def __init__(self, id=None, name=None):
super(Capability, self).__init__()
if id:
self.id_ = id
else:
self.id_ = idgen.create_id(prefix="capability")
self.name = name
def __init__(self, id = None, description = None):
super(Behavior, self).__init__()
if id:
self.id_ = id
else:
self.id_ = idgen.create_id(prefix="behavior")
self.description = description
def __init__(self,
id_=None,
idref=None,
timestamp=None,
stix_header=None,
courses_of_action=None,
exploit_targets=None,
indicators=None,
observables=None,
incidents=None,
threat_actors=None,
ttps=None,
campaigns=None,
related_packages=None,
reports=None):
self.id_ = id_ or idgen.create_id("Package")
self.idref = idref
self._version = STIXPackage._version
self.stix_header = stix_header
self.campaigns = campaigns
self.courses_of_action = courses_of_action
self.exploit_targets = exploit_targets
self.observables = observables
self.indicators = indicators
self.incidents = incidents
self.threat_actors = threat_actors
self.ttps = ttps
self.related_packages = related_packages
self.reports = reports
self.timestamp = timestamp
def __init__(self, id=None, description=None):
super(Behavior, self).__init__()
if id:
self.id_ = id
else:
self.id_ = idgen.create_id(prefix="behavior")
self.description = description
def __init__(self, name=None, id=None):
super(ObjectCollection, self).__init__(name)
if id:
self.id_ = id
else:
self.id_ = idgen.create_id(prefix="object_collection")
self.object_list = ObjectList()
def __init__(self, name = None, id = None):
super(CandidateIndicatorCollection, self).__init__(name)
if id:
self.id_ = id
else:
self.id_ = idgen.create_id(prefix="candidate_indicator_collection")
self.candidate_indicator_list = CandidateIndicatorList()
def __init__(self, name = None, id = None):
super(ActionCollection, self).__init__(name)
if id:
self.id_ = id
else:
self.id_ = idgen.create_id(prefix="action_collection")
self.action_list = ActionList()
def __init__(self, name = None, id = None):
super(ObjectCollection, self).__init__(name)
if id:
self.id_ = id
else:
self.id_ = idgen.create_id(prefix="object_collection")
self.object_list = ObjectList()
def __init__(self,
id_=None,
idref=None,
timestamp=None,
stix_header=None,
courses_of_action=None,
exploit_targets=None,
indicators=None,
observables=None,
incidents=None,
threat_actors=None,
ttps=None,
campaigns=None,
related_packages=None,
reports=None):
super(STIXPackage, self).__init__()
self.id_ = id_ or idgen.create_id("Package")
self.idref = idref
self.version = STIXPackage._version
self.stix_header = stix_header
self.campaigns = campaigns or Campaigns()
self.courses_of_action = courses_of_action or CoursesOfAction()
self.exploit_targets = exploit_targets or ExploitTargets()
self.observables = observables or Observables()
self.indicators = indicators or Indicators()
self.incidents = incidents or Incidents()
self.threat_actors = threat_actors or ThreatActors()
self.ttps = ttps or TTPs()
self.related_packages = related_packages
self.reports = reports or Reports()
self.timestamp = timestamp
def __init__(self,id=None,namespace=None,malware_instance_object_attributes=None,relationships=None,minor_variants=None,labels=None,findings_bundles=None,
development_environment=None,configuration_details=None,compatible_platform=None,analyses=None):
super(MaecMalwareSubject, self).__init__(id=id,malware_instance_object_attributes=malware_instance_object_attributes)
if id is None and namespace is not None:
set_id_method(IDGenerator.METHOD_UUID)
set_id_namespace(namespace)
self.id_ = create_id(prefix="malware_subject")
self.relationships =MalwareSubjectRelationshipList()
if relationships is not None:
for relationship in relationships:
if isinstance(relationship,MalwareSubjectRelationship):
