1# Copyright (c) 2017, The MITRE Corporation. All rights reserved. 2# See LICENSE.txt for complete terms. 3 4import sys 5 6from mixbox.binding_utils import * 7from . import cybox_common 8from . import file_object 9 10 11class StreamListType(GeneratedsSuper): 12 """The StreamListType type specifies a list of NTFS alternate data 13 streams.""" 14 15 subclass = None 16 superclass = None 17 def __init__(self, Stream=None): 18 if Stream is None: 19 self.Stream = [] 20 else: 21 self.Stream = Stream 22 def factory(*args_, **kwargs_): 23 if StreamListType.subclass: 24 return StreamListType.subclass(*args_, **kwargs_) 25 else: 26 return StreamListType(*args_, **kwargs_) 27 factory = staticmethod(factory) 28 def get_Stream(self): return self.Stream 29 def set_Stream(self, Stream): self.Stream = Stream 30 def add_Stream(self, value): self.Stream.append(value) 31 def insert_Stream(self, index, value): self.Stream[index] = value 32 def hasContent_(self): 33 if ( 34 self.Stream 35 ): 36 return True 37 else: 38 return False 39 def export(self, lwrite, level, namespace_='WinFileObj:', name_='StreamListType', namespacedef_='', pretty_print=True): 40 if pretty_print: 41 eol_ = '\n' 42 else: 43 eol_ = '' 44 showIndent(lwrite, level, pretty_print) 45 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 46 already_processed = set() 47 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='StreamListType') 48 if self.hasContent_(): 49 lwrite('>%s' % (eol_, )) 50 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 51 showIndent(lwrite, level, pretty_print) 52 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 53 else: 54 lwrite('/>%s' % (eol_, )) 55 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinFileObj:', name_='StreamListType'): 56 pass 57 def exportChildren(self, lwrite, level, namespace_='WinFileObj:', name_='StreamListType', fromsubclass_=False, pretty_print=True): 58 if pretty_print: 59 eol_ = '\n' 60 else: 61 eol_ = '' 62 for Stream_ in self.Stream: 63 Stream_.export(lwrite, level, 'WinFileObj:', name_='Stream', pretty_print=pretty_print) 64 def build(self, node): 65 self.__sourcenode__ = node 66 already_processed = set() 67 self.buildAttributes(node, node.attrib, already_processed) 68 for child in node: 69 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 70 self.buildChildren(child, node, nodeName_) 71 def buildAttributes(self, node, attrs, already_processed): 72 pass 73 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 74 if nodeName_ == 'Stream': 75 obj_ = StreamObjectType.factory() 76 obj_.build(child_) 77 self.Stream.append(obj_) 78# end class StreamListType 79 80class WindowsFilePermissionsType(file_object.FilePermissionsType): 81 """The WindowsFilePermissionsType type specifies Windows file 82 permissions. It imports and extends the file_object.FilePermissionsType from 83 the CybOX File Object.""" 84 85 subclass = None 86 superclass = file_object.FilePermissionsType 87 def __init__(self, Full_Control=None, Modify=None, Read=None, Read_And_Execute=None, Write=None): 88 super(WindowsFilePermissionsType, self).__init__() 89 self.Full_Control = Full_Control 90 self.Modify = Modify 91 self.Read = Read 92 self.Read_And_Execute = Read_And_Execute 93 self.Write = Write 94 def factory(*args_, **kwargs_): 95 if WindowsFilePermissionsType.subclass: 96 return WindowsFilePermissionsType.subclass(*args_, **kwargs_) 97 else: 98 return WindowsFilePermissionsType(*args_, **kwargs_) 99 factory = staticmethod(factory) 100 def get_Full_Control(self): return self.Full_Control 101 def set_Full_Control(self, Full_Control): self.Full_Control = Full_Control 102 def get_Modify(self): return self.Modify 103 def set_Modify(self, Modify): self.Modify = Modify 104 def get_Read(self): return self.Read 105 def set_Read(self, Read): self.Read = Read 106 def get_Read_And_Execute(self): return self.Read_And_Execute 107 def set_Read_And_Execute(self, Read_And_Execute): self.Read_And_Execute = Read_And_Execute 108 def get_Write(self): return self.Write 109 def set_Write(self, Write): self.Write = Write 110 def hasContent_(self): 111 if ( 112 self.Full_Control is not None or 113 self.Modify is not None or 114 self.Read is not None or 115 self.Read_And_Execute is not None or 116 self.Write is not None or 117 super(WindowsFilePermissionsType, self).hasContent_() 118 ): 119 return True 120 else: 121 return False 122 def export(self, lwrite, level, namespace_='WinFileObj:', name_='WindowsFilePermissionsType', namespacedef_='', pretty_print=True): 123 if pretty_print: 124 eol_ = '\n' 125 else: 126 eol_ = '' 127 showIndent(lwrite, level, pretty_print) 128 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 129 already_processed = set() 130 