From fcd8197a8a16f52e4226cf3203e85ede37666d35 Mon Sep 17 00:00:00 2001
From: Jerome Leonard <jerome@upbeat.fr>
Date: Fri, 16 Jun 2017 13:33:24 +0200
Subject: [PATCH] #56 update FileInfo summary() and short reports

---
 analyzers/File_Info/fileinfo_analyzer.py   | 36 +++++++++++++++++-----
 thehive-templates/File_Info_1_0/short.html | 10 ++----
 2 files changed, 31 insertions(+), 15 deletions(-)

diff --git a/analyzers/File_Info/fileinfo_analyzer.py b/analyzers/File_Info/fileinfo_analyzer.py
index 45c095a..14ad962 100755
--- a/analyzers/File_Info/fileinfo_analyzer.py
+++ b/analyzers/File_Info/fileinfo_analyzer.py
@@ -138,18 +138,38 @@ class FileAnalyzer(Analyzer):
 
     # SUMMARY
     def summary(self, fullReport):
+
+        taxonomy = {"level": "info", "namespace": "FileInfo", "predicate": "Filetype", "value": 0}
+        taxonomies = []
+
         if fullReport['Mimetype'] in ['application/x-dosexec']:
-            return self.PE_Summary(fullReport)
-        if fullReport['Mimetype'] in ['application/pdf']:
-            return self.PDF_Summary(fullReport)
-        if (fullReport['filetype'] in ['DOC','DOCM','DOCX',
+            pereport = self.PE_Summary(fullReport)
+            taxonomy["value"] = pereport['filetype']
+            taxonomies.append(taxonomy)
+        elif fullReport['Mimetype'] in ['application/pdf']:
+            pdfreport = self.PDF_Summary(fullReport)
+            taxonomy['value'] = pdfreport['filetype']
+            if pdfreport['suspicious']:
+                taxonomy['level'] = 'warning'
+            taxonomies.append(taxonomy)
+        elif (fullReport['filetype'] in ['DOC','DOCM','DOCX',
                                     'XLS', 'XLSM', 'XLSX',
                                     'PPT', "PPTM", 'PPTX']):
-            return self.MSOffice_Summary(fullReport)
+            msreport = self.MSOffice_Summary(fullReport)
+            taxonomy['value'] = msreport['filetype']
+            if msreport['suspicious']:
+                taxonomy['level'] = 'warning'
+            taxonomies.append(taxonomy)
+        else:
+            taxonomy['value'] = fullReport['filetype']
+            taxonomies.append(taxonomy)
+
+        result = {'taxonomies': taxonomies}
+        return result
+
+
+
 
-        return {
-            'filetype': fullReport['filetype']
-        }
 
     def SpecificInfo(self,report):
         # run specific program for PE
diff --git a/thehive-templates/File_Info_1_0/short.html b/thehive-templates/File_Info_1_0/short.html
index 7d0de04..563ca58 100644
--- a/thehive-templates/File_Info_1_0/short.html
+++ b/thehive-templates/File_Info_1_0/short.html
@@ -1,7 +1,3 @@
-<span class="label label-info" ng-if="!content.suspicious">
-    File_Info:filetype={{content.filetype}}
-</span>
-
-<span class="label label-warning" ng-if="content.suspicious">
-    File_Info:Suspicious
-</span>
+<span class="label" ng-repeat="t in content.taxonomies" ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
+    {{t.namespace}}:{{t.predicate}}={{t.value}}
+</span>&nbsp;