def from_obj(process_obj, process_cls = None):
if not process_obj:
return None
if process_cls == None:
process_ = Process()
else:
process_ = process_cls
ObjectProperties.from_obj(process_obj, process_)
process_.is_hidden = process_obj.get_is_hidden()
process_.pid = UnsignedInteger.from_obj(process_obj.get_PID())
process_.name = String.from_obj(process_obj.get_Name())
process_.creation_time = DateTime.from_obj(process_obj.get_Creation_Time())
process_.parent_pid = UnsignedInteger.from_obj(process_obj.get_Parent_PID())
process_.image_info = ImageInfo.from_obj(process_obj.get_Image_Info())
process_.environment_variable_list = EnvironmentVariableList.from_obj(process_obj.get_Environment_Variable_List())
process_.kernel_time = Duration.from_obj(process_obj.get_Kernel_Time())
process_.start_time = DateTime.from_obj(process_obj.get_Start_Time())
process_.username = String.from_obj(process_obj.get_Username())
process_.user_time = Duration.from_obj(process_obj.get_User_Time())
process_.extracted_features = None
if process_obj.get_Argument_List() is not None : process_.argument_list = [String.from_obj(x) for x in process_obj.get_Argument_List().get_Argument()]
if process_obj.get_Child_PID_List() is not None : process_.child_pid_list = [UnsignedInteger.from_obj(x) for x in process_obj.get_Child_PID_List().get_Child_PID()]
if process_obj.get_Port_List() is not None : process_.port_list = [Port.from_obj(x) for x in process_obj.get_Port_List().get_Port()]
if process_obj.get_Network_Connection_List() is not None : process_.network_connection_list = [NetworkConnection.from_obj(x) for x in process_obj.get_Network_Connection_List().get_Network_Connection()]
return process_
def from_obj(file_obj, file_class=None):
if not file_obj:
return None
if not file_class:
file_ = File()
else:
file_ = file_class
ObjectProperties.from_obj(file_obj, file_)
file_.is_packed = file_obj.get_is_packed()
file_.file_name = String.from_obj(file_obj.get_File_Name())
file_.file_path = FilePath.from_obj(file_obj.get_File_Path())
file_.device_path = String.from_obj(file_obj.get_Device_Path())
file_.full_path = String.from_obj(file_obj.get_Full_Path())
file_.file_extension = String.from_obj(file_obj.get_File_Extension())
file_.size_in_bytes = UnsignedLong.from_obj(file_obj.get_Size_In_Bytes())
file_.magic_number = HexBinary.from_obj(file_obj.get_Magic_Number())
file_.file_format = String.from_obj(file_obj.get_File_Format())
file_.hashes = HashList.from_obj(file_obj.get_Hashes())
file_.extracted_features = ExtractedFeatures.from_obj(file_obj.get_Extracted_Features())
#TODO: why are there two Strings and one DateTime here?
file_.modified_time = String.from_obj(file_obj.get_Modified_Time())
file_.accessed_time = String.from_obj(file_obj.get_Accessed_Time())
file_.created_time = DateTime.from_obj(file_obj.get_Created_Time())
return file_
def from_dict(file_dict, file_class=None):
if not file_dict:
return None
if not file_class:
file_ = File()
else:
file_ = file_class
ObjectProperties.from_dict(file_dict, file_)
file_.is_packed = file_dict.get('is_packed')
file_.file_name = String.from_dict(file_dict.get('file_name'))
file_.file_path = FilePath.from_dict(file_dict.get('file_path'))
file_.device_path = String.from_dict(file_dict.get('device_path'))
file_.full_path = String.from_dict(file_dict.get('full_path'))
file_.file_extension = String.from_dict(file_dict.get('file_extension'))
file_.size_in_bytes = UnsignedLong.from_dict(file_dict.get('size_in_bytes'))
file_.magic_number = HexBinary.from_dict(file_dict.get('magic_number'))
file_.file_format = String.from_dict(file_dict.get('file_format'))
file_.hashes = HashList.from_list(file_dict.get('hashes'))
