def __init__(self, id = None, parent_action_idref = None):
super(ProcessTreeNode, self).__init__()
self.id = id
self.parent_action_idref = parent_action_idref
self.initiated_actions = ActionReferenceList()
self.spawned_processes = []
self.injected_processes = []
def __init__(self, id = None, parent_action_idref = None):
super(ProcessTreeNode, self).__init__()
self.id = maec.utils.idgen.create_id(prefix="process_tree")
self.parent_action_idref = parent_action_idref
self.ordinal_position = None
self.initiated_actions = ActionReferenceList()
self.spawned_processes = []
self.injected_processes = []
def from_dict(process_tree_node_dict):
if not process_tree_node_dict:
return None
process_tree_node_ = Process.from_dict(process_tree_node_dict, ProcessTreeNode())
process_tree_node_.id = process_tree_node_dict.get('id')
process_tree_node_.parent_action_idref = process_tree_node_dict.get('parent_action_idref')
process_tree_node_.initiated_actions = ActionReferenceList.from_list(process_tree_node_dict.get('initiated_actions'))
process_tree_node_.spawned_processes = [ProcessTreeNode.from_dict(x) for x in process_tree_node_dict.get('spawned_processes', [])]
process_tree_node_.injected_processes = [ProcessTreeNode.from_dict(x) for x in process_tree_node_dict.get('injected_processes', [])]
return process_tree_node_
def from_obj(process_tree_node_obj):
if not process_tree_node_obj:
return None
process_tree_node_ = Process.from_obj(process_tree_node_obj, ProcessTreeNode())
process_tree_node_.id = process_tree_node_obj.get_id()
process_tree_node_.parent_action_idref = process_tree_node_obj.get_parent_action_idref()
if process_tree_node_obj.get_Initiated_Actions() is not None:
process_tree_node_.initiated_actions = ActionReferenceList.from_obj(process_tree_node_obj.get_Initiated_Actions())
process_tree_node_.spawned_processes = [ProcessTreeNode.from_obj(x) for x in process_tree_node_obj.get_Spawned_Process()]
process_tree_node_.injected_processes = [ProcessTreeNode.from_obj(x) for x in process_tree_node_obj.get_Injected_Process()]
return process_tree_node_
def from_dict(cls, process_tree_node_dict):
if not process_tree_node_dict:
return None
process_tree_node_ = super(ProcessTreeNode, cls).from_dict(process_tree_node_dict)
process_tree_node_.id = process_tree_node_dict.get('id')
process_tree_node_.parent_action_idref = process_tree_node_dict.get('parent_action_idref')
process_tree_node_.ordinal_position = process_tree_node_dict.get('ordinal_position')
process_tree_node_.initiated_actions = ActionReferenceList.from_list(process_tree_node_dict.get('initiated_actions', []))
process_tree_node_.spawned_processes = [ProcessTreeNode.from_dict(x) for x in process_tree_node_dict.get('spawned_processes', [])]
process_tree_node_.injected_processes = [ProcessTreeNode.from_dict(x) for x in process_tree_node_dict.get('injected_processes', [])]
return process_tree_node_
def add_initiated_action(self, action_id):
"""Add an initiated Action to the Process Tree node, based on its ID."""
if not self.initiated_actions:
self.initiated_actions = ActionReferenceList()
self.initiated_actions.append(action_id)
class ProcessTreeNode(Process):
_binding = bundle_binding
_binding_class = bundle_binding.ProcessTreeNodeType
_XSI_NS = "maecBundle"
_XSI_TYPE = "ProcessTreeNodeType"
superclass = Process
id_ = cybox.TypedField("id")
parent_action_idref = cybox.TypedField("parent_action_idref")
ordinal_position = cybox.TypedField("ordinal_position")
initiated_actions = cybox.TypedField("Initiated_Actions", ActionReferenceList)
spawned_process = cybox.TypedField("Spawned_Process", multiple = True)
injected_process = cybox.TypedField("Injected_Process", multiple = True)
def __init__(self, id = None, parent_action_idref = None):
super(ProcessTreeNode, self).__init__()
if id:
self.id_ = id
else:
self.id_ = maec.utils.idgen.create_id(prefix="process_tree")
self.parent_action_idref = parent_action_idref
def add_spawned_process(self, process_node, process_id = None):
"""Add a spawned process to the Process Tree node, either directly or to a
particular process embedded in the node based on its ID."""
