256:fe5a6f95e6fe0b9755e9469b77b9c3cf850048224ecaa8293d7d2d31f97d869a"}, @@ -5313,6 +5908,8 @@ version = "0.3.34" description = "Python SDK for the TruSTAR REST API" optional = false python-versions = "*" +groups = ["unstable"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [] develop = false @@ -5340,6 +5937,8 @@ version = "0.13.1" description = "Typer, build great CLIs. Easy to code. Based on Python type hints." optional = false python-versions = ">=3.7" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "typer-0.13.1-py3-none-any.whl", hash = "sha256:5b59580fd925e89463a29d363e0a43245ec02765bde9fb77d39e5d0f29dd7157"}, {file = "typer-0.13.1.tar.gz", hash = "sha256:9d444cb96cc268ce6f8b94e13b4335084cef4c079998a9f4851a90229a3bd25c"}, @@ -5357,10 +5956,12 @@ version = "4.12.2" description = "Backported and Experimental Type Hints for Python 3.8+" optional = false python-versions = ">=3.8" +groups = ["main", "unstable"] files = [ {file = "typing_extensions-4.12.2-py3-none-any.whl", hash = "sha256:04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d"}, {file = "typing_extensions-4.12.2.tar.gz", hash = "sha256:1a7ead55c7e559dd4dee8856e3a88b41225abfe1ce8df57b7c13915fe121ffb8"}, ] +markers = {main = "python_version <= \"3.11\" or python_version >= \"3.12\"", unstable = "python_version < \"3.11\""} [[package]] name = "tzdata" @@ -5368,10 +5969,12 @@ version = "2024.2" description = "Provider of IANA time zone data" optional = false python-versions = ">=2" +groups = ["main", "unstable"] files = [ {file = "tzdata-2024.2-py2.py3-none-any.whl", hash = "sha256:a48093786cdcde33cad18c2555e8532f34422074448fbc874186f0abd79565cd"}, {file = "tzdata-2024.2.tar.gz", hash = "sha256:7d85cc416e9382e69095b7bdf4afd9e3880418a2413feec7069d533d6b4e31cc"}, ] +markers = {main = "python_version <= \"3.11\" or python_version >= \"3.12\"", unstable = "platform_system == \"Windows\" and (python_version >= \"3.12\" or python_version <= \"3.11\")"} [[package]] name = "tzlocal" @@ -5379,6 +5982,8 @@ version = "5.2" description = "tzinfo object for the local timezone" optional = false python-versions = ">=3.8" +groups = ["main", "unstable"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "tzlocal-5.2-py3-none-any.whl", hash = "sha256:49816ef2fe65ea8ac19d19aa7a1ae0551c834303d5014c6d5a62e4cbda8047b8"}, {file = "tzlocal-5.2.tar.gz", hash = "sha256:8d399205578f1a9342816409cc1e46a93ebd5755e39ea2d85334bea911bf0e6e"}, @@ -5396,6 +6001,8 @@ version = "0.14.1" description = "Python2's stdlib csv module is nice, but it doesn't support unicode. This module is a drop-in replacement which *does*." optional = false python-versions = "*" +groups = ["unstable"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "unicodecsv-0.14.1.tar.gz", hash = "sha256:018c08037d48649a0412063ff4eda26eaa81eff1546dbffa51fa5293276ff7fc"}, ] @@ -5406,6 +6013,8 @@ version = "1.3.8" description = "ASCII transliterations of Unicode text" optional = false python-versions = ">=3.5" +groups = ["unstable"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "Unidecode-1.3.8-py3-none-any.whl", hash = "sha256:d130a61ce6696f8148a3bd8fe779c99adeb4b870584eeb9526584e9aa091fd39"}, {file = "Unidecode-1.3.8.tar.gz", hash = "sha256:cfdb349d46ed3873ece4586b96aa75258726e2fa8ec21d6f00a591d98806c2f4"}, @@ -5417,6 +6026,8 @@ version = "1.4.3" description = "URL normalization for Python" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "url-normalize-1.4.3.tar.gz", hash = "sha256:d23d3a070ac52a67b83a1c59a0e68f8608d1cd538783b401bc9de2c0fac999b2"}, {file = "url_normalize-1.4.3-py2.py3-none-any.whl", hash = "sha256:ec3c301f04e5bb676d333a7fa162fa977ad2ca04b7e652bfc9fac4e405728eed"}, @@ -5431,6 +6042,8 @@ version = "0.2" description = "url-archiver is a simple library to fetch and archive URL on the file-system." optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "urlarchiver-0.2.tar.gz", hash = "sha256:652e0890dab58bf62a759656671dcfb9a40eb4a77aac8a8d93154f00360238b5"}, ] @@ -5445,6 +6058,8 @@ version = "1.26.20" description = "HTTP library with thread-safe connection pooling, file post, and more." optional = false python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,>=2.7" +groups = ["main", "docs", "test", "unstable"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "urllib3-1.26.20-py2.py3-none-any.whl", hash = "sha256:0ed14ccfbf1c30a9072c7ca157e4319b70d65f623e91e7b32fadb2853431016e"}, {file = "urllib3-1.26.20.tar.gz", hash = "sha256:40c2dc0c681e47eb8f90e7e27bf6ff7df2e677421fd46756da1161c39ca70d32"}, @@ -5461,6 +6076,8 @@ version = "6.0.2" description = "Automatically mock your HTTP interactions to simplify and speed up testing" optional = false python-versions = ">=3.8" +groups = ["unstable"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "vcrpy-6.0.2-py2.py3-none-any.whl", hash = "sha256:40370223861181bc76a5e5d4b743a95058bb1ad516c3c08570316ab592f56cad"}, {file = "vcrpy-6.0.2.tar.gz", hash = "sha256:88e13d9111846745898411dbc74a75ce85870af96dd320d75f1ee33158addc09"}, @@ -5469,8 +6086,8 @@ files = [ [package.dependencies] PyYAML = "*" urllib3 = [ - {version = "*", markers = "platform_python_implementation != \"PyPy\" and python_version >= \"3.10\""}, {version = "<2", markers = "platform_python_implementation == \"PyPy\" or python_version < \"3.10\""}, + {version = "*", markers = "platform_python_implementation != \"PyPy\" and python_version >= \"3.10\""}, ] wrapt = "*" yarl = "*" @@ -5484,6 +6101,8 @@ version = "2.2.0" description = "The official Python client library for VirusTotal Graph API" optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "vt_graph_api-2.2.0-py3-none-any.whl", hash = "sha256:78da5af6a0583d0d8881c4fc3b2cb2f64075e40ac06bd47c13c414f09ff175fd"}, {file = "vt_graph_api-2.2.0.tar.gz", hash = "sha256:c44936aac6de7755c1445ed46ecc98c3c613f4b467b4738426a28101183df7ef"}, @@ -5499,6 +6118,8 @@ version = "0.18.4" description = "The official Python client library for VirusTotal" optional = false python-versions = ">=3.7.0" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "vt_py-0.18.4-py3-none-any.whl", hash = "sha256:0107e2e949ac80e0010e2078e12c9cbe7ee0f1050bd2ce86a11bc155ed6769b3"}, {file = "vt_py-0.18.4.tar.gz", hash = "sha256:4ec89365d4da4d70b5be5c6bc7baa3fa12037065ef22de3eb4210d1957d31aa9"}, @@ -5516,6 +6137,8 @@ version = "2.2.3" description = "Python library and command-line utility for Vulners (https://vulners.com)" optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "vulners-2.2.3-py3-none-any.whl", hash = "sha256:fc0716989347e67655bd96ad05f7e76b444065c334e1ba351995f64e3890516d"}, {file = "vulners-2.2.3.tar.gz", hash = "sha256:ce9ff9d1410bf4bb26580c663ce001b387cb18c267fd6c5d62ab2ee5348b4353"}, @@ -5532,6 +6155,8 @@ version = "2.0.9" description = "The official Python client library for Vysion" optional = false python-versions = "<4.0.0,>=3.8.0" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "vysion-2.0.9-py3-none-any.whl", hash = "sha256:f08b36a2eb67aa40f33438b6d235f0288f0ac650ea62256ded4eebf2e35a3d1c"}, {file = "vysion-2.0.9.tar.gz", hash = "sha256:503a2ca279a665ed6168bd5e1510261f4985bf967717b36ec973b52a1d98277d"}, @@ -5549,6 +6174,8 @@ version = "0.6.13" description = "Ctypes-based simple MagickWand API binding for Python" optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "Wand-0.6.13-py2.py3-none-any.whl", hash = "sha256:e5dda0ac2204a40c29ef5c4cb310770c95d3d05c37b1379e69c94ea79d7d19c0"}, {file = "Wand-0.6.13.tar.gz", hash = "sha256:f5013484eaf7a20eb22d1821aaefe60b50cc329722372b5f8565d46d4aaafcca"}, @@ -5564,6 +6191,8 @@ version = "6.0.0" description = "Filesystem events monitoring" optional = false python-versions = ">=3.9" +groups = ["docs"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "watchdog-6.0.0-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:d1cdb490583ebd691c012b3d6dae011000fe42edb7a82ece80965b42abd61f26"}, {file = "watchdog-6.0.