file_.extracted_features = ExtractedFeatures.from_dict(file_dict.get('extracted_features'))
file_.modified_time = String.from_dict(file_dict.get('modified_time'))
file_.accessed_time = String.from_dict(file_dict.get('accessed_time'))
file_.created_time = DateTime.from_dict(file_dict.get('created_time'))
return file_
def from_dict(process_dict, process_cls = None):
if not process_dict:
return None
if process_cls == None:
process_ = Process()
else:
process_ = process_cls
ObjectProperties.from_dict(process_dict, process_)
process_.is_hidden = process_dict.get('is_hidden')
process_.pid = UnsignedInteger.from_dict(process_dict.get('pid'))
process_.name = String.from_dict(process_dict.get('name'))
process_.creation_time = DateTime.from_dict(process_dict.get('creation_time'))
process_.parent_pid = UnsignedInteger.from_dict(process_dict.get('parent_pid'))
process_.child_pid_list = [UnsignedInteger.from_dict(x) for x in process_dict.get('child_pid_list', [])]
process_.image_info = ImageInfo.from_dict(process_dict.get('image_info'))
process_.argument_list = [String.from_dict(x) for x in process_dict.get('argument_list', [])]
process_.environment_variable_list = EnvironmentVariableList.from_list(process_dict.get('environment_variable_list'))
process_.kernel_time = Duration.from_dict(process_dict.get('kernel_time'))
process_.port_list = [Port.from_dict(x) for x in process_dict.get('port_list', [])]
process_.network_connection_list = [NetworkConnection.from_dict(x) for x in process_dict.get('network_connection_list', [])]
process_.start_time = DateTime.from_dict(process_dict.get('start_time'))
process_.username = String.from_dict(process_dict.get('username'))
process_.user_time = Duration.from_dict(process_dict.get('user_time'))
process_.extracted_features = None
return process_
def from_dict(port_dict):
if not port_dict:
return None
port = Port()
ObjectProperties.from_dict(port_dict, port)
port.port_value = PositiveInteger.from_dict(port_dict.get('port_value'))
port.layer4_protocol = String.from_dict(port_dict.get('layer4_protocol'))
return port
def from_dict(uri_dict):
if uri_dict is None:
return None
uri = URI()
ObjectProperties.from_dict(uri_dict, uri)
uri.type_ = uri_dict.get('type')
uri.value = AnyURI.from_dict(uri_dict.get('value'))
return uri
def from_obj(uri_obj):
if not uri_obj:
return None
uri = URI()
ObjectProperties.from_obj(uri_obj, uri)
uri.type_ = uri_obj.get_type()
uri.value = AnyURI.from_obj(uri_obj.get_Value())
return uri
def from_obj(port_obj):
if not port_obj:
return None
port = Port()
ObjectProperties.from_obj(port_obj, port)
port.port_value = PositiveInteger.from_obj(port_obj.get_Port_Value())
port.layer4_protocol = String.from_obj(port_obj.get_Layer4_Protocol())
return port
def from_obj(addr_object):
if not addr_object:
return None
addr = Address()
ObjectProperties.from_obj(addr_object, addr)
addr.address_value = String.from_obj(addr_object.get_Address_Value())
addr.category = addr_object.get_category()
addr.is_destination = addr_object.get_is_destination()
addr.is_source = addr_object.get_is_source()
addr.vlan_name = String.from_obj(addr_object.get_VLAN_Name())
addr.vlan_num = Integer.from_obj(addr_object.get_VLAN_Num())
return addr
def test_observble_init(self):
obj = Object()
dobj = ObjectProperties()
a = Address()
oc = ObservableComposition()
e = Event()
obs1 = Observable(obj)
self.assertTrue(obs1.object_ is obj)
self.assertFalse(obs1.observable_composition)
self.assertFalse(obs1.event)
obs2 = Observable(dobj)
self.assertTrue(obs2.object_)
self.assertTrue(obs2.object_.properties is dobj)
self.assertFalse(obs2.observable_composition)
self.assertFalse(obs2.event)
obs3 = Observable(a)
self.assertTrue(obs3.object_)
self.assertTrue(obs3.object_.properties is a)
