From ec6b6e13074e1a48e9e5e69b4e603ff8ff9e867b Mon Sep 17 00:00:00 2001
From: Samuel Hassine <samuel.hassine@filigran.io>
Date: Wed, 4 Sep 2024 15:57:52 +0200
Subject: [PATCH] [misp-import-file] Create the connector (#1292)

---
 .circleci/config.yml                              | 15 +++++++++++++--
 external-import/misp-feed/src/config.yml.sample   |  2 --
 external-import/misp-feed/src/misp-feed.py        |  6 +++++-
 external-import/misp/src/misp.py                  |  6 +++++-
 .../import-file-stix/src/import-file-stix.py      |  8 +-------
 5 files changed, 24 insertions(+), 13 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index d4d74a6a84..0f426ac7c2 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -350,7 +350,7 @@ jobs:
           name: Build Docker image opencti/connector-group-ib
           command: docker build -t opencti/connector-group-ib:latest . && docker tag opencti/connector-group-ib:latest opencti/connector-group-ib:${CIRCLE_TAG}
       - run:
-          working_directory: ~/opencti/external-import/first-epss
+          working_directory: ~/opencti/internal-enrichment/first-epss
           name: Build Docker image opencti/connector-first-epss
           command: docker build -t opencti/connector-first-epss:latest . && docker tag opencti/connector-first-epss:latest opencti/connector-first-epss:${CIRCLE_TAG}
       - run:
@@ -775,6 +775,10 @@ jobs:
           working_directory: ~/opencti/internal-enrichment/reversinglabs-spectra-intel-submission
           name: Build Docker image opencti/connector-reversinglabs-spectra-intel-submission
           command: docker build -t opencti/connector-reversinglabs-spectra-intel-submission:latest . && docker tag opencti/connector-reversinglabs-spectra-intel-submission:latest opencti/connector-reversinglabs-spectra-intel-submission:${CIRCLE_TAG}
+      - run:
+          working_directory: ~/opencti/internal-import-file/import-file-misp
+          name: Build Docker image opencti/connector-import-file-misp
+          command: docker build -t opencti/connector-import-file-misp:latest . && docker tag opencti/connector-import-file-misp:latest opencti/connector-import-file-misp:${CIRCLE_TAG}
       - run:
           name: Publish Docker Image to Docker Hub
           command: |
@@ -909,6 +913,8 @@ jobs:
             docker push opencti/connector-webhook:${CIRCLE_TAG}
             docker push opencti/connector-reversinglabs-spectra-intel-submission:latest
             docker push opencti/connector-reversinglabs-spectra-intel-submission:${CIRCLE_TAG}
+            docker push opencti/connector-import-file-misp:latest
+            docker push opencti/connector-import-file-misp:${CIRCLE_TAG}
       - slack/notify:
           event: fail
           template: basic_fail_1
@@ -1252,7 +1258,7 @@ jobs:
           name: Build Docker image opencti/connector-group-ib
           command: docker build -t opencti/connector-group-ib:rolling .
       - run:
-          working_directory: ~/opencti/external-import/first-epss
+          working_directory: ~/opencti/internal-enrichment/first-epss
           name: Build Docker image opencti/connector-first-epss
           command: docker build -t opencti/connector-first-epss:rolling .
       - run:
@@ -1611,6 +1617,10 @@ jobs:
           working_directory: ~/opencti/internal-enrichment/reversinglabs-spectra-intel-submission
           name: Build Docker image opencti/connector-reversinglabs-spectra-intel-submission
           command: docker build -t opencti/connector-reversinglabs-spectra-intel-submission:rolling .
+      - run:
+          working_directory: ~/opencti/internal-import-file/import-file-misp
+          name: Build Docker image opencti/connector-import-file-misp
+          command: docker build -t opencti/connector-import-file-misp:rolling .
       - run:
           name: Publish Docker Image to Docker Hub
           command: |
@@ -1681,6 +1691,7 @@ jobs:
             docker push opencti/connector-jira:rolling
             docker push opencti/connector-webhook:rolling
             docker push opencti/connector-reversinglabs-spectra-intel-submission:rolling
+            docker push opencti/connector-import-file-misp:rolling
       - slack/notify:
           event: fail
           template: basic_fail_1
diff --git a/external-import/misp-feed/src/config.yml.sample b/external-import/misp-feed/src/config.yml.sample
index 60063ea6dd..d41015d934 100644
--- a/external-import/misp-feed/src/config.yml.sample
+++ b/external-import/misp-feed/src/config.yml.sample
@@ -7,8 +7,6 @@ connector:
   type: 'EXTERNAL_IMPORT'
   name: 'MISP Feed'
   scope: 'misp-feed'
-  confidence_level: 20 # From 0 (Unknown) to 100 (Fully trusted)
-  update_existing_data: false
   run_and_terminate: false
   log_level: 'info'
 
diff --git a/external-import/misp-feed/src/misp-feed.py b/external-import/misp-feed/src/misp-feed.py
index 61ced4f0eb..66a6f05afd 100644
--- a/external-import/misp-feed/src/misp-feed.py
+++ b/external-import/misp-feed/src/misp-feed.py
@@ -874,7 +874,11 @@ def _resolve_type(self, type, value):
                 else:
                     return None
             else:
-                if resolved_types[0] == "ipv4-addr":
+                if (
+                    "resolver" in resolved_types[0]
+                    and resolved_types[0]["resolver"] == "ipv4-addr"
+                    or resolved_types[0] == "ipv4-addr"
+                ):
                     resolver_0 = self._detect_ip_version(value)
                     type_0 = self._detect_ip_version(value, True)
                 else:
diff --git a/external-import/misp/src/misp.py b/external-import/misp/src/misp.py
index 5f4a4f733f..87eedf1071 100644
--- a/external-import/misp/src/misp.py
+++ b/external-import/misp/src/misp.py
@@ -2192,7 +2192,11 @@ def resolve_type(self, type, value):
                 else:
                     return None
             else:
-                if resolved_types[0]["resolver"] == "ipv4-addr":
+                if (
+                    "resolver" in resolved_types[0]
+                    and resolved_types[0]["resolver"] == "ipv4-addr"
+                    or resolved_types[0] == "ipv4-addr"
+                ):
                     resolver_0 = self.detect_ip_version(value)
                     type_0 = self.detect_ip_version(value, True)
                 else:
diff --git a/internal-import-file/import-file-stix/src/import-file-stix.py b/internal-import-file/import-file-stix/src/import-file-stix.py
index 82012f7058..4b01c3ae11 100644
--- a/internal-import-file/import-file-stix/src/import-file-stix.py
+++ b/internal-import-file/import-file-stix/src/import-file-stix.py
@@ -2,7 +2,6 @@
 import os
 import sys
 import time
-import uuid
 from typing import Dict, List
 
 import yaml
@@ -44,12 +43,7 @@ def _process_message(self, data: Dict) -> str:
                     "No container in Stix file. Updating current container"
                 )
                 bundle = self._update_container(bundle, entity_id)
-            bundle = {
-                "type": "bundle",
-                "id": "bundle--" + str(uuid.uuid4()),
-                "objects": bundle,
-            }
-            file_content = json.dumps(bundle)
+            file_content = self.helper.stix2_create_bundle(bundle)
         bundles_sent = self.helper.send_stix2_bundle(
             file_content,
             bypass_validation=bypass_validation,