def from_dict(driver_dict):
if not driver_dict:
return None
driver_ = WinDriver()
driver_.driver_init = UnsignedLong.from_dict(driver_dict.get('driver_init'))
driver_.driver_name = String.from_dict(driver_dict.get('driver_name'))
driver_.driver_object_address = HexBinary.from_dict(driver_dict.get('driver_object_address'))
driver_.driver_start_io = HexBinary.from_dict(driver_dict.get('driver_start_io'))
return driver_
def from_obj(driver_obj):
if not driver_obj:
return None
driver_ = WinDriver()
driver_.driver_init = UnsignedLong.from_obj(driver_obj.get_Driver_Init())
driver_.driver_name = String.from_obj(driver_obj.get_Driver_Name())
driver_.driver_object_address = HexBinary.from_obj(driver_obj.get_Driver_Object_Address())
driver_.driver_start_io = HexBinary.from_obj(driver_obj.get_Driver_Start_IO())
return driver_
def from_obj(win_pipe_obj):
if not win_pipe_obj:
return None
win_pipe_ = Pipe.from_obj(win_pipe_obj, WinPipe())
win_pipe_.default_time_out = NonNegativeInteger.from_obj(win_pipe_obj.get_Default_Time_Out())
win_pipe_.handle = WinHandle.from_obj(win_pipe_obj.get_Handle())
win_pipe_.in_buffer_Size = NonNegativeInteger.from_obj(win_pipe_obj.get_In_Buffer_Size())
win_pipe_.max_instances = NonNegativeInteger.from_obj(win_pipe_obj.get_Max_Instances())
win_pipe_.open_mode = HexBinary.from_obj(win_pipe_obj.get_Open_Mode())
win_pipe_.out_buffer_size = NonNegativeInteger.from_obj(win_pipe_obj.get_Out_Buffer_Size())
win_pipe_.pipe_mode = HexBinary.from_obj(win_pipe_obj.get_Pipe_Mode())
win_pipe_.security_attributes = String.from_obj(win_pipe_obj.get_Security_Attributes())
return win_pipe_
def from_dict(win_pipe_dict):
if not win_pipe_dict:
return None
win_pipe_ = Pipe.from_dict(win_pipe_dict, WinPipe())
win_pipe_.default_time_out = NonNegativeInteger.from_dict(win_pipe_dict.get('default_time_out'))
win_pipe_.handle = WinHandle.from_dict(win_pipe_dict.get('handle'))
win_pipe_.in_buffer_Size = NonNegativeInteger.from_dict(win_pipe_dict.get('in_buffer_size'))
win_pipe_.max_instances = NonNegativeInteger.from_dict(win_pipe_dict.get('max_instances'))
win_pipe_.open_mode = HexBinary.from_dict(win_pipe_dict.get('open_mode'))
win_pipe_.out_buffer_size = NonNegativeInteger.from_dict(win_pipe_dict.get('out_buffer_size'))
win_pipe_.pipe_mode = HexBinary.from_dict(win_pipe_dict.get('pipe_mode'))
win_pipe_.security_attributes = String.from_dict(win_pipe_dict.get('security_attributes'))
return win_pipe_
def from_dict(extracted_string_dict):
if not extracted_string_dict:
return None
extracted_string_ = ExtractedString()
extracted_string_.encoding = VocabString.from_dict(extracted_string_dict.get('encoding'))
extracted_string_.string_value = String.from_dict(extracted_string_dict.get('string_value'))
extracted_string_.byte_string_value = HexBinary.from_dict(extracted_string_dict.get('byte_string_value'))
extracted_string_.hashes = HashList.from_list(extracted_string_dict.get('hashes'))
extracted_string_.address = HexBinary.from_dict(extracted_string_dict.get('address'))
extracted_string_.length = PositiveInteger.from_dict(extracted_string_dict.get('length'))
extracted_string_.language = String.from_dict(extracted_string_dict.get('language'))
extracted_string_.english_translation = String.from_dict(extracted_string_dict.get('english_translation'))
return extracted_string_
def from_obj(extracted_string_obj):
if not extracted_string_obj:
return None
extracted_string_ = ExtractedString()
extracted_string_.encoding = VocabString.from_obj(extracted_string_obj.get_Encoding())
extracted_string_.string_value = String.from_obj(extracted_string_obj.get_String_Value())
extracted_string_.byte_string_value = HexBinary.from_obj(extracted_string_obj.get_Byte_String_Value())
extracted_string_.hashes = HashList.from_obj(extracted_string_obj.get_Hashes())
extracted_string_.address = HexBinary.from_obj(extracted_string_obj.get_Address())
extracted_string_.length = PositiveInteger.from_obj(extracted_string_obj.get_Length())
extracted_string_.language = String.from_obj(extracted_string_obj.get_Language())
extracted_string_.english_translation = String.from_obj(extracted_string_obj.get_English_Translation())
