def from_dict(cls, dict_repr, return_obj=None):
if not dict_repr:
return None
if not return_obj:
return_obj = cls()
super(Indicator, cls).from_dict(dict_repr, return_obj=return_obj)
get = dict_repr.get
return_obj.negate = get('negate')
return_obj.alternative_id = get('alternative_id')
return_obj.indicated_ttps = _IndicatedTTPs.from_dict(get('indicated_ttps'))
return_obj.test_mechanisms = TestMechanisms.from_list(get('test_mechanisms'))
return_obj.suggested_coas = SuggestedCOAs.from_dict(get('suggested_coas'))
return_obj.sightings = Sightings.from_dict(get('sightings'))
return_obj.composite_indicator_expression = CompositeIndicatorExpression.from_dict(get('composite_indicator_expression'))
return_obj.kill_chain_phases = KillChainPhasesReference.from_dict(get('kill_chain_phases'))
return_obj.related_indicators = RelatedIndicators.from_dict(get('related_indicators'))
return_obj.likely_impact = Statement.from_dict(get('likely_impact'))
return_obj.indicator_types = IndicatorTypes.from_list(get('indicator_types'))
return_obj.confidence = Confidence.from_dict(get('confidence'))
return_obj.valid_time_positions = _ValidTimePositions.from_dict(get('valid_time_positions'))
return_obj.observable = Observable.from_dict(get('observable'))
return_obj.producer = InformationSource.from_dict(get('producer'))
return_obj.related_campaigns = RelatedCampaignRefs.from_dict(get('related_campaigns'))
return_obj.related_packages = RelatedPackageRefs.from_dict(get('related_packages'))
return return_obj
def from_dict(cls, dict_repr, return_obj=None):
if not dict_repr:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = dict_repr.get('id')
return_obj.title = dict_repr.get('title')
observable_dict = dict_repr.get('observable')
producer_dict = dict_repr.get('producer')
description_dict = dict_repr.get('description')
indicator_type_dict = dict_repr.get('indicator_type')
if observable_dict:
return_obj.add_observable(Observable.from_dict(observable_dict))
if producer_dict:
return_obj.producer = InformationSource.from_dict(producer_dict)
if description_dict:
return_obj.description = StructuredText.from_dict(description_dict)
if indicator_type_dict:
return_obj.indicator_type = IndicatorType.from_dict(indicator_type_dict)
return return_obj
def from_dict(cls, dict_repr, return_obj=None):
if not dict_repr:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = dict_repr.get('id')
return_obj.title = dict_repr.get('title')
observable_dict = dict_repr.get('observable')
producer_dict = dict_repr.get('producer')
description_dict = dict_repr.get('description')
indicator_type_dict = dict_repr.get('indicator_type')
if observable_dict:
return_obj.add_observable(Observable.from_dict(observable_dict))
if producer_dict:
return_obj.producer = InformationSource.from_dict(producer_dict)
if description_dict:
return_obj.description = StructuredText.from_dict(description_dict)
if indicator_type_dict:
return_obj.indicator_type = IndicatorType.from_dict(
indicator_type_dict)
return return_obj
def test_observable_from_dict_with_event(self):
data = {
'event': {
'type': {
'xsi:type': 'cyboxVocabs:EventTypeVocab-1.0.1',
'value': 'DHCP',
}
}
}
obs = Observable.from_dict(data)
assert obs.event.type_ == 'DHCP'
def test_observable_from_dict_with_event(self):
data = {
'event': {
'type': {
'xsi:type': 'cyboxVocabs:EventTypeVocab-1.0.1',
'value': 'DHCP',
}
}
}
obs = Observable.from_dict(data)
assert obs.event.type_ == 'DHCP'
def from_dict(cls, dict_repr, return_obj=None):
if not dict_repr:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = dict_repr.get('id')
return_obj.idref = dict_repr.get('idref')
return_obj.timestamp = dict_repr.get('timestamp')
return_obj.title = dict_repr.get('title')
return_obj.version = dict_repr.get('version', cls._version)