self.assertFalse(obs3.event)
self.assertFalse(obs3.observable_composition)
obs4 = Observable(oc)
self.assertFalse(obs4.object_)
self.assertFalse(obs4.event)
self.assertTrue(obs4.observable_composition is oc)
obs5 = Observable(e)
self.assertFalse(obs5.object_)
self.assertTrue(obs5.event is e)
self.assertFalse(obs5.observable_composition)
def test_detect_address(self):
d = {'xsi:type': Address._XSI_TYPE}
obj = ObjectProperties.from_dict(d)
self.assertTrue(isinstance(obj, ObjectProperties))
self.assertTrue(isinstance(obj, Address))
def from_obj(object_obj, obj_class=None):
if not object_obj:
return None
if obj_class == None:
obj = Object()
else:
obj = obj_class
obj.id_ = object_obj.get_id()
obj.idref = object_obj.get_idref()
obj.properties = ObjectProperties.from_obj(object_obj.get_Properties())
obj.domain_specific_object_properties = DomainSpecificObjectProperties.from_obj(
object_obj.get_Domain_Specific_Object_Properties())
rel_objs = object_obj.get_Related_Objects()
if rel_objs:
obj.related_objects = [
RelatedObject.from_obj(x)
for x in rel_objs.get_Related_Object()
]
if obj.id_:
cybox.utils.cache_put(obj)
return obj
def from_dict(measure_source_dict):
if not measure_source_dict:
return None
measure_source_ = MeasureSource()
measure_source_.class_ = measure_source_dict.get('class')
measure_source_.source_type = measure_source_dict.get('source_type')
measure_source_.name = measure_source_dict.get('name')
measure_source_.information_source_type = VocabString.from_dict(measure_source_dict.get('information_source_type'))
measure_source_.tool_type = VocabString.from_dict(measure_source_dict.get('tool_type'))
measure_source_.description = StructuredText.from_dict(measure_source_dict.get('description'))
measure_source_.contributors = Personnel.from_list(measure_source_dict.get('contributors'))
measure_source_.time = Time.from_dict(measure_source_dict.get('time'))
measure_source_.tools = ToolInformationList.from_list(measure_source_dict.get('tools'))
measure_source_.platform = None #TODO: add support
measure_source_.system = ObjectProperties.from_dict(measure_source_dict.get('system'))
measure_source_.instance = ObjectProperties.from_dict(measure_source_dict.get('instance'))
return measure_source_
def from_obj(measure_source_obj):
if not measure_source_obj:
return None
measure_source_ = MeasureSource()
measure_source_.class_ = measure_source_obj.get_class()
measure_source_.source_type = measure_source_obj.get_source_type()
measure_source_.name = measure_source_obj.get_name()
measure_source_.information_source_type = VocabString.from_obj(measure_source_obj.get_Information_Source_Type())
measure_source_.tool_type = VocabString.from_obj(measure_source_obj.get_Tool_Type())
measure_source_.description = StructuredText.from_obj(measure_source_obj.get_Description())
measure_source_.contributors = Personnel.from_obj(measure_source_obj.get_Contributors())
measure_source_.time = Time.from_obj(measure_source_obj.get_Time())
measure_source_.tools = ToolInformationList.from_obj(measure_source_obj.get_Tools())
measure_source_.platform = None #TODO: add support
measure_source_.system = ObjectProperties.from_obj(measure_source_obj.get_System())
measure_source_.instance = ObjectProperties.from_obj(measure_source_obj.get_Instance())
return measure_source_
def from_dict(artifact_dict):
if not artifact_dict:
return None
artifact = Artifact()
ObjectProperties.from_dict(artifact_dict, artifact)
for layer in artifact_dict.get("packaging", []):
if layer.get("packaging_type") == "compression":
artifact.packaging.append(Compression.from_dict(layer))
if layer.get("packaging_type") == "encryption":
artifact.packaging.append(Encryption.from_dict(layer))
