1# Copyright (c) 2017, The MITRE Corporation. All rights reserved. 2# See LICENSE.txt for complete terms. 3 4import sys 5 6from mixbox.binding_utils import * 7from . import cybox_common 8 9 10class UnformattedMessageListType(GeneratedsSuper): 11 """The UnformattedMessageListType type is a list of unformatted 12 messages in the event log entry.""" 13 14 subclass = None 15 superclass = None 16 def __init__(self, Unformatted_Message=None): 17 if Unformatted_Message is None: 18 self.Unformatted_Message = [] 19 else: 20 self.Unformatted_Message = Unformatted_Message 21 def factory(*args_, **kwargs_): 22 if UnformattedMessageListType.subclass: 23 return UnformattedMessageListType.subclass(*args_, **kwargs_) 24 else: 25 return UnformattedMessageListType(*args_, **kwargs_) 26 factory = staticmethod(factory) 27 def get_Unformatted_Message(self): return self.Unformatted_Message 28 def set_Unformatted_Message(self, Unformatted_Message): self.Unformatted_Message = Unformatted_Message 29 def add_Unformatted_Message(self, value): self.Unformatted_Message.append(value) 30 def insert_Unformatted_Message(self, index, value): self.Unformatted_Message[index] = value 31 def validate_StringObjectPropertyType(self, value): 32 # Validate type cybox_common.StringObjectPropertyType, a restriction on None. 33 pass 34 def hasContent_(self): 35 if ( 36 self.Unformatted_Message 37 ): 38 return True 39 else: 40 return False 41 def export(self, lwrite, level, namespace_='WinEventLogObj:', name_='UnformattedMessageListType', namespacedef_='', pretty_print=True): 42 if pretty_print: 43 eol_ = '\n' 44 else: 45 eol_ = '' 46 showIndent(lwrite, level, pretty_print) 47 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 48 already_processed = set() 49 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='UnformattedMessageListType') 50 if self.hasContent_(): 51 lwrite('>%s' % (eol_, )) 52 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 53 showIndent(lwrite, level, pretty_print) 54 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 55 else: 56 lwrite('/>%s' % (eol_, )) 57 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinEventLogObj:', name_='UnformattedMessageListType'): 58 pass 59 def exportChildren(self, lwrite, level, namespace_='WinEventLogObj:', name_='UnformattedMessageListType', fromsubclass_=False, pretty_print=True): 60 if pretty_print: 61 eol_ = '\n' 62 else: 63 eol_ = '' 64 for Unformatted_Message_ in self.Unformatted_Message: 65 Unformatted_Message_.export(lwrite, level, 'WinEventLogObj:', name_='Unformatted_Message', pretty_print=pretty_print) 66 def build(self, node): 67 self.__sourcenode__ = node 68 already_processed = set() 69 self.buildAttributes(node, node.attrib, already_processed) 70 for child in node: 71 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 72 self.buildChildren(child, node, nodeName_) 73 def buildAttributes(self, node, attrs, already_processed): 74 pass 75 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 76 if nodeName_ == 'Unformatted_Message': 77 obj_ = cybox_common.StringObjectPropertyType.factory() 78 obj_.build(child_) 79 self.Unformatted_Message.append(obj_) 80# end class UnformattedMessageListType 81 82class WindowsEventLogObjectType(cybox_common.ObjectPropertiesType): 83 """The WindowsEventLogObjectType type is intended to characterize 84 entries in the Windows event log.""" 85 86 subclass = None 87 superclass = cybox_common.ObjectPropertiesType 88 def __init__(self, object_reference=None, Custom_Properties=None, xsi_type=None, EID=None, Type=None, Log=None, Message=None, Category_Num=None, Category=None, Generation_Time=None, Source=None, Machine=None, User=None, Blob=None, Correlation_Activity_ID=None, Correlation_Related_Activity_ID=None, Execution_Process_ID=None, Execution_Thread_ID=None, Index=None, Reserved=None, Unformatted_Message_List=None, Write_Time=None): 89 super(WindowsEventLogObjectType, self).