self.relationships.append(relationship)
self.minor_variants = MinorVariants()
if minor_variants is not None:
for minor_variant in minor_variants:
self.minor_variants.append(minor_variant)
self.label=[]
if labels is not None:
for label in labels:
self.label.append(VocabString(label))
self.findings_bundles = FindingsBundleList()
if findings_bundles is not None and isinstance(findings_bundles,FindingsBundleList):
self.findings_bundles = findings_bundles
self.development_environment = development_environment
self.configuration_details =configuration_details
self.compatible_platform =compatible_platform
self.analyses = analyses
def __init__(self, id=None, parent_action_idref=None):
super(ProcessTreeNode, self).__init__()
if id:
self.id_ = id
else:
self.id_ = idgen.create_id(prefix="process_tree")
self.parent_action_idref = parent_action_idref
def __init__(self,id=None,namespace=None,method=None,type=None,source=None,ordinal_position=None,
start_datetime=None,complete_datetime=None,lastupdate_datetime=None,analysts=None,summary=None,comments=None,tools=None,
dynamic_analysis_metadata=None,report=None,analysis_environment=None):
super(MaecAnalysis,self).__init__(id=id,method=method,type=type)
set_id_method(IDGenerator.METHOD_UUID)
if id is None:
if namespace is not None:
set_id_namespace(namespace)
self.id_ = create_id(prefix='analysis')
self.ordinal_position=ordinal_position
self.start_datetime=start_datetime
self.complete_datetime =complete_datetime
self.lastupdate_datetime =lastupdate_datetime
self.source=source
if analysts is not None:
self.analysts = Personnel()
for contr in analysts():
if isinstance(contr,Contributor):
self.analysts.append(contr)
self.summary =summary
if comments is not None:
self.comments = CommentList()
for comment in comments:
self.comments.append(comment)
if tools is not None:
for tool in tools:
if isinstance(tool,ToolInformation):
self.add_tool(tool)
if dynamic_analysis_metadata is not None and isinstance(dynamic_analysis_metadata,DynamicAnalysisMetadata):
self.dynamic_analysis_metadata =dynamic_analysis_metadata
self.report =report
if isinstance(analysis_environment,AnalysisEnvironment):
self.analysis_environment=analysis_environment
def __init__(self, name=None, id=None):
super(BehaviorCollection, self).__init__(name)
if id:
self.id_ = id
else:
self.id_ = idgen.create_id(prefix="behavior_collection")
self.behavior_list = BehaviorList()
def __init__(self, name = None, id = None):
super(BehaviorCollection, self).__init__(name)
if id:
self.id_ = id
else:
self.id_ = idgen.create_id(prefix="behavior_collection")
self.behavior_list = BehaviorList()
def __init__(self, name=None, id=None):
super(ActionCollection, self).__init__(name)
if id:
self.id_ = id
else:
self.id_ = idgen.create_id(prefix="action_collection")
self.action_list = ActionList()
def __init__(self,
id_=None,
idref=None,
timestamp=None,
header=None,
courses_of_action=None,
exploit_targets=None,
indicators=None,
observables=None,
incidents=None,
threat_actors=None,
ttps=None,
campaigns=None,
related_reports=None):
super(Report, self).__init__()
self.id_ = id_ or idgen.create_id("Report")
self.idref = idref
self.version = self._version
self.header = header
self.campaigns = campaigns
self.courses_of_action = courses_of_action
self.exploit_targets = exploit_targets
self.observables = observables
self.indicators = indicators
self.incidents = incidents
self.threat_actors = threat_actors
self.ttps = ttps
self.related_reports = related_reports
if timestamp:
self.timestamp = timestamp
else:
self.timestamp = utils.dates.now() if not idref else None
def __init__(self, name=None, id=None):
super(CandidateIndicatorCollection, self).__init__(name)
if id:
self.id_ = id
else:
self.id_ = idgen.create_id(prefix="candidate_indicator_collection")
