def from_dict(malware_subject_relationship_dict):
if not malware_subject_relationship_dict:
return None
malware_subject_relationship_ = MalwareSubjectRelationship()
malware_subject_relationship_.type = VocabString.from_dict(malware_subject_relationship_dict.get('type'))
malware_subject_relationship_.malware_subject_references = [MalwareSubjectReference.from_dict(x) for x in malware_subject_relationship_dict.get('malware_subject_references', [])]
return malware_subject_relationship_
def from_dict(capability_property_dict):
if not capability_property_obj:
return None
capability_property_ = CapabilityProperty()
capability_property_.name = VocabString.from_dict(capability_property_dict["name"])
capability_property_.value = String.from_dict(capability_property_dict["value"])
return capability_property_
def from_dict(mal_conf_param_dict):
if not mal_conf_param_dict:
return None
mal_conf_param_ = MalwareConfigurationParameter()
mal_conf_param_.name = VocabString.from_dict(mal_conf_param_dict['name'])
if mal_conf_param_dict.get('value'): mal_conf_param_.value = mal_conf_param_dict['value']
return mal_conf_param_
def from_dict(capability_property_dict):
if not capability_property_dict:
return None
capability_property_ = CapabilityProperty()
capability_property_.name = VocabString.from_dict(capability_property_dict['name'])
capability_property_.value = String.from_dict(capability_property_dict['value'])
return capability_property_
def from_dict(action_argument_dict):
if not action_argument_dict:
return None
action_argument_ = ActionArgument()
action_argument_.argument_name = VocabString.from_dict(action_argument_dict.get('argument_name'))
action_argument_.argument_value = action_argument_dict.get('argument_value')
return action_argument_
def from_dict(action_relationship_dict):
if not action_relationship_dict:
return None
action_relationship_ = ActionRelationship()
action_relationship_.type = VocabString.from_dict(action_relationship_dict.get('type'))
action_relationship_.action_references = [ActionReference.from_dict(x) for x in action_relationship_dict.get('action_reference', [])]
return action_relationship_
def from_dict(action_relationship_dict):
if not action_relationship_dict:
return None
action_relationship_ = ActionRelationship()
action_relationship_.type = VocabString.from_dict(action_relationship_dict.get('type'))
action_relationship_.action_references = [ActionReference.from_dict(x) for x in action_relationship_dict.get('action_reference')]
return action_relationship_
def from_dict(mal_binary_obfusc_alg_dict):
if not mal_binary_obfusc_alg_dict:
return None
mal_binary_obfusc_alg_ = MalwareConfigurationObfuscationAlgorithm()
if mal_binary_obfusc_alg_dict['ordinal_position']: mal_binary_obfusc_alg_.ordinal_position = mal_binary_obfusc_alg_dict['ordinal_position']
if mal_binary_obfusc_alg_dict['key']: mal_binary_obfusc_alg_.key = mal_binary_obfusc_alg_dict['key']
mal_binary_obfusc_alg_.algorithm_name = VocabString.from_dict(mal_binary_obfusc_alg_dict['algorithm_name'])
return mal_binary_obfusc_alg_
def from_dict(malware_entity_dict):
if not malware_entity_dict:
return None
malware_entity_ = MalwareEntity()
malware_entity_.type = VocabString.from_dict(malware_entity_dict.get('type'))
malware_entity_.name = malware_entity_dict.get('name')
malware_entity_.description = malware_entity_dict.get('description')
return malware_entity_
def from_dict(measure_source_dict):
if not measure_source_dict:
return None
measure_source_ = MeasureSource()
measure_source_.class_ = measure_source_dict.get('class')
measure_source_.source_type = measure_source_dict.get('source_type')
measure_source_.name = measure_source_dict.get('name')
measure_source_.information_source_type = VocabString.from_dict(measure_source_dict.get('information_source_type'))
measure_source_.tool_type = VocabString.from_dict(measure_source_dict.get('tool_type'))
measure_source_.description = StructuredText.from_dict(measure_source_dict.get('description'))
measure_source_.contributors = Personnel.from_list(measure_source_dict.get('contributors'))