if layer.get("packaging_type") == "encoding":
artifact.packaging.append(Encoding.from_dict(layer))
raw_artifact = artifact_dict.get("raw_artifact")
if raw_artifact:
artifact.packed_data = RawArtifact.from_dict(raw_artifact).value
return artifact
def from_dict(artifact_dict):
if not artifact_dict:
return None
artifact = Artifact()
ObjectProperties.from_dict(artifact_dict, artifact)
for layer in artifact_dict.get('packaging', []):
if layer.get('packaging_type') == "compression":
artifact.packaging.append(Compression.from_dict(layer))
if layer.get('packaging_type') == "encryption":
artifact.packaging.append(Encryption.from_dict(layer))
if layer.get('packaging_type') == "encoding":
artifact.packaging.append(Encoding.from_dict(layer))
raw_artifact = artifact_dict.get('raw_artifact')
if raw_artifact:
artifact.packed_data = RawArtifact.from_dict(raw_artifact).value
return artifact
def from_obj(artifact_obj):
if not artifact_obj:
return None
artifact = Artifact()
ObjectProperties.from_obj(artifact_obj, artifact)
packaging = artifact_obj.get_Packaging()
if packaging:
for c in packaging.get_Compression():
artifact.packaging.append(Compression.from_obj(c))
for e in packaging.get_Encryption():
artifact.packaging.append(Encryption.from_obj(e))
for e in packaging.get_Encoding():
artifact.packaging.append(Encoding.from_obj(e))
raw_artifact = artifact_obj.get_Raw_Artifact()
if raw_artifact:
artifact.packed_data = RawArtifact.from_obj(raw_artifact).value
return artifact
def from_obj(artifact_obj):
if not artifact_obj:
return None
artifact = Artifact()
ObjectProperties.from_obj(artifact_obj, artifact)
packaging = artifact_obj.get_Packaging()
if packaging:
for c in packaging.get_Compression():
artifact.packaging.append(Compression.from_obj(c))
for e in packaging.get_Encryption():
artifact.packaging.append(Encryption.from_obj(e))
for e in packaging.get_Encoding():
artifact.packaging.append(Encoding.from_obj(e))
raw_artifact = artifact_obj.get_Raw_Artifact()
if raw_artifact:
artifact.packed_data = RawArtifact.from_obj(raw_artifact).value
return artifact
def from_obj(artifact_obj):
if not artifact_obj:
return None
artifact = Artifact()
ObjectProperties.from_obj(artifact_obj, artifact)
packaging = artifact_obj.Packaging
if packaging:
for c in packaging.Compression:
artifact.packaging.append(Compression.from_obj(c))
for e in packaging.Encryption:
artifact.packaging.append(Encryption.from_obj(e))
for e in packaging.Encoding:
artifact.packaging.append(Encoding.from_obj(e))
raw_artifact = artifact_obj.Raw_Artifact
if raw_artifact:
artifact.packed_data = RawArtifact.from_obj(raw_artifact).value
artifact.type_ = artifact_obj.type_
return artifact
def from_obj(artifact_obj):
if not artifact_obj:
return None
artifact = Artifact()
ObjectProperties.from_obj(artifact_obj, artifact)
packaging = artifact_obj.Packaging
if packaging:
for c in packaging.Compression:
artifact.packaging.append(Compression.from_obj(c))
for e in packaging.Encryption:
artifact.packaging.append(Encryption.from_obj(e))
for e in packaging.Encoding:
artifact.packaging.append(Encoding.from_obj(e))
raw_artifact = artifact_obj.Raw_Artifact
if raw_artifact:
artifact.packed_data = RawArtifact.from_obj(raw_artifact).value
artifact.type_ = artifact_obj.type_
return artifact
def from_dict(addr_dict, category=None):
if not addr_dict:
return None
addr = Address()
# Shortcut if only a string is passed as a parameter
if not isinstance(addr_dict, dict):
addr.address_value = String.from_dict(addr_dict)
addr.category = category
return addr
ObjectProperties.from_dict(addr_dict, addr)
addr.category = addr_dict.get('category')
addr.is_destination = addr_dict.get('is_destination')
addr.is_source = addr_dict.get('is_source')