__init__(object_reference, Custom_Properties, xsi_type ) 90 self.EID = EID 91 self.Type = Type 92 self.Log = Log 93 self.Message = Message 94 self.Category_Num = Category_Num 95 self.Category = Category 96 self.Generation_Time = Generation_Time 97 self.Source = Source 98 self.Machine = Machine 99 self.User = User 100 self.Blob = Blob 101 self.Correlation_Activity_ID = Correlation_Activity_ID 102 self.Correlation_Related_Activity_ID = Correlation_Related_Activity_ID 103 self.Execution_Process_ID = Execution_Process_ID 104 self.Execution_Thread_ID = Execution_Thread_ID 105 self.Index = Index 106 self.Reserved = Reserved 107 self.Unformatted_Message_List = Unformatted_Message_List 108 self.Write_Time = Write_Time 109 def factory(*args_, **kwargs_): 110 if WindowsEventLogObjectType.subclass: 111 return WindowsEventLogObjectType.subclass(*args_, **kwargs_) 112 else: 113 return WindowsEventLogObjectType(*args_, **kwargs_) 114 factory = staticmethod(factory) 115 def get_EID(self): return self.EID 116 def set_EID(self, EID): self.EID = EID 117 def validate_LongObjectPropertyType(self, value): 118 # Validate type cybox_common.LongObjectPropertyType, a restriction on None. 119 pass 120 def get_Type(self): return self.Type 121 def set_Type(self, Type): self.Type = Type 122 def validate_StringObjectPropertyType(self, value): 123 # Validate type cybox_common.StringObjectPropertyType, a restriction on None. 124 pass 125 def get_Log(self): return self.Log 126 def set_Log(self, Log): self.Log = Log 127 def get_Message(self): return self.Message 128 def set_Message(self, Message): self.Message = Message 129 def get_Category_Num(self): return self.Category_Num 130 def set_Category_Num(self, Category_Num): self.Category_Num = Category_Num 131 def get_Category(self): return self.Category 132 def set_Category(self, Category): self.Category = Category 133 def get_Generation_Time(self): return self.Generation_Time 134 def set_Generation_Time(self, Generation_Time): self.Generation_Time = Generation_Time 135 def validate_DateTimeObjectPropertyType(self, value): 136 # Validate type cybox_common.DateTimeObjectPropertyType, a restriction on None. 137 pass 138 def get_Source(self): return self.Source 139 def set_Source(self, Source): self.Source = Source 140 def get_Machine(self): return self.Machine 141 def set_Machine(self, Machine): self.Machine = Machine 142 def get_User(self): return self.User 143 def set_User(self, User): self.User = User 144 def get_Blob(self): return self.Blob 145 def set_Blob(self, Blob): self.Blob = Blob 146 def validate_Base64BinaryObjectPropertyType(self, value): 147 # Validate type cybox_common.Base64BinaryObjectPropertyType, a restriction on None. 148 pass 149 def get_Correlation_Activity_ID(self): return self.Correlation_Activity_ID 150 def set_Correlation_Activity_ID(self, Correlation_Activity_ID): self.Correlation_Activity_ID = Correlation_Activity_ID 151 def get_Correlation_Related_Activity_ID(self): return self.Correlation_Related_Activity_ID 152 def set_Correlation_Related_Activity_ID(self, Correlation_Related_Activity_ID): self.Correlation_Related_Activity_ID = Correlation_Related_Activity_ID 153 def