if not process_id:
if not self.spawned_process:
self.spawned_process = []
self.spawned_process.append(process_node)
elif process_id:
if str(self.pid) == process_id:
if not self.spawned_process:
self.spawned_process = []
self.spawned_process.append(process_node)
else:
embedded_process = self.find_embedded_process(process_id)
if embedded_process:
if not embedded_process.spawned_process:
embedded_process.spawned_process = []
embedded_process.spawned_process.append(process_node)
def add_injected_process(self, process_node, process_id = None):
"""Add an injected process to the Process Tree node, either directly or to a
particular process embedded in the node based on its ID."""
if not process_id:
if not self.injected_process:
self.injected_process = []
self.injected_process.append(process_node)
elif process_id:
if str(self.pid) == process_id:
if not self.injected_process:
self.injected_process = []
self.injected_process.append(process_node)
else:
embedded_process = self.find_embedded_process(process_id)
if embedded_process:
if not embedded_process.injected_process:
embedded_process.injected_process = []
embedded_process.injected_process.append(process_node)
def add_initiated_action(self, action_id):
"""Add an initiated Action to the Process Tree node, based on its ID."""
if not self.initiated_actions:
self.initiated_actions = ActionReferenceList()
self.initiated_actions.append(action_id)
def find_embedded_process(self, process_id):
"""Find a Process embedded somewhere in the Process Tree node tree, based on its ID."""
embedded_process = None
if self.spawned_process:
for spawned_process in self.spawned_process:
if str(spawned_process.pid) == str(process_id):
embedded_process = spawned_process
else:
embedded_process = spawned_process.find_embedded_process(process_id)
if self.injected_process:
for injected_process in self.injected_process:
if str(injected_process.pid) == str(process_id):
embedded_process = injected_process
else:
embedded_process = injected_process.find_embedded_process(process_id)
return embedded_process
def set_id(self, id):
"""Set the ID of the Process Tree node."""
self.id_ = id
def set_parent_action(self, parent_action_id):
"""Set the ID of the parent action of the Process Tree node."""
self.parent_action_idref = parent_action_id
class ProcessTreeNode(Process):
superclass = Process
def __init__(self, id = None, parent_action_idref = None):
super(ProcessTreeNode, self).__init__()
self.id = id
self.parent_action_idref = parent_action_idref
self.initiated_actions = ActionReferenceList()
self.spawned_processes = []
self.injected_processes = []
def add_spawned_process(self, process_node):
self.spawned_processes.append(process_node)
def add_injected_process(self, process_node):
self.injected_processes.append(process_node)
def add_initiated_action(self, action_id):
self.initiated_actions.append(action_id)
def set_id(self, id):
self.id = id
def set_parent_action(self, parent_action_id):
self.parent_action_idref = parent_action_id
def to_obj(self):
process_tree_node_obj = super(ProcessTreeNode, self).to_obj(bundle_binding.ProcessTreeNodeType())
if self.id is not None : process_tree_node_obj.set_id(self.id)
if self.parent_action_idref is not None : process_tree_node_obj.set_parent_action_idref(self.parent_action_idref)
if self.initiated_actions: process_tree_node_obj.set_Initiated_Actions(self.initiated_actions.to_obj())
if self.spawned_processes:
for spawned_process in self.spawned_processes:
process_tree_node_obj.add_Spawned_Process(spawned_process.to_obj())
if self.injected_processes:
for injected_process in self.injected_processes:
process_tree_node_obj.add_Injected_Process(injected_process.to_obj())
return process_tree_node_obj
def to_dict(self):
process_tree_node_dict = super(ProcessTreeNode, self).to_dict()