return extracted_string_
def from_dict(file_dict, file_class=None):
if not file_dict:
return None
if not file_class:
file_ = File()
else:
file_ = file_class
ObjectProperties.from_dict(file_dict, file_)
file_.is_packed = file_dict.get('is_packed')
file_.file_name = String.from_dict(file_dict.get('file_name'))
file_.file_path = FilePath.from_dict(file_dict.get('file_path'))
file_.device_path = String.from_dict(file_dict.get('device_path'))
file_.full_path = String.from_dict(file_dict.get('full_path'))
file_.file_extension = String.from_dict(file_dict.get('file_extension'))
file_.size_in_bytes = UnsignedLong.from_dict(file_dict.get('size_in_bytes'))
file_.magic_number = HexBinary.from_dict(file_dict.get('magic_number'))
file_.file_format = String.from_dict(file_dict.get('file_format'))
file_.hashes = HashList.from_list(file_dict.get('hashes'))
file_.extracted_features = ExtractedFeatures.from_dict(file_dict.get('extracted_features'))
file_.modified_time = String.from_dict(file_dict.get('modified_time'))
file_.accessed_time = String.from_dict(file_dict.get('accessed_time'))
file_.created_time = DateTime.from_dict(file_dict.get('created_time'))
return file_
def from_obj(file_obj, file_class=None):
if not file_obj:
return None
if not file_class:
file_ = File()
else:
file_ = file_class
ObjectProperties.from_obj(file_obj, file_)
file_.is_packed = file_obj.get_is_packed()
file_.file_name = String.from_obj(file_obj.get_File_Name())
file_.file_path = FilePath.from_obj(file_obj.get_File_Path())
file_.device_path = String.from_obj(file_obj.get_Device_Path())
file_.full_path = String.from_obj(file_obj.get_Full_Path())
file_.file_extension = String.from_obj(file_obj.get_File_Extension())
file_.size_in_bytes = UnsignedLong.from_obj(file_obj.get_Size_In_Bytes())
file_.magic_number = HexBinary.from_obj(file_obj.get_Magic_Number())
file_.file_format = String.from_obj(file_obj.get_File_Format())
file_.hashes = HashList.from_obj(file_obj.get_Hashes())
file_.extracted_features = ExtractedFeatures.from_obj(file_obj.get_Extracted_Features())
#TODO: why are there two Strings and one DateTime here?
file_.modified_time = String.from_obj(file_obj.get_Modified_Time())
file_.accessed_time = String.from_obj(file_obj.get_Accessed_Time())
file_.created_time = DateTime.from_obj(file_obj.get_Created_Time())
return file_
def from_dict(global_flag_dict):
if not global_flag_dict:
return None
global_flag_ = GlobalFlag()
global_flag_.abbreviation = String.from_dict(global_flag_dict.get('abbreviation'))
global_flag_.destination = String.from_dict(global_flag_dict.get('destination'))
global_flag_.hexadecimal_value = HexBinary.from_dict(global_flag_dict.get('hexadecimal_value'))
global_flag_.symbolic_name = String.from_dict(global_flag_dict.get('symbolic_name'))
return global_flag_
def from_obj(global_flag_obj):
if not global_flag_obj:
return None
global_flag_ = GlobalFlag()
global_flag_.abbreviation = String.from_obj(global_flag_obj.get_Abbreviation())
global_flag_.destination = String.from_obj(global_flag_obj.get_Destination())
global_flag_.hexadecimal_value = HexBinary.from_obj(global_flag_obj.get_Hexadecimal_Value())
global_flag_.symbolic_name = String.from_obj(global_flag_obj.get_Symbolic_Name())
return global_flag_
def setUp(self):
self.md5 = HexBinary(EMPTY_MD5)
self.sha1 = HexBinary(EMPTY_SHA1)
self.sha224 = HexBinary(EMPTY_SHA224)
self.sha256 = HexBinary(EMPTY_SHA256)
self.sha384 = HexBinary(EMPTY_SHA384)
self.sha512 = HexBinary(EMPTY_SHA512)
def from_obj(packer_obj):
if not packer_obj:
return None
packer = Packer()
packer.name = String.from_obj(packer_obj.get_Name())
packer.version = String.from_obj(packer_obj.get_Version())
packer.entry_point = HexBinary.from_obj(packer_obj.get_Entry_Point())
packer.signature = String.from_obj(packer_obj.get_Signature())
packer.type_ = String.from_obj(packer_obj.get_Type())
return packer
def from_dict(packer_dict):
if not packer_dict:
return None
packer = Packer()
packer.name = String.from_dict(packer_dict.get('name'))
packer.version = String.from_dict(packer_dict.get('version'))
packer.entry_point = HexBinary.from_dict(packer_dict.get('entry_point'))