observable_dict = dict_repr.get('observable')
producer_dict = dict_repr.get('producer')
description_dict = dict_repr.get('description')
indicator_type_list = dict_repr.get('indicator_types', [])
confidence_dict = dict_repr.get('confidence')
alternative_id_dict = dict_repr.get('alternative_id')
valid_time_position_dict = dict_repr.get('valid_time_positions')
return_obj.short_description = StructuredText.from_dict(dict_repr.get('short_description'))
return_obj.indicated_ttps = [RelatedTTP.from_dict(x) for x in dict_repr.get('indicated_ttps', [])]
return_obj.test_mechanisms = [_BaseTestMechanism.from_dict(x) for x in dict_repr.get('test_mechanisms', [])]
return_obj.suggested_coas = SuggestedCOAs.from_dict(dict_repr.get('suggested_coas'))
return_obj.sightings = Sightings.from_dict(dict_repr.get('sightings'))
return_obj.composite_indicator_expression = CompositeIndicatorExpression.from_dict(dict_repr.get('composite_indicator_expression'))
return_obj.handling = Marking.from_dict(dict_repr.get('handling'))
return_obj.kill_chain_phases = KillChainPhasesReference.from_dict(dict_repr.get('kill_chain_phases'))
return_obj.related_indicators = RelatedIndicators.from_dict(dict_repr.get('related_indicators'))
return_obj.likely_impact = Statement.from_dict(dict_repr.get('likely_impact'))
if observable_dict:
return_obj.add_observable(Observable.from_dict(observable_dict))
if producer_dict:
return_obj.producer = InformationSource.from_dict(producer_dict)
if description_dict:
return_obj.description = StructuredText.from_dict(description_dict)
for indicator_type_dict in indicator_type_list:
return_obj.add_indicator_type(VocabString.from_dict(indicator_type_dict))
if confidence_dict:
return_obj.confidence = Confidence.from_dict(confidence_dict)
if alternative_id_dict:
return_obj.alternative_id = alternative_id_dict
if valid_time_position_dict:
for valid_time_position_type_dict in valid_time_position_dict:
return_obj.add_valid_time_position(ValidTime.from_dict(valid_time_position_type_dict))
return return_obj
def from_dict(cls, dict_repr, return_obj=None):
if not dict_repr:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = dict_repr.get('id')
return_obj.idref = dict_repr.get('idref')
return_obj.timestamp = dict_repr.get('timestamp')
return_obj.title = dict_repr.get('title')
return_obj.version = dict_repr.get('version', cls._version)
observable_dict = dict_repr.get('observable')
producer_dict = dict_repr.get('producer')
description_dict = dict_repr.get('description')
indicator_type_list = dict_repr.get('indicator_types')
confidence_dict = dict_repr.get('confidence')
alternative_id_dict = dict_repr.get('alternative_id')
return_obj.short_description = StructuredText.from_dict(dict_repr.get('short_description'))
return_obj.indicated_ttps = [RelatedTTP.from_dict(x) for x in dict_repr.get('indicated_ttps', [])]
return_obj.test_mechanisms = [_BaseTestMechanism.from_dict(x) for x in dict_repr.get('test_mechanisms', [])]
return_obj.suggested_coas = SuggestedCOAs.from_dict(dict_repr.get('suggested_coas'))
return_obj.sightings = Sightings.from_dict(dict_repr.get('sightings'))
return_obj.composite_indicator_expression = CompositeIndicatorExpression.from_dict(dict_repr.get('composite_indicator_expression'))
return_obj.handling = Marking.from_dict(dict_repr.get('handling'))
if observable_dict:
return_obj.add_observable(Observable.from_dict(observable_dict))
if producer_dict:
return_obj.producer = InformationSource.from_dict(producer_dict)
if description_dict:
return_obj.description = StructuredText.from_dict(description_dict)
if indicator_type_list:
for indicator_type_dict in indicator_type_list:
return_obj.add_indicator_type(IndicatorType.from_dict(indicator_type_dict))
if confidence_dict:
return_obj.confidence = Confidence.from_dict(confidence_dict)
