class Package(maec.Entity): _binding = package_binding _binding_class = package_binding.PackageType _namespace = _namespace id_ = fields.TypedField('id') timestamp = fields.TypedField('timestamp') schema_version = fields.TypedField('schema_version') malware_subjects = fields.TypedField('Malware_Subjects', MalwareSubjectList) grouping_relationships = fields.TypedField('Grouping_Relationships', GroupingRelationshipList) def __init__(self, id=None, schema_version="2.1", timestamp=None): super(Package, self).__init__() if id: self.id_ = id else: self.id_ = idgen.create_id(prefix="package") self.schema_version = schema_version self.timestamp = timestamp self.malware_subjects = MalwareSubjectList() self.__input_namespaces__ = {} self.__input_schemalocations__ = {} #Public methods #Add a malware subject to this Package def add_malware_subject(self, malware_subject): self.malware_subjects.append(malware_subject) #Add a grouping relationship def add_grouping_relationship(self, grouping_relationship): if not self.grouping_relationships: self.grouping_relationships = GroupingRelationshipList() self.grouping_relationships.append(grouping_relationship) # Create new Package from the XML document at the specified path @staticmethod def from_xml(xml_file): ''' Returns a tuple of (api_object, binding_object). Parameters: xml_file - either a filename or a stream object ''' from maec.utils.parser import EntityParser parser = EntityParser() maec_package = parser.parse_xml(xml_file) maec_package_obj = maec_package.to_obj() return (maec_package, maec_package_obj) # Transform duplicate objects within this Package into references pointing to a single canonical object def deduplicate_malware_subjects(self): """DeDuplicate all Malware_Subjects in the Package. For now, only handles Objects in Findings Bundles""" for malware_subject in self.malware_subjects: malware_subject.deduplicate_bundles()
class Package(maec.Entity): _binding = package_binding _binding_class = package_binding.PackageType _namespace = _namespace id_ = fields.TypedField('id') timestamp = fields.TypedField('timestamp') schema_version = fields.TypedField('schema_version') malware_subjects = fields.TypedField('Malware_Subjects', MalwareSubjectList) grouping_relationships = fields.TypedField('Grouping_Relationships', GroupingRelationshipList) def __init__(self, id = None, schema_version = "2.1", timestamp = None): super(Package, self).__init__() if id: self.id_ = id else: self.id_ = idgen.create_id(prefix="package") self.schema_version = schema_version self.timestamp = timestamp self.malware_subjects = MalwareSubjectList() self.__input_namespaces__ = {} self.__input_schemalocations__ = {} #Public methods #Add a malware subject to this Package def add_malware_subject(self, malware_subject): self.malware_subjects.append(malware_subject) #Add a grouping relationship def add_grouping_relationship(self, grouping_relationship): if not self.grouping_relationships: self.grouping_relationships = GroupingRelationshipList() self.grouping_relationships.append(grouping_relationship) # Create new Package from the XML document at the specified path @staticmethod def from_xml(xml_file): ''' Returns a tuple of (api_object, binding_object). Parameters: xml_file - either a filename or a stream object ''' from maec.utils.parser import EntityParser parser = EntityParser() maec_package = parser.parse_xml(xml_file) maec_package_obj = maec_package.to_obj() return (maec_package, maec_package_obj) # Transform duplicate objects within this Package into references pointing to a single canonical object def deduplicate_malware_subjects(self): """DeDuplicate all Malware_Subjects in the Package. For now, only handles Objects in Findings Bundles""" for malware_subject in self.malware_subjects: malware_subject.deduplicate_bundles()
def __init__(self, id = None, schema_version = "2.1", timestamp = None): super(Package, self).__init__() if id: self.id_ = id else: self.id_ = idgen.create_id(prefix="package") self.schema_version = schema_version self.timestamp = timestamp self.malware_subjects = MalwareSubjectList() self.__input_namespaces__ = {} self.__input_schemalocations__ = {}
def merge_packages(package_list, namespace=None): '''Merge a list of input MAEC Packages and return a merged Package instance.''' malware_subjects = [] # Instantiate the ID generator class (for automatic ID generation) if not namespace: NS = Namespace("https://github.com/MAECProject/python-maec", "merged") else: NS = namespace maec.utils.set_id_namespace(NS) # Build the list of Malware Subjects for package in package_list: for malware_subject in package.malware_subjects: malware_subjects.append(malware_subject) # Merge the Malware Subjects merged_subjects = merge_malware_subjects(malware_subjects) # Merge the input namespace/schemaLocation dictionaries merged_namespaces = {} merged_schemalocations = {} for package in package_list: merged_namespaces.update(package.__input_namespaces__) merged_schemalocations.update(package.__input_schemalocations__) # Create a new Package with the merged Malware Subjects merged_package = Package() merged_package.malware_subjects = MalwareSubjectList(merged_subjects) merged_package.__input_namespaces__ = merged_namespaces merged_package.__input_schemalocations__ = merged_schemalocations return merged_package