packer.signature = String.from_dict(packer_dict.get('signature'))
packer.type_ = String.from_dict(packer_dict.get('type'))
return packer
def from_dict(extracted_string_dict):
if not extracted_string_dict:
return None
extracted_string_ = ExtractedString()
extracted_string_.encoding = VocabString.from_dict(
extracted_string_dict.get('encoding'))
extracted_string_.string_value = String.from_dict(
extracted_string_dict.get('string_value'))
extracted_string_.byte_string_value = HexBinary.from_dict(
extracted_string_dict.get('byte_string_value'))
extracted_string_.hashes = HashList.from_list(
extracted_string_dict.get('hashes'))
extracted_string_.address = HexBinary.from_dict(
extracted_string_dict.get('address'))
extracted_string_.length = PositiveInteger.from_dict(
extracted_string_dict.get('length'))
extracted_string_.language = String.from_dict(
extracted_string_dict.get('language'))
extracted_string_.english_translation = String.from_dict(
extracted_string_dict.get('english_translation'))
return extracted_string_
def __create_dns_record_object(self, domain, record_type, nameserver=None):
"""Creates a CybOX DNSRecordType Object"""
record = self.__get_dns_record(domain, record_type, nameserver)
if not record:
return None
dns_record = DNSRecord()
dns_record.domain_name = self.__create_domain_name_object(record.get('Domain_Name'))
dns_record.ip_address = self.__create_ip_address_object(record.get('IP_Address'))
dns_record.entry_type = String(record.get('Entry_Type'))
dns_record.flags = HexBinary(record.get('Flags'))
dns_record.record_data = record.get('Record_Data')
return dns_record
def from_obj(extracted_string_obj):
if not extracted_string_obj:
return None
extracted_string_ = ExtractedString()
extracted_string_.encoding = VocabString.from_obj(
extracted_string_obj.get_Encoding())
extracted_string_.string_value = String.from_obj(
extracted_string_obj.get_String_Value())
extracted_string_.byte_string_value = HexBinary.from_obj(
extracted_string_obj.get_Byte_String_Value())
extracted_string_.hashes = HashList.from_obj(
extracted_string_obj.get_Hashes())
extracted_string_.address = HexBinary.from_obj(
extracted_string_obj.get_Address())
extracted_string_.length = PositiveInteger.from_obj(
extracted_string_obj.get_Length())
extracted_string_.language = String.from_obj(
extracted_string_obj.get_Language())
extracted_string_.english_translation = String.from_obj(
extracted_string_obj.get_English_Translation())
return extracted_string_
def from_obj(memory_obj):
if not memory_obj:
return None
memory_ = Memory()
memory_.is_injected = memory_obj.get_is_injected()
memory_.is_mapped = memory_obj.get_is_mapped()
memory_.is_protected = memory_obj.get_is_protected()
memory_.hashes = HashList.from_obj(memory_obj.get_Hashes())
memory_.name = String.from_obj(memory_obj.get_Name())
memory_.region_size = UnsignedLong.from_obj(memory_obj.get_Region_Size())
memory_.region_start_address = HexBinary.from_obj(memory_obj.get_Region_Start_Address())
memory_.extracted_features = None
return memory_
def from_dict(memory_dict):
if not memory_dict:
return None
memory_ = Memory()
memory_.is_injected = memory_dict.get('is_injected')
memory_.is_mapped = memory_dict.get('is_mapped')
memory_.is_protected = memory_dict.get('is_protected')
memory_.hashes = HashList.from_list(memory_dict.get('hashes'))
memory_.name = String.from_dict(memory_dict.get('name'))
memory_.region_size = UnsignedLong.from_dict(memory_dict.get('region_size'))
memory_.region_start_address = HexBinary.from_dict(memory_dict.get('region_start_address'))
memory_.extracted_features = None
return memory_
def from_obj(file_obj):
if not file_obj:
return None
file_ = File()
file_.is_packed = file_obj.get_is_packed()
file_.file_name = String.from_obj(file_obj.get_File_Name())
file_.file_path = FilePath.from_obj(file_obj.get_File_Path())
file_.device_path = String.from_obj(file_obj.get_Device_Path())
file_.full_path = String.from_obj(file_obj.get_Full_Path())
file_.file_extension = String.from_obj(file_obj.get_File_Extension())
file_.size_in_bytes = UnsignedLong.from_obj(file_obj.get_Size_In_Bytes())
