ioc_parser Python 3 compatible

Python 3 compatible

Open threatlead opened this issue 9 years ago • 3 comments

Suggestions:

At line #43 : https://github.com/armbues/ioc_parser/blob/master/iocp.py#L43
- Replace with:

try:
    from StringIO import StringIO
except ImportError:
    from io import StringIO

pdfminer doesn't support python3, so I changed default library to 'pypdf2' at line #84:
- https://github.com/armbues/ioc_parser/blob/master/iocp.py#L84

def __init__(self, patterns_ini=None, ..., library='pypdf2', ...):

Jan 04 '16 07:01 threatlead

The default PDF library was switched to pdfminer because of the parsing better performance. In a head-to-head test it was able to parse considerably more text from a report set than pypdf2, therefore also generating more IOCs.

An option would be to dynamically check the Python version during runtime and accordingly change the default PDF library.

Jan 20 '16 01:01 armbues

For anyone with issues with pdfminer on python3, consider using pdfminer.six, a fork for compatibility with python3 https://github.com/pdfminer/pdfminer.six

Also, as a totally unrelated side-note (no idea where to put this), you might want to set the re.compile flag to IGNORECASE, so that you can catch cases that are typed in all caps, at parser.py line 133: ind_regex = re.compile(ind_pattern, flags=re.IGNORECASE)

May 11 '17 06:05 bernardyim

As far as IGNORECASE support is concerned, this is handled with #34.

Oct 18 '17 14:10 fhightower

ioc_parser ioc_parser copied to clipboard

Python 3 compatible

ioc_parser
ioc_parser copied to clipboard