class Package(maec.Entity):
_binding = package_binding
_binding_class = package_binding.PackageType
_namespace = maec.package._namespace
id_ = maec.TypedField('id')
timestamp = maec.TypedField('timestamp')
schema_version = maec.TypedField('schema_version')
malware_subjects = maec.TypedField('Malware_Subjects', MalwareSubjectList)
grouping_relationships = maec.TypedField('Grouping_Relationships', GroupingRelationshipList)
def __init__(self, id = None, schema_version = "2.1", timestamp = None):
super(Package, self).__init__()
if id:
self.id_ = id
else:
self.id_ = maec.utils.idgen.create_id(prefix="package")
self.schema_version = schema_version
self.timestamp = timestamp
self.malware_subjects = MalwareSubjectList()
self.__input_namespaces__ = {}
self.__input_schemalocations__ = {}
#Public methods
#Add a malware subject to this Package
def add_malware_subject(self, malware_subject):
self.malware_subjects.append(malware_subject)
#Add a grouping relationship
def add_grouping_relationship(self, grouping_relationship):
if not self.grouping_relationships:
self.grouping_relationships = GroupingRelationshipList()
self.grouping_relationships.append(grouping_relationship)
# Create new Package from the XML document at the specified path
@staticmethod
def from_xml(xml_file):
'''
Returns a tuple of (api_object, binding_object).
Parameters:
xml_file - either a filename or a stream object
'''
if isinstance(xml_file, basestring):
f = open(xml_file, "rb")
else:
f = xml_file
doc = package_binding.parsexml_(f)
maec_package_obj = package_binding.PackageType().factory()
maec_package_obj.build(doc.getroot())
maec_package = Package.from_obj(maec_package_obj)
return (maec_package, maec_package_obj)
# Transform duplicate objects within this Package into references pointing to a single canonical object
def deduplicate_malware_subjects(self):
"""DeDuplicate all Malware_Subjects in the Package. For now, only handles Objects in Findings Bundles"""
for malware_subject in self.malware_subjects:
malware_subject.deduplicate_bundles()
def __init__(self, id, schema_version = 2.0, timestamp = None):
super(Package, self).__init__()
self.id = id
self.schema_version = schema_version
self.timestamp = timestamp
self.malware_subjects = MalwareSubjectList()
self.grouping_relationships = GroupingRelationshipList()
def from_dict(package_dict):
if not package_dict:
return None
package_ = Package(None)
package_.id = package_dict.get('id')
package_.schema_version = package_dict.get('schema_version')
package_.timestamp = datetime.datetime.strptime(package_dict.get('timestamp'), "%Y-%m-%dT%H:%M:%S.%f")
package_.malware_subjects = MalwareSubjectList.from_list(package_dict.get('malware_subjects', []))
package_.grouping_relationships = GroupingRelationshipList.from_list(package_dict.get('grouping_relationships', []))
return package_
def __init__(self, id = None, schema_version = "2.1", timestamp = None):
super(Package, self).__init__()
if id:
self.id = id
else:
self.id = maec.utils.idgen.create_id(prefix="package")
self.schema_version = schema_version
self.timestamp = timestamp
self.malware_subjects = MalwareSubjectList()
self.grouping_relationships = GroupingRelationshipList()
def from_obj(package_obj):
if not package_obj:
return None
package_ = Package(None)
package_.id = package_obj.get_id()
package_.schema_version = package_obj.get_schema_version()
package_.timestamp = package_obj.get_timestamp()
if package_obj.get_Malware_Subjects() is not None : package_.malware_subjects = MalwareSubjectList.from_obj(package_obj.get_Malware_Subjects())
if package_obj.get_Grouping_Relationships() is not None : package_.grouping_relationships = GroupingRelationshipList.from_obj(package_obj.get_Grouping_Relationships())
return package_
class Package(maec.Entity):
def __init__(self, id, schema_version = 2.0, timestamp = None):
super(Package, self).__init__()
self.id = id
self.schema_version = schema_version
self.timestamp = timestamp
self.malware_subjects = MalwareSubjectList()
self.grouping_relationships = GroupingRelationshipList()
#Public methods
#Add a malware subject
def add_malware_subject(self, malware_subject):
self.malware_subjects.append(malware_subject)
#Add a grouping relationship
def add_grouping_relationship(self, grouping_relationship):
self.grouping_relationships.append(grouping_relationship)
def to_obj(self):
package_obj = package_binding.PackageType(id=self.id)
if self.schema_version is not None: package_obj.set_schema_version(self.schema_version)
if self.timestamp is not None: package_obj.set_timestamp(self.timestamp.isoformat())
if len(self.malware_subjects) > 0: package_obj.set_Malware_Subjects(self.malware_subjects.to_obj())
if len(self.grouping_relationships) > 0: package_obj.set_Grouping_Relationships(self.grouping_relationships.to_obj())
return package_obj
def to_dict(self):
package_dict = {}
if self.id is not None : package_dict['id'] = self.id
if self.schema_version is not None: package_dict['schema_version'] = self.schema_version
if self.timestamp is not None: package_dict['timestamp'] = self.timestamp.isoformat()
if len(self.malware_subjects) > 0: package_dict['malware_subjects'] = self.malware_subjects.to_list()
if len(self.grouping_relationships) > 0: package_dict['grouping_relationships'] = self.grouping_relationships.to_list()
return package_dict
#Build the Package from the input dictionary
@staticmethod
def from_dict(package_dict):
if not package_dict:
return None
package_ = Package(None)
package_.id = package_dict.get('id')
package_.schema_version = package_dict.get('schema_version')
package_.timestamp = datetime.datetime.strptime(package_dict.get('timestamp'), "%Y-%m-%dT%H:%M:%S.%f")
package_.malware_subjects = MalwareSubjectList.from_list(package_dict.get('malware_subjects', []))
package_.grouping_relationships = GroupingRelationshipList.from_list(package_dict.get('grouping_relationships', []))
return package_
@staticmethod
def from_obj(package_obj):
if not package_obj:
return None
package_ = Package(None)
package_.id = package_obj.get_id()
package_.schema_version = package_obj.get_schema_version()
package_.timestamp = package_obj.get_timestamp()
if package_obj.get_Malware_Subjects() is not None : package_.malware_subjects = MalwareSubjectList.from_obj(package_obj.get_Malware_Subjects())
if package_obj.get_Grouping_Relationships() is not None : package_.grouping_relationships = GroupingRelationshipList.from_obj(package_obj.get_Grouping_Relationships())
return package_
@staticmethod
def from_xml(xml_file):
'''
Returns a tuple of (api_object, binding_object).
Parameters:
xml_file - either a filename or a stream object
'''
if isinstance(xml_file, basestring):
f = open(xml_file, "rb")
else:
f = xml_file
doc = package_binding.parsexml_(f)
maec_package_obj = package_binding.PackageType().factory()
maec_package_obj.build(doc.getroot())
maec_package = Package.from_obj(maec_package_obj)
return (maec_package, maec_package_obj)
def add_grouping_relationship(self, grouping_relationship):
if not self.grouping_relationships:
self.grouping_relationships = GroupingRelationshipList()
self.grouping_relationships.append(grouping_relationship)