file_.magic_number = HexBinary.from_obj(file_obj.get_Magic_Number())
file_.file_format = String.from_obj(file_obj.get_File_Format())
file_.hashes = HashList.from_obj(file_obj.get_Hashes())
return file_
def from_dict(file_dict):
if not file_dict:
return None
file_ = File()
file_.is_packed = file_dict.get('is_packed')
file_.file_name = String.from_dict(file_dict.get('file_name'))
file_.file_path = FilePath.from_dict(file_dict.get('file_path'))
file_.device_path = String.from_dict(file_dict.get('device_path'))
file_.full_path = String.from_dict(file_dict.get('full_path'))
file_.file_extension = String.from_dict(file_dict.get('file_extension'))
file_.size_in_bytes = UnsignedLong.from_dict(file_dict.get('size_in_bytes'))
file_.magic_number = HexBinary.from_dict(file_dict.get('magic_number'))
file_.file_format = String.from_dict(file_dict.get('file_format'))
file_.hashes = HashList.from_dict(file_dict.get('hashes'))
return file_
def from_obj(dns_record_obj):
if not dns_record_obj:
return None
dns_record_ = DNSRecord()
dns_record_.description = StructuredText.from_obj(dns_record_obj.get_Description())
dns_record_.domain_name = URI.from_obj(dns_record_obj.get_Domain_Name())
dns_record_.ip_address = Address.from_obj(dns_record_obj.get_IP_Address())
dns_record_.address_class = String.from_obj(dns_record_obj.get_Address_Class())
dns_record_.entry_type = String.from_obj(dns_record_obj.get_Entry_Type())
dns_record_.record_name = String.from_obj(dns_record_obj.get_Record_Name())
dns_record_.record_type = String.from_obj(dns_record_obj.get_Record_Type())
dns_record_.ttl = Integer.from_obj(dns_record_obj.get_TTL())
dns_record_.flags = HexBinary.from_obj(dns_record_obj.get_Flags())
dns_record_.data_length = Integer.from_obj(dns_record_obj.get_Length())
dns_record_.record_data = dns_record_obj.get_Record_Data()
return dns_record_
def from_dict(dns_record_dict):
if not dns_record_dict:
return None
dns_record_ = DNSRecord()
dns_record_.description = StructuredText.from_dict(dns_record_dict.get('description'))
dns_record_.domain_name = URI.from_dict(dns_record_dict.get('domain_name'))
dns_record_.ip_address = Address.from_dict(dns_record_dict.get('ip_address'))
dns_record_.address_class = String.from_dict(dns_record_dict.get('address_class'))
dns_record_.entry_type = String.from_dict(dns_record_dict.get('entry_type'))
dns_record_.record_name = String.from_dict(dns_record_dict.get('record_name'))
dns_record_.record_type = String.from_dict(dns_record_dict.get('record_type'))
dns_record_.ttl = Integer.from_dict(dns_record_dict.get('record_type'))
dns_record_.flags = HexBinary.from_dict(dns_record_dict.get('flags'))
dns_record_.data_length = Integer.from_dict(dns_record_dict.get('data_length'))
dns_record_.record_data = dns_record_dict.get('record_data')
return dns_record_
exports.name = String() exports.number_of_addresses = Long() exports.number_of_functions = Integer() exports.number_of_names = Long() # The Extraneous_Bytes field specifies the number of extraneous bytes contained in the PE binary. extraneous_bytes = Integer() # https://cybox.readthedocs.org/en/stable/_modules/cybox/objects/win_executable_file_object.html#PEHeaders headers = PEHeaders() headers.dos_header = DOSHeader() headers.entropy = Entropy() headers.file_header = PEFileHeader() headers.hashes = HashList() headers.optional_header = PEOptionalHeader() headers.signature = HexBinary() # https://cybox.readthedocs.org/en/stable/_modules/cybox/objects/win_executable_file_object.html#PEImportList imports = PEImportList() # https://cybox.readthedocs.org/en/stable/_modules/cybox/objects/win_executable_file_object.html#PEChecksum pe_checksum = PEChecksum() pe_checksum.pe_computed_api = Long() pe_checksum.pe_file_api = Long() pe_checksum.pe_file_raw = Long() # https://cybox.readthedocs.org/en/stable/_modules/cybox/objects/win_executable_file_object.html#PEResourceList resources = PEResourceList() # https://cybox.readthedocs.org/en/stable/_modules/cybox/objects/win_executable_file_object.html#PESectionList sections = PESectionList()
def test_constructor(self):
s = HexBinary(EMPTY_MD5)
h = Hash(s)