measure_source_.time = Time.from_dict(measure_source_dict.get('time'))
measure_source_.tools = ToolInformationList.from_list(measure_source_dict.get('tools'))
measure_source_.platform = None #TODO: add support
measure_source_.system = ObjectProperties.from_dict(measure_source_dict.get('system'))
measure_source_.instance = ObjectProperties.from_dict(measure_source_dict.get('instance'))
return measure_source_
def from_dict(capability_rel_dict):
if not capability_rel_dict:
return None
capability_rel_ = CapabilityRelationship()
capability_rel_.relationship_type = VocabString.from_dict(capability_rel_dict['relationship_type'])
if capability_rel_dict['capability_reference']:
capability_rel_.capability_reference = [CapabilityReference.from_dict(x) for x in capability_rel_dict['capability_reference']]
return capability_rel_
def test_xsi_type_unicode(self):
string = u"test\u2010value"
vocab_dict = {"value": string, "condition": u"Equals", "xsi:type": u"some_xsi_type"}
vocab_dict2 = cybox.test.round_trip_dict(VocabString, vocab_dict)
self.assertEqual(vocab_dict, vocab_dict2)
xml = VocabString.from_dict(vocab_dict).to_xml()
string_utf8 = string.encode("utf-8")
self.assertTrue(string_utf8 in xml)
def from_dict(grouping_relationship_dict):
if not grouping_relationship_dict:
return None
grouping_relationship_ = GroupingRelationship()
grouping_relationship_.type = VocabString.from_dict(grouping_relationship_dict.get('type'))
grouping_relationship_.malware_family_name = grouping_relationship_dict.get('malware_family_name')
grouping_relationship_.malware_toolkit_name = grouping_relationship_dict.get('malware_toolkit_name')
grouping_relationship_.clustering_metadata = ClusteringMetadata.from_dict(grouping_relationship_dict.get('clustering_metadata'))
return grouping_relationship_
def from_dict(capability_obj_rel_dict):
if not capability_obj_rel_dict:
return None
capability_obj_rel_ = CapabilityRelationship()
capability_obj_rel_.relationship_type = VocabString.from_dict(capability_obj_rel_dict["relationship_type"])
if capability_obj_rel_dict["objective_reference"]:
capability_obj_rel_.objective_reference = [
CapabilityObjectiveReference.from_dict(x) for x in capability_obj_rel_dict["objective_reference"]
]
return capability_obj_rel_
def from_dict(relobj_dict):
if not relobj_dict:
return None
relobj = RelatedObject()
Object.from_dict(relobj_dict, relobj)
relobj.relationship = VocabString.from_dict(relobj_dict.get('relationship'))
if relobj.idref:
relobj._inline = True
return relobj
def from_dict(relobj_dict):
if not relobj_dict:
return None
relobj = RelatedObject()
Object.from_dict(relobj_dict, relobj)
relobj.relationship = VocabString.from_dict(relobj_dict.get('relationship'))
if relobj.idref:
relobj._inline = True
return relobj
def test_xsi_type_unicode(self):
string = u("test\u2010value")
vocab_dict = {
'value': string,
'condition': u("Equals"),
'xsi:type': u("some_xsi_type"),
}
vocab_dict2 = cybox.test.round_trip_dict(VocabString, vocab_dict)
self.assertEqual(vocab_dict, vocab_dict2)
xml = VocabString.from_dict(vocab_dict).to_xml()
string_utf8 = string.encode("utf-8")
self.assertTrue(string_utf8 in xml)
def from_dict(action_dict, action_cls = None):
if not action_dict:
return None
if action_cls == None:
action_cls = Action()
action_ = action_cls
action_.id = action_dict.get('id')
action_.idref = action_dict.get('idref')
action_.ordinal_position = action_dict.get('ordinal_position')
action_.action_status = action_dict.get('action_status')
action_.context = action_dict.get('context')
action_.timestamp = action_dict.get('timestamp')
action_.type = VocabString.from_dict(action_dict.get('type'))
action_.name = VocabString.from_dict(action_dict.get('name'))
action_.description = StructuredText.from_dict(action_dict.get('description'))
action_.action_aliases = action_dict.get('action_aliases', [])
action_.action_arguments = ActionArguments.from_list(action_dict.get('action_arguments', []))
action_.discovery_method = MeasureSource.from_dict(action_dict.get('discovery_method'))
action_.associated_objects = AssociatedObjects.from_list(action_dict.get('associated_objects', []))
