Diff of /phish/phish_fromStruct.py [fd5e72] .. [edbb89] Maximize Restore

  Switch to side-by-side view

--- a/phish/phish_fromStruct.py
+++ b/phish/phish_fromStruct.py
@@ -9,13 +9,14 @@
 
 import uuid, sys, time, getopt
 from datetime import datetime
-import ConfigParser
-import iodef.base 
-import iodef.phish
-import iodef.markings
+import ConfigParser, StringIO
+sys.path.append('../common')
+sys.path.append('../')
+import iodef
 from send_to_apwg import send_to_apwg
 #from askQuestions_phish import askQuestions
-from buildIODEF import build_IODEF, build_eventData
+from buildIODEF import build_IODEF
+from build_phish import build_eventData, build_phraudReport
 
 CONFIG = "./iodef_phish_config.ini"
 
@@ -23,92 +24,12 @@
 
 
 
-def readConfig():
+def readConfig( configFile ):
   config = ConfigParser.SafeConfigParser()
-  config.read(CONFIG)
+  config.read( configFile )
 
   return config
 
-
-def build_phraudReport(phishStruct, config, message):
-
-  dCSite = iodef.phish.DCSite_type(DCType=phishStruct['collector']['type'], Node=None, DomainData=None, Assessment=None)
-  # Use the default if one was not included.
-  confidence=phishStruct['confidence'] or config.get('phish','DcSiteConfidence')
-  if phishStruct['collector']['type'] == 'url':
-    siteURL = iodef.phish.SiteURLType( 
-    	confidence=confidence, 
-	valueOf_= iodef.base.MLStringType( valueOf_=phishStruct['collector']['uri'], 
-	lang=phishStruct['lang']))
-    dCSite.set_SiteURL( siteURL)
-  if phishStruct['collector']['type'] == 'emailsite':
-    siteEmail = iodef.phish.EmailSiteType( 
-	confidence=confidence,
-       	valueOf_= iodef.base.MLStringType( valueOf_=phishStruct['collector']['uri'], 
-	lang=phishStruct['lang']))
-    dCSite.set_EmailSite( siteEmail)
-
-  if phishStruct['collector']['type'] == 'unknown':
-    siteUnknown = iodef.phish.UnknownType( 
-	confidence=confidence,
-        valueOf_= iodef.base.MLStringType( valueOf_=phishStruct['collector']['uri'], lang=phishStruct['lang']))
-    dCSite.set_Unknown( siteUnknown)
-
-  if phishStruct['collector']['type'] == 'system':
-    siteAddress = iodef.phish.SystemType( 
-	confidence=confidence,
-        Address=phishStruct['collector']['uri'])
-    dCSite.set_System( siteAddress)
-
-  if phishStruct['collector']['type'] == 'domain':
-    siteDomain = iodef.phish.DomainType( 
-	confidence=confidence,
-        valueOf_= iodef.base.MLStringType( valueOf_=phishStruct['collector']['uri'], lang=phishStruct['lang']))
-    dCSite.set_Domain( siteDomain)
-
-#  if phishStruct['collector']['type'] == 'phonenumber':
-#    siteEmail = iodef.phish.EmailSiteType( 
-#	confidence=confidence,
-#        valueOf_= phishStruct['collector']['url'])
-#    dCSite.set_SiteEmail( siteEmail)
-
-  eMail = iodef.phish.EmailRecord_type(EmailCount=phishStruct['count'], EmailComments=None)
-  eMail.set_EmailMessage( iodef.base.MLStringType( valueOf_=message, 
-	lang=phishStruct['collector']['lang']))
-
-  ''' Make up a lure source if one not found '''
-  lureSystem = iodef.base.System()
-  lureSystem.set_Node( iodef.base.Node(NodeName=[ iodef.base.MLStringType( valueOf_='unknown')]))
-  lure = iodef.phish.LureSource_type()
-  lure.add_System( lureSystem)
-
-  OrigSens = iodef.phish.OriginatingSensor_type()
-  OrigSens.OriginatingSensorType = config.get('phish','SensorType')
-  OrigSens.DateFirstSeen = phishStruct['datetime'] or (datetime.utcnow().replace(microsecond=0).isoformat()+config.get('iodef-Contact','Timezone'))
-  OrigSens.add_System( lureSystem) 
-
-  brand = iodef.base.MLStringType( lang='en-US', valueOf_=phishStruct['brand'])
-  brands = []
-  brands.append( brand)
-
-  phraudReport = iodef.phish.PhraudReport.factory(
-      ext_value = None, Version='1.0',
-      FraudType = 'phishing',
-      PhishNameRef = None, 
-      PhishNameLocalRef = None,
-      FraudParameter = iodef.base.MLStringType( valueOf_=phishStruct['subject']),
-      FraudedBrandName = brands,
-      LureSource = [lure],
-      OriginatingSensor = [OrigSens],
-      EmailRecord = eMail,
-      DCSite = [dCSite],
-      TakeDownInfo = None,
-      ArchivedData = None,
-      RelatedData = None,
-      CorrelationData = None,
-      PRComments = None)
-
-  return (phraudReport)
 
 
 #--------- MAIN -------------
@@ -121,8 +42,10 @@
     _language = "en-US"
     _testing = False
     _dump = False
+    configFile = "iodef_phish_config.ini"
+    msg=""
     try:                                
-        opts, args = getopt.getopt(argv, "htdlm", ["help", "testing", "dump", "language=", "msg"])
+        opts, args = getopt.getopt(argv, "htdl:m:c:", ["help", "testing", "dump", "language=", "msg=", "config="])
     except getopt.GetoptError:          
         usage()                         
         sys.exit(2)                     
@@ -139,12 +62,14 @@
 	    _dump = True
 	elif opt == '-m':
 	    msg = open( arg, 'r')
+	elif opt =='-c':
+	    configFile = arg
 
     if not _testing:
 	phishStruct = {}
  
     ''' Step 1: Read static configs '''
-    config = readConfig()
+    config = readConfig( configFile )
     ''' Step 2: Get data about infected system '''
 # Questions are too hard, use the struct or the web page.
 #    if not _testing:
@@ -152,7 +77,7 @@
     
 
     ''' Step 3: Build phishDetails Element '''
-    phishz = build_phraudReport(phishStruct, config, phishStruct['message'] or msg)
+    phishz = build_phraudReport( config, phishStruct, phishStruct.get('message',  msg))
     eData = build_eventData( config, phishz,
 	impactStr = phishStruct.get('impact', config.get('iodef-Event','Impact')),
 	methodStr = phishStruct.get('method', config.get('iodef-Event','Method')),
@@ -167,13 +92,17 @@
     doc.lang = config.get('iodef','Language')
     
     ''' Step 6: Send the completed doc to a repository. '''
+    docString = StringIO.StringIO()
+    doc.export(docString,0)
     if _dump:
-	doc.export(sys.stdout, 0, name_='IODEF_Document', namespacedef_='urn:ietf:params:xml:ns:iodef-1.0')
+	print docString.getvalue()
     else:
-      errcode, errmsg = send_to_apwg(config, doc)
-      if errcode != 201:
-        print "Error: %s - %s" % (errcode,errmsg)
-        exit
+      errcode, docId, errmsg = send_to_apwg(config, docString.getvalue())
+      if errcode == 201:
+        print "ERROR! "
+      print "Error: %s - incidentId: %s - Msg: %s" % (errcode,docId,errmsg)
+      
+# Implied exit
 
 
 if __name__ == '__main__':