self.candidate_indicator_list = CandidateIndicatorList()
def __init__(self, id = None, parent_action_idref = None):
super(ProcessTreeNode, self).__init__()
if id:
self.id_ = id
else:
self.id_ = idgen.create_id(prefix="process_tree")
self.parent_action_idref = parent_action_idref
def __init__(self, id=None, malware_instance_object_attributes=None):
super(MalwareSubject, self).__init__()
if id:
self.id_ = id
else:
self.id_ = idgen.create_id(prefix="malware_subject")
#Set the Malware Instance Object Attributes (a CybOX object) if they are not none
self.malware_instance_object_attributes = malware_instance_object_attributes
def __init__(self, id = None, malware_instance_object_attributes = None):
super(MalwareSubject, self).__init__()
if id:
self.id_ = id
else:
self.id_ = idgen.create_id(prefix="malware_subject")
#Set the Malware Instance Object Attributes (a CybOX object) if they are not none
self.malware_instance_object_attributes = malware_instance_object_attributes
def __init__(self, id = None, method = None, type = None, findings_bundle_reference = []):
super(Analysis, self).__init__()
if id:
self.id_ = id
else:
self.id_ = idgen.create_id(prefix="analysis")
self.method = method
self.type_ = type
self.findings_bundle_reference = findings_bundle_reference
def __init__(self, id = None, schema_version = "2.1", timestamp = None):
super(Package, self).__init__()
if id:
self.id_ = id
else:
self.id_ = idgen.create_id(prefix="package")
self.schema_version = schema_version
self.timestamp = timestamp
self.malware_subjects = MalwareSubjectList()
self.__input_namespaces__ = {}
self.__input_schemalocations__ = {}
def __init__(self, id = None, schema_version = "2.1", timestamp = None):
super(Package, self).__init__()
if id:
self.id_ = id
else:
self.id_ = idgen.create_id(prefix="package")
self.schema_version = schema_version
self.timestamp = timestamp
self.malware_subjects = MalwareSubjectList()
self.__input_namespaces__ = {}
self.__input_schemalocations__ = {}
def __init__(self, properties=None, type_=None):
# TODO: Accept id_ as an argument
super(Object, self).__init__()
if properties:
prefix = str(properties.__class__.__name__)
else:
prefix = "Object"
self.id_ = idgen.create_id(prefix=prefix)
self.idref = None
self.properties = properties
self.related_objects = []
self.domain_specific_object_properties = None
def __init__(self, properties=None, id_=None, idref=None):
super(Object, self).__init__()
if properties:
prefix = str(properties.__class__.__name__)
else:
prefix = "Object"
self.id_ = id_ or idgen.create_id(prefix=prefix)
self.idref = idref
self.properties = properties
self.related_objects = RelatedObjects()
def __init__(self, properties=None, type_=None):
# TODO: Accept id_ as an argument
super(Object, self).__init__()
if properties:
prefix = str(properties.__class__.__name__)
else:
prefix = "Object"
self.id_ = idgen.create_id(prefix=prefix)
self.idref = None
self.properties = properties
self.related_objects = []
self.domain_specific_object_properties = None
def __init__(self, properties=None, id_=None, idref=None):
super(Object, self).__init__()
if properties:
prefix = str(properties.__class__.__name__)
else:
prefix = "Object"
self.id_ = id_ or idgen.create_id(prefix=prefix)
self.idref = idref
self.properties = properties
self.related_objects = RelatedObjects()
def __init__(self,
item=None,
id_=None,
idref=None,
title=None,
description=None):
"""Create an Observable out of 'item'.
`item` can be any of:
- an Object
- an Event
- an ObservableComposition
- any subclass of ObjectProperties.
In the first three cases, the appropriate property of the Observable
will be set. In the last cases, an Object will be built automatically
to ensure the correct hierarchy is created.