if alternative_id_dict:
return_obj.alternative_id = alternative_id_dict
return return_obj
def from_dict(cls, dict_repr, return_obj=None):
if not dict_repr:
return None
if not return_obj:
return_obj = cls()
super(Indicator, cls).from_dict(dict_repr, return_obj=return_obj)
get = dict_repr.get
return_obj.negate = get('negate')
return_obj.alternative_id = get('alternative_id')
return_obj.indicated_ttps = _IndicatedTTPs.from_dict(
get('indicated_ttps'))
return_obj.test_mechanisms = TestMechanisms.from_list(
get('test_mechanisms'))
return_obj.suggested_coas = SuggestedCOAs.from_dict(
get('suggested_coas'))
return_obj.sightings = Sightings.from_dict(get('sightings'))
return_obj.composite_indicator_expression = CompositeIndicatorExpression.from_dict(
get('composite_indicator_expression'))
return_obj.handling = Marking.from_dict(get('handling'))
return_obj.kill_chain_phases = KillChainPhasesReference.from_dict(
get('kill_chain_phases'))
return_obj.related_indicators = RelatedIndicators.from_dict(
get('related_indicators'))
return_obj.likely_impact = Statement.from_dict(get('likely_impact'))
return_obj.indicator_types = IndicatorTypes.from_list(
get('indicator_types'))
return_obj.confidence = Confidence.from_dict(get('confidence'))
return_obj.valid_time_positions = _ValidTimePositions.from_dict(
get('valid_time_positions'))
return_obj.observable = Observable.from_dict(get('observable'))
return_obj.producer = InformationSource.from_dict(get('producer'))
return_obj.related_campaigns = RelatedCampaignRefs.from_dict(
get('related_campaigns'))
return_obj.related_packages = RelatedPackageRefs.from_dict(
get('related_packages'))
return return_obj
def cert_to_cybox(cert_dict):
'Parse the certificate dictionary and create the CybOX Observable representation from it'
properties_dict = {'xsi:type': 'X509CertificateObjectType'}
properties_dict['certificate'] = {}
properties_dict['certificate_signature'] = {}
properties_dict['certificate']['subject_public_key'] = {}
properties_dict['certificate']['validity'] = {}
properties_dict['certificate']['standard_extensions'] = {}
properties_dict['certificate']['non_standard_extensions'] = {}
properties_dict['certificate']['subject_public_key']['rsa_public_key'] = {}
x509_obj_dict = {'properties': properties_dict}
x509_to_cybox = Namespace("https://github.com/CybOXProject/Tools",
"x509_to_cybox")
observable_dict = {
'id':
cybox.utils.IDGenerator(x509_to_cybox).create_id(prefix="observable"),
'object': x509_obj_dict
}
for key, value in cert_dict.items():
if key == 'Version':
split_version = value.split(' ')
properties_dict['certificate']['version'] = split_version[0]
elif key == 'Serial Number':
properties_dict['certificate']['serial_number'] = value
elif key == 'Subject':
properties_dict['certificate']['subject'] = value
elif key == 'Issuer':
properties_dict['certificate']['issuer'] = value
elif key == 'Signature Algorithm':
properties_dict['certificate']['signature_algorithm'] = value
elif key == 'Public Key Algorithm':
properties_dict['certificate']['subject_public_key'][
'public_key_algorithm'] = value
elif key == 'Modulus' or key == 'Modulus (2048 bit)' or key == 'Modulus (1024 bit)' or key == 'Modulus (512 bit)':
properties_dict['certificate']['subject_public_key'][
'rsa_public_key']['modulus'] = value
elif key == 'Exponent':
split_exponent = value.split(' ')
properties_dict['certificate']['subject_public_key'][
'rsa_public_key']['exponent'] = split_exponent[0]
elif key == 'Not Before':
properties_dict['certificate']['validity']['not_before'] = value
elif key == 'Not After':
properties_dict['certificate']['validity']['not_after'] = value
elif key == 'Signature Algorithm_':
split_signature = value.split(' ')
if len(split_signature) == 2:
properties_dict['certificate_signature'][
