class CyboxDiscoveryMethod(MeasureSource):

    def __init_(self,contributors=None,time=None,tools=None,platform=None,system=None,instance=None,description=None,source_type=None,name=None,tool_type=None,
                           sighting_count=None,information_source_type=None):
        super(CyboxDiscoveryMethod,self).__init__()
        if contributors is not None:
            self.contributors = Personnel()
            for contr in contributors:
                self.contributors.append(contr)
        self.time=time
        if tools is not None:
            self.tools =ToolInformationList()
            for tool in tools:
                self.tools.append(tool)
        self.platform = platform
        self.system = system
        self.instance =instance
        self.description = description
        self.information_source_type=information_source_type
        self.sighting_count=sighting_count
        self.source_type = source_type
        self.tool_type = tool_type
        self.name = name

    def add_discovery_method_contributor(self,contributor=None,contributors=None):
        if self.contributors is None:
            self.contributors = Personnel()
        if contributor is not None:
            self.contributors.append(contributor)
        if contributors is not None:
            for contr in contributors:
                self.contributors.append(contr)


    def create_discovery_method_contributor(self,name=None,role=None,email=None,phone=None,organization=None,contribution_location=None,start_date=None,end_date=None):
        contributor = Contributor()
        contributor.name=name
        contributor.role = role
        contributor.email =email
        contributor.phone =phone
        contributor.organization = organization
        if start_date is not None and end_date is not None:
            if end_date > start_date:
                daterange = DateRange()
                daterange.end_date = end_date
                daterange.start_date = start_date
                contributor.date = daterange
            else:
                contributor.date =None
        contributor.contribution_location =contribution_location
        return contributor

    def add_discovery_method_time(self,time):
        self.time =time

    def create_discovery_method_time(self, start_time=None,end_time=None,produced_time=None,received_time=None):
        time = dstime(start_time=start_time,end_time=end_time,produced_time=produced_time,received_time=received_time)
        return time

    def create_discovery_method_observation_location(self):
        '''
        future implementation
        '''
        pass

    def add_discovery_method_tool(self,tool,tools):
        if self.tools is None:
            self.tools = ToolInformationList()
        if tool is not None:
            self.tools.append(tool)
        if tools is not None:
            for tool in  tools:
                self.tools.append(tool)

    def create_discovery_method_tool(self,name=None,type=None,description=None,vendor=None,version=None,service_pack=None,hashes=None):
        tool = ToolInformation()
        tool.name=name
        if type is not None:
            for typename in type :
                tool.type_.append(String(value=typename))

        if description is not None:
            tool.description = StructuredText()
            tool.description.value=description
        tool.vendor =vendor
        tool.version =version
        tool.service_pack =service_pack
        if hashes is not None:
            for hashob in hashes:
                tool.tool_hashes._set_hash(hashob[0],hashob[1])
        return tool

    def add_discovery_method_platform(self,platform):
        self.platform = platform

    def create_discovery_method_platform(self,description=None,identifiers=None):
        platform = PlatformSpecification()
        if description is not None:
            platform.description= StructuredText(value=description)
        if not identifiers is None:
            for identifier in identifiers:
                platform.identifiers.append(identifier)
        return platform

    def create_discovery_method_platform_identifier(self,system=None,system_ref =None):
        identifier = PlatformIdentifier()
        identifier.system =system
        identifier.system_ref =system_ref
        return identifier

    def add_discovery_method_system(self,system):
        self.system = system

    def create_discovery_method_system(self,available_physical_memory=None,bios_info=None,date=None,hostname=None,local_time=None,network_interface_list=None,os=None,processor=None,system_time=None,timezone_dst=None,
                                    timezone_standard=None,total_physical_memory=None,uptime=None,username=None):
        system = System()
        system.available_physical_memory=available_physical_memory
        system.bios_info = bios_info
        system.date = Date(value=date)
        system.hostname = hostname
        system.local_time = Time(value=local_time)
        if network_interface_list is not None:
            system.network_interface_list = NetworkInterfaceList()
            for netinter in network_interface_list:
                system.network_interface_list.append(netinter)
        system.os =os
        system.processor =processor
        system.system_time=Time(value=system_time)
        system.timezone_dst = timezone_dst
        system.timezone_standard =timezone_standard
        system.total_physical_memory=total_physical_memory
        if uptime is not None:
            system.uptime = Duration()
            system.uptime.value =uptime
        system.username = username

