def from_dict(win_file_dict, file_class = None): if not win_file_dict: return None if not file_class: win_file_ = File.from_dict(win_file_dict, WinFile()) else: win_file_ = File.from_dict(win_file_dict, file_class) win_file_.filename_accessed_time = DateTime.from_dict(win_file_dict.get('filename_accessed_time')) win_file_.filename_created_time = DateTime.from_dict(win_file_dict.get('filename_created_time')) win_file_.filename_modified_time = DateTime.from_dict(win_file_dict.get('filename_modified_time')) win_file_.drive = String.from_dict(win_file_dict.get('drive')) win_file_.security_id = String.from_dict(win_file_dict.get('security_id')) win_file_.security_type = String.from_dict(win_file_dict.get('security_type')) win_file_.stream_list = StreamList.from_list(win_file_dict.get('stream_list')) return win_file_
def from_dict(mal_dev_dict): if not mal_dev_dict: return None mal_dev_env_ = MalwareDevelopmentEnvironment() mal_dev_env_.tools = ToolInformationList.from_list(mal_dev_dict['tools']) if mal_dev_dict.get('debugging_file'): mal_dev_env_.debugging_file = [File.from_dict(x) for x in mal_dev_dict['debugging_file']] return mal_dev_env_
def from_dict(mal_conf_storage_dict): if not mal_conf_storage_dict: return None mal_conf_storage_ = MalwareConfigurationStorageDetails() mal_conf_storage_.malware_binary = MalwareBinaryConfigurationStorageDetails.from_dict(mal_conf_storage_dict['malware_binary']) mal_conf_storage_.file = File.from_dict(mal_conf_storage_dict['file']) if mal_conf_storage_dict['url']: mal_conf_storage_.url = [URI.from_dict(x) for x in mal_conf_storage_dict['configuration_parameter']] return mal_conf_storage_
def from_dict(message_dict): message = EmailMessage() for attachment in message_dict.get('attachments', []): message.attachments.append(File.from_dict(attachment)) for link in message_dict.get('links', []): message.links.append(URI.from_dict(link)) message.header = EmailHeader.from_dict(message_dict.get('header')) message.optional_header = OptionalHeader.from_dict(message_dict.get('optional_header')) message.email_server = String.from_dict(message_dict.get('email_server')) message.raw_body = String.from_dict(message_dict.get('raw_body')) message.raw_header = String.from_dict(message_dict.get('raw_header')) return message
def test_filepath_is_none(self): # This would throw an exception at one point. Should be fixed now. a = File.from_dict({'file_name': 'abcd.dll'})
from cybox.objects.file_object import File file_1 = File.from_dict({'file_name': 'abcd.dll', 'size_in_bytes': '25556'}) file_2 = File.from_dict({'file_name': 'abcd.dll', 'size_in_bytes': '25556'}) file_3 = File.from_dict({'file_name': 'abcd.dll', 'size_in_bytes': '1337'}) # First, disable the use of ``size_in_bytes`` comparisons. File.size_in_bytes.comparable = False print file_1 == file_2 print file_1 == file_3 # Now, set it back to True (the default). File.size_in_bytes.comparable = True print file_1 == file_2 print file_1 == file_3
# this can be changed to an output file outfd = sys.stdout # create an Observable object: observables_doc = Observables([]) # add some different observables: # you don't have to use every member and there are other members that are not being utilized here: observables_doc.add(Process.from_dict({"name": "Process.exe", "pid": 90, "parent_pid": 10, #"creation_time": "", "image_info": {"command_line": "Process.exe /c blah.txt"}})) observables_doc.add(File.from_dict({"file_name": "file.txt", "file_extension": "txt", "file_path": "path\\to\\file.txt"})) observables_doc.add(helper.create_ipv4_observable("192.168.1.101")) observables_doc.add(helper.create_url_observable("somedomain.com")) observables_doc.add(WinService.from_dict({"service_name": "Service Name", "display_name": "Service Display name", "startup_type": "Service type", "service_status": "Status", "service_dll": "Somedll.dll", "started_as": "Start", "group_name": "Group name", "startup_command_line": "Commandline"}))