示例#1
0
def mkActionList(subject,mkclass):  
    token= {
            "registry_reads":       registry_reads,
            "file_reads":           file_reads,
            "loaded_libraries":     loaded_libraries,
            #"process":              process_action,
            #"overview":             overview,
            "registry_deletions":   registry_deletions,
            "file_writes":          file_writes,
            #"process_interactions": process_interactions,
            #"raised_exceptions":    raised_exceptions,
            "mutex_opens":          mutex_opens,
            "dns_queries":          dns_queries,
            "mutex_creates":        mutex_create,
            "file_deletes":         file_delete,
            "modified_libraries" :  modified_libraries,
            "http_conversations" :  http_conversations            
            }
    b = Behavior()
    ba = BehavioralAction()
    bas = BehavioralActions()
    #ba.behavioral_ordering
    bas.action = ba
    b.description = subject['overview']['analysis_reason']
    bls = []
    als = []
    for k,v in subject.items():
        if token.has_key(k):
            actions = []
            for n in v:
                act = token[k](n)               # ActionListの作成
                mkclass.bundle.actions.append(act)
                actions.append(act)
                mkclass.bundle.als.append(act)
            else:                               # Bundleにまとめる
                if len(actions) == 0:
                    print "action Null:", k 
                bas.action = actions
                b.action_composition = bas
                bls.append(b)
        else:
            print "This Key is not Checked:",k
    else:
        if als is None :
            print "ActionListNone:",subject['overview']
        mkSubject.xmlwrite(ActionList(als),BehaviorList(bls))
示例#2
0
 def test_to_xml_no_encoding(self):
     b = Behavior()
     b.description = UNICODE_STR
     xml = b.to_xml(encoding=None)
     self.assertTrue(isinstance(xml, unicode))
     self.assertTrue(UNICODE_STR in xml)
示例#3
0
 def test_to_xml_default_encoded(self):
     b = Behavior()
     b.description = UNICODE_STR
     xml = b.to_xml()
     self.assertTrue(UNICODE_STR in xml.decode('utf-8'))
示例#4
0
 def test_to_xml_utf16_encoded(self):
     encoding = 'utf-16'
     b = Behavior()
     b.description = UNICODE_STR
     xml = b.to_xml(encoding=encoding)
     self.assertTrue(UNICODE_STR in xml.decode(encoding))
示例#5
0
 def test_behavior(self):
     behavior = Behavior()
     behavior.description = UNICODE_STR
     behavior2 = round_trip(behavior)
     self.assertEqual(behavior.description, behavior2.description)
示例#6
0
 def test_to_xml_no_encoding(self):
     b = Behavior()
     b.description = UNICODE_STR
     xml = b.to_xml(encoding=None)
     self.assertTrue(isinstance(xml, text_type))
     self.assertTrue(UNICODE_STR in xml)
示例#7
0
 def test_to_xml_default_encoded(self):
     b = Behavior()
     b.description = UNICODE_STR
     xml = b.to_xml()
     self.assertTrue(UNICODE_STR in xml.decode('utf-8'))
示例#8
0
 def test_to_xml_utf16_encoded(self):
     encoding = 'utf-16'
     b = Behavior()
     b.description = UNICODE_STR
     xml = b.to_xml(encoding=encoding)
     self.assertTrue(UNICODE_STR in xml.decode(encoding))
示例#9
0
 def test_behavior(self):
     behavior = Behavior()
     behavior.description = UNICODE_STR
     behavior2 = round_trip(behavior)
     self.assertEqual(behavior.description, behavior2.description)