Can't get search() to return attachments that have been included inside a object (e.g. report object attachment files)

[samitainio]

This might be a PEBKAC issue but I just can't get the PyMISP search() function to return events so that the file attachments that have been saved inside objects, mainly from the report object, would be included in the returned JSON. I have set the with_attachments to True but it doesn't seem to do anything for these files. What am I missing here or is this a bug?

I've been trying to get this work on the following versions:
MISP: Currently installed version… v2.4.192 (694da4e641d0912ec9ff84cf68ae530477fad616)
PyMISP on the MISP server: 2.4.190
PyMISP on the client: 2.4.190

For everything else the search() is returning everything as expected as far as I can see.

If I manually export same MISP events from the UI then the files are included. Any insight into the matter would be greatly appreacited!

[samitainio]

The documentation that I followed can be found here:

• https://pymisp.readthedocs.io/en/latest/modules.html

Function: search()

• Parameters: with_attachments bool | None – If set, encodes the attachments / zipped malware samples as base64 in the data field within each attribute
• Deprecated: Parameters: withAttachments bool | None – synonym for with_attachments

Now my code had it written like with_attachments as per that documentation and it does nothing when written like this.

Then I noticed the OpenAPI documentation had it written as withAttachments so I figured to try it even though the docs say it is deprecated. It started working.

Documentation requires updating or verification what is actually used and what is not.

Issue: fixed and this issue may be closed at your convenience - keeping it open so the resolution doesn't get buried and devs see this

[Rafiot]

Can you share the code you're using? It will be a lot easier to figure out what's going on, because I cannot see any obvious reason with_attachments fails but withAttachments works.