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:bc64ab3bdb6a04d69d4023b29422170b74681784ffb9463ed4870cf2f3e66112"}, @@ -5606,17 +6235,33 @@ version = "0.2.13" description = "Measures the displayed width of unicode strings in a terminal" optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "wcwidth-0.2.13-py2.py3-none-any.whl", hash = "sha256:3da69048e4540d84af32131829ff948f1e022c1c6bdb8d6102117aac784f6859"}, {file = "wcwidth-0.2.13.tar.gz", hash = "sha256:72ea0c06399eb286d978fdedb6923a9eb47e1c486ce63e9b4e64fc18303972b5"}, ] +[[package]] +name = "weakrefmethod" +version = "1.0.3" +description = "A WeakMethod class for storing bound methods using weak references." +optional = false +python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" +files = [ + {file = "weakrefmethod-1.0.3.tar.gz", hash = "sha256:37bc1fbb5575acf82172d4eb7b6fc4412d77d5a1d70dff2c1f8a4574301cda66"}, +] + [[package]] name = "websocket-client" version = "1.8.0" description = "WebSocket client for Python with low level API options" optional = false python-versions = ">=3.8" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "websocket_client-1.8.0-py3-none-any.whl", hash = "sha256:17b44cc997f5c498e809b22cdf2d9c7a9e71c02c8cc2b6c56e7c2d1239bfa526"}, {file = "websocket_client-1.8.0.tar.gz", hash = "sha256:3239df9f44da632f96012472805d40a23281a991027ce11d2f45a6f24ac4c3da"}, @@ -5633,6 +6278,8 @@ version = "14.1" description = "An implementation of the WebSocket Protocol (RFC 6455 & 7692)" optional = false python-versions = ">=3.9" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "websockets-14.1-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:a0adf84bc2e7c86e8a202537b4fd50e6f7f0e4a6b6bf64d7ccb96c4cd3330b29"}, {file = "websockets-14.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:90b5d9dfbb6d07a84ed3e696012610b6da074d97453bd01e0e30744b472c8179"}, @@ -5711,6 +6358,8 @@ version = "0.5" description = "Enable Unicode input and display when running Python from Windows console." optional = false python-versions = "*" +groups = ["main"] +markers = "platform_system == \"Windows\" and platform_python_implementation != \"PyPy\" and (python_version >= \"3.12\" or python_version <= \"3.11\")" files = [ {file = "win_unicode_console-0.5.zip", hash = "sha256:d4142d4d56d46f449d6f00536a73625a871cba040f0bc1a2e305a04578f07d1e"}, ] @@ -5721,6 +6370,8 @@ version = "1.17.0" description = "Module for decorators, wrappers and monkey patching." optional = false python-versions = ">=3.8" +groups = ["main", "unstable"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "wrapt-1.17.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:2a0c23b8319848426f305f9cb0c98a6e32ee68a36264f45948ccf8e7d2b941f8"}, {file = "wrapt-1.17.0-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:b1ca5f060e205f72bec57faae5bd817a1560fcfc4af03f414b08fa29106b7e2d"}, @@ -5795,6 +6446,8 @@ version = "1.2.0" description = "WebSockets state-machine based protocol implementation" optional = false python-versions = ">=3.7.0" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "wsproto-1.2.0-py3-none-any.whl", hash = "sha256:b9acddd652b585d75b20477888c56642fdade28bdfd3579aa24a4d2c037dd736"}, {file = "wsproto-1.2.0.tar.gz", hash = "sha256:ad565f26ecb92588a3e43bc3d96164de84cd9902482b130d0ddbaa9664a85065"}, @@ -5809,6 +6462,8 @@ version = "2.0.1" description = "Library for developers to extract data from Microsoft Excel (tm) .xls spreadsheet files" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "xlrd-2.0.1-py2.py3-none-any.whl", hash = "sha256:6a33ee89877bd9abc1158129f6e94be74e2679636b8a205b43b85206c3f0bbdd"}, {file = "xlrd-2.0.1.tar.gz", hash = "sha256:f72f148f54442c6b056bf931dbc34f986fd0c3b0b6b5a58d013c9aef274d0c88"}, @@ -5825,6 +6480,8 @@ version = "3.2.0" description = "A Python module for creating Excel XLSX files." optional = false python-versions = ">=3.6" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "XlsxWriter-3.2.0-py3-none-any.whl", hash = "sha256:ecfd5405b3e0e228219bcaf24c2ca0915e012ca9464a14048021d21a995d490e"}, {file = "XlsxWriter-3.2.0.tar.gz", hash = "sha256:9977d0c661a72866a61f9f7a809e25ebbb0fb7036baa3b9fe74afcfca6b3cb8c"}, @@ -5836,6 +6493,8 @@ version = "4.5.0" description = "Python interface for YARA" optional = false python-versions = "*" +groups = ["main"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "yara-python-4.5.0.tar.gz", hash = "sha256:4feecc56d2fe1d23ecb17cb2d3bc2e3859ebf7a2201d0ca3ae0756a728122b27"}, {file = "yara_python-4.5.0-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:3feb72c2146c50e583d7e3cacbb49f280fb5cac0494cae1b48e5980ecbdc1571"}, @@ -5925,6 +6584,8 @@ version = "1.18.0" description = "Yet another URL library" optional = false python-versions = ">=3.9" +groups = ["main", "unstable"] +markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ {file = "yarl-1.18.0-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:074fee89caab89a97e18ef5f29060ef61ba3cae6cd77673acc54bfdd3214b7b7"}, {file = "yarl-1.18.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:b026cf2c32daf48d90c0c4e406815c3f8f4cfe0c6dfccb094a9add1ff6a0e41a"}, @@ -6021,10 +6682,12 @@ version = "3.21.0" description = "Backport of pathlib-compatible object wrapper for zip files" optional = false python-versions = ">=3.9" +groups = ["main", "docs", "unstable"] files = [ {file = "zipp-3.21.0-py3-none-any.whl", hash = "sha256:ac1bbe05fd2991f160ebce24ffbac5f6d11d83dc90891255885223d42b3cd931"}, {file = "zipp-3.21.0.tar.gz", hash = "sha256:2c9958f6430a2040341a52eb608ed6dd93ef4392e02ffe219417c1b28b5dd1f4"}, ] +markers = {main = "python_version <= \"3.11\"", docs = "python_version < \"3.10\"", unstable = "python_version < \"3.10\""} [package.extras] check = ["pytest-checkdocs (>=2.4)", "pytest-ruff (>=0.2.1)"] @@ -6035,6 +6698,6 @@ test = ["big-O", "importlib-resources", "jaraco.functools", "jaraco.itertools", type = ["pytest-mypy"] [metadata] -lock-version = "2.0" +lock-version = "2.1" python-versions = ">=3.9.*,<3.13" -content-hash = "5c9349a25b3998a78dccf93c21216f0ef73344efaab650983d4809bebf845882" +content-hash = "b898f1d6e65e261f5ed63c947a877a4d00b5d0c480466a0abc4d112e9a51bbb5" diff --git a/pyproject.toml b/pyproject.toml index b9e36659..1c13c5d2 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -60,8 +60,8 @@ maclookup = "*" markdownify = "*" matplotlib = "*" mattermostdriver = "*" -misp-lib-stix2 = "*" -misp-stix = "*" +misp-lib-stix2 = "^3.0.1.2" +misp-stix = "^2025.1.10" mwdblib = "*" ndjson = "*" np = "*" From 625bc6807a2a764da5c34edcc93a179adcf8265c Mon Sep 17 00:00:00 2001 From: Christian Studer Date: Wed, 12 Feb 2025 16:51:21 +0100 Subject: [PATCH 10/10] fix: [poetry] Rebumping lock file after merge conflict --- poetry.lock | 98 +++++++++++++++++++++++++---------------------------- 1 file changed, 46 insertions(+), 52 deletions(-) diff --git a/poetry.lock b/poetry.lock index 84b78e38..41f84f71 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1,4 +1,4 @@ -# This file is automatically @generated by Poetry 1.8.5 and should not be changed by hand. +# This file is automatically @generated by Poetry 2.0.1 and should not be changed by hand. [[package]] name = "aiohappyeyeballs" @@ -2189,54 +2189,48 @@ python-versions = ">=3.8" groups = ["main"] markers = "python_version <= \"3.11\" or python_version >= \"3.12\"" files = [ - {file = "lief-0.15.