if self.id is not None : process_tree_node_dict['id'] = self.id
if self.parent_action_idref is not None : process_tree_node_dict['parent_action_idref'] = self.parent_action_idref
if self.initiated_actions: process_tree_node_dict['initiated_actions'] = self.initiated_actions.to_list()
if self.spawned_processes:
spawned_process_list = []
for spawned_process in self.spawned_processes:
spawned_process_list.append(spawned_process.to_dict())
process_tree_node_dict['spawned_processes'] = spawned_process_list
if self.injected_processes > 0:
injected_process_list = []
for injected_process in self.injected_processes:
injected_process_list.append(injected_process.to_dict())
process_tree_node_dict['injected_processes'] = injected_process_list
return process_tree_node_dict
@staticmethod
def from_dict(process_tree_node_dict):
if not process_tree_node_dict:
return None
process_tree_node_ = Process.from_dict(process_tree_node_dict, ProcessTreeNode())
process_tree_node_.id = process_tree_node_dict.get('id')
process_tree_node_.parent_action_idref = process_tree_node_dict.get('parent_action_idref')
process_tree_node_.initiated_actions = ActionReferenceList.from_list(process_tree_node_dict.get('initiated_actions'))
process_tree_node_.spawned_processes = [ProcessTreeNode.from_dict(x) for x in process_tree_node_dict.get('spawned_processes', [])]
process_tree_node_.injected_processes = [ProcessTreeNode.from_dict(x) for x in process_tree_node_dict.get('injected_processes', [])]
return process_tree_node_
@staticmethod
def from_obj(process_tree_node_obj):
if not process_tree_node_obj:
return None
process_tree_node_ = Process.from_obj(process_tree_node_obj, ProcessTreeNode())
process_tree_node_.id = process_tree_node_obj.get_id()
process_tree_node_.parent_action_idref = process_tree_node_obj.get_parent_action_idref()
if process_tree_node_obj.get_Initiated_Actions() is not None:
process_tree_node_.initiated_actions = ActionReferenceList.from_obj(process_tree_node_obj.get_Initiated_Actions())
process_tree_node_.spawned_processes = [ProcessTreeNode.from_obj(x) for x in process_tree_node_obj.get_Spawned_Process()]
process_tree_node_.injected_processes = [ProcessTreeNode.from_obj(x) for x in process_tree_node_obj.get_Injected_Process()]
return process_tree_node_
class ProcessTreeNode(Process):
_binding = bundle_binding
_binding_class = bundle_binding.ProcessTreeNodeType
_XSI_NS = "maecBundle"
_XSI_TYPE = "ProcessTreeNodeType"
superclass = Process
def __init__(self, id = None, parent_action_idref = None):
super(ProcessTreeNode, self).__init__()
self.id = maec.utils.idgen.create_id(prefix="process_tree")
self.parent_action_idref = parent_action_idref
self.ordinal_position = None
self.initiated_actions = ActionReferenceList()
self.spawned_processes = []
self.injected_processes = []
def add_spawned_process(self, process_node, process_id = None):
if not process_id:
self.spawned_processes.append(process_node)
elif process_id:
if str(self.pid) == process_id:
self.spawned_processes.append(process_node)
else:
embedded_process = self.find_embedded_process(process_id)
if embedded_process:
embedded_process.spawned_processes.append(process_node)
def add_injected_process(self, process_node, process_id = None):
if not process_id:
self.injected_processes.append(process_node)
elif process_id:
if str(self.pid) == process_id:
self.injected_processes.append(process_node)
else:
embedded_process = self.find_embedded_process(process_id)
if embedded_process:
embedded_process.injected_processes.append(process_node)
def add_initiated_action(self, action_id):
self.initiated_actions.append(action_id)
def find_embedded_process(self, process_id):
embedded_process = None
for spawned_process in self.spawned_processes:
if str(spawned_process.pid) == str(process_id):
embedded_process = spawned_process
else:
embedded_process = spawned_process.find_embedded_process(process_id)
