def addObjects(self): """Adds objects elements.""" # File objects # Subject if self.results["target"]["category"] == "file": self.objects.add_file(self.createFileObject(self.results["target"]["file"])) elif self.results["target"]["category"] == "url": self.objects.add_uri(maec.uriObject( id = hashlib.md5(self.results["target"]["url"]).hexdigest(), uriString = self.results["target"]["url"]) ) else: raise CuckooReportError("Unknown target type") # Dropped files if "dropped" in self.results and isinstance(self.results["dropped"], list): for f in self.results["dropped"]: found = False for exist in self.objects.get_file(): if exist.get_md5() == f["md5"]: found = True if not found: self.objects.add_file(self.createFileObject(f)) # URI objects if "network" in self.results and isinstance(self.results["network"], dict): if "http" in self.results["network"] and isinstance(self.results["network"]["http"], list): for req in self.results["network"]["http"]: found = False for exist in self.objects.get_uri(): if exist.get_id() == req["uri"]: found = True if not found: self.objects.add_uri(self.createUriObject(req))
def createUriObject(self, req): """Creates URI object @param req: HTTP request as described in cuckoo dict @return: created URI object """ uri = maec.uriObject(id=req["uri"], uriString=req["uri"], protocol="http", hostname=req["host"], port=req["port"], path=req["path"], ipProtocol="tcp") # Add details prop = maec.objectProperty() prop.add_property( maec.property(type_="httpMethod", valueOf_=req["method"])) if req["method"] == "POST": prop.add_property( maec.property(type_="postData", valueOf_="<![CDATA[%s]]>" % req["body"])) if "user-agent" in req: prop.add_property( maec.property(type_="userAgent", valueOf_=req["user-agent"])) prop.set_references( maec.reference(valueOf_="uri[@id='%s']" % req["uri"])) self.properties.add_objectProperty(prop) return uri
def createUriObject(self, req): """Creates URI object @param req: HTTP request as described in cuckoo dict @return: created URI object """ uri = maec.uriObject(id=req['uri'], uriString=req['uri'], protocol='http', hostname=req['host'], port=req['port'], path=req['path'], ipProtocol='tcp') # Add details prop = maec.objectProperty() prop.add_property( maec.property(type_='httpMethod', valueOf_=req['method'])) if req['method'] == 'POST': prop.add_property( maec.property(type_='postData', valueOf_="<![CDATA[%s]]>" % req['body'])) if 'user-agent' in req: prop.add_property( maec.property(type_='userAgent', valueOf_=req['user-agent'])) prop.set_references( maec.reference(valueOf_="uri[@id='%s']" % req['uri'])) self.properties.add_objectProperty(prop) return uri
def createUriObject(self, req): """Creates URI object @param req: HTTP request as described in cuckoo dict @return: created URI object """ uri = maec.uriObject( id = req["uri"], uriString = req["uri"], protocol = "http", hostname = req["host"], port = req["port"], path = req["path"], ipProtocol = "tcp" ) # Add details prop = maec.objectProperty() prop.add_property(maec.property( type_= "httpMethod", valueOf_ = req["method"] ) ) if req["method"] == "POST": prop.add_property(maec.property( type_= "postData", valueOf_ = "<![CDATA[%s]]>" % req["body"] ) ) if "user-agent" in req: prop.add_property(maec.property( type_= "userAgent", valueOf_ = req["user-agent"] ) ) prop.set_references( maec.reference( valueOf_ = "uri[@id='%s']" % req["uri"] ) ) self.properties.add_objectProperty(prop) return uri
def createUriObject(self, req): """Creates URI object @param req: HTTP request as described in cuckoo dict @return: created URI object """ uri = maec.uriObject( id = req['uri'], uriString = req['uri'], protocol = 'http', hostname = req['host'], port = req['port'], path = req['path'], ipProtocol = 'tcp' ) # Add details prop = maec.objectProperty() prop.add_property(maec.property( type_= 'httpMethod', valueOf_ = req['method'] ) ) if req['method'] == 'POST': prop.add_property(maec.property( type_= 'postData', valueOf_ = "<![CDATA[%s]]>" % req['body'] ) ) if 'user-agent' in req: prop.add_property(maec.property( type_= 'userAgent', valueOf_ = req['user-agent'] ) ) prop.set_references( maec.reference( valueOf_ = "uri[@id='%s']" % req['uri'] ) ) self.properties.add_objectProperty(prop) return uri
def addObjects(self): """Adds objects elements.""" # File objects # Subject if self.results["target"]["category"] == "file": self.objects.add_file( self.createFileObject(self.results["target"]["file"])) elif self.results["target"]["category"] == "url": self.objects.add_uri( maec.uriObject(id=hashlib.md5( self.results["target"]["url"]).hexdigest(), uriString=self.results["target"]["url"])) else: raise CuckooReportError("Unknown target type") # Dropped files if "dropped" in self.results and isinstance(self.results["dropped"], list): for f in self.results["dropped"]: found = False for exist in self.objects.get_file(): if exist.get_md5() == f["md5"]: found = True if not found: self.objects.add_file(self.createFileObject(f)) # URI objects if "network" in self.results and isinstance(self.results["network"], dict): if "http" in self.results["network"] and isinstance( self.results["network"]["http"], list): for req in self.results["network"]["http"]: found = False for exist in self.objects.get_uri(): if exist.get_id() == req["uri"]: found = True if not found: self.objects.add_uri(self.createUriObject(req))