def from_dict(process_dict, process_cls = None):
if not process_dict:
return None
if process_cls == None:
process_ = Process()
else:
process_ = process_cls
ObjectProperties.from_dict(process_dict, process_)
process_.is_hidden = process_dict.get('is_hidden')
process_.pid = UnsignedInteger.from_dict(process_dict.get('pid'))
process_.name = String.from_dict(process_dict.get('name'))
process_.creation_time = DateTime.from_dict(process_dict.get('creation_time'))
process_.parent_pid = UnsignedInteger.from_dict(process_dict.get('parent_pid'))
process_.child_pid_list = [UnsignedInteger.from_dict(x) for x in process_dict.get('child_pid_list', [])]
process_.image_info = ImageInfo.from_dict(process_dict.get('image_info'))
process_.argument_list = [String.from_dict(x) for x in process_dict.get('argument_list', [])]
process_.environment_variable_list = EnvironmentVariableList.from_list(process_dict.get('environment_variable_list'))
process_.kernel_time = Duration.from_dict(process_dict.get('kernel_time'))
process_.port_list = [Port.from_dict(x) for x in process_dict.get('port_list', [])]
process_.network_connection_list = [NetworkConnection.from_dict(x) for x in process_dict.get('network_connection_list', [])]
process_.start_time = DateTime.from_dict(process_dict.get('start_time'))
process_.username = String.from_dict(process_dict.get('username'))
process_.user_time = Duration.from_dict(process_dict.get('user_time'))
process_.extracted_features = None
return process_
def from_dict(file_dict, file_class=None):
if not file_dict:
return None
if not file_class:
file_ = File()
else:
file_ = file_class
ObjectProperties.from_dict(file_dict, file_)
file_.is_packed = file_dict.get('is_packed')
file_.file_name = String.from_dict(file_dict.get('file_name'))
file_.file_path = FilePath.from_dict(file_dict.get('file_path'))
file_.device_path = String.from_dict(file_dict.get('device_path'))
file_.full_path = String.from_dict(file_dict.get('full_path'))
file_.file_extension = String.from_dict(file_dict.get('file_extension'))
file_.size_in_bytes = UnsignedLong.from_dict(file_dict.get('size_in_bytes'))
file_.magic_number = HexBinary.from_dict(file_dict.get('magic_number'))
file_.file_format = String.from_dict(file_dict.get('file_format'))
file_.hashes = HashList.from_list(file_dict.get('hashes'))
file_.extracted_features = ExtractedFeatures.from_dict(file_dict.get('extracted_features'))
file_.modified_time = String.from_dict(file_dict.get('modified_time'))
file_.accessed_time = String.from_dict(file_dict.get('accessed_time'))
file_.created_time = DateTime.from_dict(file_dict.get('created_time'))
return file_
def from_dict(port_dict):
if not port_dict:
return None
port = Port()
ObjectProperties.from_dict(port_dict, port)
port.port_value = PositiveInteger.from_dict(port_dict.get('port_value'))
port.layer4_protocol = String.from_dict(port_dict.get('layer4_protocol'))
return port
def from_dict(uri_dict):
if uri_dict is None:
return None
uri = URI()
ObjectProperties.from_dict(uri_dict, uri)
uri.type_ = uri_dict.get('type')
uri.value = AnyURI.from_dict(uri_dict.get('value'))
return uri
def test_detect_address(self):
d = {'xsi:type': Address._XSI_TYPE}
obj = ObjectProperties.from_dict(d)
self.assertTrue(isinstance(obj, ObjectProperties))
self.assertTrue(isinstance(obj, Address))
def from_dict(measure_source_dict):
if not measure_source_dict:
return None
measure_source_ = MeasureSource()
measure_source_.class_ = measure_source_dict.get('class')
measure_source_.source_type = measure_source_dict.get('source_type')
measure_source_.name = measure_source_dict.get('name')
measure_source_.information_source_type = VocabString.from_dict(measure_source_dict.get('information_source_type'))
measure_source_.tool_type = VocabString.from_dict(measure_source_dict.get('tool_type'))
measure_source_.description = StructuredText.from_dict(measure_source_dict.get('description'))
measure_source_.contributors = Personnel.from_list(measure_source_dict.get('contributors'))
measure_source_.time = Time.from_dict(measure_source_dict.get('time'))
measure_source_.tools = ToolInformationList.from_list(measure_source_dict.get('tools'))
measure_source_.platform = None #TODO: add support