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='WindowsFilePermissionsType') 131 if self.hasContent_(): 132 lwrite('>%s' % (eol_, )) 133 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 134 showIndent(lwrite, level, pretty_print) 135 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 136 else: 137 lwrite('/>%s' % (eol_, )) 138 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinFileObj:', name_='WindowsFilePermissionsType'): 139 super(WindowsFilePermissionsType, self).exportAttributes(lwrite, level, already_processed, namespace_, name_='WindowsFilePermissionsType') 140 def exportChildren(self, lwrite, level, namespace_='WinFileObj:', name_='WindowsFilePermissionsType', fromsubclass_=False, pretty_print=True): 141 super(WindowsFilePermissionsType, self).exportChildren(lwrite, level, 'WinFileObj:', name_, True, pretty_print=pretty_print) 142 if pretty_print: 143 eol_ = '\n' 144 else: 145 eol_ = '' 146 if self.Full_Control is not None: 147 showIndent(lwrite, level, pretty_print) 148 lwrite('<%sFull_Control>%s</%sFull_Control>%s' % ('WinFileObj:', self.gds_format_boolean(self.Full_Control, input_name='Full_Control'), 'WinFileObj:', eol_)) 149 if self.Modify is not None: 150 showIndent(lwrite, level, pretty_print) 151 lwrite('<%sModify>%s</%sModify>%s' % ('WinFileObj:', self.gds_format_boolean(self.Modify, input_name='Modify'), 'WinFileObj:', eol_)) 152 if self.Read is not None: 153 showIndent(lwrite, level, pretty_print) 154 lwrite('<%sRead>%s</%sRead>%s' % ('WinFileObj:', self.gds_format_boolean(self.Read, input_name='Read'), 'WinFileObj:', eol_)) 155 if self.Read_And_Execute is not None: 156 showIndent(lwrite, level, pretty_print) 157 lwrite('<%sRead_And_Execute>%s</%sRead_And_Execute>%s' % ('WinFileObj:', self.gds_format_boolean(self.Read_And_Execute, input_name='Read_And_Execute'), 'WinFileObj:', eol_)) 158 if self.Write is not None: 159 showIndent(lwrite, level, pretty_print) 160 lwrite('<%sWrite>%s</%sWrite>%s' % ('WinFileObj:', self.gds_format_boolean(self.Write, input_name='Write'), 'WinFileObj:', eol_)) 161 def build(self, node): 162 self.__sourcenode__ = node 163 already_processed = set() 164 self.buildAttributes(node, node.attrib, already_processed) 165 for child in node: 166 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 167 self.buildChildren(child, node, nodeName_) 168 def buildAttributes(self, node, attrs, already_processed): 169 super(WindowsFilePermissionsType, self).buildAttributes(node, attrs, already_processed) 170 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 171 if nodeName_ == 'Full_Control': 172 sval_ = child_.text 173 if sval_ in ('true', '1'): 174 ival_ = True 175 elif sval_ in ('false', '0'): 176 ival_ = False 177 else: 178 raise_parse_error(child_, 'requires boolean') 179 ival_ = self.gds_validate_boolean(ival_, node, 'Full_Control') 180 self.Full_Control = ival_ 181 elif nodeName_ == 'Modify': 182 sval_ = child_.text 183 if sval_ in ('true', '1'): 184 ival_ = True 185 elif sval_ in ('false', '0'): 186 ival_ = False 187 else: 188 raise_parse_error(child_, 'requires boolean') 189 ival_ = self.gds_validate_boolean(ival_, node, 'Modify') 190 self.Modify = ival_ 191 elif nodeName_ == 'Read': 192 sval_ = child_.text 193 if sval_ in ('true', '1'): 194 ival_ = True 195 elif sval_ in ('false', '0'): 196 ival_ = False 197 else: 198 raise_parse_error(child_, 'requires boolean') 199 ival_ = self.gds_validate_boolean(ival_, node, 'Read') 200 self.Read = ival_ 201 elif nodeName_ == 'Read_And_Execute': 202 sval_ = child_.text 203 if sval_ in ('true', '1'): 204 ival_ = True 205 elif sval_ in ('false', '0'): 206 ival_ = False 207 else: 208 raise_parse_error(child_, 'requires boolean') 209 ival_ = self.gds_validate_boolean(ival_, node, 'Read_And_Execute') 210 self.Read_And_Execute = ival_ 211 elif nodeName_ == 'Write': 212 sval_ = child_.text 213 if sval_ in ('true', '1'): 214 ival_ = True 215 elif sval_ in ('false', '0'): 216 ival_ = False 217 else: 218 raise_parse_error(child_, 'requires boolean') 219 ival_ = self.gds_validate_boolean(ival_, node, 'Write') 220 self.Write = ival_ 221 super(WindowsFilePermissionsType, self).buildChildren(child_, node, nodeName_, True) 222# end class WindowsFilePermissionsType 223 224class WindowsFileAttributeType(cybox_common.BaseObjectPropertyType): 225 """WindowsFileAttributeType specifies Windows file attributes via a 226 union of the FileAttributesEnum type and the atomic xs:string 227 type. Its base type is the CybOX Core cybox_common.BaseObjectPropertyType, 228 for permitting complex (i.e. regular-expression based) 229 specifications.This attribute is optional and specifies the 230 expected type for the value of the specified property.""" 