get_Execution_Process_ID(self): return self.Execution_Process_ID 154 def set_Execution_Process_ID(self, Execution_Process_ID): self.Execution_Process_ID = Execution_Process_ID 155 def get_Execution_Thread_ID(self): return self.Execution_Thread_ID 156 def set_Execution_Thread_ID(self, Execution_Thread_ID): self.Execution_Thread_ID = Execution_Thread_ID 157 def get_Index(self): return self.Index 158 def set_Index(self, Index): self.Index = Index 159 def get_Reserved(self): return self.Reserved 160 def set_Reserved(self, Reserved): self.Reserved = Reserved 161 def get_Unformatted_Message_List(self): return self.Unformatted_Message_List 162 def set_Unformatted_Message_List(self, Unformatted_Message_List): self.Unformatted_Message_List = Unformatted_Message_List 163 def get_Write_Time(self): return self.Write_Time 164 def set_Write_Time(self, Write_Time): self.Write_Time = Write_Time 165 def hasContent_(self): 166 if ( 167 self.EID is not None or 168 self.Type is not None or 169 self.Log is not None or 170 self.Message is not None or 171 self.Category_Num is not None or 172 self.Category is not None or 173 self.Generation_Time is not None or 174 self.Source is not None or 175 self.Machine is not None or 176 self.User is not None or 177 self.Blob is not None or 178 self.Correlation_Activity_ID is not None or 179 self.Correlation_Related_Activity_ID is not None or 180 self.Execution_Process_ID is not None or 181 self.Execution_Thread_ID is not None or 182 self.Index is not None or 183 self.Reserved is not None or 184 self.Unformatted_Message_List is not None or 185 self.Write_Time is not None or 186 super(WindowsEventLogObjectType, self).hasContent_() 187 ): 188 return True 189 else: 190 return False 191 def export(self, lwrite, level, namespace_='WinEventLogObj:', name_='WindowsEventLogObjectType', namespacedef_='', pretty_print=True): 192 if pretty_print: 193 eol_ = '\n' 194 else: 195 eol_ = '' 196 showIndent(lwrite, level, pretty_print) 197 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 198 already_processed = set() 199 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='WindowsEventLogObjectType') 200 if self.hasContent_(): 201 lwrite('>%s' % (eol_, )) 202 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 203 showIndent(lwrite, level, pretty_print) 204 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 205 else: 206 lwrite('/>%s' % (eol_, )) 207 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinEventLogObj:', name_='WindowsEventLogObjectType'): 208 super(WindowsEventLogObjectType, self).exportAttributes(lwrite, level, already_processed, namespace_, name_='WindowsEventLogObjectType') 209 def exportChildren(self, lwrite, level, namespace_='WinEventLogObj:', name_='WindowsEventLogObjectType', fromsubclass_=False, pretty_print=True): 210 super(WindowsEventLogObjectType, self).exportChildren(lwrite, level, 'WinEventLogObj:', name_, True, pretty_print=pretty_print) 211 if pretty_print: 212 eol_ = '\n' 213 else: 214 eol_ = '' 215 if self.EID is not None: 216 self.EID.export(lwrite, level, 'WinEventLogObj:', name_='EID', pretty_print=pretty_print) 217 if self.Type is not None: 218 self.Type.export(lwrite, level, 'WinEventLogObj:', name_='Type', pretty_print=pretty_print) 219 if self.Log is not None: 220 self.Log.export(lwrite, level, 'WinEventLogObj:', name_='Log', pretty_print=pretty_print) 221 if self.Message is not None: 222 self.Message.export(lwrite, level, 'WinEventLogObj:', name_='Message', pretty_print=pretty_print) 223 if self.Category_Num is not None: 224 self.Category_Num.export(lwrite, level, 