addr.address_value = String.from_dict(addr_dict.get('address_value'))
addr.vlan_name = String.from_dict(addr_dict.get('vlan_name'))
addr.vlan_num = Integer.from_dict(addr_dict.get('vlan_num'))
return addr
def from_dict(artifact_dict):
if not artifact_dict:
return None
artifact = Artifact()
ObjectProperties.from_dict(artifact_dict, artifact)
for layer in artifact_dict.get('packaging', []):
if layer.get('packaging_type') == "compression":
artifact.packaging.append(Compression.from_dict(layer))
if layer.get('packaging_type') == "encryption":
artifact.packaging.append(Encryption.from_dict(layer))
if layer.get('packaging_type') == "encoding":
artifact.packaging.append(Encoding.from_dict(layer))
raw_artifact = artifact_dict.get('raw_artifact')
if raw_artifact:
data = RawArtifact.from_dict(raw_artifact).value
artifact.packed_data = six.text_type(data)
artifact.type_ = artifact_dict.get('type')
return artifact
def from_dict(whois_dict):
if not whois_dict:
return None
whois = WhoisEntry()
ObjectProperties.from_dict(whois_dict, whois)
whois.domain_name = URI.from_dict(whois_dict.get('domain_name'))
whois.domain_id = String.from_dict(whois_dict.get('domain_id'))
whois.server_name = URI.from_dict(whois_dict.get('server_name'))
whois.ip_address = Address.from_dict(whois_dict.get('ip_address'), Address.CAT_IPV4)
whois.dnssec = whois_dict.get('dnssec')
whois.nameservers = WhoisNameservers.from_list(whois_dict.get('nameservers'))
whois.status = WhoisStatuses.from_list(whois_dict.get('status'))
whois.updated_date = DateTime.from_dict(whois_dict.get('updated_date'))
whois.creation_date = DateTime.from_dict(whois_dict.get('creation_date'))
whois.expiration_date = DateTime.from_dict(whois_dict.get('expiration_date'))
whois.regional_internet_registry = String.from_dict(whois_dict.get('regional_internet_registry'))
whois.sponsoring_registrar = String.from_dict(whois_dict.get('sponsoring_registrar'))
whois.registrar_info = WhoisRegistrar.from_dict(whois_dict.get('registrar_info'))
whois.registrants = WhoisRegistrants.from_list(whois_dict.get('registrants'))
whois.contact_info = WhoisContact.from_dict(whois_dict.get('contact_info'))
return whois
def from_obj(whois_obj):
if not whois_obj:
return None
whois = WhoisEntry()
ObjectProperties.from_obj(whois_obj, whois)
whois.domain_name = URI.from_obj(whois_obj.get_Domain_Name())
whois.domain_id = String.from_obj(whois_obj.get_Domain_ID())
whois.server_name = URI.from_obj(whois_obj.get_Server_Name())
whois.ip_address = Address.from_obj(whois_obj.get_IP_Address())
whois.dnssec = whois_obj.get_DNSSEC()
whois.nameservers = WhoisNameservers.from_obj(whois_obj.get_Nameservers())
whois.status = WhoisStatuses.from_obj(whois_obj.get_Status())
whois.updated_date = DateTime.from_obj(whois_obj.get_Updated_Date())
whois.creation_date = DateTime.from_obj(whois_obj.get_Creation_Date())
whois.expiration_date = DateTime.from_obj(whois_obj.get_Expiration_Date())
whois.regional_internet_registry = String.from_obj(whois_obj.get_Regional_Internet_Registry())
whois.sponsoring_registrar = String.from_obj(whois_obj.get_Sponsoring_Registrar())
whois.registrar_info = WhoisRegistrar.from_obj(whois_obj.get_Registrar_Info())
whois.registrants = WhoisRegistrants.from_obj(whois_obj.get_Registrants())
whois.contact_info = WhoisContact.from_obj(whois_obj.get_Contact_Info())
return whois
def _prepare_objects(self, final_indicator_objects):
"""Prepare the final Indicator Objects for translation into STIX Indicators.
Set their condition attributes as appropriate.
Args:
final_indicator_objects: a list of ``maec.bundle.object_history.ObjectHistoryEntry`` objects representing
the final, pruned list of Objects on which the condition should be set.