"""
super(Observable, self).__init__()
if not id_ and not idref:
id_ = idgen.create_id(prefix="Observable")
self.id_ = id_
self.title = title
self.description = description
self.object_ = None
self.event = None
self.observable_composition = None
self.idref = idref
self.sighting_count = None
self.observable_source = []
self.keywords = Keywords()
self.pattern_fidelity = None
if item is None:
return
elif isinstance(item, Object):
self.object_ = item
elif isinstance(item, ObservableComposition):
self.observable_composition = item
elif isinstance(item, Event):
self.event = item
elif isinstance(item, ObjectProperties):
if item.parent:
self.object_ = item.parent
else:
self.object_ = Object(item)
else:
msg = ("item must be an Object, Event, ObservableComposition, or "
"subclass of ObjectProperties. Received an %s" % type(item))
raise TypeError(msg)
def __init__(self, id = None, defined_subject = False, schema_version = "4.1", content_type = None, malware_instance_object = None):
super(Bundle, self).__init__()
if id:
self.id_ = id
else:
self.id_ = idgen.create_id(prefix="bundle")
self.schema_version = schema_version
self.defined_subject = defined_subject
self.content_type = content_type
self.timestamp = None
self.malware_instance_object_attributes = malware_instance_object
self.__input_namespaces__ = {}
self.__input_schemalocations__ = {}
def __init__(self,
id=None,
method=None,
type=None,
findings_bundle_reference=[]):
super(Analysis, self).__init__()
if id:
self.id_ = id
else:
self.id_ = idgen.create_id(prefix="analysis")
self.method = method
self.type_ = type
self.findings_bundle_reference = findings_bundle_reference
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None):
self.id_ = id_ or idgen.create_id(self._ID_PREFIX)
self.idref = idref
self.title = title
self.description = description
self.short_description = short_description
self.version = None
self.information_source = None
self.handling = None
if timestamp:
self.timestamp = timestamp
else:
self.timestamp = utils.dates.now() if not idref else None
def __init__(self, item=None, id_=None, idref=None, title=None, description=None):
"""Create an Observable out of 'item'.
`item` can be any of:
- an Object
- an Event
- an ObservableComposition
- any subclass of ObjectProperties.
In the first three cases, the appropriate property of the Observable
will be set. In the last cases, an Object will be built automatically
to ensure the correct hierarchy is created.
"""
super(Observable, self).__init__()
if not id_ and not idref:
id_ = idgen.create_id(prefix="Observable")
self.id_ = id_
self.title = title
self.description = description
self.object_ = None
self.event = None
self.observable_composition = None
self.idref = idref
self.sighting_count = None
self.observable_source = []
self.keywords = Keywords()
self.pattern_fidelity = None
if item is None:
return
elif isinstance(item, Object):
self.object_ = item
elif isinstance(item, ObservableComposition):
self.observable_composition = item
elif isinstance(item, Event):
self.event = item
elif isinstance(item, ObjectProperties):
if item.parent:
self.object_ = item.parent
else:
self.object_ = Object(item)
else:
msg = ("item must be an Object, Event, ObservableComposition, or "
"subclass of ObjectProperties. Received an %s" % type(item))
raise TypeError(msg)
def __init__(self, id=None, idref=None, namespace=None,type=None,observation_method=None,frequency=None,event=None,description=None):
super(CyboxEvent,self).__init__()
set_id_method(IDGenerator.METHOD_UUID)
if id is None and idref is None:
if namespace is not None:
set_id_namespace(namespace)
self.id_ = create_id(prefix='event')
self.actions = Actions()
self.type_= type
self.observation_method = observation_method
self.idref =idref
self.frequency = frequency
self.event =[]
if isinstance(event,CyboxEvent):
self.event.append(event)
self.description =description
self._namespace =namespace
def __init__(self,
id=None,
defined_subject=False,
schema_version="4.1",
content_type=None,
malware_instance_object=None):
super(Bundle, self).__init__()
if id:
self.id_ = id
else:
self.id_ = idgen.create_id(prefix="bundle")
self.schema_version = schema_version
self.defined_subject = defined_subject
self.content_type = content_type
self.timestamp = None
self.malware_instance_object_attributes = malware_instance_object
self.__input_namespaces__ = {}
self.__input_schemalocations__ = {}
def merge_binned_malware_subjects(merged_malware_subject, binned_list, id_mappings_dict):
'''Merge a list of input binned (related) Malware Subjects'''
# Merge the Malware_Instance_Object_Attributes
mal_inst_obj_list = [x.malware_instance_object_attributes for x in binned_list]
merged_inst_obj = Object.from_dict(merge_entities(mal_inst_obj_list))
# Give the merged Object a new ID
merged_inst_obj.id_ = idgen.create_id('object')
# Deduplicate the hash values, if they exist
if merged_inst_obj.properties and merged_inst_obj.properties.hashes:
hashes = merged_inst_obj.properties.hashes
hashes = HashList(deduplicate_vocabulary_list(hashes, value_name = 'simple_hash_value'))
hashes = HashList(deduplicate_vocabulary_list(hashes, value_name = 'fuzzy_hash_value'))
merged_inst_obj.properties.hashes = hashes
# Merge and deduplicate the labels
merged_labels = list(itertools.chain(*[x.label for x in binned_list if x.label]))
deduplicated_labels = deduplicate_vocabulary_list(merged_labels)
# Merge the configuration details
config_details_list = [x.configuration_details for x in binned_list if x.configuration_details]
merged_config_details = None
if config_details_list:
merged_config_details = MalwareConfigurationDetails.from_dict(merge_entities(config_details_list))
# Merge the minor variants
merged_minor_variants = list(itertools.chain(*[x.minor_variants for x in binned_list if x.minor_variants]))