'WinEventLogObj:', name_='Category_Num', pretty_print=pretty_print) 225 if self.Category is not None: 226 self.Category.export(lwrite, level, 'WinEventLogObj:', name_='Category', pretty_print=pretty_print) 227 if self.Generation_Time is not None: 228 self.Generation_Time.export(lwrite, level, 'WinEventLogObj:', name_='Generation_Time', pretty_print=pretty_print) 229 if self.Source is not None: 230 self.Source.export(lwrite, level, 'WinEventLogObj:', name_='Source', pretty_print=pretty_print) 231 if self.Machine is not None: 232 self.Machine.export(lwrite, level, 'WinEventLogObj:', name_='Machine', pretty_print=pretty_print) 233 if self.User is not None: 234 self.User.export(lwrite, level, 'WinEventLogObj:', name_='User', pretty_print=pretty_print) 235 if self.Blob is not None: 236 self.Blob.export(lwrite, level, 'WinEventLogObj:', name_='Blob', pretty_print=pretty_print) 237 if self.Correlation_Activity_ID is not None: 238 self.Correlation_Activity_ID.export(lwrite, level, 'WinEventLogObj:', name_='Correlation_Activity_ID', pretty_print=pretty_print) 239 if self.Correlation_Related_Activity_ID is not None: 240 self.Correlation_Related_Activity_ID.export(lwrite, level, 'WinEventLogObj:', name_='Correlation_Related_Activity_ID', pretty_print=pretty_print) 241 if self.Execution_Process_ID is not None: 242 self.Execution_Process_ID.export(lwrite, level, 'WinEventLogObj:', name_='Execution_Process_ID', pretty_print=pretty_print) 243 if self.Execution_Thread_ID is not None: 244 self.Execution_Thread_ID.export(lwrite, level, 'WinEventLogObj:', name_='Execution_Thread_ID', pretty_print=pretty_print) 245 if self.Index is not None: 246 self.Index.export(lwrite, level, 'WinEventLogObj:', name_='Index', pretty_print=pretty_print) 247 if self.Reserved is not None: 248 self.Reserved.export(lwrite, level, 'WinEventLogObj:', name_='Reserved', pretty_print=pretty_print) 249 if self.Unformatted_Message_List is not None: 250 self.Unformatted_Message_List.export(lwrite, level, 'WinEventLogObj:', name_='Unformatted_Message_List', pretty_print=pretty_print) 251 if self.Write_Time is not None: 252 self.Write_Time.export(lwrite, level, 'WinEventLogObj:', name_='Write_Time', pretty_print=pretty_print) 253 def build(self, node): 254 self.__sourcenode__ = node 255 already_processed = set() 256 self.buildAttributes(node, node.attrib, already_processed) 257 for child in node: 258 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 259 self.buildChildren(child, node, nodeName_) 260 def buildAttributes(self, node, attrs, already_processed): 261 super(WindowsEventLogObjectType, self).buildAttributes(node, attrs, already_processed) 262 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 263 if nodeName_ == 'EID': 264 obj_ = cybox_common.LongObjectPropertyType.factory() 265 obj_.build(child_) 266 self.set_EID(obj_) 267 elif nodeName_ == 'Type': 268 obj_ = cybox_common.StringObjectPropertyType.factory() 269 obj_.build(child_) 270 self.set_Type(obj_) 271 elif nodeName_ == 'Log': 272 obj_ = cybox_common.StringObjectPropertyType.factory() 273 obj_.build(child_) 274 self.set_Log(obj_) 275 elif nodeName_ == 'Message': 276 obj_ = cybox_common.StringObjectPropertyType.factory() 277 obj_.build(child_) 278 self.set_Message(obj_) 279 elif nodeName_ == 'Category_Num': 280 obj_ = cybox_common.LongObjectPropertyType.factory() 281 obj_.build(child_) 282 self.set_Category_Num(obj_) 283 elif nodeName_ == 'Category': 284 obj_ = cybox_common.StringObjectPropertyType.factory() 285 obj_.build(child_) 286 self.set_Category(obj_) 