'signature_algorithm'] = split_signature[0]
properties_dict['certificate_signature'][
'signature'] = split_signature[1]
else:
properties_dict['certificate_signature']['signature'] = value
elif key == 'X509v3 Basic Constraints':
properties_dict['certificate']['standard_extensions'][
'basic_constraints'] = value
elif key == 'X509v3 Name Constraints':
properties_dict['certificate']['standard_extensions'][
'name_constraints'] = value
elif key == 'X509v3 Policy Constraints':
properties_dict['certificate']['standard_extensions'][
'policy_constraints'] = value
elif key == 'X509v3 Subject Key Identifier':
properties_dict['certificate']['standard_extensions'][
'subject_key_identifier'] = value
elif key == 'X509v3 Authority Key Identifier':
properties_dict['certificate']['standard_extensions'][
'authority_key_identifier'] = value
elif key == 'X509v3 Subject Alternative Name':
properties_dict['certificate']['standard_extensions'][
'subject_alternative_name'] = value
elif key == 'X509v3 Issuer Alternative Name':
properties_dict['certificate']['standard_extensions'][
'issuer_alternative_name'] = value
elif key == 'X509v3 Subject Directory Attributes':
properties_dict['certificate']['standard_extensions'][
'subject_directory_attributes'] = value
elif key == 'X509v3 CRL Distribution Points':
properties_dict['certificate']['standard_extensions'][
'crl_distribution_points'] = value
elif key == 'X509v3 Inhibit Any Policy':
properties_dict['certificate']['standard_extensions'][
'inhibit_any_policy'] = value
elif key == 'X509v3 Private Key Usage Period':
properties_dict['certificate']['standard_extensions'][
'private_key_usage_period'] = value
elif key == 'X509v3 Certificate Policies':
properties_dict['certificate']['standard_extensions'][
'certificate_policies'] = value
elif key == 'X509v3 Policy Mappings':
properties_dict['certificate']['standard_extensions'][
'policy_mappings'] = value
elif key == 'X509v3 Key Usage':
properties_dict['certificate']['standard_extensions'][
'key_usage'] = value
elif key == 'X509v3 Extended Key Usage':
properties_dict['certificate']['standard_extensions'][
'extended_key_usage'] = value
elif key == 'Netscape Comment':
properties_dict['certificate']['non_standard_extensions'][
'netscape_comment'] = value
elif key == 'Netscape Cert Type' or key == 'Netscape Certificate Type':
properties_dict['certificate']['non_standard_extensions'][
'netscape_certificate_type'] = value
elif key == '2.5.29.1':
properties_dict['certificate']['non_standard_extensions'][
'old_authority_key_identifier'] = value
elif key == '2.5.29.2':
properties_dict['certificate']['non_standard_extensions'][
'old_primary_key_attributes'] = value
return Observable.from_dict(observable_dict)
def cert_to_cybox(cert_dict):
'Parse the certificate dictionary and create the CybOX Observable representation from it'
properties_dict = {'xsi:type' : 'X509CertificateObjectType'}
properties_dict['certificate'] = {}
properties_dict['certificate_signature'] = {}
properties_dict['certificate']['subject_public_key'] = {}
properties_dict['certificate']['validity'] = {}
properties_dict['certificate']['standard_extensions'] = {}
properties_dict['certificate']['non_standard_extensions'] = {}
properties_dict['certificate']['subject_public_key']['rsa_public_key'] = {}
x509_obj_dict = {'properties' : properties_dict}
x509_to_cybox = Namespace("https://github.com/CybOXProject/Tools", "x509_to_cybox")
observable_dict = {'id': cybox.utils.IDGenerator(x509_to_cybox).create_id(prefix="observable"), 'object' : x509_obj_dict}
for key, value in cert_dict.items():
if key == 'Version' :
split_version = value.split(' ')
properties_dict['certificate']['version'] = split_version[0]
elif key == 'Serial Number':
properties_dict['certificate']['serial_number'] = value
