Beispiel #1
0
class Package(maec.Entity):
    _binding = package_binding
    _binding_class = package_binding.PackageType
    _namespace = _namespace

    id_ = fields.TypedField('id')
    timestamp = fields.TypedField('timestamp')
    schema_version = fields.TypedField('schema_version')
    malware_subjects = fields.TypedField('Malware_Subjects',
                                         MalwareSubjectList)
    grouping_relationships = fields.TypedField('Grouping_Relationships',
                                               GroupingRelationshipList)

    def __init__(self, id=None, schema_version="2.1", timestamp=None):
        super(Package, self).__init__()
        if id:
            self.id_ = id
        else:
            self.id_ = idgen.create_id(prefix="package")
        self.schema_version = schema_version
        self.timestamp = timestamp
        self.malware_subjects = MalwareSubjectList()
        self.__input_namespaces__ = {}
        self.__input_schemalocations__ = {}

    #Public methods
    #Add a malware subject to this Package
    def add_malware_subject(self, malware_subject):
        self.malware_subjects.append(malware_subject)

    #Add a grouping relationship
    def add_grouping_relationship(self, grouping_relationship):
        if not self.grouping_relationships:
            self.grouping_relationships = GroupingRelationshipList()
        self.grouping_relationships.append(grouping_relationship)

    # Create new Package from the XML document at the specified path
    @staticmethod
    def from_xml(xml_file):
        '''
        Returns a tuple of (api_object, binding_object).
        Parameters:
        xml_file - either a filename or a stream object
        '''
        from maec.utils.parser import EntityParser

        parser = EntityParser()
        maec_package = parser.parse_xml(xml_file)
        maec_package_obj = maec_package.to_obj()

        return (maec_package, maec_package_obj)

    # Transform duplicate objects within this Package into references pointing to a single canonical object
    def deduplicate_malware_subjects(self):
        """DeDuplicate all Malware_Subjects in the Package. For now, only handles Objects in Findings Bundles"""
        for malware_subject in self.malware_subjects:
            malware_subject.deduplicate_bundles()
Beispiel #2
0
class Package(maec.Entity):
    _binding = package_binding
    _binding_class = package_binding.PackageType
    _namespace = _namespace

    id_ = fields.TypedField('id')
    timestamp = fields.TypedField('timestamp')
    schema_version = fields.TypedField('schema_version')
    malware_subjects = fields.TypedField('Malware_Subjects', MalwareSubjectList)
    grouping_relationships = fields.TypedField('Grouping_Relationships', GroupingRelationshipList)

    def __init__(self, id = None, schema_version = "2.1", timestamp = None):
        super(Package, self).__init__()
        if id:
            self.id_ = id
        else:
            self.id_ = idgen.create_id(prefix="package")
        self.schema_version = schema_version
        self.timestamp = timestamp
        self.malware_subjects = MalwareSubjectList()
        self.__input_namespaces__ = {}
        self.__input_schemalocations__ = {}

    #Public methods
    #Add a malware subject to this Package
    def add_malware_subject(self, malware_subject):
        self.malware_subjects.append(malware_subject)

    #Add a grouping relationship
    def add_grouping_relationship(self, grouping_relationship):
        if not self.grouping_relationships:
            self.grouping_relationships = GroupingRelationshipList()
        self.grouping_relationships.append(grouping_relationship)


    # Create new Package from the XML document at the specified path
    @staticmethod
    def from_xml(xml_file):
        '''
        Returns a tuple of (api_object, binding_object).
        Parameters:
        xml_file - either a filename or a stream object
        '''
        from maec.utils.parser import EntityParser

        parser = EntityParser()
        maec_package = parser.parse_xml(xml_file)
        maec_package_obj = maec_package.to_obj()

        return (maec_package, maec_package_obj)

    # Transform duplicate objects within this Package into references pointing to a single canonical object
    def deduplicate_malware_subjects(self):
        """DeDuplicate all Malware_Subjects in the Package. For now, only handles Objects in Findings Bundles"""
        for malware_subject in self.malware_subjects:
            malware_subject.deduplicate_bundles()
Beispiel #3
0
 def __init__(self, id = None, schema_version = "2.1", timestamp = None):
     super(Package, self).__init__()
     if id:
         self.id_ = id
     else:
         self.id_ = idgen.create_id(prefix="package")
     self.schema_version = schema_version
     self.timestamp = timestamp
     self.malware_subjects = MalwareSubjectList()
     self.__input_namespaces__ = {}
     self.__input_schemalocations__ = {}
Beispiel #4
0
def merge_packages(package_list, namespace=None):
    '''Merge a list of input MAEC Packages and return a merged Package instance.'''
    malware_subjects = []
    # Instantiate the ID generator class (for automatic ID generation)
    if not namespace:
        NS = Namespace("https://github.com/MAECProject/python-maec", "merged")
    else:
        NS = namespace
    maec.utils.set_id_namespace(NS)
    # Build the list of Malware Subjects
    for package in package_list:
        for malware_subject in package.malware_subjects:
            malware_subjects.append(malware_subject)
    # Merge the Malware Subjects
    merged_subjects = merge_malware_subjects(malware_subjects)
    # Merge the input namespace/schemaLocation dictionaries
    merged_namespaces = {}
    merged_schemalocations = {}
    for package in package_list:
        merged_namespaces.update(package.__input_namespaces__)
        merged_schemalocations.update(package.__input_schemalocations__)
    # Create a new Package with the merged Malware Subjects
    merged_package = Package()
    merged_package.malware_subjects = MalwareSubjectList(merged_subjects)
    merged_package.__input_namespaces__ = merged_namespaces
    merged_package.__input_schemalocations__ = merged_schemalocations
    return merged_package
Beispiel #5
0
 def __init__(self, id = None, schema_version = "2.1", timestamp = None):
     super(Package, self).__init__()
     if id:
         self.id_ = id
     else:
         self.id_ = idgen.create_id(prefix="package")
     self.schema_version = schema_version
     self.timestamp = timestamp
     self.malware_subjects = MalwareSubjectList()
     self.__input_namespaces__ = {}
     self.__input_schemalocations__ = {}