        return system

    def create_discovery_method_system_bios_info(self,bios_date=None,manufacturer=None,bios_release_date=None,bios_serial_number =None,bios_version=None):
        bios = BIOSInfo()
        bios.bios_date = Date(value=bios_date)
        bios.bios_manufacturer=manufacturer
        bios.bios_release_date = Date(value=bios_release_date)
        bios.bios_serial_number = bios_serial_number
        bios.bios_version =bios_version
        return bios

    def create_discovery_method_system_os(self,bitness=None,platform=None,build_number=None,install_date=None,patch_level=None,environment_variable_list=None):
        os_obj = OS()
        os_obj.bitness =bitness
        os_obj.build_number = build_number
        if environment_variable_list is not None:
            os_obj.environment_variable_list = EnvironmentVariableList()
            for envar in environment_variable_list:
                os_obj.environment_variable_list.append(envar)
        os_obj.install_date = Date(value=install_date)
        os_obj.patch_level= patch_level
        os_obj.platform = platform # for platform creation should use creatediscoverymethodplatform
        return os_obj

    def create_discovery_method_env_var(self,name=None,value=None):
        envvar = EnvironmentVariable()
        envvar.name = String(name)
        envvar.value = String(value)
        return envvar

    def create_discovery_method_system_network_interface(self,adapter=None,description=None,dhcp_lease_expires=None,dhcp_lease_obtained=None,dhcp_server_list=None,
                                                    mac=None,ip_lst=None,ip_gateway_lst=None):
        netinter = NetworkInterface()
        netinter.adapter=adapter
        netinter.description = description
        netinter.dhcp_lease_expires = DateTime(value=dhcp_lease_expires)
        netinter.dhcp_lease_obtained =DateTime(value=dhcp_lease_obtained)
        if dhcp_server_list is not None:
            netinter.dhcp_server_list = DHCPServerList()
            for srv in dhcp_server_list :
                netinter.dhcp_server_list.append(srv)
        netinter.mac = mac
        netinter.ip_list =IPInfoList(ip_lst)

        if ip_lst is not None:
            netinter.ip_list = IPInfoList()
            for ipinf in ip_lst:
                netinter.ip_list.append(ipinf)

        if ip_gateway_lst is not None:
            netinter.ip_gateway_list= IPGatewayList()
            for gateway in ip_gateway_lst:
                netinter.ip_gateway_list.append(gateway)
        return netinter

    def create_discovery_method_system_network_interface_ip_info(self,ip_address=None,ip_cat=Address.CAT_IPV4,subnet_mask=None,submaskcat=Address.CAT_IPV4_NETMASK):
        ipinf = IPInfo()
        ipinf.ip_address = Address()
        ipinf.ip_address.address_value=ip_address
        ipinf.ip_address.category = ip_cat
        ipinf.subnet_mask = Address()
        ipinf.subnet_mask.address_value = subnet_mask
        ipinf.subnet_mask.category=submaskcat
        return ipinf

    def create_discovery_method_network_interface_adress_gateway(self,ip_address=None,ip_cat=Address.CAT_IPV4_NET):
        return Address(address_value=ip_address,category=ip_cat)

    def create_discovery_method_network_interface_adress_dhcp(self,ip_address=None,ip_cat=Address.CAT_IPV4_NET):
        return Address(address_value=ip_address,category=ip_cat)

    def add_discovery_method_instance(self,instance):
        self.instance = instance

    def create_discovery_method_instance(self,argument_list=None,child_pid_list=None,creation_time =None,is_hidden=None,image_info=None,extracted_features=None,environment_variable_list=None,
                                     kernel_time=None,name=None,network_connection_list=None,parent_pid=None,pid=None,port_list=None,start_time=None,user_time=None,username=None):
        instance = Process()
        instance.argument_list= argument_list
        instance.child_pid_list=child_pid_list
        instance.creation_time = DateTime(creation_time)
        instance.username=username
        instance.user_time = Duration(user_time)
        instance.start_time = DateTime(start_time)
        instance.port_list =port_list
        instance.pid = pid
        instance.parent_pid = parent_pid
        if network_connection_list is not None and (all(isinstance(x,NetworkConnection ) for x in network_connection_list)):
            instance.network_connection_list = NetworkConnectionList()
            for netcon in network_connection_list:
                instance.network_connection_list.append(netcon)
        else:
            instance.network_connection_list= None