287 elif nodeName_ == 'Generation_Time': 288 obj_ = cybox_common.DateTimeObjectPropertyType.factory() 289 obj_.build(child_) 290 self.set_Generation_Time(obj_) 291 elif nodeName_ == 'Source': 292 obj_ = cybox_common.StringObjectPropertyType.factory() 293 obj_.build(child_) 294 self.set_Source(obj_) 295 elif nodeName_ == 'Machine': 296 obj_ = cybox_common.StringObjectPropertyType.factory() 297 obj_.build(child_) 298 self.set_Machine(obj_) 299 elif nodeName_ == 'User': 300 obj_ = cybox_common.StringObjectPropertyType.factory() 301 obj_.build(child_) 302 self.set_User(obj_) 303 elif nodeName_ == 'Blob': 304 obj_ = cybox_common.Base64BinaryObjectPropertyType.factory() 305 obj_.build(child_) 306 self.set_Blob(obj_) 307 elif nodeName_ == 'Correlation_Activity_ID': 308 obj_ = cybox_common.StringObjectPropertyType.factory() 309 obj_.build(child_) 310 self.set_Correlation_Activity_ID(obj_) 311 elif nodeName_ == 'Correlation_Related_Activity_ID': 312 obj_ = cybox_common.StringObjectPropertyType.factory() 313 obj_.build(child_) 314 self.set_Correlation_Related_Activity_ID(obj_) 315 elif nodeName_ == 'Execution_Process_ID': 316 obj_ = cybox_common.StringObjectPropertyType.factory() 317 obj_.build(child_) 318 self.set_Execution_Process_ID(obj_) 319 elif nodeName_ == 'Execution_Thread_ID': 320 obj_ = cybox_common.StringObjectPropertyType.factory() 321 obj_.build(child_) 322 self.set_Execution_Thread_ID(obj_) 323 elif nodeName_ == 'Index': 324 obj_ = cybox_common.LongObjectPropertyType.factory() 325 obj_.build(child_) 326 self.set_Index(obj_) 327 elif nodeName_ == 'Reserved': 328 obj_ = cybox_common.LongObjectPropertyType.factory() 329 obj_.build(child_) 330 self.set_Reserved(obj_) 331 elif nodeName_ == 'Unformatted_Message_List': 332 obj_ = UnformattedMessageListType.factory() 333 obj_.build(child_) 334 self.set_Unformatted_Message_List(obj_) 335 elif nodeName_ == 'Write_Time': 336 obj_ = cybox_common.DateTimeObjectPropertyType.factory() 337 obj_.build(child_) 338 self.set_Write_Time(obj_) 339 super(WindowsEventLogObjectType, self).buildChildren(child_, node, nodeName_, True) 340# end class WindowsEventLogObjectType 341 342GDSClassesMapping = { 343 'Build_Utility': cybox_common.BuildUtilityType, 344 'Errors': cybox_common.ErrorsType, 345 'Time': cybox_common.TimeType, 346 'Certificate_Issuer': cybox_common.StringObjectPropertyType, 347 'Metadata': cybox_common.MetadataType, 348 'Hash': cybox_common.HashType, 349 'Correlation_Related_Activity_ID': cybox_common.StringObjectPropertyType, 350 'Information_Source_Type': cybox_common.ControlledVocabularyStringType, 351 'Write_Time': cybox_common.DateTimeObjectPropertyType, 352 'Internal_Strings': cybox_common.InternalStringsType, 353 'Execution_Thread_ID': cybox_common.StringObjectPropertyType, 354 'SubDatum': cybox_common.MetadataType, 355 'Segment_Hash': cybox_common.HashValueType, 356 'Digital_Signature': cybox_common.DigitalSignatureInfoType, 357 'Code_Snippets': cybox_common.CodeSnippetsType, 358 'Value': cybox_common.StringObjectPropertyType, 359 'Length': cybox_common.IntegerObjectPropertyType, 360 'Encoding': cybox_common.ControlledVocabularyStringType, 361 'Internationalization_Settings': cybox_common.InternationalizationSettingsType, 362 'Image_Offset': cybox_common.IntegerObjectPropertyType, 363 'English_Translation': cybox_common.StringObjectPropertyType, 364 'Unformatted_Message': cybox_common.StringObjectPropertyType, 365 'Index': cybox_common.LongObjectPropertyType, 366 'Functions': cybox_common.FunctionsType, 367 