measure_source_.system = ObjectProperties.from_dict(measure_source_dict.get('system'))
measure_source_.instance = ObjectProperties.from_dict(measure_source_dict.get('instance'))
return measure_source_
def from_dict(artifact_dict):
if not artifact_dict:
return None
artifact = Artifact()
ObjectProperties.from_dict(artifact_dict, artifact)
for layer in artifact_dict.get('packaging', []):
if layer.get('packaging_type') == "compression":
artifact.packaging.append(Compression.from_dict(layer))
if layer.get('packaging_type') == "encryption":
artifact.packaging.append(Encryption.from_dict(layer))
if layer.get('packaging_type') == "encoding":
artifact.packaging.append(Encoding.from_dict(layer))
raw_artifact = artifact_dict.get('raw_artifact')
if raw_artifact:
artifact.packed_data = RawArtifact.from_dict(raw_artifact).value
return artifact
def from_dict(artifact_dict):
if not artifact_dict:
return None
artifact = Artifact()
ObjectProperties.from_dict(artifact_dict, artifact)
for layer in artifact_dict.get("packaging", []):
if layer.get("packaging_type") == "compression":
artifact.packaging.append(Compression.from_dict(layer))
if layer.get("packaging_type") == "encryption":
artifact.packaging.append(Encryption.from_dict(layer))
if layer.get("packaging_type") == "encoding":
artifact.packaging.append(Encoding.from_dict(layer))
raw_artifact = artifact_dict.get("raw_artifact")
if raw_artifact:
artifact.packed_data = RawArtifact.from_dict(raw_artifact).value
return artifact
def from_dict(addr_dict, category=None):
if not addr_dict:
return None
addr = Address()
# Shortcut if only a string is passed as a parameter
if not isinstance(addr_dict, dict):
addr.address_value = String.from_dict(addr_dict)
addr.category = category
return addr
ObjectProperties.from_dict(addr_dict, addr)
addr.category = addr_dict.get('category')
addr.is_destination = addr_dict.get('is_destination')
addr.is_source = addr_dict.get('is_source')
addr.address_value = String.from_dict(addr_dict.get('address_value'))
addr.vlan_name = String.from_dict(addr_dict.get('vlan_name'))
addr.vlan_num = Integer.from_dict(addr_dict.get('vlan_num'))
return addr
def from_dict(artifact_dict):
if not artifact_dict:
return None
artifact = Artifact()
ObjectProperties.from_dict(artifact_dict, artifact)
for layer in artifact_dict.get('packaging', []):
if layer.get('packaging_type') == "compression":
artifact.packaging.append(Compression.from_dict(layer))
if layer.get('packaging_type') == "encryption":
artifact.packaging.append(Encryption.from_dict(layer))
if layer.get('packaging_type') == "encoding":
artifact.packaging.append(Encoding.from_dict(layer))
raw_artifact = artifact_dict.get('raw_artifact')
if raw_artifact:
data = RawArtifact.from_dict(raw_artifact).value
artifact.packed_data = six.text_type(data)
artifact.type_ = artifact_dict.get('type')
return artifact
def from_dict(whois_dict):
if not whois_dict:
return None
whois = WhoisEntry()
ObjectProperties.from_dict(whois_dict, whois)
whois.domain_name = URI.from_dict(whois_dict.get('domain_name'))
whois.domain_id = String.from_dict(whois_dict.get('domain_id'))
whois.server_name = URI.from_dict(whois_dict.get('server_name'))
whois.ip_address = Address.from_dict(whois_dict.get('ip_address'), Address.CAT_IPV4)
whois.dnssec = whois_dict.get('dnssec')
whois.nameservers = WhoisNameservers.from_list(whois_dict.get('nameservers'))
whois.status = WhoisStatuses.from_list(whois_dict.get('status'))
whois.updated_date = DateTime.from_dict(whois_dict.get('updated_date'))
whois.creation_date = DateTime.from_dict(whois_dict.get('creation_date'))
whois.expiration_date = DateTime.from_dict(whois_dict.get('expiration_date'))
whois.regional_internet_registry = String.from_dict(whois_dict.get('regional_internet_registry'))
whois.sponsoring_registrar = String.from_dict(whois_dict.get('sponsoring_registrar'))
whois.registrar_info = WhoisRegistrar.from_dict(whois_dict.get('registrar_info'))
whois.registrants = WhoisRegistrants.from_list(whois_dict.get('registrants'))
whois.contact_info = WhoisContact.from_dict(whois_dict.get('contact_info'))
return whois
def _prepare_objects(self, final_indicator_objects):
"""Prepare the final Indicator Objects for translation into STIX Indicators.