for injected_process in self.injected_processes:
if str(injected_process.pid) == str(process_id):
embedded_process = injected_process
else:
embedded_process = injected_process.find_embedded_process(process_id)
return embedded_process
def set_id(self, id):
self.id = id
def set_parent_action(self, parent_action_id):
self.parent_action_idref = parent_action_id
def to_obj(self):
process_tree_node_obj = super(ProcessTreeNode, self).to_obj()
if self.id is not None : process_tree_node_obj.set_id(self.id)
if self.parent_action_idref is not None : process_tree_node_obj.set_parent_action_idref(self.parent_action_idref)
if self.ordinal_position is not None : process_tree_node_obj.set_ordinal_position(self.ordinal_position)
if self.initiated_actions: process_tree_node_obj.set_Initiated_Actions(self.initiated_actions.to_obj())
if self.spawned_processes:
for spawned_process in self.spawned_processes:
process_tree_node_obj.add_Spawned_Process(spawned_process.to_obj())
if self.injected_processes:
for injected_process in self.injected_processes:
process_tree_node_obj.add_Injected_Process(injected_process.to_obj())
return process_tree_node_obj
def to_dict(self):
process_tree_node_dict = super(ProcessTreeNode, self).to_dict()
if self.id is not None : process_tree_node_dict['id'] = self.id
if self.parent_action_idref is not None : process_tree_node_dict['parent_action_idref'] = self.parent_action_idref
if self.ordinal_position is not None : process_tree_node_dict['ordinal_position'] = self.ordinal_position
if self.initiated_actions: process_tree_node_dict['initiated_actions'] = self.initiated_actions.to_list()
if self.spawned_processes:
spawned_process_list = []
for spawned_process in self.spawned_processes:
spawned_process_list.append(spawned_process.to_dict())
process_tree_node_dict['spawned_processes'] = spawned_process_list
if self.injected_processes > 0:
injected_process_list = []
for injected_process in self.injected_processes:
injected_process_list.append(injected_process.to_dict())
process_tree_node_dict['injected_processes'] = injected_process_list
return process_tree_node_dict
@classmethod
def from_dict(cls, process_tree_node_dict):
if not process_tree_node_dict:
return None
process_tree_node_ = super(ProcessTreeNode, cls).from_dict(process_tree_node_dict)
process_tree_node_.id = process_tree_node_dict.get('id')
process_tree_node_.parent_action_idref = process_tree_node_dict.get('parent_action_idref')
process_tree_node_.ordinal_position = process_tree_node_dict.get('ordinal_position')
process_tree_node_.initiated_actions = ActionReferenceList.from_list(process_tree_node_dict.get('initiated_actions', []))
process_tree_node_.spawned_processes = [ProcessTreeNode.from_dict(x) for x in process_tree_node_dict.get('spawned_processes', [])]
process_tree_node_.injected_processes = [ProcessTreeNode.from_dict(x) for x in process_tree_node_dict.get('injected_processes', [])]
return process_tree_node_
@classmethod
def from_obj(cls, process_tree_node_obj):
if not process_tree_node_obj:
return None
process_tree_node_ = super(ProcessTreeNode, cls).from_obj(process_tree_node_obj)
process_tree_node_.id = process_tree_node_obj.get_id()
process_tree_node_.parent_action_idref = process_tree_node_obj.get_parent_action_idref()
process_tree_node_.ordinal_position = process_tree_node_obj.get_ordinal_position()
if process_tree_node_obj.get_Initiated_Actions() is not None:
process_tree_node_.initiated_actions = ActionReferenceList.from_obj(process_tree_node_obj.get_Initiated_Actions())
process_tree_node_.spawned_processes = [ProcessTreeNode.from_obj(x) for x in process_tree_node_obj.get_Spawned_Process()]
process_tree_node_.injected_processes = [ProcessTreeNode.from_obj(x) for x in process_tree_node_obj.get_Injected_Process()]
return process_tree_node_