231 232 subclass = None 233 superclass = cybox_common.BaseObjectPropertyType 234 def __init__(self, obfuscation_algorithm_ref=None, refanging_transform_type=None, has_changed=None, delimiter='##comma##', pattern_type=None, datatype='string', refanging_transform=None, is_case_sensitive=True, bit_mask=None, appears_random=None, observed_encoding=None, defanging_algorithm_ref=None, is_obfuscated=None, regex_syntax=None, apply_condition='ANY', trend=None, idref=None, is_defanged=None, id=None, condition=None, valueOf_=None): 235 super(WindowsFileAttributeType, self).__init__(obfuscation_algorithm_ref, refanging_transform_type, has_changed, delimiter, pattern_type, datatype, refanging_transform, is_case_sensitive, bit_mask, appears_random, observed_encoding, defanging_algorithm_ref, is_obfuscated, regex_syntax, apply_condition, trend, idref, is_defanged, id, condition, valueOf_) 236 self.datatype = _cast(None, datatype) 237 self.valueOf_ = valueOf_ 238 def factory(*args_, **kwargs_): 239 if WindowsFileAttributeType.subclass: 240 return WindowsFileAttributeType.subclass(*args_, **kwargs_) 241 else: 242 return WindowsFileAttributeType(*args_, **kwargs_) 243 factory = staticmethod(factory) 244 def get_datatype(self): return self.datatype 245 def set_datatype(self, datatype): self.datatype = datatype 246 def get_valueOf_(self): return self.valueOf_ 247 def set_valueOf_(self, valueOf_): self.valueOf_ = valueOf_ 248 def hasContent_(self): 249 if ( 250 self.valueOf_ or 251 super(WindowsFileAttributeType, self).hasContent_() 252 ): 253 return True 254 else: 255 return False 256 def export(self, lwrite, level, namespace_='WinFileObj:', name_='WindowsFileAttributeType', namespacedef_='', pretty_print=True): 257 if pretty_print: 258 eol_ = '\n' 259 else: 260 eol_ = '' 261 showIndent(lwrite, level, pretty_print) 262 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 263 already_processed = set() 264 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='WindowsFileAttributeType') 265 if self.hasContent_(): 266 lwrite('>') 267 lwrite(quote_xml(self.valueOf_)) 268 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 269 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 270 else: 271 lwrite('/>%s' % (eol_, )) 272 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinFileObj:', name_='WindowsFileAttributeType'): 273 super(WindowsFileAttributeType, self).exportAttributes(lwrite, level, already_processed, namespace_, name_='WindowsFileAttributeType') 274 if self.datatype is not None: 275 276 lwrite(' datatype=%s' % (quote_attrib(self.datatype), )) 277 def exportChildren(self, lwrite, level, namespace_='WinFileObj:', name_='WindowsFileAttributeType', fromsubclass_=False, pretty_print=True): 278 super(WindowsFileAttributeType, self).exportChildren(lwrite, level, 'WinFileObj:', name_, True, pretty_print=pretty_print) 279 pass 280 def build(self, node): 281 self.__sourcenode__ = node 282 already_processed = set() 283 self.buildAttributes(node, node.attrib, already_processed) 284 self.valueOf_ = get_all_text_(node) 285 for child in node: 286 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 287 self.buildChildren(child, node, nodeName_) 288 def buildAttributes(self, node, attrs, already_processed): 289 value = find_attr_value_('datatype', node) 290 if value is not None: 291 292 self.datatype = value 293 super(WindowsFileAttributeType, self).buildAttributes(node, attrs, already_processed) 294 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 295 pass 296# end class WindowsFileAttributeType 297 298class WindowsFileAttributesType(file_object.FileAttributeType): 299 """The WindowsFileAttributesType type specifies Windows file 300 attributes. It imports and extends the file_object.FileAttributeType from 301 the CybOX File Object.""" 302 303 subclass = None 304 superclass = file_object.FileAttributeType 305 def __init__(self, Attribute=None): 306 super(WindowsFileAttributesType, self).__init__() 307 if Attribute is None: 308 self.Attribute = [] 309 else: 310 self.Attribute = Attribute 311 def factory(*args_, **kwargs_): 312 if WindowsFileAttributesType.subclass: 313 return WindowsFileAttributesType.subclass(*args_, **kwargs_) 314 else: 315 return WindowsFileAttributesType(*args_, **kwargs_) 316 factory = staticmethod(factory) 317 def get_Attribute(self): return self.Attribute 318 def set_Attribute(self, Attribute): self.Attribute = Attribute 319 def add_Attribute(self, value): self.Attribute.append(value) 320 def insert_Attribute(self, index, value): self.Attribute[index] = value 321 def validate_WindowsFileAttributeType(self, value): 322 # Validate type WindowsFileAttributeType, a restriction on None. 323 pass 324 def