action_.relationships = ActionRelationships.from_list(action_dict.get('relationships', []))
#action_.frequency = Frequency.from_dict(action_dict.get('frequency')) #TODO: add support
return action_
def test_xsi_type_unicode(self):
string = u("test\u2010value")
vocab_dict = {
'value': string,
'condition': u("Equals"),
'xsi:type': u("some_xsi_type"),
}
vocab_dict2 = cybox.test.round_trip_dict(VocabString, vocab_dict)
self.assertEqual(vocab_dict, vocab_dict2)
xml = VocabString.from_dict(vocab_dict).to_xml()
string_utf8 = string.encode("utf-8")
self.assertTrue(string_utf8 in xml)
def from_dict(capability_objective_dict):
if not capability_objective_dict:
return None
capability_objective_ = CapabilityObjective()
if capability_objective_dict.get('id'): capability_objective_.id_ = capability_objective_dict.get('id')
capability_objective_.name = VocabString.from_dict(capability_objective_dict.get('name'))
capability_objective_.description = capability_objective_dict.get('description')
if capability_objective_dict.get('property'):
capability_objective_.property = [CapabilityProperty.from_dict(x) for x in capability_objective_dict.get('property')]
if capability_objective_dict.get('behavior_reference'):
capability_objective_.behavior_reference = [BehaviorReference.from_dict(x) for x in capability_objective_dict.get('behavior_reference')]
if capability_objective_dict.get('relationship'):
capability_objective_.relationship = [CapabilityObjectiveRelationship.from_dict(x) for x in capability_objective_dict.get('relationship')]
return capability_objective_
def from_dict(candidate_indicator_dict):
if not candidate_indicator_dict:
return None
candidate_indicator_ = CandidateIndicator()
candidate_indicator_.id = candidate_indicator_dict.get('id')
candidate_indicator_.creation_datetime = candidate_indicator_dict.get('creation_datetime')
candidate_indicator_.version = candidate_indicator_dict.get('version')
candidate_indicator_.importance = VocabString.from_dict(candidate_indicator_dict.get('importance'))
candidate_indicator_.numeric_importance = candidate_indicator_dict.get('numeric_importance')
candidate_indicator_.author = candidate_indicator_dict.get('author')
candidate_indicator_.description = candidate_indicator_dict.get('description')
candidate_indicator_.malware_entity = MalwareEntity.from_dict(candidate_indicator_dict.get('malware_entity'))
candidate_indicator_.composition = CandidateIndicatorComposition.from_dict(candidate_indicator_dict.get('composition'))
return candidate_indicator_
def from_dict(extracted_string_dict):
if not extracted_string_dict:
return None
extracted_string_ = ExtractedString()
extracted_string_.encoding = VocabString.from_dict(extracted_string_dict.get('encoding'))
extracted_string_.string_value = String.from_dict(extracted_string_dict.get('string_value'))
extracted_string_.byte_string_value = HexBinary.from_dict(extracted_string_dict.get('byte_string_value'))
extracted_string_.hashes = HashList.from_list(extracted_string_dict.get('hashes'))
extracted_string_.address = HexBinary.from_dict(extracted_string_dict.get('address'))
extracted_string_.length = PositiveInteger.from_dict(extracted_string_dict.get('length'))
extracted_string_.language = String.from_dict(extracted_string_dict.get('language'))
extracted_string_.english_translation = String.from_dict(extracted_string_dict.get('english_translation'))
return extracted_string_
def from_dict(malware_subject_dict):
if not malware_subject_dict:
return None
malware_subject_ = MalwareSubject(None)
malware_subject_.id = malware_subject_dict.get('id')
malware_subject_.malware_instance_object_attributes = Object.from_dict(malware_subject_dict.get('malware_instance_object_attributes'))
malware_subject_.minor_variants = MinorVariants.from_list(malware_subject_dict.get('minor_variants'))
malware_subject_.configuration_details = MalwareConfigurationDetails.from_dict(malware_subject_dict.get('configuration_details'))
malware_subject_.development_environment = MalwareDevelopmentEnvironment.from_dict(malware_subject_dict.get('development_environment'))