# Merge the field data # TODO: Add support. Not implemented in the APIs.
# Merge the analyses
merged_analyses = list(itertools.chain(*[x.analyses for x in binned_list if x.analyses]))
# Merge the findings bundles
merged_findings_bundles = merge_findings_bundles([x.findings_bundles for x in binned_list if x.findings_bundles])
# Merge the relationships
merged_relationships = list(itertools.chain(*[x.relationships for x in binned_list if x.relationships]))
# Merge the compatible platforms
merged_compatible_platforms = list(itertools.chain(*[x.compatible_platform for x in binned_list if x.compatible_platform]))
# Build the merged Malware Subject
merged_malware_subject.malware_instance_object_attributes = merged_inst_obj
if deduplicated_labels: merged_malware_subject.label = deduplicated_labels
if merged_config_details: merged_malware_subject.configuration_details = merged_config_details
if merged_minor_variants: merged_malware_subject.minor_variants = MinorVariants(merged_minor_variants)
if merged_analyses: merged_malware_subject.analyses = Analyses(merged_analyses)
if merged_findings_bundles: merged_malware_subject.findings_bundles = merged_findings_bundles
if merged_relationships: merged_malware_subject.relationships = MalwareSubjectRelationshipList(merged_relationships)
if merged_compatible_platforms: merged_malware_subject.compatible_platform = merged_compatible_platforms
def __init__(self,
id_=None,
idref=None,
timestamp=None,
title=None,
description=None,
short_description=None):
self.id_ = id_ or idgen.create_id(self._ID_PREFIX)
self.idref = idref
self.title = title
self.description = description
self.short_description = short_description
self.version = None
self.information_source = None
self.handling = None
if timestamp:
self.timestamp = timestamp
else:
self.timestamp = utils.dates.now() if not idref else None
def __init__(self,
id_=None,
idref=None,
timestamp=None,
title=None,
description=None,
short_description=None):
from stix.common import StructuredTextList
super(BaseCoreComponent, self).__init__()
self.id_ = id_ or idgen.create_id(self._ID_PREFIX)
self.idref = idref
self.title = title
self.descriptions = StructuredTextList(description)
self.short_descriptions = StructuredTextList(short_description)
if timestamp:
self.timestamp = timestamp
else:
self.timestamp = utils.dates.now() if not idref else None
def __init__(self, id_=None, idref=None, timestamp=None, stix_header=None,
courses_of_action=None, exploit_targets=None, indicators=None,
observables=None, incidents=None, threat_actors=None,
ttps=None, campaigns=None, related_packages=None,
reports=None):
self.id_ = id_ or idgen.create_id("Package")
self.idref = idref
self._version = STIXPackage._version
self.stix_header = stix_header
self.campaigns = campaigns
self.courses_of_action = courses_of_action
self.exploit_targets = exploit_targets
self.observables = observables
self.indicators = indicators
self.incidents = incidents
self.threat_actors = threat_actors
self.ttps = ttps
self.related_packages = related_packages
self.reports = reports
self.timestamp = timestamp
def __init__(self, id=None, idref=None, namespace=None,name=None,action_status=None,context=None,description=None,discovery_method=None,frequency=None,action_aliases=None,