"""
for entry in final_indicator_objects:
object = entry.object
object_xsi_type = object.properties._XSI_TYPE
object_properties_dict = object.properties.to_dict()
updated_properties_dict = {}
for property_name, property_value in object_properties_dict.iteritems():
updated_properties_dict[property_name] = self._set_object_property(property_value)
updated_properties_dict['xsi:type'] = object_xsi_type
object.properties = ObjectProperties.from_dict(updated_properties_dict)
def from_dict(object_dict, obj=None):
if not object_dict:
return None
if not obj:
obj = Object()
obj.id_ = object_dict.get('id')
obj.idref = object_dict.get('idref')
obj.properties = ObjectProperties.from_dict(
object_dict.get('properties'))
obj.related_objects = [RelatedObject.from_dict(x) for x in
object_dict.get('related_objects', [])]
obj.domain_specific_object_properties = DomainSpecificObjectProperties.from_dict(object_dict.get('domain_specific_object_properties'))
if obj.id_:
cybox.utils.cache_put(obj)
return obj
def from_dict(object_dict, obj=None):
if not object_dict:
return None
if not obj:
obj = Object()
obj.id_ = object_dict.get('id')
obj.idref = object_dict.get('idref')
obj.properties = ObjectProperties.from_dict(
object_dict.get('properties'))
obj.related_objects = [RelatedObject.from_dict(x) for x in
object_dict.get('related_objects', [])]
obj.domain_specific_object_properties = DomainSpecificObjectProperties.from_dict(object_dict.get('domain_specific_object_properties'))
if obj.id_:
cybox.utils.cache_put(obj)
return obj
def prune_objects(self, candidate_indicator_objects):
"""Perform contraindicator and required property checking and prune un-wanted
properties from the input list of candidate Indicator CybOX Objects.
Args:
candidate_indicator_objects: a list of ``maec.bundle.object_history.ObjectHistoryEntry`` objects representing
the initial list of CybOX Objects that may be used in the STIX Indicators.
Returns:
A list of ``maec.bundle.object_history.ObjectHistoryEntry`` objects representing
the final list of checked and pruned CybOX Objects that will be used for the STIX Indicators.
"""
final_indicator_objects = []
# Prune any unwanted properties from Objects
for entry in candidate_indicator_objects:
object = entry.object
xsi_type = object.properties._XSI_TYPE
# Do the contraindicator check
if xsi_type in self.config.supported_objects and not self._contraindicator_check(
entry):
object_type_conf = self.config.supported_objects[xsi_type]
# Prune the properties of the Object to correspond to the input config file
# First, test for the presence of only the required properties
if self._required_property_check(
object, self.config.supported_objects[xsi_type]):
# If the required properties are found, prune based on the full set (optional + required)
full_properties = {}
full_properties.update(object_type_conf["required"])
full_properties.update(object_type_conf["optional"])
full_properties.update(
object_type_conf["mutually_exclusive"])
full_pruned_properties = self._prune_object_properties(
object.properties.to_dict(), full_properties)
full_pruned_properties["xsi:type"] = xsi_type
# Create a new Object with the pruned ObjectProperties
pruned_object = Object()
pruned_object.properties = ObjectProperties.from_dict(
full_pruned_properties)
entry.object = pruned_object
# Add the updated Object History entry to the final list of Indicators
final_indicator_objects.append(entry)
return final_indicator_objects
def from_obj(object_obj, obj=None):
if not object_obj:
return None
if not obj:
obj = Object()
obj.id_ = object_obj.id
obj.idref = object_obj.idref
obj.properties = ObjectProperties.from_obj(object_obj.Properties)
obj.domain_specific_object_properties = DomainSpecificObjectProperties.from_obj(object_obj.Domain_Specific_Object_Properties)
rel_objs = object_obj.Related_Objects
if rel_objs:
obj.related_objects = [RelatedObject.from_obj(x) for x in
rel_objs.Related_Object]
if obj.id_:
cybox.utils.cache_put(obj)
return obj
def _prepare_objects(self, final_indicator_objects):
"""Prepare the final Indicator Objects for translation into STIX Indicators.
Set their condition attributes as appropriate.
Args:
final_indicator_objects: a list of ``maec.bundle.object_history.ObjectHistoryEntry`` objects representing
the final, pruned list of Objects on which the condition should be set.