Set their condition attributes as appropriate.
Args:
final_indicator_objects: a list of ``maec.bundle.object_history.ObjectHistoryEntry`` objects representing
the final, pruned list of Objects on which the condition should be set.
"""
for entry in final_indicator_objects:
object = entry.object
object_xsi_type = object.properties._XSI_TYPE
object_properties_dict = object.properties.to_dict()
updated_properties_dict = {}
for property_name, property_value in object_properties_dict.iteritems():
updated_properties_dict[property_name] = self._set_object_property(property_value)
updated_properties_dict['xsi:type'] = object_xsi_type
object.properties = ObjectProperties.from_dict(updated_properties_dict)
def from_dict(object_dict, obj=None):
if not object_dict:
return None
if not obj:
obj = Object()
obj.id_ = object_dict.get('id')
obj.idref = object_dict.get('idref')
obj.properties = ObjectProperties.from_dict(
object_dict.get('properties'))
obj.related_objects = [RelatedObject.from_dict(x) for x in
object_dict.get('related_objects', [])]
obj.domain_specific_object_properties = DomainSpecificObjectProperties.from_dict(object_dict.get('domain_specific_object_properties'))
if obj.id_:
cybox.utils.cache_put(obj)
return obj
def from_dict(object_dict, obj=None):
if not object_dict:
return None
if not obj:
obj = Object()
obj.id_ = object_dict.get('id')
obj.idref = object_dict.get('idref')
obj.properties = ObjectProperties.from_dict(
object_dict.get('properties'))
obj.related_objects = [RelatedObject.from_dict(x) for x in
object_dict.get('related_objects', [])]
obj.domain_specific_object_properties = DomainSpecificObjectProperties.from_dict(object_dict.get('domain_specific_object_properties'))
if obj.id_:
cybox.utils.cache_put(obj)
return obj
def prune_objects(self, candidate_indicator_objects):
"""Perform contraindicator and required property checking and prune un-wanted
properties from the input list of candidate Indicator CybOX Objects.
Args:
candidate_indicator_objects: a list of ``maec.bundle.object_history.ObjectHistoryEntry`` objects representing
the initial list of CybOX Objects that may be used in the STIX Indicators.
Returns:
A list of ``maec.bundle.object_history.ObjectHistoryEntry`` objects representing
the final list of checked and pruned CybOX Objects that will be used for the STIX Indicators.