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:a80246b96501b2b1d4927ceb3cb817eda9333ffa9e07101358929a6cffca5dae"}, - {file = "lief-0.15.1-cp310-cp310-macosx_11_0_x86_64.whl", hash = "sha256:84bf310710369544e2bb82f83d7fdab5b5ac422651184fde8bf9e35f14439691"}, - {file = "lief-0.15.1-cp310-cp310-manylinux2014_aarch64.whl", hash = "sha256:517dc5dad31c754720a80a87ad9e6cb1e48223d4505980c2fd86072bd4f69001"}, - {file = "lief-0.15.1-cp310-cp310-manylinux_2_28_x86_64.whl", hash = "sha256:8fb58efb77358291109d2675d5459399c0794475b497992d0ecee18a4a46a207"}, - {file = "lief-0.15.1-cp310-cp310-manylinux_2_33_aarch64.whl", hash = "sha256:d5852a246361bbefa4c1d5930741765a2337638d65cfe30de1b7d61f9a54b865"}, - {file = "lief-0.15.1-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:12e53dc0253c303df386ae45487a2f0078026602b36d0e09e838ae1d4dbef958"}, - {file = "lief-0.15.1-cp310-cp310-win32.whl", hash = "sha256:38b9cee48f42c355359ad7e3ff18bf1ec95e518238e4e8fb25657a49169dbf4c"}, - {file = "lief-0.15.1-cp310-cp310-win_amd64.whl", hash = "sha256:ddf2ebd73766169594d631b35f84c49ef42871de552ad49f36002c60164d0aca"}, - {file = "lief-0.15.1-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:20508c52de0dffcee3242253541609590167a3e56150cbacb506fdbb822206ef"}, - {file = "lief-0.15.1-cp311-cp311-macosx_11_0_x86_64.whl", hash = "sha256:0750c892fd3b7161a3c2279f25fe1844427610c3a5a4ae23f65674ced6f93ea5"}, - {file = "lief-0.15.1-cp311-cp311-manylinux2014_aarch64.whl", hash = "sha256:3e49bd595a8548683bead982bc15b064257fea3110fd15e22fb3feb17d97ad1c"}, - {file = "lief-0.15.1-cp311-cp311-manylinux_2_28_x86_64.whl", hash = "sha256:a8634ea79d6d9862297fadce025519ab25ff01fcadb333cf42967c6295f0d057"}, - {file = "lief-0.15.1-cp311-cp311-manylinux_2_33_aarch64.whl", hash = "sha256:1e11e046ad71fe8c81e1a8d1d207fe2b99c967d33ce79c3d3915cb8f5ecacf52"}, - {file = "lief-0.15.1-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:674b620cdf1d686f52450fd97c1056d4c92e55af8217ce85a1b2efaf5b32140b"}, - {file = "lief-0.15.1-cp311-cp311-win32.whl", hash = "sha256:dbdcd70fd23c90017705b7fe6c716f0a69c01d0d0ea7a2ff653d83dc4a61fefb"}, - {file = "lief-0.15.1-cp311-cp311-win_amd64.whl", hash = "sha256:e9b96a37bf11ca777ff305d85d957eabad2a92a6e577b6e2fb3ab79514e5a12e"}, - {file = "lief-0.15.1-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:1a96f17c2085ef38d12ad81427ae8a5d6ad76f0bc62a1e1f5fe384255cd2cc94"}, - {file = "lief-0.15.1-cp312-cp312-macosx_11_0_x86_64.whl", hash = "sha256:d780af1762022b8e01b613253af490afea3864fbd6b5a49c6de7cea8fde0443d"}, - {file = "lief-0.15.1-cp312-cp312-manylinux2014_aarch64.whl", hash = "sha256:536a4ecd46b295b3acac0d60a68d1646480b7761ade862c6c87ccbb41229fae3"}, - {file = "lief-0.15.1-cp312-cp312-manylinux_2_28_x86_64.whl", hash = "sha256:d0f10d80202de9634a16786b53ba3a8f54ae8b9a9e124a964d83212444486087"}, - {file = "lief-0.15.1-cp312-cp312-manylinux_2_33_aarch64.whl", hash = "sha256:864f17ecf1736296e6d5fc38b11983f9d19a5e799f094e21e20d58bfb1b95b80"}, - {file = "lief-0.15.1-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:c2ec738bcafee8a569741f4a749f0596823b12f10713306c7d0cbbf85759f51c"}, - {file = "lief-0.15.1-cp312-cp312-win32.whl", hash = "sha256:db38619edf70e27fb3686b8c0f0bec63ad494ac88ab51660c5ecd2720b506e41"}, - {file = "lief-0.15.1-cp312-cp312-win_amd64.whl", hash = "sha256:28bf0922de5fb74502a29cc47930d3a052df58dc23ab6519fa590e564f194a60"}, - {file = "lief-0.15.1-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:0805301e8fef9b13da00c33c831fb0c05ea892309230f3a35551c2dfaf69b11d"}, - {file = "lief-0.15.1-cp313-cp313-macosx_11_0_x86_64.whl", hash = "sha256:7580defe140e921bc4f210e8a6cb115fcf2923f00d37800b1626168cbca95108"}, - {file = "lief-0.15.1-cp313-cp313-manylinux2014_aarch64.whl", hash = "sha256:c0119306b6a38759483136de7242b7c2e0a23f1de1d4ae53f12792c279607410"}, - {file = "lief-0.15.1-cp313-cp313-manylinux_2_28_x86_64.whl", hash = "sha256:0616e6048f269d262ff93d67c497ebff3c1d3965ffb9427b0f2b474764fd2e8c"}, - {file = "lief-0.15.1-cp313-cp313-manylinux_2_33_aarch64.whl", hash = "sha256:6a08b2e512a80040429febddc777768c949bcd53f6f580e902e41ec0d9d936b8"}, - {file = "lief-0.15.1-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:fcd489ff80860bcc2b2689faa330a46b6d66f0ee3e0f6ef9e643e2b996128a06"}, - {file = "lief-0.15.1-cp313-cp313-win32.whl", hash = "sha256:0d10e5b22e86bbf2d1e3877b604ffd8860c852b6bc00fca681fe1432f5018fe9"}, - {file = "lief-0.15.1-cp313-cp313-win_amd64.whl", hash = "sha256:5af7dcb9c3f44baaf60875df6ba9af6777db94776cc577ee86143bcce105ba2f"}, - {file = "lief-0.15.1-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:f9757ff0c7c3d6f66e5fdcc6a9df69680fad0dc2707d64a3428f0825dfce1a85"}, - {file = "lief-0.15.1-cp38-cp38-macosx_11_0_x86_64.whl", hash = "sha256:8ac3cd099be2580d0e15150b1d2f5095c38f150af89993ddf390d7897ee8135f"}, - {file = "lief-0.15.1-cp38-cp38-manylinux2014_aarch64.whl", hash = "sha256:e732619acc34943b504c867258fc0196f1931f72c2a627219d4f116a7acc726d"}, - {file = "lief-0.15.1-cp38-cp38-manylinux_2_28_x86_64.whl", hash = "sha256:4dedeab498c312a29b58f16b739895f65fa54b2a21b8d98b111e99ad3f7e30a8"}, - {file = "lief-0.15.1-cp38-cp38-manylinux_2_33_aarch64.whl", hash = "sha256:b9217578f7a45f667503b271da8481207fb4edda8d4a53e869fb922df6030484"}, - {file = "lief-0.15.1-cp38-cp38-musllinux_1_2_x86_64.whl", hash = "sha256:82e6308ad8bd4bc7eadee3502ede13a5bb398725f25513a0396c8dba850f58a1"}, - {file = "lief-0.15.1-cp38-cp38-win32.whl", hash = "sha256:dde1c8f8ebe0ee9db4f2302c87ae3cacb9898dc412e0d7da07a8e4e834ac5158"}, - {file = "lief-0.15.1-cp38-cp38-win_amd64.whl", hash = "sha256:a079a76bca23aa73c850ab5beb7598871a1bf44662658b952cead2b5ddd31bee"}, - {file = "lief-0.15.1-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:785a3aa14575f046ed9c8d44ea222ea14c697cd03b5331d1717b5b0cf4f72466"}, - {file = "lief-0.15.1-cp39-cp39-macosx_11_0_x86_64.whl", hash = "sha256:d7044553cf07c8a2ab6e21874f07585610d996ff911b9af71dc6085a89f59daa"}, - {file = "lief-0.15.1-cp39-cp39-manylinux2014_aarch64.whl", hash = "sha256:fa020f3ed6e95bb110a4316af544021b74027d18bf4671339d4cffec27aa5884"}, - {file = "lief-0.15.1-cp39-cp39-manylinux_2_28_x86_64.whl", hash = "sha256:13285c3ff5ef6de2421d85684c954905af909db0ad3472e33c475e5f0f657dcf"}, - {file = "lief-0.15.1-cp39-cp39-manylinux_2_33_aarch64.whl", hash = "sha256:932f880ee8a130d663a97a9099516d8570b1b303af7816e70a02f9931d5ef4c2"}, - {file = "lief-0.15.1-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:de9453f94866e0f2c36b6bd878625880080e7e5800788f5cbc06a76debf283b9"}, - {file = "lief-0.15.1-cp39-cp39-win32.whl", hash = "sha256:4e47324736d6aa559421720758de4ce12d04fb56bdffa3dcc051fe8cdd42ed17"}, - {file = "lief-0.15.1-cp39-cp39-win_amd64.whl", hash = "sha256:382a189514c0e6ebfb41e0db6106936c7ba94d8400651276add2899ff3570585"}, + {file = "lief-0.16.3-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:0fca20122c27a86efb5d083fef6514fb2fbd910965654cb8568f2db8dfe2678f"}, + {file = "lief-0.16.3-cp310-cp310-macosx_11_0_x86_64.whl", hash = "sha256:17e78fc2790fd4ebd15cf9fd86abf0d7fa91aa229d70707f0bc0391ba522129c"}, + {file = "lief-0.16.3-cp310-cp310-manylinux2014_aarch64.whl", hash = "sha256:6bd8fe4d8b907cd7e024789ba3070e417e9bff50ac13698b43b4d992f30f32d2"}, + {file = "lief-0.16.3-cp310-cp310-manylinux_2_28_x86_64.whl", hash = "sha256:d3811e76a2da6e5e351cc2dd09ea34c1fc30e5dd2d6cbbfcd5344dfeb39e0119"}, + {file = "lief-0.16.3-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:978469619f5e8c3faa5bcbb94a89df49565a427b2e75267924f76a7f42cd2a0f"}, + {file = "lief-0.16.3-cp310-cp310-win32.whl", hash = "sha256:9e6cf12c2e032e61f8a60512877b3408cf7c0bc8b76f6bc3e830435397a6555d"}, + {file = "lief-0.16.3-cp310-cp310-win_amd64.whl", hash = "sha256:6b4370508c8b82173e961372310e9c3d410c314cb60dadd80f2acb1a20197265"}, + {file = "lief-0.16.3-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:edf5e1479195920b654e3e1eb6863d466a67fd1bbd2ecc7dcbf2eeeb05353a0c"}, + {file = "lief-0.16.3-cp311-cp311-macosx_11_0_x86_64.whl", hash = "sha256:988889a7e837d12f400011bf6fb91197a94abda51e2e7c135e31ba09b032c718"}, + {file = "lief-0.16.3-cp311-cp311-manylinux2014_aarch64.whl", hash = "sha256:789bf8fd6cf64fe678b4273797e882c0bd81b702f75c3775c9f175225e1ecad7"}, + {file = "lief-0.16.3-cp311-cp311-manylinux_2_28_x86_64.whl", hash = "sha256:73a7bcaf2c2d1819e2c46b3548d29e8bc2c0547be30beb8394ea58c19afa6cab"}, + {file = "lief-0.16.3-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:be2e7074c8bf0c10fcb1afd8dedb404c86c700123a856208d03ce9dd018392d5"}, + {file = "lief-0.16.3-cp311-cp311-win32.whl", hash = "sha256:8fafd992eb9dfca9d8e39e4b4218682bcbf60fd88f43bf198ce8cb20a6674b2e"}, + {file = "lief-0.16.3-cp311-cp311-win_amd64.whl", hash = "sha256:4eb179e9a34a37edbe72c80c0ef7a93cd9ebee4e8fe27165f96841a9d00e1adb"}, + {file = "lief-0.16.3-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:17a57cc7accb27ef84a2af395dfcd1ff5c1dabb27a90fda269327678a18a22f0"}, + {file = "lief-0.16.3-cp312-cp312-macosx_11_0_x86_64.whl", hash = "sha256:1e79e7ad2bd822c19303b722e5239976521bc1777a2ddadccdc65db68eb5088d"}, + {file = "lief-0.16.3-cp312-cp312-manylinux2014_aarch64.whl", hash = "sha256:c2b205a5f2bb7c2e355ca5ccc71801774af1d40758fa1e338f72678367321efe"}, + {file = "lief-0.16.3-cp312-cp312-manylinux_2_28_x86_64.whl", hash = "sha256:684f49352123230603369eea032a49f7fe0992624c5ba2120edbd62d974893be"}, + {file = "lief-0.16.3-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:bf85ff0b4f1c70c3a37c9be5a38c213c84cef6691083fd1ffa6980a4a0d5a410"}, + {file = "lief-0.16.3-cp312-cp312-win32.whl", hash = "sha256:e7ba797829584c5cc1c8a736b2f1587f09b1f3030239c968c7664649fb79ae15"}, + {file = "lief-0.16.3-cp312-cp312-win_amd64.whl", hash = "sha256:70c1f5f66bd4eeead2853a7a80d941b4dd03e3791c68c5351b0d39c78cfa9afe"}, + {file = "lief-0.16.3-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:95d09183fb4db9dd1534eecc8b36b714bcddf2831cd6c56499b10346e48b2a77"}, + {file = "lief-0.16.3-cp313-cp313-macosx_11_0_x86_64.whl", hash = "sha256:366205cf382cc246e36d855c7286af6a9e85994fbac47a0a00c206c4f21c998f"}, + {file = "lief-0.16.3-cp313-cp313-manylinux2014_aarch64.whl", hash = "sha256:6ec906f209e275fd57bc2b003bee6f0e70b9ceabf5d93bcea8de0684735cbe8c"}, + {file = "lief-0.16.3-cp313-cp313-manylinux_2_28_x86_64.whl", hash = "sha256:e0b151eccbeda0fe666448c0801022ec5aa92b7383c0a0e8ca586931fd1bfff0"}, + {file = "lief-0.16.3-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:2eb80b1344a009e27702a7ee0ffa7013d792c0d7237e6871fe28210eac8446c0"}, + {file = "lief-0.16.3-cp313-cp313-win32.whl", hash = "sha256:aefbe78b06d9e89387ab8fc069d1cb34252f5916cf35eaa21088b21b74b99d08"}, + {file = "lief-0.16.3-cp313-cp313-win_amd64.whl", hash = "sha256:52dc05445d8019b61a9ab8c6eb9d6238c4346ac692dcecca76d5f329a999216e"}, + {file = "lief-0.16.3-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:9d7583d11d596afc723b664390d61e1e6d7988b3ad160bfb7438f2cd43099170"}, + {file = "lief-0.16.3-cp38-cp38-macosx_11_0_x86_64.whl", hash = "sha256:bca81d5e2be50925f8e04bb14f02496a14572bb1e326405468afb8a8c11ec508"}, + {file = "lief-0.16.3-cp38-cp38-manylinux2014_aarch64.whl", hash = "sha256:51df4e1c1bc52caa90d5ad63dfd587cd737dde1274f6935bf034f7628c87d5a4"}, + {file = "lief-0.16.3-cp38-cp38-manylinux_2_28_x86_64.whl", hash = "sha256:b76cf0b8dcce6e3ca88f6e721d471b8ae02192f662c896204285c9561a602e1b"}, + {file = "lief-0.16.3-cp38-cp38-musllinux_1_2_x86_64.whl", hash = "sha256:e924ee22ae6dd5ac660768b46e42ef19bba2a6faf680adcd70aebc536e1ecffb"}, + {file = "lief-0.16.3-cp38-cp38-win32.whl", hash = "sha256:489a3e77805ebd31f38c9a2786cfddf65c8cca428fa017f7ee38b006143fd3a0"}, + {file = "lief-0.16.3-cp38-cp38-win_amd64.whl", hash = "sha256:558570ffbb356a8a8f8e2e35cc37edb08ef019ec5fc087f4ed764573071a0901"}, + {file = "lief-0.16.3-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:bb2d0eb59919f3ca8562a8fbae55e4d07194135063f05cfe314c8405cd2d4cce"}, + {file = "lief-0.16.3-cp39-cp39-macosx_11_0_x86_64.whl", hash = "sha256:f18573e16b53ff9626eaa242e8d00a9780107d39a41eb4698c07a965c2267fc9"}, + {file = "lief-0.16.3-cp39-cp39-manylinux2014_aarch64.whl", hash = "sha256:6f5155f382f3da85262465817196a3890124c2483b52a2a15acfdc006155296f"}, + {file = "lief-0.16.3-cp39-cp39-manylinux_2_28_x86_64.whl", hash = "sha256:3a473aa8557df517d7d520235cd785d0a83d543eda0090ca657a7899980695a0"}, + {file = "lief-0.16.3-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:0b7dc44137c35e4e7c55278369f6148c8893128d694ddce1d28f4822967e5756"}, + {file = "lief-0.16.3-cp39-cp39-win32.whl", hash = "sha256:d29480db4cbf212c7deca4b544e4eef6923d1203083518ab0f0f597411e80e51"}, + {file = "lief-0.16.3-cp39-cp39-win_amd64.whl", hash = "sha256:e0ebd06459fad54c5ad9a3caf3e3a7e3010811f51068cbd550c4ae1ee28a9b89"}, ] [[package]] @@ -3250,11 +3244,11 @@ files = [ [package.dependencies] numpy = [ {version = ">=1.21.0", markers = "python_version == \"3.9\" and platform_system == \"Darwin\" and platform_machine == \"arm64\""}, + {version = ">=1.26.0", markers = "python_version >= \"3.12\""}, + {version = ">=1.23.5", markers = "python_version >= \"3.11\" and python_version < \"3.12\""}, {version = ">=1.21.4", markers = "python_version >= \"3.10\" and platform_system == \"Darwin\" and python_version < \"3.11\""}, {version = ">=1.21.2", markers = "platform_system != \"Darwin\" and python_version >= \"3.10\" and python_version < \"3.11\""}, {version = ">=1.19.3", markers = "platform_system == \"Linux\" and platform_machine == \"aarch64\" and python_version >= \"3.8\" and python_version < \"3.10\" or python_version > \"3.9\" and python_version < \"3.10\" or python_version >= \"3.9\" and platform_system != \"Darwin\" and python_version < \"3.10\" or python_version >= \"3.9\" and platform_machine != \"arm64\" and python_version < \"3.10\""}, - {version = ">=1.23.5", markers = "python_version >= \"3.11\" and python_version < \"3.12\""}, - {version = ">=1.26.0", markers = "python_version >= \"3.12\""}, ] [[package]] @@ -3375,8 +3369,8 @@ files = [ [package.dependencies] numpy = [ {version = ">=1.22.4", markers = "python_version < \"3.11\""}, - {version = ">=1.23.2", markers = "python_version == \"3.11\""}, {version = ">=1.26.0", markers = "python_version >= \"3.12\""}, + {version = ">=1.23.2", markers = "python_version == \"3.11\""}, ] python-dateutil = ">=2.8.2" pytz = ">=2020.1"