malware_subject_.field_data = None #TODO: add support
malware_subject_.analyses = Analyses.from_list(malware_subject_dict.get('analyses'))
malware_subject_.findings_bundles = FindingsBundleList.from_dict(malware_subject_dict.get('findings_bundles'))
malware_subject_.relationships = MalwareSubjectRelationshipList.from_list(malware_subject_dict.get('id'))
if malware_subject_dict.get('label'):
malware_subject_.label = [VocabString.from_dict(x) for x in malware_subject_dict.get('label')]
if malware_subject_dict.get('compatible_platform'):
malware_subject_.compatible_platform = [PlatformSpecification.from_dict(x) for x in malware_subject_dict.get('compatible_platform')]
return malware_subject_
def from_dict(toolinfo_dict, toolinfo=None):
if not toolinfo_dict:
return None
if not toolinfo:
toolinfo = ToolInformation()
toolinfo.id_ = toolinfo_dict.get('id')
toolinfo.idref = toolinfo_dict.get('idref')
toolinfo.name = toolinfo_dict.get('name')
toolinfo.type_ = [VocabString.from_dict(x) for x in toolinfo_dict.get('type', [])]
toolinfo.description = StructuredText.from_dict(toolinfo_dict.get('description'))
toolinfo.vendor = toolinfo_dict.get('vendor')
toolinfo.version = toolinfo_dict.get('version')
toolinfo.service_pack = toolinfo_dict.get('service_pack')
toolinfo.tool_hashes = HashList.from_list(toolinfo_dict.get('tool_hashes'))
return toolinfo
def from_dict(capability_objective_dict):
if not capability_objective_dict:
return None
capability_objective_ = CapabilityObjective()
if capability_objective_dict.get("id"):
capability_objective_.id_ = capability_objective_dict.get("id")
capability_objective_.name = VocabString.from_dict(capability_objective_dict.get("name"))
capability_objective_.description = capability_objective_dict.get("description")
if capability_objective_dict.get("property"):
capability_objective_.property = [
CapabilityProperty.from_dict(x) for x in capability_objective_dict.get("property")
]
if capability_objective_dict.get("behavior_reference"):
capability_objective_.behavior_reference = [
BehaviorReference.from_dict(x) for x in capability_objective_dict.get("behavior_reference")
]
if capability_objective_dict.get("relationship"):
capability_objective_.relationship = [
CapabilityObjectiveRelationship.from_dict(x) for x in capability_objective_dict.get("relationship")
]
return capability_objective_
def from_dict(extracted_string_dict):
if not extracted_string_dict:
return None
extracted_string_ = ExtractedString()
extracted_string_.encoding = VocabString.from_dict(
extracted_string_dict.get('encoding'))
extracted_string_.string_value = String.from_dict(
extracted_string_dict.get('string_value'))
extracted_string_.byte_string_value = HexBinary.from_dict(
extracted_string_dict.get('byte_string_value'))
extracted_string_.hashes = HashList.from_list(
extracted_string_dict.get('hashes'))
extracted_string_.address = HexBinary.from_dict(
extracted_string_dict.get('address'))
extracted_string_.length = PositiveInteger.from_dict(
extracted_string_dict.get('length'))
extracted_string_.language = String.from_dict(
extracted_string_dict.get('language'))
extracted_string_.english_translation = String.from_dict(
extracted_string_dict.get('english_translation'))
return extracted_string_
def from_dict(toolinfo_dict, toolinfo=None):
if not toolinfo_dict:
return None
if not toolinfo:
toolinfo = ToolInformation()
toolinfo.id_ = toolinfo_dict.get('id')
toolinfo.idref = toolinfo_dict.get('idref')
toolinfo.name = toolinfo_dict.get('name')
toolinfo.type_ = [
VocabString.from_dict(x) for x in toolinfo_dict.get('type', [])
]
toolinfo.description = StructuredText.from_dict(
toolinfo_dict.get('description'))
toolinfo.vendor = toolinfo_dict.get('vendor')
toolinfo.version = toolinfo_dict.get('version')
toolinfo.service_pack = toolinfo_dict.get('service_pack')
toolinfo.tool_hashes = HashList.from_list(
toolinfo_dict.get('tool_hashes'))
return toolinfo
def from_dict(object_dict):
if not object_dict:
return None
obj = Object.from_dict(object_dict, AssociatedObject())
obj.association_type_ = VocabString.from_dict(object_dict.get('association_type', None))
return obj
