def test_add_collections(self): o = Bundle() o.add_named_action_collection("Actions") ma = MalwareAction() o.add_action(ma, "Actions") self.assertTrue( o.collections.action_collections.has_collection("Actions")) o.add_named_object_collection("Objects") obj = Object() o.add_object(obj, "Objects") self.assertTrue( o.collections.object_collections.has_collection("Objects")) o.add_named_behavior_collection("Behaviors") b = Behavior() o.add_behavior(b, "Behaviors") self.assertTrue( o.collections.behavior_collections.has_collection("Behaviors")) o.add_named_candidate_indicator_collection("Indicators") ci = CandidateIndicator() o.add_candidate_indicator(ci, "Indicators") self.assertTrue( o.collections.candidate_indicator_collections.has_collection( "Indicators"))
def test_add_collections(self): o = Bundle() o.add_named_action_collection("Actions") ma = MalwareAction() o.add_action(ma, "Actions") self.assertTrue(o.collections.action_collections.has_collection("Actions")) o.add_named_object_collection("Objects") obj = Object() o.add_object(obj, "Objects") self.assertTrue(o.collections.object_collections.has_collection("Objects")) o.add_named_behavior_collection("Behaviors") b = Behavior() o.add_behavior(b, "Behaviors") self.assertTrue(o.collections.behavior_collections.has_collection("Behaviors")) o.add_named_candidate_indicator_collection("Indicators") ci = CandidateIndicator() o.add_candidate_indicator(ci, "Indicators") self.assertTrue(o.collections.candidate_indicator_collections.has_collection("Indicators"))
o1.association_type.xsi_type = "maecVocabs:ActionObjectAssociationTypeVocab-1.0" act.associated_objects.append(o1) # Create the behavior bhv = Behavior() bhv.action_composition = BehavioralActions() bhv.action_composition.action_reference = [BehavioralActionReference()] bhv.action_composition.action_reference[0].action_id = act.id_ # Create the capability cap = Capability() cap.name = "spying" obj = CapabilityObjective() obj.name = VocabString() obj.name.value = "capture keyboard input" obj.name.xsi_type = "maecVocabs:SpyingTacticalObjectivesVocab-1.0" obj.behavior_reference = [BehaviorReference()] obj.behavior_reference[0].behavior_idref = bhv.id_ cap.add_tactical_objective(obj) # Build up the full Package/Malware Subject/Analysis/Bundle hierarchy p.add_malware_subject(ms) b.add_action(act) b.add_behavior(bhv) b.add_capability(cap) ms.add_analysis(a) ms.add_findings_bundle(b) # Output the built up Package to XML print p.to_xml(namespace_dict={"example.com": "example"})
act.associated_objects.append(o1) # Create the behavior bhv = Behavior() bhv.action_composition = BehavioralActions() bhv.action_composition.action_reference = [BehavioralActionReference()] bhv.action_composition.action_reference[0].action_id = act.id_ # Create the capability cap = Capability() cap.name = "spying" obj = CapabilityObjective() obj.name = VocabString() obj.name.value = "capture keyboard input" obj.name.xsi_type = "maecVocabs:SpyingTacticalObjectivesVocab-1.0" obj.behavior_reference = [BehaviorReference()] obj.behavior_reference[0].behavior_idref = bhv.id_ cap.add_tactical_objective(obj) # Build up the full Package/Malware Subject/Analysis/Bundle hierarchy p.add_malware_subject(ms) b.add_action(act) b.add_behavior(bhv) b.add_capability(cap) ms.add_analysis(a) ms.add_findings_bundle(b) # Output the built up Package to XML print p.to_xml(namespace_dict={"example.com" : "example"})