def from_dict(analysis_dict):
if not analysis_dict:
return None
analysis_ = Analysis(None)
analysis_.id = analysis_dict.get("id")
analysis_.method = analysis_dict.get("method")
analysis_.type = analysis_dict.get("type")
analysis_.ordinal_position = analysis_dict.get("ordinal_position")
analysis_.complete_datetime = analysis_dict.get("complete_datetime")
analysis_.start_datetime = analysis_dict.get("start_datetime")
analysis_.lastupdate_datetime = analysis_dict.get("lastupdate_datetime")
analysis_.source = Source.from_dict(analysis_dict.get("source"))
analysis_.analysts = Personnel.from_list(analysis_dict.get("analysts"))
analysis_.summary = StructuredText.from_dict(analysis_dict.get("summary"))
analysis_.comments = CommentList.from_list(analysis_dict.get("comments"))
if analysis_dict.get("findings_bundle_reference"):
analysis_.findings_bundle_reference = [
BundleReference.from_dict(x) for x in analysis_dict.get("findings_bundle_reference")
]
analysis_.tools = ToolList.from_list(analysis_dict.get("tools", []))
analysis_.dynamic_analysis_metadata = DynamicAnalysisMetadata.from_dict(
analysis_dict.get("dynamic_analysis_metadata")
)
analysis_.analysis_environment = AnalysisEnvironment.from_dict(analysis_dict.get("analysis_environment"))
analysis_.report = StructuredText.from_dict(analysis_dict.get("report"))
return analysis_
def from_obj(analysis_obj):
if not analysis_obj:
return None
analysis_ = Analysis(None)
analysis_.id = analysis_obj.get_id()
analysis_.method = analysis_obj.get_method()
analysis_.type = analysis_obj.get_type()
analysis_.ordinal_position = analysis_obj.get_ordinal_position()
analysis_.complete_datetime = analysis_obj.get_complete_datetime()
analysis_.start_datetime = analysis_obj.get_start_datetime()
analysis_.lastupdate_datetime = analysis_obj.get_lastupdate_datetime()
analysis_.source = Source.from_obj(analysis_obj.get_Source())
analysis_.analysts = Personnel.from_obj(analysis_obj.get_Analysts())
analysis_.summary = StructuredText.from_obj(analysis_obj.get_Summary())
analysis_.comments = CommentList.from_obj(analysis_obj.get_Comments())
if analysis_obj.get_Findings_Bundle_Reference():
analysis_.findings_bundle_reference = [
BundleReference.from_obj(x) for x in analysis_obj.get_Findings_Bundle_Reference()
]
analysis_.tools = ToolList.from_obj(analysis_obj.get_Tools())
analysis_.dynamic_analysis_metadata = DynamicAnalysisMetadata.from_obj(
analysis_obj.get_Dynamic_Analysis_Metadata()
)
analysis_.analysis_environment = AnalysisEnvironment.from_obj(analysis_obj.get_Analysis_Environment())
analysis_.report = StructuredText.from_obj(analysis_obj.get_Report())
return analysis_
def generate_analysis(self, static_bundle):
analysis = Analysis()
analysis.type = 'triage'
analysis.method = 'static'
analysis.add_tool(ToolInformation.from_dict({'id': maec.utils.idgen.create_id(prefix="tool"),
'vendor': 'Ero Carrera',
'name': 'pefile'}))
findings_bundle_reference = []
if self.bundle_has_content(static_bundle):
findings_bundle_reference.append(BundleReference.from_dict({'bundle_idref':static_bundle.id_}))
analysis.findings_bundle_reference = findings_bundle_reference
return analysis
def generate_analysis(self, static_bundle):
analysis = Analysis()
analysis.type = 'triage'
analysis.method = 'static'
analysis.add_tool(ToolInformation.from_dict({'id': maec.utils.idgen.create_id(prefix="tool"),
'vendor': 'Ero Carrera',
'name': 'pefile'}))
findings_bundle_reference = []
if self.bundle_has_content(static_bundle):
findings_bundle_reference.append(BundleReference.from_dict({'bundle_idref':static_bundle.id_}))
analysis.findings_bundle_reference = findings_bundle_reference
return analysis
def from_dict(analysis_dict):
if not analysis_dict:
return None
analysis_ = Analysis(None)
analysis_.id = analysis_dict.get('id')
analysis_.method = analysis_dict.get('method')
analysis_.type = analysis_dict.get('type')
analysis_.ordinal_position = analysis_dict.get('ordinal_position')
analysis_.complete_datetime = analysis_dict.get('complete_datetime')
analysis_.start_datetime = analysis_dict.get('start_datetime')
analysis_.lastupdate_datetime = analysis_dict.get('lastupdate_datetime')
analysis_.source = Source.from_dict(analysis_dict.get('source'))
analysis_.analysts = Personnel.from_list(analysis_dict.get('analysts'))
analysis_.summary = StructuredText.from_dict(analysis_dict.get('summary'))
analysis_.comments = CommentList.from_list(analysis_dict.get('comments'))
analysis_.findings_bundle_reference = BundleReference.from_dict(analysis_dict.get('findings_bundle_reference'))
analysis_.tools = ToolList.from_list(analysis_dict.get('tools', []))
analysis_.dynamic_analysis_metadata = DynamicAnalysisMetadata.from_dict(analysis_dict.get('dynamic_analysis_metadata'))
analysis_.analysis_environment = AnalysisEnvironment.from_dict(analysis_dict.get('analysis_environment'))
analysis_.report = StructuredText.from_dict(analysis_dict.get('report'))
return analysis_
def set_findings_bundle(self, bundle_id):
self.findings_bundle_reference = [BundleReference.from_dict({'bundle_idref' : bundle_id})]