        instance.name = name
        instance.kernel_time = Duration(kernel_time)
        if environment_variable_list is not None and (all(isinstance(x,EnvironmentVariable ) for x in environment_variable_list)):
            instance.environment_variable_list = EnvironmentVariableList()
            for envar in environment_variable_list:
                instance.environment_variable_list.append(envar)
        else:
            instance.environment_variable_list =None

        instance.extracted_features =extracted_features
        instance.image_info = image_info
        instance.is_hidden= is_hidden
        return instance

    def create_discovery_method_instance_child_pid_list(self,pid_list):
        cplst = ChildPIDList()
        if pid_list is not None and (all(isinstance(x, (int, long)) for x in pid_list)):
            for pidn in pid_list:
                cplst.append(pidn)
        return cplst

    def create_discovery_method_instance_argument_list(self,arg_list):
        arglst = ArgumentList()
        if arg_list is not None and (all(isinstance(x,str ) for x in arg_list)):
            for argm in arg_list:
                arglst.append(argm)
        return arglst

    def create_discovery_method_instnace_image_info(self,current_directory=None,command_line=None,path=None,file_name=None):
        imaginf= ImageInfo()
        imaginf.file_name=file_name
        imaginf.path=path
        imaginf.command_line = command_line
        imaginf.current_directory = current_directory
        return imaginf

    def create_extracted_string(self,string_value,address=None,byte_string_value=None,length=None,language=None,hashes=None,encoding=None,english_translation=None):
        exstr = ExtractedString(string_value=string_value)
        exstr.address = address
        exstr.byte_string_value =byte_string_value
        exstr.length =length
        exstr.language = language
        exstr.hashes = hashes
        exstr.encoding =encoding
        exstr.english_translation = english_translation
        return exstr

    def create_discovery_method_instance_extracted_feautures(self,functions=None,imports=None,codesnippets=None,extractedstrings=None):
        extft = ExtractedFeatures()
        if functions is not None and (all(isinstance(x,str ) for x in functions)):
            extft.functions = Functions()
            for func in functions:
                extft.functions.append(func)

        if imports is not None and (all(isinstance(x,str ) for x in imports)):
            extft.imports = Imports()
            for imp in imports:
                extft.imports.append(imp)

        if codesnippets is not None and (all(isinstance(x,str ) for x in codesnippets)):
            extft.code_snippets = CodeSnippets()
            for codsn in codesnippets:
                code = Code()
                code.code_segment=codsn
                extft.code_snippets.append(code)

        if extractedstrings is not None and (all(isinstance(x,ExtractedString ) for x in extractedstrings)):
            extft.strings = ExtractedStrings()
            for exstr in extractedstrings:
                extft.strings.append(exstr)

        return extft

    def create_network_connection(self,creation_time=None,destination_socket_address=None,destination_tcp_state=None,source_socket_address=None,source_tcp_state=None,tls_used=None,
                                layer7_protocol=None,layer4_protocol=None,layer3_protocol=None,layer7_connections=None):
        network_connection = NetworkConnection()
        network_connection.creation_time= DateTime(creation_time)
        network_connection.destination_socket_address = destination_socket_address
        network_connection.destination_tcp_state = destination_tcp_state
        network_connection.source_socket_address = source_socket_address
        network_connection.source_tcp_state = source_tcp_state
        network_connection.tls_used =tls_used
        network_connection.layer7_protocol= layer7_protocol
        network_connection.layer4_protocol =layer4_protocol
        network_connection.layer3_protocol = layer3_protocol
        network_connection.layer7_connections = layer7_connections

        return network_connection

    def create_layer7_connections(self,dns_queries=None,http_session=None):
        ls7 = Layer7Connections()
        ls7.dns_query =dns_queries
        ls7.http_session= http_session
        return  ls7

