def from_dict(win_file_dict, file_class = None):
if not win_file_dict:
return None
if not file_class:
win_file_ = File.from_dict(win_file_dict, WinFile())
else:
win_file_ = File.from_dict(win_file_dict, file_class)
win_file_.filename_accessed_time = DateTime.from_dict(win_file_dict.get('filename_accessed_time'))
win_file_.filename_created_time = DateTime.from_dict(win_file_dict.get('filename_created_time'))
win_file_.filename_modified_time = DateTime.from_dict(win_file_dict.get('filename_modified_time'))
win_file_.drive = String.from_dict(win_file_dict.get('drive'))
win_file_.security_id = String.from_dict(win_file_dict.get('security_id'))
win_file_.security_type = String.from_dict(win_file_dict.get('security_type'))
win_file_.stream_list = StreamList.from_list(win_file_dict.get('stream_list'))
return win_file_
def from_dict(mal_dev_dict):
if not mal_dev_dict:
return None
mal_dev_env_ = MalwareDevelopmentEnvironment()
mal_dev_env_.tools = ToolInformationList.from_list(mal_dev_dict['tools'])
if mal_dev_dict.get('debugging_file'):
mal_dev_env_.debugging_file = [File.from_dict(x) for x in mal_dev_dict['debugging_file']]
return mal_dev_env_
def from_dict(mal_conf_storage_dict):
if not mal_conf_storage_dict:
return None
mal_conf_storage_ = MalwareConfigurationStorageDetails()
mal_conf_storage_.malware_binary = MalwareBinaryConfigurationStorageDetails.from_dict(mal_conf_storage_dict['malware_binary'])
mal_conf_storage_.file = File.from_dict(mal_conf_storage_dict['file'])
if mal_conf_storage_dict['url']:
mal_conf_storage_.url = [URI.from_dict(x) for x in mal_conf_storage_dict['configuration_parameter']]
return mal_conf_storage_
def from_dict(message_dict):
message = EmailMessage()
for attachment in message_dict.get('attachments', []):
message.attachments.append(File.from_dict(attachment))
for link in message_dict.get('links', []):
message.links.append(URI.from_dict(link))
message.header = EmailHeader.from_dict(message_dict.get('header'))
message.optional_header = OptionalHeader.from_dict(message_dict.get('optional_header'))
message.email_server = String.from_dict(message_dict.get('email_server'))
message.raw_body = String.from_dict(message_dict.get('raw_body'))
message.raw_header = String.from_dict(message_dict.get('raw_header'))
return message
def test_filepath_is_none(self):
# This would throw an exception at one point. Should be fixed now.
a = File.from_dict({'file_name': 'abcd.dll'})
def test_filepath_is_none(self):
# This would throw an exception at one point. Should be fixed now.
a = File.from_dict({'file_name': 'abcd.dll'})
from cybox.objects.file_object import File
file_1 = File.from_dict({'file_name': 'abcd.dll', 'size_in_bytes': '25556'})
file_2 = File.from_dict({'file_name': 'abcd.dll', 'size_in_bytes': '25556'})
file_3 = File.from_dict({'file_name': 'abcd.dll', 'size_in_bytes': '1337'})
# First, disable the use of ``size_in_bytes`` comparisons.
File.size_in_bytes.comparable = False
print file_1 == file_2
print file_1 == file_3
# Now, set it back to True (the default).
File.size_in_bytes.comparable = True
print file_1 == file_2
print file_1 == file_3
# this can be changed to an output file
outfd = sys.stdout
# create an Observable object:
observables_doc = Observables([])
# add some different observables:
# you don't have to use every member and there are other members that are not being utilized here:
observables_doc.add(Process.from_dict({"name": "Process.exe",
"pid": 90,
"parent_pid": 10,
#"creation_time": "",
"image_info": {"command_line": "Process.exe /c blah.txt"}}))
observables_doc.add(File.from_dict({"file_name": "file.txt",
"file_extension": "txt",
"file_path": "path\\to\\file.txt"}))
observables_doc.add(helper.create_ipv4_observable("192.168.1.101"))
observables_doc.add(helper.create_url_observable("somedomain.com"))
observables_doc.add(WinService.from_dict({"service_name": "Service Name",
"display_name": "Service Display name",
"startup_type": "Service type",
"service_status": "Status",
"service_dll": "Somedll.dll",
"started_as": "Start",
"group_name": "Group name",
"startup_command_line": "Commandline"}))