hasContent_(self): 325 if ( 326 self.Attribute or 327 super(WindowsFileAttributesType, self).hasContent_() 328 ): 329 return True 330 else: 331 return False 332 def export(self, lwrite, level, namespace_='WinFileObj:', name_='WindowsFileAttributesType', namespacedef_='', pretty_print=True): 333 if pretty_print: 334 eol_ = '\n' 335 else: 336 eol_ = '' 337 showIndent(lwrite, level, pretty_print) 338 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 339 already_processed = set() 340 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='WindowsFileAttributesType') 341 if self.hasContent_(): 342 lwrite('>%s' % (eol_, )) 343 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 344 showIndent(lwrite, level, pretty_print) 345 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 346 else: 347 lwrite('/>%s' % (eol_, )) 348 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinFileObj:', name_='WindowsFileAttributesType'): 349 super(WindowsFileAttributesType, self).exportAttributes(lwrite, level, already_processed, namespace_, name_='WindowsFileAttributesType') 350 def exportChildren(self, lwrite, level, namespace_='WinFileObj:', name_='WindowsFileAttributesType', fromsubclass_=False, pretty_print=True): 351 super(WindowsFileAttributesType, self).exportChildren(lwrite, level, 'WinFileObj:', name_, True, pretty_print=pretty_print) 352 if pretty_print: 353 eol_ = '\n' 354 else: 355 eol_ = '' 356 for Attribute_ in self.Attribute: 357 Attribute_.export(lwrite, level, 'WinFileObj:', name_='Attribute', pretty_print=pretty_print) 358 def build(self, node): 359 self.__sourcenode__ = node 360 already_processed = set() 361 self.buildAttributes(node, node.attrib, already_processed) 362 for child in node: 363 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 364 self.buildChildren(child, node, nodeName_) 365 def buildAttributes(self, node, attrs, already_processed): 366 super(WindowsFileAttributesType, self).buildAttributes(node, attrs, already_processed) 367 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 368 if nodeName_ == 'Attribute': 369 obj_ = WindowsFileAttributeType.factory() 370 obj_.build(child_) 371 self.Attribute.append(obj_) 372 super(WindowsFileAttributesType, self).buildChildren(child_, node, nodeName_, True) 373# end class WindowsFileAttributesType 374 375class StreamObjectType(cybox_common.HashListType): 376 """The StreamObjectType type is intended to characterize NTFS alternate 377 data streams.""" 378 379 subclass = None 380 superclass = cybox_common.HashListType 381 def __init__(self, Hash=None, Name=None, Size_In_Bytes=None): 382 super(StreamObjectType, self).__init__(Hash, ) 383 self.Name = Name 384 self.Size_In_Bytes = Size_In_Bytes 385 def factory(*args_, **kwargs_): 386 if StreamObjectType.subclass: 387 return StreamObjectType.subclass(*args_, **kwargs_) 388 else: 389 return StreamObjectType(*args_, **kwargs_) 390 factory = staticmethod(factory) 391 def get_Name(self): return self.Name 392 def set_Name(self, Name): self.Name = Name 393 def validate_StringObjectPropertyType(self, value): 394 # Validate type cybox_common.StringObjectPropertyType, a restriction on None. 395 pass 396 def get_Size_In_Bytes(self): return self.Size_In_Bytes 397 def set_Size_In_Bytes(self, Size_In_Bytes): self.Size_In_Bytes = Size_In_Bytes 398 def validate_UnsignedLongObjectPropertyType(self, value): 399 # Validate type cybox_common.UnsignedLongObjectPropertyType, a restriction on None. 400 pass 401 def hasContent_(self): 402 if ( 403 self.Name is not None or 404 self.Size_In_Bytes is not None or 405 super(StreamObjectType, self).hasContent_() 406 ): 407 return True 408 else: 409 return False 410 def export(self, lwrite, level, namespace_='WinFileObj:', name_='StreamObjectType', namespacedef_='', pretty_print=True): 411 if pretty_print: 412 eol_ = '\n' 413 else: 414 eol_ = '' 415 showIndent(lwrite, level, pretty_print) 416 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 417 already_processed = set() 418 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='StreamObjectType') 419 if self.hasContent_(): 420 lwrite('>%s' % (eol_, )) 421 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 422 showIndent(lwrite, level, pretty_print) 423 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 424 else: 425 lwrite('/>%s' % (eol_, )) 426 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinFileObj:', name_='StreamObjectType'): 427 super(StreamObjectType, self).exportAttributes(lwrite, level, already_processed, namespace_, name_='StreamObjectType') 428 def exportChildren(self, lwrite, level, namespace_='WinFileObj:', name_='StreamObjectType', fromsubclass_=False, pretty_print=True): 429 super(StreamObjectType, self).exportChildren(lwrite, level, 'WinFileObj:', name_, True, pretty_print=pretty_print) 430 if pretty_print: 431 eol_ = '\n' 432 else: 433 eol_ = '' 434 if self.Name is not None: 435 self.Name.export(lwrite, level, 'WinFileObj:', name_='Name', pretty_print=pretty_print) 436 if self.Size_In_Bytes is not None: 437 self.Size_In_Bytes.export(lwrite, level, 'WinFileObj:', name_='Size_In_Bytes', pretty_print=pretty_print) 438 def build(self, node): 439 self.