def from_xml(cls, xml_file, encoding=None): """Parses the `xml_file` file-like object and returns a :class:`STIXPackage` instance. Args: xml_file: A file, file-like object, etree._Element, or etree._ElementTree instance. encoding: The character encoding of the `xml_file` input. If ``None``, an attempt will be made to determine the input character encoding. Default is ``None``. Returns: An instance of :class:`STIXPackage`. """ parser = EntityParser() return parser.parse_xml(xml_file, encoding=encoding)
def from_xml(cls, xml_file): parser = EntityParser() return parser.parse_xml(xml_file)
def main(): # This is a work-around for the fact that the 1.0 indicator type was removed from the STIX python # library, even though it is the essentially the same as the 1.1 type. We want to still support 1.0 # indicators since they are out there, and there is no difference for the purposes of this script. # vocabs._VOCAB_MAP["stixVocabs:IndicatorTypeVocab-1.0"] = IndicatorType # Create XML parser that can strip namespaces xmlParser = EntityParser() stix_package = None argParser = get_parser() args = argParser.parse_args() if args[0].help: print_help(argParser) # Import from a TAXII server elif args[0].referenceset and args[0].taxii: begin_ts = None end_ts = None try: if args[0].begin_ts: structTime = time.strptime(args[0].begin_ts, '%Y-%m-%d %H:%M:%S') begin_ts = datetime.datetime(*structTime[:6]) begin_ts = begin_ts.replace(tzinfo=pytz.UTC) else: begin_ts = None if args[0].end_ts: structTime = time.strptime(args[0].end_ts, '%Y-%m-%d %H:%M:%S') end_ts = datetime.datetime(*structTime[:6]) end_ts = end_ts.replace(tzinfo=pytz.UTC) else: end_ts = None except ValueError: print >> sys.stderr, "Could not parse either start or end time" raise #Create Request Header poll_req = tm11.PollRequest( message_id=tm11.generate_message_id(), collection_name=args[0].collection, exclusive_begin_timestamp_label=begin_ts, inclusive_end_timestamp_label=end_ts, poll_parameters=tm11.PollRequest.PollParameters()) poll_req_xml = poll_req.to_xml() #Create request client object client = tc.HttpClient() #HTTPS Setting if args[0].taxii_ssl: client.set_use_https(True) # Basic Auth if args[0].taxii_username: if not args[0].taxii_password: args[0].taxii_password = getpass.getpass( "Enter your taxii password: "******"content_blocks"]: bindingId = content["content_binding"]["binding_id"] if bindingId and bindingId.startswith( "urn:stix.mitre.org:xml"): if args[0].verbose: print >> sys.stderr, "RECIEVED STIX DATA:\n" print >> sys.stderr, content["content"] try: # This string replace is a workaround for some invalid documents in my test server, if you don't need it, remove it xmlString = content["content"].replace( 'low', 'Low').replace('medium', 'Medium').replace('high', 'High') stix_package = xmlParser.parse_xml( io.BytesIO(xmlString), False) indicators += process_package_dict( args, stix_package.to_dict()) except ValueError: print >> sys.stderr, "Could not parse STIX document: " print >> sys.stderr, content["content"] raise print "Imported", indicators, "indicators into reference set", args[ 0].referenceset else: print >> sys.stderr, "Invalid reponse from TAXII server" pprint.pprint(response_dict, sys.stderr) exit(255) # Import from a XML file on disk elif args[0].referenceset and args[0].file: stix_package = xmlParser.parse_xml(args[0].file, False) indicators = process_package_dict(args, stix_package.to_dict()) print "Imported", indicators, "indicators into reference set", args[ 0].referenceset else: print >> sys.stderr, "Invalid arguments. Type 'python stix_import.py --help' for usage.\n"
def main(): # This is a work-around for the fact that the 1.0 indicator type was removed from the STIX python # library, even though it is the essentially the same as the 1.1 type. We want to still support 1.0 # indicators since they are out there, and there is no difference for the purposes of this script. vocabs._VOCAB_MAP["stixVocabs:IndicatorTypeVocab-1.0"] = IndicatorType # Create XML parser that can strip namespaces xmlParser = EntityParser() stix_package = None argParser = get_parser() args = argParser.parse_args() if args[0].help: print_help(argParser) # Import from a TAXII server elif args[0].referenceset and args[0].taxii: begin_ts = None end_ts = None try: if args[0].begin_ts: structTime = time.strptime(args[0].begin_ts,'%Y-%m-%d %H:%M:%S') begin_ts = datetime.datetime(*structTime[:6]) begin_ts = begin_ts.replace(tzinfo=pytz.UTC) else: begin_ts = None if args[0].end_ts: structTime = time.strptime(args[0].end_ts,'%Y-%m-%d %H:%M:%S') end_ts = datetime.datetime(*structTime[:6]) end_ts = end_ts.replace(tzinfo=pytz.UTC) else: end_ts = None except ValueError: print >> sys.stderr, "Could not parse either start or end time" raise poll_req = tm11.PollRequest(message_id=tm11.generate_message_id(), collection_name=args[0].collection, exclusive_begin_timestamp_label=begin_ts, inclusive_end_timestamp_label=end_ts, poll_parameters=tm11.PollRequest.PollParameters()) poll_req_xml = poll_req.to_xml() client = tc.HttpClient() if args[0].taxii_ssl: client.setUseHttps(True) if args[0].taxii_username: client.setAuthType(1) if not args[0].taxii_password: args[0].taxii_password = getpass.getpass("Enter your taxii password: "******"/poll/", t.VID_TAXII_XML_11, poll_req_xml, args[0].taxiiport) response_message = t.get_message_from_http_response(resp, '0') response_dict = response_message.to_dict(); indicators = 0 if 'content_blocks' in response_dict: for content in response_dict["content_blocks"]: bindingId = content["content_binding"]["binding_id"] if bindingId and bindingId.startswith("urn:stix.mitre.org:xml"): if args[0].verbose: print >> sys.stderr, "RECIEVED STIX DATA:\n" print >> sys.stderr, content["content"] try: # This string replace is a workaround for some invalid documents in my test server, if you don't need it, remove it xmlString = content["content"].replace('low','Low').replace('medium','Medium').replace('high','High') stix_package = xmlParser.parse_xml(io.BytesIO(xmlString), False) indicators += process_package_dict( args, stix_package.to_dict() ) except ValueError: print >> sys.stderr, "Could not parse STIX document: " print >> sys.stderr, content["content"] raise print "Imported", indicators, "indicators into reference set", args[0].referenceset else: print >> sys.stderr, "Invalid reponse from TAXII server" pprint.pprint( response_dict, sys.stderr ) exit(255) # Import from a XML file on disk elif args[0].referenceset and args[0].file: stix_package = xmlParser.parse_xml(args[0].file, False) indicators = process_package_dict( args, stix_package.to_dict() ) print "Imported", indicators, "indicators into reference set", args[0].referenceset else: print >> sys.stderr, "Invalid arguments. Type 'python stix_import.py --help' for usage.\n"
def from_xml(cls, xml_file): parser = EntityParser() return parser.parse_xml(xml_file)