'String_Value': cybox_common.StringObjectPropertyType, 368 'Build_Utility_Platform_Specification': cybox_common.PlatformSpecificationType, 369 'Compiler_Informal_Description': cybox_common.CompilerInformalDescriptionType, 370 'System': cybox_common.ObjectPropertiesType, 371 'Source': cybox_common.StringObjectPropertyType, 372 'Usage_Context_Assumptions': cybox_common.UsageContextAssumptionsType, 373 'Generation_Time': cybox_common.DateTimeObjectPropertyType, 374 'Type': cybox_common.ControlledVocabularyStringType, 375 'Compilers': cybox_common.CompilersType, 376 'Tool_Configuration': cybox_common.ToolConfigurationType, 377 'Tool_Type': cybox_common.ControlledVocabularyStringType, 378 'String': cybox_common.ExtractedStringType, 379 'Tool': cybox_common.ToolInformationType, 380 'Build_Information': cybox_common.BuildInformationType, 381 'Tool_Hashes': cybox_common.HashListType, 382 'Error_Instances': cybox_common.ErrorInstancesType, 383 'Data_Segment': cybox_common.StringObjectPropertyType, 384 'Correlation_Activity_ID': cybox_common.StringObjectPropertyType, 385 'Certificate_Subject': cybox_common.StringObjectPropertyType, 386 'Property': cybox_common.PropertyType, 387 'Strings': cybox_common.ExtractedStringsType, 388 'File_System_Offset': cybox_common.IntegerObjectPropertyType, 389 'Simple_Hash_Value': cybox_common.SimpleHashValueType, 390 'Reference_Description': cybox_common.StructuredTextType, 391 'Code_Snippet': cybox_common.ObjectPropertiesType, 392 'Configuration_Settings': cybox_common.ConfigurationSettingsType, 393 'Compiler_Platform_Specification': cybox_common.PlatformSpecificationType, 394 'Byte_String_Value': cybox_common.HexBinaryObjectPropertyType, 395 'Category': cybox_common.StringObjectPropertyType, 396 'Log': cybox_common.StringObjectPropertyType, 397 'Category_Num': cybox_common.LongObjectPropertyType, 398 'Instance': cybox_common.ObjectPropertiesType, 399 'Import': cybox_common.StringObjectPropertyType, 400 'Identifier': cybox_common.PlatformIdentifierType, 401 'Tool_Specific_Data': cybox_common.ToolSpecificDataType, 402 'Execution_Environment': cybox_common.ExecutionEnvironmentType, 403 'Search_Distance': cybox_common.IntegerObjectPropertyType, 404 'Dependencies': cybox_common.DependenciesType, 405 'Segment_Count': cybox_common.IntegerObjectPropertyType, 406 'User': cybox_common.StringObjectPropertyType, 407 'Offset': cybox_common.IntegerObjectPropertyType, 408 'Date': cybox_common.DateRangeType, 409 'Hashes': cybox_common.HashListType, 410 'Segments': cybox_common.HashSegmentsType, 411 'Language': cybox_common.StringObjectPropertyType, 412 'Usage_Context_Assumption': cybox_common.StructuredTextType, 413 'Block_Hash': cybox_common.FuzzyHashBlockType, 414 'Dependency': cybox_common.DependencyType, 415 'Error': cybox_common.ErrorType, 416 'Trigger_Point': cybox_common.HexBinaryObjectPropertyType, 417 'Environment_Variable': cybox_common.EnvironmentVariableType, 418 'Byte_Run': cybox_common.ByteRunType, 419 'Libraries': cybox_common.LibrariesType, 420 'Contributors': cybox_common.PersonnelType, 421 'Platform': cybox_common.PlatformSpecificationType, 422 'Imports': cybox_common.ImportsType, 423 'Library': cybox_common.LibraryType, 424 'References': cybox_common.ToolReferencesType, 425 'Blob': cybox_common.Base64BinaryObjectPropertyType, 426 'Block_Hash_Value': cybox_common.HashValueType, 427 'Fuzzy_Hash_Structure': cybox_common.FuzzyHashStructureType, 428 'Configuration_Setting': cybox_common.ConfigurationSettingType, 429 'Machine': cybox_common.StringObjectPropertyType, 430 