__sourcenode__ = node 440 already_processed = set() 441 self.buildAttributes(node, node.attrib, already_processed) 442 for child in node: 443 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 444 self.buildChildren(child, node, nodeName_) 445 def buildAttributes(self, node, attrs, already_processed): 446 super(StreamObjectType, self).buildAttributes(node, attrs, already_processed) 447 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 448 if nodeName_ == 'Name': 449 obj_ = cybox_common.StringObjectPropertyType.factory() 450 obj_.build(child_) 451 self.set_Name(obj_) 452 elif nodeName_ == 'Size_In_Bytes': 453 obj_ = cybox_common.UnsignedLongObjectPropertyType.factory() 454 obj_.build(child_) 455 self.set_Size_In_Bytes(obj_) 456 super(StreamObjectType, self).buildChildren(child_, node, nodeName_, True) 457# end class StreamObjectType 458 459class WindowsFileObjectType(file_object.FileObjectType): 460 """The WindowsFileObjectType type is intended to characterize Windows 461 files.""" 462 463 subclass = None 464 superclass = file_object.FileObjectType 465 def __init__(self, object_reference=None, Custom_Properties=None, xsi_type=None, is_packed=None, File_Name=None, File_Path=None, Device_Path=None, Full_Path=None, File_Extension=None, Size_In_Bytes=None, Magic_Number=None, File_Format=None, Hashes=None, Digital_Signatures=None, Modified_Time=None, Accessed_Time=None, Created_Time=None, File_Attributes_List=None, Permissions=None, User_Owner=None, Packer_List=None, Peak_Entropy=None, Sym_Links=None, Byte_Runs=None, Extracted_Features=None, Filename_Accessed_Time=None, Filename_Created_Time=None, Filename_Modified_Time=None, Drive=None, Security_ID=None, Security_Type=None, Stream_List=None): 466 super(WindowsFileObjectType, self).__init__(object_reference, Custom_Properties, is_packed, File_Name, File_Path, Device_Path, Full_Path, File_Extension, Size_In_Bytes, Magic_Number, File_Format, Hashes, Digital_Signatures, Modified_Time, Accessed_Time, Created_Time, File_Attributes_List, Permissions, User_Owner, Packer_List, Peak_Entropy, Sym_Links, Byte_Runs, Extracted_Features, ) 467 self.Filename_Accessed_Time = Filename_Accessed_Time 468 self.Filename_Created_Time = Filename_Created_Time 469 self.Filename_Modified_Time = Filename_Modified_Time 470 self.Drive = Drive 471 self.Security_ID = Security_ID 472 self.Security_Type = Security_Type 473 self.Stream_List = Stream_List 474 def factory(*args_, **kwargs_): 475 if WindowsFileObjectType.subclass: 476 return WindowsFileObjectType.subclass(*args_, **kwargs_) 477 else: 478 return WindowsFileObjectType(*args_, **kwargs_) 479 factory = staticmethod(factory) 480 def get_Filename_Accessed_Time(self): return self.Filename_Accessed_Time 481 def set_Filename_Accessed_Time(self, Filename_Accessed_Time): self.Filename_Accessed_Time = Filename_Accessed_Time 482 def validate_DateTimeObjectPropertyType(self, value): 483 # Validate type cybox_common.DateTimeObjectPropertyType, a restriction on None. 484 pass 485 def get_Filename_Created_Time(self): return self.Filename_Created_Time 486 def set_Filename_Created_Time(self, Filename_Created_Time): self.Filename_Created_Time = Filename_Created_Time 487 def get_Filename_Modified_Time(self): return self.Filename_Modified_Time 488 def set_Filename_Modified_Time(self, Filename_Modified_Time): self.Filename_Modified_Time = Filename_Modified_Time 489 def get_Drive(self): return self.Drive 490 def set_Drive(self, Drive): self.Drive = Drive 491 def validate_StringObjectPropertyType(self, value): 492 # Validate type cybox_common.StringObjectPropertyType, a restriction on None. 493 pass 494 def get_Security_ID(self): return self.Security_ID 495 def set_Security_ID(self, Security_ID): self.Security_ID = Security_ID 496 def get_Security_Type(self): return self.Security_Type 497 def set_Security_Type(self, Security_Type): self.Security_Type = Security_Type 498 def validate_SIDType(self, value): 499 # Validate type cybox_common.SIDType, a restriction on None. 500 pass 501 def get_Stream_List(self): return self.Stream_List 502 def set_Stream_List(self, Stream_List): self.Stream_List = Stream_List 503 def hasContent_(self): 504 if ( 505 self.Filename_Accessed_Time is not None or 506 self.Filename_Created_Time