    def create_socket_address(self,hostname,port,ip_address,ip_cat=Address.CAT_IPV4,layer4_protocol='TCP',is_domain_name=True,hostname_value=None,naming_system=None):
        socket = SocketAddress()
        socket.ip_address = Address(address_value=ip_address,category=ip_cat)
        socket.port = Port()
        socket.port.port_value=port
        socket.port.layer4_protocol =layer4_protocol
        socket.hostname = Hostname()
        socket.hostname.is_domain_name=is_domain_name
        socket.hostname.hostname_value = hostname_value
        socket.hostname.naming_system = naming_system
        return socket

    def create_port_list(self,portlist):
        port_list = PortList()
        if portlist is not None:
            for port in portlist:port_list.append(port)
        return port_list

    def add_discovery_method_description(self,description):
        self.description=description

    def add_discovery_method_information_source_type(self,information_source_type):
        self.information_source_type = information_source_type

    def add_discovery_method_sighting_count(self,sighting_count):
        self.sighting_count = sighting_count

    def add_discovery_method_source_type(self,source_type):
        self.source_type = source_type

    def add_discovery_merhod_tool_type(self,tool_type):
        self.tool_type = tool_type

    def add_discovery_method_name(self,name):
        self.name = name
Exemplo n.º 2
0
class MaecAnalysis(Analysis):

    def __init__(self,id=None,namespace=None,method=None,type=None,source=None,ordinal_position=None,
                 start_datetime=None,complete_datetime=None,lastupdate_datetime=None,analysts=None,summary=None,comments=None,tools=None,
                 dynamic_analysis_metadata=None,report=None,analysis_environment=None):
        super(MaecAnalysis,self).__init__(id=id,method=method,type=type)
        set_id_method(IDGenerator.METHOD_UUID)
        if id is None:
            if namespace is not None:
                set_id_namespace(namespace)
            self.id_ = create_id(prefix='analysis')

        self.ordinal_position=ordinal_position
        self.start_datetime=start_datetime
        self.complete_datetime =complete_datetime
        self.lastupdate_datetime =lastupdate_datetime
        self.source=source
        if analysts is not None:
            self.analysts = Personnel()
            for contr in analysts():
                if isinstance(contr,Contributor):
                    self.analysts.append(contr)
        self.summary =summary
        if comments is not None:
            self.comments = CommentList()
            for comment in comments:
                self.comments.append(comment)
        if tools is not None:
            for tool in tools:
                if isinstance(tool,ToolInformation):
                    self.add_tool(tool)
        if dynamic_analysis_metadata is not None and isinstance(dynamic_analysis_metadata,DynamicAnalysisMetadata):
            self.dynamic_analysis_metadata =dynamic_analysis_metadata
        self.report =report
        if isinstance(analysis_environment,AnalysisEnvironment):
            self.analysis_environment=analysis_environment

    def add_type(self,type=None):
        self.type_=type

    def add_method(self,method=None):
        self.method =method

    def add_ordinal_position(self,ordinal_position=None):
        self.ordinal_position=ordinal_position

    def addanalysisdatesinfo(self,start_datetime=None,complete_datetime=None,lastupdate_datetime=None):
        self.start_datetime=start_datetime
        self.complete_datetime =complete_datetime
        self.lastupdate_datetime=lastupdate_datetime

    def addsource(self,url=None,reference=None,organization=None,name=None,method=None):
        source = Source()
        source.url = url
        source.reference = reference
        source.organization = organization
        source.name = name
        source.method = method
        self.source =source

    def addanalysts(self,analysts=None):
        if not isinstance(self.analysts,Personnel):
            self.analysts = Personnel()
        for contr in analysts:
            if isinstance(contr,Contributor):
                self.analysts.append(contr)

    def createanalystscontributor(self,name=None,role=None,email=None,phone=None,organization=None,contribution_location=None,start_date=None,end_date=None):
        contributor = Contributor()
        contributor.name=name
        contributor.role = role
        contributor.email =email
        contributor.phone =phone
        contributor.organization = organization
        if start_date is not None and end_date is not None:
            if end_date > start_date:
                daterange = DateRange()
                daterange.end_date = end_date
                daterange.start_date = start_date
                contributor.date = daterange
            else:
                contributor.date =None
        contributor.contribution_location =contribution_location
        return contributor