elif key == 'Subject':
properties_dict['certificate']['subject'] = value
elif key == 'Issuer':
properties_dict['certificate']['issuer'] = value
elif key == 'Signature Algorithm':
properties_dict['certificate']['signature_algorithm'] = value
elif key == 'Public Key Algorithm':
properties_dict['certificate']['subject_public_key']['public_key_algorithm'] = value
elif key == 'Modulus' or key == 'Modulus (2048 bit)' or key == 'Modulus (1024 bit)' or key == 'Modulus (512 bit)':
properties_dict['certificate']['subject_public_key']['rsa_public_key']['modulus'] = value
elif key == 'Exponent':
split_exponent = value.split(' ')
properties_dict['certificate']['subject_public_key']['rsa_public_key']['exponent'] = split_exponent[0]
elif key == 'Not Before' :
properties_dict['certificate']['validity']['not_before'] = value
elif key == 'Not After' :
properties_dict['certificate']['validity']['not_after'] = value
elif key == 'Signature Algorithm_':
split_signature = value.split(' ')
if len(split_signature) == 2:
properties_dict['certificate_signature']['signature_algorithm'] = split_signature[0]
properties_dict['certificate_signature']['signature'] = split_signature[1]
else:
properties_dict['certificate_signature']['signature'] = value
elif key == 'X509v3 Basic Constraints':
properties_dict['certificate']['standard_extensions']['basic_constraints'] = value
elif key == 'X509v3 Name Constraints':
properties_dict['certificate']['standard_extensions']['name_constraints'] = value
elif key == 'X509v3 Policy Constraints':
properties_dict['certificate']['standard_extensions']['policy_constraints'] = value
elif key == 'X509v3 Subject Key Identifier':
properties_dict['certificate']['standard_extensions']['subject_key_identifier'] = value
elif key == 'X509v3 Authority Key Identifier':
properties_dict['certificate']['standard_extensions']['authority_key_identifier'] = value
elif key == 'X509v3 Subject Alternative Name':
properties_dict['certificate']['standard_extensions']['subject_alternative_name'] = value
elif key == 'X509v3 Issuer Alternative Name':
properties_dict['certificate']['standard_extensions']['issuer_alternative_name'] = value
elif key == 'X509v3 Subject Directory Attributes':
properties_dict['certificate']['standard_extensions']['subject_directory_attributes'] = value
elif key == 'X509v3 CRL Distribution Points':
properties_dict['certificate']['standard_extensions']['crl_distribution_points'] = value
elif key == 'X509v3 Inhibit Any Policy':
properties_dict['certificate']['standard_extensions']['inhibit_any_policy'] = value
elif key == 'X509v3 Private Key Usage Period':
properties_dict['certificate']['standard_extensions']['private_key_usage_period'] = value
elif key == 'X509v3 Certificate Policies':
properties_dict['certificate']['standard_extensions']['certificate_policies'] = value
elif key == 'X509v3 Policy Mappings':
properties_dict['certificate']['standard_extensions']['policy_mappings'] = value
elif key == 'X509v3 Key Usage':
properties_dict['certificate']['standard_extensions']['key_usage'] = value
elif key == 'X509v3 Extended Key Usage':
properties_dict['certificate']['standard_extensions']['extended_key_usage'] = value
elif key == 'Netscape Comment':
properties_dict['certificate']['non_standard_extensions']['netscape_comment'] = value
elif key == 'Netscape Cert Type' or key == 'Netscape Certificate Type':
properties_dict['certificate']['non_standard_extensions']['netscape_certificate_type'] = value
elif key == '2.5.29.1':
properties_dict['certificate']['non_standard_extensions']['old_authority_key_identifier'] = value
elif key == '2.5.29.2':
properties_dict['certificate']['non_standard_extensions']['old_primary_key_attributes'] = value
return Observable.from_dict(observable_dict)