is not None or 507 self.Filename_Modified_Time is not None or 508 self.Drive is not None or 509 self.Security_ID is not None or 510 self.Security_Type is not None or 511 self.Stream_List is not None or 512 super(WindowsFileObjectType, self).hasContent_() 513 ): 514 return True 515 else: 516 return False 517 def export(self, lwrite, level, namespace_='WinFileObj:', name_='WindowsFileObjectType', namespacedef_='', pretty_print=True): 518 if pretty_print: 519 eol_ = '\n' 520 else: 521 eol_ = '' 522 showIndent(lwrite, level, pretty_print) 523 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 524 already_processed = set() 525 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='WindowsFileObjectType') 526 if self.hasContent_(): 527 lwrite('>%s' % (eol_, )) 528 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 529 showIndent(lwrite, level, pretty_print) 530 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 531 else: 532 lwrite('/>%s' % (eol_, )) 533 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinFileObj:', name_='WindowsFileObjectType'): 534 super(WindowsFileObjectType, self).exportAttributes(lwrite, level, already_processed, namespace_, name_='WindowsFileObjectType') 535 def exportChildren(self, lwrite, level, namespace_='WinFileObj:', name_='WindowsFileObjectType', fromsubclass_=False, pretty_print=True): 536 super(WindowsFileObjectType, self).exportChildren(lwrite, level, 'WinFileObj:', name_, True, pretty_print=pretty_print) 537 if pretty_print: 538 eol_ = '\n' 539 else: 540 eol_ = '' 541 if self.Filename_Accessed_Time is not None: 542 self.Filename_Accessed_Time.export(lwrite, level, 'WinFileObj:', name_='Filename_Accessed_Time', pretty_print=pretty_print) 543 if self.Filename_Created_Time is not None: 544 self.Filename_Created_Time.export(lwrite, level, 'WinFileObj:', name_='Filename_Created_Time', pretty_print=pretty_print) 545 if self.Filename_Modified_Time is not None: 546 self.Filename_Modified_Time.export(lwrite, level, 'WinFileObj:', name_='Filename_Modified_Time', pretty_print=pretty_print) 547 if self.Drive is not None: 548 self.Drive.export(lwrite, level, 'WinFileObj:', name_='Drive', pretty_print=pretty_print) 549 if self.Security_ID is not None: 550 self.Security_ID.export(lwrite, level, 'WinFileObj:', name_='Security_ID', pretty_print=pretty_print) 551 if self.Security_Type is not None: 552 self.Security_Type.export(lwrite, level, 'WinFileObj:', name_='Security_Type', pretty_print=pretty_print) 553 if self.Stream_List is not None: 554 self.Stream_List.export(lwrite, level, 'WinFileObj:', name_='Stream_List', pretty_print=pretty_print) 555 def build(self, node): 556 self.__sourcenode__ = node 557 already_processed = set() 558 self.buildAttributes(node, node.attrib, already_processed) 559 for child in node: 560 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 561 self.buildChildren(child, node, nodeName_) 562 def buildAttributes(self, node, attrs, already_processed): 563 super(WindowsFileObjectType, self).buildAttributes(node, attrs, already_processed) 564 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 565 if nodeName_ == 'Filename_Accessed_Time': 566 obj_ = cybox_common.DateTimeObjectPropertyType.factory() 567 obj_.build(child_) 568 self.set_Filename_Accessed_Time(obj_) 569 elif nodeName_ == 'Filename_Created_Time': 570 obj_ = cybox_common.DateTimeObjectPropertyType.factory() 571 obj_.build(child_) 572 self.set_Filename_Created_Time(obj_) 573 elif nodeName_ == 'Filename_Modified_Time': 574 obj_ = cybox_common.DateTimeObjectPropertyType.factory() 575 obj_.build(child_) 576 self.set_Filename_Modified_Time(obj_) 577 elif nodeName_ == 'Drive': 578 obj_ = cybox_common.StringObjectPropertyType.factory() 579 obj_.build(child_) 580 self.set_Drive(obj_) 581 elif nodeName_ == 'Security_ID': 582 obj_ = cybox_common.StringObjectPropertyType.factory() 583 obj_.build(child_) 584 self.set_Security_ID(obj_) 585 elif nodeName_ == 'Security_Type': 586 obj_ = cybox_common.SIDType.factory() 587 obj_.build(child_) 588 self.set_Security_Type(obj_) 589 elif nodeName_ == 'Stream_List': 590 obj_ = StreamListType.factory() 591 obj_.build(child_) 592 self.set_Stream_List(obj_) 593 super(WindowsFileObjectType, self).buildChildren(child_, node, nodeName_, True) 594# end class WindowsFileObjectType 595 596GDSClassesMapping = { 597 'Build_Utility': cybox_common.BuildUtilityType, 598 'Errors': cybox_common.ErrorsType, 599 'File_Extension': cybox_common.StringObjectPropertyType, 600 'Error': cybox_common.ErrorType, 601 'Opcodes': cybox_common.StringObjectPropertyType, 602 'Certificate_Issuer': cybox_common.StringObjectPropertyType, 603 'Metadata': cybox_common.MetadataType, 604 'Hash': cybox_common.HashType, 