Python Bundle.from_obj示例

示例#1

文件： malware_subject.py 项目： geliefan/python-maec

 def from_obj(findings_bundle_list_obj):
     if not findings_bundle_list_obj:
         return None
     findings_bundle_list_ = FindingsBundleList()
     findings_bundle_list_.meta_analysis = MetaAnalysis.from_obj(findings_bundle_list_obj.get_Meta_Analysis())
     findings_bundle_list_.bundles = [Bundle.from_obj(x) for x in findings_bundle_list_obj.get_Bundle()]
     findings_bundle_list_.bundle_external_references = [x for x in findings_bundle_list_obj.get_Bundle_External_Reference()]
     return findings_bundle_list_

示例#2

文件： parser.py 项目： iurnah/python-maec

    def parse_xml(self, xml_file, check_version=True):
        """Creates a python-maec Bundle or Package object from the supplied xml_file.

        Arguments:
        xml_file -- A filename/path or a file-like object reprenting a MAEC instance (i.e. Package or Bundle) document
        check_version -- Inspect the version before parsing.
        """
        parser = etree.ETCompatXMLParser(huge_tree=True, resolve_entities=False)
        tree = etree.parse(xml_file, parser=parser)

        api_obj = None
        binding_obj = self.parse_xml_to_obj(xml_file, check_version)
        if self.is_package:
            from maec.package.package import Package # resolve circular dependencies
            api_obj = Package.from_obj(binding_obj)
        elif self.is_bundle:
            from maec.bundle.bundle import Bundle # resolve circular dependencies
            api_obj = Bundle.from_obj(binding_obj)
        self._apply_input_namespaces(tree, api_obj)

        return api_obj

示例#3

文件： maec_to_oval_processor.py 项目： chahan/maec-to-oval

    def generate_oval(self):
        #Basic input file checking
        if os.path.isfile(self.infilename):    
            #Try parsing the MAEC file with both bindings
            package_obj = package_binding.parse(self.infilename)
            bundle_obj = bundle_binding.parse(self.infilename)
            try:
                sys.stdout.write('Generating ' + self.outfilename + ' from ' + self.infilename + '...')
                #Test whether the input is a Package or Bundle and process accordingly
                if bundle_obj.hasContent_():
                    maec_bundle = Bundle.from_obj(bundle_obj)
                    self.process_bundle(maec_bundle)
                elif package_obj.hasContent_():
                    maec_package = Package.from_obj(package_obj)
                    for malware_subject in maec_package.malware_subjects:
                        for maec_bundle in malware_subject.findings_bundles.bundles:
                            self.process_bundle(maec_bundle)

                #Build up the OVAL document from the parsed data and corresponding objects
                self.__build_oval_document()

                if len(self.converted_ids) > 0:
                    #Export to the output file
                    outfile = open(self.outfilename, 'w')
                    self.ovaldefroot.export(outfile, 0, namespacedef_='xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:win-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows http://oval.mitre.org/language/version5.7/ovaldefinition/complete/windows-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 http://oval.mitre.org/language/version5.7/ovaldefinition/complete/oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 http://oval.mitre.org/language/version5.7/ovaldefinition/complete/oval-common-schema.xsd"')
                    sys.stdout.write('Done\n')
                else:
                    sys.stdout.write('no OVAL output written; 0 actions were converted.\n')
                if self.stat_mode:
                    print '\n**Converted Actions**'
                    for action_id in self.converted_ids:
                        print 'Action ' + action_id + ' converted successfully'
                    print '**Skipped Actions**'
                    for action_id in self.skipped_actions:
                        print 'Action ' + action_id + ' skipped; incompatible action/object type or missing object attributes'

            except Exception, err:
                print('\nError: %s\n' % str(err))
                if self.verbose_mode:
                    traceback.print_exc()

示例#4

文件： comparator_example.py 项目： ceh04/python-maec

import pprint
import maec.bindings.maec_bundle as maec_bundle_binding
from maec.bundle.bundle import Bundle
# Matching properties dictionary
match_on_dictionary = {'FileObjectType': ['full_name'],
                       'WindowsRegistryKeyObjectType': ['hive', 'values.name/data'],
                       'WindowsMutexObjectType': ['name']}
# Parse in the input Bundle documents and create their python-maec Bundle class representations
bundle1 = Bundle.from_obj(maec_bundle_binding.parse("zeus_threatexpert_maec.xml"))
bundle2 = Bundle.from_obj(maec_bundle_binding.parse("zeus_anubis_maec.xml"))
# Perform the comparison and get the results
comparison_results = Bundle.compare([bundle1, bundle2], match_on = match_on_dictionary, case_sensitive = False)
# Pretty print the common and unique Objects
print "******Common Objects:*******\n"
pprint.pprint(comparison_results.get_common())
print "****************************"
print "******Unique Objects:*******\n"
pprint.pprint(comparison_results.get_unique())
print "****************************"