    def addsummary(self,summary=None):
        self.summary=summary

    def addcomment(self,comment=None):
        if not isinstance(self.comments,CommentList):
            self.comments = CommentList()
        if isinstance(comment,Comment):
            self.comments.append(comment)

    def createcomment(self,author=None,value=None,timestamp=None,observation_name=None):
        comment = Comment()
        comment.author =author
        comment.value=value
        comment.timestamp=timestamp
        comment.observation_name=observation_name
        return comment

    def addfindingsbundlereference(self,bundle_id=None):
        self.set_findings_bundle(bundle_id=bundle_id)

    def createanalysistool(self,name=None,type=None,description=None,vendor=None,version=None,service_pack=None,hashes=None):
        tool = ToolInformation()
        tool.name=name
        if type is not None:
            for typename in type :
                tool.type_.append(String(value=typename))

        if description is not None:
            tool.description = StructuredText()
            tool.description.value=description
        tool.vendor =vendor
        tool.version =version
        tool.service_pack =service_pack
        if hashes is not None:
            for hashob in hashes:
                tool.tool_hashes._set_hash(hashob[0],hashob[1])
        return tool

    def adddynamicanalysismetadata(self,metadata=None):
            if isinstance(metadata,DynamicAnalysisMetadata):
                self.dynamic_analysis_metadata=metadata

    def createdynamicanalysismetadata(self,exit_code=None,command_line=None,analysis_duration=None):
        metadata = DynamicAnalysisMetadata()
        metadata.exit_code =exit_code
        metadata.command_line =command_line
        metadata.analysis_duration = analysis_duration
        return metadata

    def addreport(self,report=None):
        self.report=report

    def addanalysisenvironment(self,analysis_environment=None):
        if isinstance(analysis_environment,AnalysisEnvironment):
            self.analysis_environment=analysis_environment

    def createanalysisenvironment(self,analysis_systems=None,network_infrastructure_captured_protocols=None,hypervisor_host_system=None):
        analysis_environment = AnalysisEnvironment()
        analysis_environment.network_infrastructure=NetworkInfrastructure()
        for capt_prot in network_infrastructure_captured_protocols:
            if isinstance(capt_prot,CapturedProtocol):
                analysis_environment.network_infrastructure.captured_protocols.append(capt_prot)
        analysis_environment.hypervisor_host_system=hypervisor_host_system
        analysis_environment.analysis_systems =AnalysisSystemList()
        if analysis_systems is not None:
            for analysis_system in analysis_systems:
                if isinstance(analysis_system,AnalysisSystem):
                    analysis_environment.analysis_systems.append(analysis_system)
        return analysis_environment

    def createanalysisenvironmentHVhostsystem(self,available_physical_memory=None,bios_info=None,date=None,hostname=None,local_time=None,network_interface_list=None,os=None,processor=None,system_time=None,timezone_dst=None,
                                    timezone_standard=None,total_physical_memory=None,uptime=None,username=None,vm_hypervisor=None):
        system = HypervisorHostSystem()
        system.available_physical_memory=available_physical_memory
        system.bios_info = bios_info
        system.date = Date(value=date)
        system.hostname = hostname
        system.local_time = Time(value=local_time)
        if network_interface_list is not None:
            system.network_interface_list = NetworkInterfaceList()
            for netinter in network_interface_list:
                system.network_interface_list.append(netinter)
        system.os =os
        system.processor =processor
        system.system_time=Time(value=system_time)
        system.timezone_dst = timezone_dst
        system.timezone_standard =timezone_standard
        system.total_physical_memory=total_physical_memory
        if uptime is not None:
            system.uptime = Duration()
            system.uptime.value =uptime
        system.username = username
        system.vm_hypervisor=vm_hypervisor
        return system

    def createanalysisenvironmentsystembiosinfo(self,bios_date=None,manufacturer=None,bios_release_date=None,bios_serial_number =None,bios_version=None):
        bios = BIOSInfo()
        bios.bios_date = Date(value=bios_date)
        bios.bios_manufacturer=manufacturer
        bios.bios_release_date = Date(value=bios_release_date)
        bios.bios_serial_number = bios_serial_number
        bios.bios_version =bios_version
        return bios