605 'Size_In_Bytes': cybox_common.UnsignedLongObjectPropertyType, 606 'Information_Source_Type': cybox_common.ControlledVocabularyStringType, 607 'Block_Hash_Value': cybox_common.HashValueType, 608 'File_System_Offset': cybox_common.IntegerObjectPropertyType, 609 'Byte_Runs': cybox_common.ByteRunsType, 610 'SubDatum': cybox_common.MetadataType, 611 'Segment_Hash': cybox_common.HashValueType, 612 'Digital_Signature': cybox_common.DigitalSignatureInfoType, 613 'Code_Snippets': cybox_common.CodeSnippetsType, 614 'Value': cybox_common.StringObjectPropertyType, 615 'Length': cybox_common.IntegerObjectPropertyType, 616 'Device_Path': cybox_common.StringObjectPropertyType, 617 'Encoding': cybox_common.ControlledVocabularyStringType, 618 'Internationalization_Settings': cybox_common.InternationalizationSettingsType, 619 'Tool_Configuration': cybox_common.ToolConfigurationType, 620 'Compiler': cybox_common.CompilerType, 621 'Filename_Created_Time': cybox_common.DateTimeObjectPropertyType, 622 'Functions': cybox_common.FunctionsType, 623 'String_Value': cybox_common.StringObjectPropertyType, 624 'Build_Utility_Platform_Specification': cybox_common.PlatformSpecificationType, 625 'Compiler_Informal_Description': cybox_common.CompilerInformalDescriptionType, 626 'System': cybox_common.ObjectPropertiesType, 627 'Platform': cybox_common.PlatformSpecificationType, 628 'Version': cybox_common.StringObjectPropertyType, 629 'Usage_Context_Assumptions': cybox_common.UsageContextAssumptionsType, 630 'Created_Time': cybox_common.DateTimeObjectPropertyType, 631 'Type': file_object.PackerClassType, 632 'Compilers': cybox_common.CompilersType, 633 'Digital_Signatures': cybox_common.DigitalSignaturesType, 634 'Tool_Type': cybox_common.ControlledVocabularyStringType, 635 'String': cybox_common.ExtractedStringType, 636 'File_Format': cybox_common.StringObjectPropertyType, 637 'Custom_Properties': cybox_common.CustomPropertiesType, 638 'Build_Information': cybox_common.BuildInformationType, 639 'Detected_Entrypoint_Signatures': file_object.EntryPointSignatureListType, 640 'Tool_Hashes': cybox_common.HashListType, 641 'File_Path': file_object.FilePathType, 642 'Entry_Point_Signature': file_object.EntryPointSignatureType, 643 'Error_Instances': cybox_common.ErrorInstancesType, 644 'Filename_Modified_Time': cybox_common.DateTimeObjectPropertyType, 645 'Data_Segment': cybox_common.StringObjectPropertyType, 646 'Certificate_Subject': cybox_common.StringObjectPropertyType, 647 'Language': cybox_common.StringObjectPropertyType, 648 'Signature': cybox_common.StringObjectPropertyType, 649 'Property': cybox_common.PropertyType, 650 'Strings': cybox_common.ExtractedStringsType, 651 'User_Owner': cybox_common.StringObjectPropertyType, 652 'Contributors': cybox_common.PersonnelType, 653 'Packer': file_object.PackerType, 654 'Security_Type': cybox_common.SIDType, 655 'Reference_Description': cybox_common.StructuredTextType, 656 'Code_Snippet': cybox_common.ObjectPropertiesType, 657 'File_Attributes_List': file_object.FileAttributeType, 658 'Configuration_Settings': cybox_common.ConfigurationSettingsType, 659 'Simple_Hash_Value': cybox_common.SimpleHashValueType, 660 'Byte_String_Value': cybox_common.HexBinaryObjectPropertyType, 661 'Sym_Links': file_object.SymLinksListType, 662 'Instance': cybox_common.ObjectPropertiesType, 663 'Packer_List': file_object.PackerListType, 664 'Import': cybox_common.StringObjectPropertyType, 665 'Accessed_Time': cybox_common.StringObjectPropertyType, 666 'Sym_Link': cybox_common.StringObjectPropertyType, 667 'Identifier': cybox_common.PlatformIdentifierType, 668 'Tool_Specific_Data': cybox_common.ToolSpecificDataType, 669 'Execution_Environment': cybox_common.ExecutionEnvironmentType, 670 'Search_Distance': cybox_common.IntegerObjectPropertyType, 671 'Dependencies': cybox_common.DependenciesType, 672 'Offset': cybox_common.IntegerObjectPropertyType, 673 'Date': cybox_common.DateRangeType, 674 'Hashes': cybox_common.HashListType, 675 'Segments': cybox_common.HashSegmentsType, 676 'Permissions': file_object.FilePermissionsType, 677 'Segment_Count': cybox_common.IntegerObjectPropertyType, 678 'Usage_Context_Assumption': cybox_common.StructuredTextType, 679 'Block_Hash': cybox_common.FuzzyHashBlockType, 680 'Dependency': cybox_common.DependencyType, 681 'Filename_Accessed_Time': cybox_common.DateTimeObjectPropertyType, 682 'Trigger_Point': cybox_common.HexBinaryObjectPropertyType, 683 'Environment_Variable': cybox_common.EnvironmentVariableType, 684 'Byte_Run': cybox_common.ByteRunType, 685 'Image_Offset': cybox_common.IntegerObjectPropertyType, 686 'Imports': cybox_common.ImportsType, 687 'Library': cybox_common.LibraryType, 