action_arguments=None,ordinal_position=None,timestamp=None,type=None,associated_objects=None,relationships=None
):
super(CyboxAction, self).__init__()
set_id_method(IDGenerator.METHOD_UUID)
if id is None and idref is None:
if namespace is not None:
set_id_namespace(namespace)
self.id_ = create_id(prefix='action')
self.action_arguments = action_arguments
self.action_aliases = action_aliases
self.discovery_method = discovery_method
self.name = name
self.action_status = action_status
self.associated_objects = associated_objects
self.type_ = type
self.timestamp = timestamp
self.relationships =relationships
self.ordinal_position = ordinal_position
self.frequency= frequency
self.description = description
self.context = context
def __init__(self, id_=None, idref=None, timestamp=None, stix_header=None,
courses_of_action=None, exploit_targets=None, indicators=None,
observables=None, incidents=None, threat_actors=None,
ttps=None, campaigns=None, related_packages=None,
reports=None):
super(STIXPackage, self).__init__()
self.id_ = id_ or idgen.create_id("Package")
self.idref = idref
self.version = STIXPackage._version
self.stix_header = stix_header
self.campaigns = campaigns or Campaigns()
self.courses_of_action = courses_of_action or CoursesOfAction()
self.exploit_targets = exploit_targets or ExploitTargets()
self.observables = observables or Observables()
self.indicators = indicators or Indicators()
self.incidents = incidents or Incidents()
self.threat_actors = threat_actors or ThreatActors()
self.ttps = ttps or TTPs()
self.related_packages = related_packages
self.reports = reports or Reports()
self.timestamp = timestamp
def __init__(self, id=None):
super(CapabilityObjective, self).__init__()
if id:
self.id_ = id
else:
self.id_ = idgen.create_id(prefix="capability_objective")
def __init__(self):
super(MalwareAction, self).__init__()
self.id_ = idgen.create_id(prefix="action")
def merge_binned_malware_subjects(merged_malware_subject, binned_list,
id_mappings_dict):
'''Merge a list of input binned (related) Malware Subjects'''
# Merge the Malware_Instance_Object_Attributes
mal_inst_obj_list = [
x.malware_instance_object_attributes for x in binned_list
]
merged_inst_obj = Object.from_dict(merge_entities(mal_inst_obj_list))
# Give the merged Object a new ID
merged_inst_obj.id_ = idgen.create_id('object')
# Deduplicate the hash values, if they exist
if merged_inst_obj.properties and merged_inst_obj.properties.hashes:
hashes = merged_inst_obj.properties.hashes
hashes = HashList(
deduplicate_vocabulary_list(hashes,
value_name='simple_hash_value'))
hashes = HashList(
deduplicate_vocabulary_list(hashes, value_name='fuzzy_hash_value'))
merged_inst_obj.properties.hashes = hashes
# Merge and deduplicate the labels
merged_labels = list(
itertools.chain(*[x.label for x in binned_list if x.label]))
deduplicated_labels = deduplicate_vocabulary_list(merged_labels)
# Merge the configuration details
config_details_list = [
x.configuration_details for x in binned_list if x.configuration_details
]
merged_config_details = None
if config_details_list:
merged_config_details = MalwareConfigurationDetails.from_dict(
merge_entities(config_details_list))
# Merge the minor variants
merged_minor_variants = list(
itertools.chain(
*[x.minor_variants for x in binned_list if x.minor_variants]))