'EID': cybox_common.LongObjectPropertyType, 431 'Execution_Process_ID': cybox_common.StringObjectPropertyType, 432 'Function': cybox_common.StringObjectPropertyType, 433 'Description': cybox_common.StructuredTextType, 434 'User_Account_Info': cybox_common.ObjectPropertiesType, 435 'Build_Configuration': cybox_common.BuildConfigurationType, 436 'Address': cybox_common.HexBinaryObjectPropertyType, 437 'Search_Within': cybox_common.IntegerObjectPropertyType, 438 'Segment': cybox_common.HashSegmentType, 439 'Compiler': cybox_common.CompilerType, 440 'Name': cybox_common.StringObjectPropertyType, 441 'Signature_Description': cybox_common.StringObjectPropertyType, 442 'Block_Size': cybox_common.IntegerObjectPropertyType, 443 'Message': cybox_common.StringObjectPropertyType, 444 'Reserved': cybox_common.LongObjectPropertyType, 445 'Fuzzy_Hash_Value': cybox_common.FuzzyHashValueType, 446 'Data_Size': cybox_common.DataSizeType, 447 'Dependency_Description': cybox_common.StructuredTextType, 448 'Contributor': cybox_common.ContributorType, 449 'Tools': cybox_common.ToolsInformationType, 450 'Custom_Properties': cybox_common.CustomPropertiesType, 451} 452 453USAGE_TEXT = """ 454Usage: python <Parser>.py [ -s ] <in_xml_file> 455""" 456 457def usage(): 458 print(USAGE_TEXT) 459 sys.exit(1) 460 461def get_root_tag(node): 462 tag = Tag_pattern_.match(node.tag).groups()[-1] 463 rootClass = GDSClassesMapping.get(tag) 464 if rootClass is None: 465 rootClass = globals().get(tag) 466 return tag, rootClass 467 468def parse(inFileName): 469 doc = parsexml_(inFileName) 470 rootNode = doc.getroot() 471 rootTag, rootClass = get_root_tag(rootNode) 472 if rootClass is None: 473 rootTag = 'Windows_Event_Log' 474 rootClass = WindowsEventLogObjectType 475 rootObj = rootClass.factory() 476 rootObj.build(rootNode) 477 # Enable Python to collect the space used by the DOM. 478 doc = None 479# sys.stdout.write('<?xml version="1.0" ?>\n') 480# rootObj.export(sys.stdout.write, 0, name_=rootTag, 481# namespacedef_='', 482# pretty_print=True) 483 return rootObj 484 485def parseEtree(inFileName): 486 doc = parsexml_(inFileName) 487 rootNode = doc.getroot() 488 rootTag, rootClass = get_root_tag(rootNode) 489 if rootClass is None: 490 rootTag = 'Windows_Event_Log' 491 rootClass = WindowsEventLogObjectType 492 rootObj = rootClass.factory() 493 rootObj.build(rootNode) 494 # Enable Python to collect the space used by the DOM. 495 doc = None 496 rootElement = rootObj.to_etree(None, name_=rootTag) 497 content = etree_.tostring(rootElement, pretty_print=True, 498 xml_declaration=True, encoding="utf-8") 499 sys.stdout.write(content) 500 sys.stdout.write('\n') 501 return rootObj, rootElement 502 503def parseString(inString): 504 from mixbox.vendor.six import StringIO 505 doc = parsexml_(StringIO(inString)) 506 rootNode = doc.getroot() 507 rootTag, rootClass = get_root_tag(rootNode) 508 if rootClass is None: 509 rootTag = 'Windows_Event_Log' 510 rootClass = WindowsEventLogObjectType 511 rootObj = rootClass.factory() 512 rootObj.build(rootNode) 513 # Enable Python to collect the space used by the DOM. 514 doc = None 515# sys.stdout.write('<?xml version="1.0" ?>\n') 516# rootObj.export(sys.stdout.write, 0, name_="Windows_Event_Log", 517# namespacedef_='') 518 return rootObj 519 520def main(): 521 args = sys.argv[1:] 522 if len(args) == 1: 523 parse(args[0]) 524 else: 525 usage() 526 527if __name__ == '__main__': 528 #import pdb; pdb.set_trace() 529 main() 530 531__all__ = [ 532 "WindowsEventLogObjectType", 533 "UnformattedMessageListType" 534 ] 535