    def createanalysisenvironmentsystemos(self,bitness=None,platform=None,build_number=None,install_date=None,patch_level=None,environment_variable_list=None):
        os_obj = OS()
        os_obj.bitness =bitness
        os_obj.build_number = build_number
        if environment_variable_list is not None:
            os_obj.environment_variable_list = EnvironmentVariableList()
            for envar in environment_variable_list:
                os_obj.environment_variable_list.append(envar)
        os_obj.install_date = Date(value=install_date)
        os_obj.patch_level= patch_level
        os_obj.platform = platform # for platform creation should use creatediscoverymethodplatform
        return os_obj


    def createanalysisenvironmentsystemEnvVar(self,name=None,value=None):
        envvar = EnvironmentVariable()
        envvar.name = String(name)
        envvar.value = String(value)
        return envvar

    def createanalysisenvironmentsystemnetworkinterface(self,adapter=None,description=None,dhcp_lease_expires=None,dhcp_lease_obtained=None,dhcp_server_list=None,
                                                    mac=None,ip_lst=None,ip_gateway_lst=None):
        netinter = NetworkInterface()
        netinter.adapter=adapter
        netinter.description = description
        netinter.dhcp_lease_expires = DateTime(value=dhcp_lease_expires)
        netinter.dhcp_lease_obtained =DateTime(value=dhcp_lease_obtained)
        if dhcp_server_list is not None:
            netinter.dhcp_server_list = DHCPServerList()
            for srv in dhcp_server_list :
                netinter.dhcp_server_list.append(srv)
        netinter.mac = mac
        netinter.ip_list =IPInfoList(ip_lst)

        if ip_lst is not None:
            netinter.ip_list = IPInfoList()
            for ipinf in ip_lst:
                netinter.ip_list.append(ipinf)

        if ip_gateway_lst is not None:
            netinter.ip_gateway_list= IPGatewayList()
            for gateway in ip_gateway_lst:
                netinter.ip_gateway_list.append(gateway)
        return netinter

    def createanalysisenvironmentsystemnetworkinterfaceIpInfo(self,ip_address=None,ip_cat=Address.CAT_IPV4,subnet_mask=None,submaskcat=Address.CAT_IPV4_NETMASK):
        ipinf = IPInfo()
        ipinf.ip_address = Address()
        ipinf.ip_address.address_value=ip_address
        ipinf.ip_address.category = ip_cat
        ipinf.subnet_mask = Address()
        ipinf.subnet_mask.address_value = subnet_mask
        ipinf.subnet_mask.category=submaskcat
        return ipinf

    def createanalysisenvironmentsystemnetworkinerfaceAdressGateway(self,ip_address=None,ip_cat=Address.CAT_IPV4_NET):
        return Address(address_value=ip_address,category=ip_cat)

    def createanalysisenvironmentsystemnetworkinerfaceAdressDHCP(self,ip_address=None,ip_cat=Address.CAT_IPV4_NET):
        return Address(address_value=ip_address,category=ip_cat)

    def createanalysisenvironmentsystemplatform(self,description=None,identifiers=None):
        platform = PlatformSpecification()
        if description is not None:
            platform.description= StructuredText(value=description)
        if not identifiers is None:
            for identifier in identifiers:
                platform.identifiers.append(identifier)
        return platform

    def createanalysisenvironmentsystemplatformidentifier(self,system=None,system_ref =None):
        identifier = PlatformIdentifier()
        identifier.system =system
        identifier.system_ref =system_ref
        return identifier


    def createanalysisenvironmentanalysissystem(self,installed_programs=None,network_interfaces=None):
        analysis_system=AnalysisSystem()
        for program in installed_programs:
            if isinstance(program,PlatformSpecification):
                analysis_system.installed_programs.append(program)
        analysis_system.network_interface_list=NetworkInterfaceList()
        for nw in network_interfaces:
            if isinstance(nw,NetworkInterface):
                analysis_system.network_interface_list.append(nw)
        return analysis_system

    def createanalysisenvironmentnetworkinfrastructurecapturedprotocol(self,port_number=None,layer7_protocol=None,layer4_protocol=None,interaction_level=None):
        protocol = CapturedProtocol()
        protocol.port_number= port_number
        protocol.layer7_protocol=layer7_protocol
        protocol.layer4_protocol=layer4_protocol
        protocol.interaction_level = interaction_level
        return protocol