# Merge the field data # TODO: Add support. Not implemented in the APIs.
# Merge the analyses
merged_analyses = list(
itertools.chain(*[x.analyses for x in binned_list if x.analyses]))
# Merge the findings bundles
merged_findings_bundles = merge_findings_bundles(
[x.findings_bundles for x in binned_list if x.findings_bundles])
# Merge the relationships
merged_relationships = list(
itertools.chain(
*[x.relationships for x in binned_list if x.relationships]))
# Merge the compatible platforms
merged_compatible_platforms = list(
itertools.chain(*[
x.compatible_platform for x in binned_list if x.compatible_platform
]))
# Build the merged Malware Subject
merged_malware_subject.malware_instance_object_attributes = merged_inst_obj
if deduplicated_labels: merged_malware_subject.label = deduplicated_labels
if merged_config_details:
merged_malware_subject.configuration_details = merged_config_details
if merged_minor_variants:
merged_malware_subject.minor_variants = MinorVariants(
merged_minor_variants)
if merged_analyses:
merged_malware_subject.analyses = Analyses(merged_analyses)
if merged_findings_bundles:
merged_malware_subject.findings_bundles = merged_findings_bundles
if merged_relationships:
merged_malware_subject.relationships = MalwareSubjectRelationshipList(
merged_relationships)
if merged_compatible_platforms:
merged_malware_subject.compatible_platform = merged_compatible_platforms
def __init__(self):
super(MalwareAction, self).__init__()
self.id_ = idgen.create_id(prefix="action")
def __init__(self):
super(ActionEquivalence, self).__init__()
self.id_ = idgen.create_id(prefix="action_equivalence")
def test_prefix(self):
prefix = "some_object"
id_ = idgen.create_id(prefix)
self.assertEqual(id_, TEST_NS.prefix + ":" + prefix + "-1")
ms.addcompatibleplatform(compatible_platform=pl1) #################################################################################################################### #Add relationship reference1 = ms.createrelationshipreference(malware_subject_idref='Test idref 1') reference2 = ms.createrelationshipreference(malware_subject_idref='Test idref 2') reference3 = ms.createrelationshipreference(malware_subject_idref='Test idref 3') reference4 = ms.createrelationshipreference(malware_subject_idref='Test idref 4') relationship1=ms.createrelationship(type='downloads',malware_subject_reference=[reference1,reference2]) relationship2=ms.createrelationship(type='downloaded by',malware_subject_reference=[reference3,reference4]) ms.addrelationship(relationship=relationship1) ms.addrelationship(relationship=relationship2) #################################################################################################################### #Add findings bundle from maec.bundle import Bundle bundle1 = Bundle() bundle1.content_type='dynamic analysis tool output' bundle2 = Bundle() bundle2.content_type='static analysis tool output' ms.addbundleinfindingbundles(bundle2) ms.addbundleinfindingbundles(bundle1) mr1 = ms.createfindingbundlesmetaanalysisobjectequivalencereference(object_idref=create_id(prefix='obj_ref')) mr2 = ms.createfindingbundlesmetaanalysisobjectequivalencereference(object_idref=create_id(prefix='obj_ref')) object_eq = ms.createfindingbundlesmetaanalysisobjectequivalence(id=create_id(prefix='obj_equiv'),object_references=[mr1,mr2]) ar1 = ms.createfindingbundlesmetaanalysisactionequivalencereference(action_id='test action id 1') ar2 = ms.createfindingbundlesmetaanalysisactionequivalencereference(action_id='test action id 2') action_eq = ms.createfindingbundlesmetaanalysisactionequivalence(action_references=[ar1,ar2]) meta_analysis = ms.createfindingbundlesmetaanalysis(object_equivalences=[object_eq],action_equivalences=[action_eq]) ms.addmetaanalysisinfindingbundles(meta_analysis=meta_analysis) ms.addexternalreferenceinfindingbundles(['testing refer qname 1','testing refer qname 2']) #Printing results print(ms.to_xml())
def test_id(self):
# Make sure we can create an ID with a minimum of effort.
# TODO: actually delete the module and reimport it to make sure there
# is nothing left over from another test.
self.assertNotEqual(idgen.create_id(), "")
def test_namespace(self):
self.assertEqual(idgen.create_id(), TEST_NS.prefix + ":guid-1")
def test_namespace(self):
self.assertEqual(idgen.create_id(), TEST_NS.prefix + ":guid-1")
def __init__(self, id = None):
super(CandidateIndicator, self).__init__()
if id:
id_ = id
else:
id_ = idgen.create_id(prefix="candidate_indicator")
def __init__(self):
super(ActionEquivalence, self).__init__()
self.id_ = idgen.create_id(prefix="action_equivalence")
def test_prefix(self):
prefix = "some_object"
id_ = idgen.create_id(prefix)
self.assertEqual(id_, TEST_NS.prefix + ":" + prefix + "-1")
def __init__(self, id = None):
super(CandidateIndicator, self).__init__()
if id:
id_ = id
else:
id_ = idgen.create_id(prefix="candidate_indicator")
def test_id(self):
# Make sure we can create an ID with a minimum of effort.
# TODO: actually delete the module and reimport it to make sure there
# is nothing left over from another test.
self.assertNotEqual(idgen.create_id(), "")