688 'References': cybox_common.ToolReferencesType, 689 'Internal_Strings': cybox_common.InternalStringsType, 690 'Time': cybox_common.TimeType, 691 'EP_Jump_Codes': file_object.EPJumpCodeType, 692 'Fuzzy_Hash_Structure': cybox_common.FuzzyHashStructureType, 693 'File_Name': cybox_common.StringObjectPropertyType, 694 'Configuration_Setting': cybox_common.ConfigurationSettingType, 695 'Modified_Time': cybox_common.StringObjectPropertyType, 696 'Libraries': cybox_common.LibrariesType, 697 'Security_ID': cybox_common.StringObjectPropertyType, 698 'Function': cybox_common.StringObjectPropertyType, 699 'Description': cybox_common.StructuredTextType, 700 'User_Account_Info': cybox_common.ObjectPropertiesType, 701 'Build_Configuration': cybox_common.BuildConfigurationType, 702 'Extracted_Features': cybox_common.ExtractedFeaturesType, 703 'Magic_Number': cybox_common.HexBinaryObjectPropertyType, 704 'Address': cybox_common.HexBinaryObjectPropertyType, 705 'Search_Within': cybox_common.IntegerObjectPropertyType, 706 'Segment': cybox_common.HashSegmentType, 707 'Full_Path': cybox_common.StringObjectPropertyType, 708 'English_Translation': cybox_common.StringObjectPropertyType, 709 'Name': cybox_common.StringObjectPropertyType, 710 'Drive': cybox_common.StringObjectPropertyType, 711 'Depth': cybox_common.IntegerObjectPropertyType, 712 'Entry_Point': cybox_common.HexBinaryObjectPropertyType, 713 'Signature_Description': cybox_common.StringObjectPropertyType, 714 'Block_Size': cybox_common.IntegerObjectPropertyType, 715 'Compiler_Platform_Specification': cybox_common.PlatformSpecificationType, 716 'Fuzzy_Hash_Value': cybox_common.FuzzyHashValueType, 717 'Data_Size': cybox_common.DataSizeType, 718 'Dependency_Description': cybox_common.StructuredTextType, 719 'File': file_object.FileObjectType, 720 'Contributor': cybox_common.ContributorType, 721 'Peak_Entropy': cybox_common.DoubleObjectPropertyType, 722 'Tools': cybox_common.ToolsInformationType, 723 'Tool': cybox_common.ToolInformationType, 724} 725 726USAGE_TEXT = """ 727Usage: python <Parser>.py [ -s ] <in_xml_file> 728""" 729 730def usage(): 731 print(USAGE_TEXT) 732 sys.exit(1) 733 734def get_root_tag(node): 735 tag = Tag_pattern_.match(node.tag).groups()[-1] 736 rootClass = GDSClassesMapping.get(tag) 737 if rootClass is None: 738 rootClass = globals().get(tag) 739 return tag, rootClass 740 741def parse(inFileName): 742 doc = parsexml_(inFileName) 743 rootNode = doc.getroot() 744 rootTag, rootClass = get_root_tag(rootNode) 745 if rootClass is None: 746 rootTag = 'Windows_File' 747 rootClass = WindowsFileObjectType 748 rootObj = rootClass.factory() 749 rootObj.build(rootNode) 750 # Enable Python to collect the space used by the DOM. 751 doc = None 752# sys.stdout.write('<?xml version="1.0" ?>\n') 753# rootObj.export(sys.stdout.write, 0, name_=rootTag, 754# namespacedef_='', 755# pretty_print=True) 756 return rootObj 757 758def parseEtree(inFileName): 759 doc = parsexml_(inFileName) 760 rootNode = doc.getroot() 761 rootTag, rootClass = get_root_tag(rootNode) 762 if rootClass is None: 763 rootTag = 'Windows_File' 764 rootClass = WindowsFileObjectType 765 rootObj = rootClass.factory() 766 rootObj.build(rootNode) 767 # Enable Python to collect the space used by the DOM. 768 doc = None 769 rootElement = rootObj.to_etree(None, name_=rootTag) 770 content = etree_.tostring(rootElement, pretty_print=True, 771 xml_declaration=True, encoding="utf-8") 772 sys.stdout.write(content) 773 sys.stdout.write('\n') 774 return rootObj, rootElement 775 776def parseString(inString): 777 from mixbox.vendor.six import StringIO 778 doc = parsexml_(StringIO(inString)) 779 rootNode = doc.getroot() 780 rootTag, rootClass = get_root_tag(rootNode) 781 if rootClass is None: 782 rootTag = 'Windows_File' 783 rootClass = WindowsFileObjectType 784 rootObj = rootClass.factory() 785 rootObj.build(rootNode) 786 # Enable Python to collect the space used by the DOM. 787 doc = None 788# sys.stdout.write('<?xml version="1.0" ?>\n') 789# rootObj.export(sys.stdout.write, 0, name_="Windows_File", 790# namespacedef_='') 791 return rootObj 792 793def main(): 794 args = sys.argv[1:] 795 if len(args) == 1: 796 parse(args[0]) 797 else: 798 usage() 799 800# Register abstract types 801setattr(file_object, "WindowsFileAttributesType", WindowsFileAttributesType) 802setattr(file_object, "WindowsFilePermissionsType", WindowsFilePermissionsType) 803 804if __name__ == '__main__': 805 #import pdb; pdb.set_trace() 806 main() 807 808__all__ = [ 809 "WindowsFileObjectType", 810 "StreamObjectType", 811 "StreamListType", 812 "WindowsFileAttributesType", 813 "WindowsFileAttributeType", 814 "WindowsFilePermissionsType" 815 ] 816