"""
for entry in final_indicator_objects:
object = entry.object
object_xsi_type = object.properties._XSI_TYPE
object_properties_dict = object.properties.to_dict()
updated_properties_dict = {}
for property_name, property_value in object_properties_dict.iteritems(
):
updated_properties_dict[
property_name] = self._set_object_property(property_value)
updated_properties_dict['xsi:type'] = object_xsi_type
object.properties = ObjectProperties.from_dict(
updated_properties_dict)
def from_obj(object_obj, obj=None):
if not object_obj:
return None
if not obj:
obj = Object()
obj.id_ = object_obj.id
obj.idref = object_obj.idref
obj.properties = ObjectProperties.from_obj(object_obj.Properties)
obj.domain_specific_object_properties = DomainSpecificObjectProperties.from_obj(object_obj.Domain_Specific_Object_Properties)
rel_objs = object_obj.Related_Objects
if rel_objs:
obj.related_objects = [RelatedObject.from_obj(x) for x in
rel_objs.Related_Object]
if obj.id_:
cybox.utils.cache_put(obj)
return obj
def from_dict(object_dict, obj_class=None):
if not object_dict:
return None
if obj_class == None:
obj = Object()
else:
obj = obj_class
obj.id_ = object_dict.get("id")
obj.idref = object_dict.get("idref")
obj.properties = ObjectProperties.from_dict(object_dict.get("properties"))
obj.related_objects = [RelatedObject.from_dict(x) for x in object_dict.get("related_objects", [])]
obj.domain_specific_object_properties = DomainSpecificObjectProperties.from_dict(
object_dict.get("domain_specific_object_properties")
)
if obj.id_:
cybox.utils.cache_put(obj)
return obj
def from_obj(object_obj, obj_class=None):
if not object_obj:
return None
if obj_class == None:
obj = Object()
else:
obj = obj_class
obj.id_ = object_obj.get_id()
obj.idref = object_obj.get_idref()
obj.properties = ObjectProperties.from_obj(object_obj.get_Properties())
obj.domain_specific_object_properties = DomainSpecificObjectProperties.from_obj(object_obj.get_Domain_Specific_Object_Properties())
rel_objs = object_obj.get_Related_Objects()
if rel_objs:
obj.related_objects = [RelatedObject.from_obj(x) for x in
rel_objs.get_Related_Object()]
if obj.id_:
cybox.utils.cache_put(obj)
return obj
def prune_objects(self, candidate_indicator_objects):
"""Perform contraindicator and required property checking and prune un-wanted
properties from the input list of candidate Indicator CybOX Objects.
Args:
candidate_indicator_objects: a list of ``maec.bundle.object_history.ObjectHistoryEntry`` objects representing
the initial list of CybOX Objects that may be used in the STIX Indicators.
Returns:
A list of ``maec.bundle.object_history.ObjectHistoryEntry`` objects representing
the final list of checked and pruned CybOX Objects that will be used for the STIX Indicators.
"""
final_indicator_objects = []
# Prune any unwanted properties from Objects
for entry in candidate_indicator_objects:
object = entry.object
xsi_type = object.properties._XSI_TYPE
# Do the contraindicator check
if xsi_type in self.config.supported_objects and not self._contraindicator_check(entry):
object_type_conf = self.config.supported_objects[xsi_type]
# Prune the properties of the Object to correspond to the input config file
# First, test for the presence of only the required properties
if self._required_property_check(object, self.config.supported_objects[xsi_type]):
# If the required properties are found, prune based on the full set (optional + required)
full_properties = {}
full_properties.update(object_type_conf["required"])
full_properties.update(object_type_conf["optional"])
full_properties.update(object_type_conf["mutually_exclusive"])
full_pruned_properties = self._prune_object_properties(object.properties.to_dict(), full_properties)
full_pruned_properties["xsi:type"] = xsi_type
# Create a new Object with the pruned ObjectProperties
pruned_object = Object()
pruned_object.properties = ObjectProperties.from_dict(full_pruned_properties)
entry.object = pruned_object
# Add the updated Object History entry to the final list of Indicators
final_indicator_objects.append(entry)
return final_indicator_objects
def test_empty_dict(self):
self.assertEqual(None, ObjectProperties.from_dict({}))