"""
final_indicator_objects = []
# Prune any unwanted properties from Objects
for entry in candidate_indicator_objects:
object = entry.object
xsi_type = object.properties._XSI_TYPE
# Do the contraindicator check
if xsi_type in self.config.supported_objects and not self._contraindicator_check(
entry):
object_type_conf = self.config.supported_objects[xsi_type]
# Prune the properties of the Object to correspond to the input config file
# First, test for the presence of only the required properties
if self._required_property_check(
object, self.config.supported_objects[xsi_type]):
# If the required properties are found, prune based on the full set (optional + required)
full_properties = {}
full_properties.update(object_type_conf["required"])
full_properties.update(object_type_conf["optional"])
full_properties.update(
object_type_conf["mutually_exclusive"])
full_pruned_properties = self._prune_object_properties(
object.properties.to_dict(), full_properties)
full_pruned_properties["xsi:type"] = xsi_type
# Create a new Object with the pruned ObjectProperties
pruned_object = Object()
pruned_object.properties = ObjectProperties.from_dict(
full_pruned_properties)
entry.object = pruned_object
# Add the updated Object History entry to the final list of Indicators
final_indicator_objects.append(entry)
return final_indicator_objects
def _prepare_objects(self, final_indicator_objects):
"""Prepare the final Indicator Objects for translation into STIX Indicators.
Set their condition attributes as appropriate.
Args:
final_indicator_objects: a list of ``maec.bundle.object_history.ObjectHistoryEntry`` objects representing
the final, pruned list of Objects on which the condition should be set.
"""
for entry in final_indicator_objects:
object = entry.object
object_xsi_type = object.properties._XSI_TYPE
object_properties_dict = object.properties.to_dict()
updated_properties_dict = {}
for property_name, property_value in object_properties_dict.iteritems(
):
updated_properties_dict[
property_name] = self._set_object_property(property_value)
updated_properties_dict['xsi:type'] = object_xsi_type
object.properties = ObjectProperties.from_dict(
updated_properties_dict)
def from_dict(object_dict, obj_class=None):
if not object_dict:
return None
if obj_class == None:
obj = Object()
else:
obj = obj_class
obj.id_ = object_dict.get("id")
obj.idref = object_dict.get("idref")
obj.properties = ObjectProperties.from_dict(object_dict.get("properties"))
obj.related_objects = [RelatedObject.from_dict(x) for x in object_dict.get("related_objects", [])]
obj.domain_specific_object_properties = DomainSpecificObjectProperties.from_dict(
object_dict.get("domain_specific_object_properties")
)
if obj.id_:
cybox.utils.cache_put(obj)
return obj
def prune_objects(self, candidate_indicator_objects):
"""Perform contraindicator and required property checking and prune un-wanted
properties from the input list of candidate Indicator CybOX Objects.
Args:
candidate_indicator_objects: a list of ``maec.bundle.object_history.ObjectHistoryEntry`` objects representing
the initial list of CybOX Objects that may be used in the STIX Indicators.
Returns:
A list of ``maec.bundle.object_history.ObjectHistoryEntry`` objects representing
the final list of checked and pruned CybOX Objects that will be used for the STIX Indicators.
"""
final_indicator_objects = []
# Prune any unwanted properties from Objects
for entry in candidate_indicator_objects:
object = entry.object
xsi_type = object.properties._XSI_TYPE
# Do the contraindicator check
if xsi_type in self.config.supported_objects and not self._contraindicator_check(entry):
object_type_conf = self.config.supported_objects[xsi_type]
# Prune the properties of the Object to correspond to the input config file
# First, test for the presence of only the required properties
if self._required_property_check(object, self.config.supported_objects[xsi_type]):
# If the required properties are found, prune based on the full set (optional + required)
full_properties = {}
full_properties.update(object_type_conf["required"])
full_properties.update(object_type_conf["optional"])
full_properties.update(object_type_conf["mutually_exclusive"])
full_pruned_properties = self._prune_object_properties(object.properties.to_dict(), full_properties)
full_pruned_properties["xsi:type"] = xsi_type
# Create a new Object with the pruned ObjectProperties
pruned_object = Object()
pruned_object.properties = ObjectProperties.from_dict(full_pruned_properties)
entry.object = pruned_object
# Add the updated Object History entry to the final list of Indicators
final_indicator_objects.append(entry)
return final_indicator_objects
def test_empty_dict(self):
self.assertEqual(None, ObjectProperties.from_dict({}))