1# Copyright (c) 2017, The MITRE Corporation. All rights reserved.
2# See LICENSE.txt for complete terms.
3
4import sys
5
6from mixbox.binding_utils import *
7from . import cybox_common
8from . import win_handle_object
9
10
11class WaitableTimerType(cybox_common.BaseObjectPropertyType):
12    """WaitableTimerType specifies Windows waitable timer types via a union
13    of the WaitableTimerTypeEnum type and the atomic xs:string type.
14    Its base type is the CybOX Core cybox_common.BaseObjectPropertyType, for
15    permitting complex (i.e. regular-expression based)
16    specifications.This attribute is optional and specifies the
17    expected type for the value of the specified property."""
18
19    subclass = None
20    superclass = cybox_common.BaseObjectPropertyType
21    def __init__(self, obfuscation_algorithm_ref=None, refanging_transform_type=None, has_changed=None, delimiter='##comma##', pattern_type=None, datatype='string', refanging_transform=None, is_case_sensitive=True, bit_mask=None, appears_random=None, observed_encoding=None, defanging_algorithm_ref=None, is_obfuscated=None, regex_syntax=None, apply_condition='ANY', trend=None, idref=None, is_defanged=None, id=None, condition=None, valueOf_=None):
22        super(WaitableTimerType, self).__init__(obfuscation_algorithm_ref, refanging_transform_type, has_changed, delimiter, pattern_type, datatype, refanging_transform, is_case_sensitive, bit_mask, appears_random, observed_encoding, defanging_algorithm_ref, is_obfuscated, regex_syntax, apply_condition, trend, idref, is_defanged, id, condition, valueOf_)
23        self.datatype = _cast(None, datatype)
24        self.valueOf_ = valueOf_
25    def factory(*args_, **kwargs_):
26        if WaitableTimerType.subclass:
27            return WaitableTimerType.subclass(*args_, **kwargs_)
28        else:
29            return WaitableTimerType(*args_, **kwargs_)
30    factory = staticmethod(factory)
31    def get_datatype(self): return self.datatype
32    def set_datatype(self, datatype): self.datatype = datatype
33    def get_valueOf_(self): return self.valueOf_
34    def set_valueOf_(self, valueOf_): self.valueOf_ = valueOf_
35    def hasContent_(self):
36        if (
37            self.valueOf_ or
38            super(WaitableTimerType, self).hasContent_()
39            ):
40            return True
41        else:
42            return False
43    def export(self, lwrite, level, namespace_='WinWaitableTimerObj:', name_='WaitableTimerType', namespacedef_='', pretty_print=True):
44        if pretty_print:
45            eol_ = '\n'
46        else:
47            eol_ = ''
48        showIndent(lwrite, level, pretty_print)
49        lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', ))
50        already_processed = set()
51        self.exportAttributes(lwrite, level, already_processed, namespace_, name_='WaitableTimerType')
52        if self.hasContent_():
53            lwrite('>')
54            lwrite(quote_xml(self.valueOf_))
55            self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print)
56            lwrite('</%s%s>%s' % (namespace_, name_, eol_))
57        else:
58            lwrite('/>%s' % (eol_, ))
59    def exportAttributes(self, lwrite, level, already_processed, namespace_='WinWaitableTimerObj:', name_='WaitableTimerType'):
60        super(WaitableTimerType, self).exportAttributes(lwrite, level, already_processed, namespace_, name_='WaitableTimerType')
61        if self.datatype is not None:
62
63            lwrite(' datatype=%s' % (quote_attrib(self.datatype), ))
64    def exportChildren(self, lwrite, level, namespace_='WinWaitableTimerObj:', name_='WaitableTimerType', fromsubclass_=False, pretty_print=True):
65        super(WaitableTimerType, self).exportChildren(lwrite, level, 'WinWaitableTimerObj:', name_, True, pretty_print=pretty_print)
66        pass
67    def build(self, node):
68        self.__sourcenode__ = node
69        already_processed = set()
70        self.buildAttributes(node, node.attrib, already_processed)
71        self.valueOf_ = get_all_text_(node)
72        for child in node:
73            nodeName_ = Tag_pattern_.match(child.tag).groups()[-1]
74            self.buildChildren(child, node, nodeName_)
75    def buildAttributes(self, node, attrs, already_processed):
76        value = find_attr_value_('datatype', node)
77        if value is not None:
78
79            self.datatype = value
80        super(WaitableTimerType, self).buildAttributes(node, attrs, already_processed)
81    def buildChildren(self, child_, node, nodeName_, fromsubclass_=False):
82        pass
83# end class WaitableTimerType
84
85class WindowsWaitableTimerObjectType(cybox_common.ObjectPropertiesType):
86    """The WindowsWaitableTimerObjectType is intended to characterize
87    Windows waitable timer (synchronization) objects."""
88
89    subclass = None
90    superclass = cybox_common.ObjectPropertiesType
91    def __init__(self, object_reference=None, Custom_Properties=None, xsi_type=None, Handle=None, Name=None, Security_Attributes=None, Type=None):
92        super(WindowsWaitableTimerObjectType, self).__init__(object_reference, Custom_Properties, xsi_type )
93        self.Handle = Handle
94        self.Name = Name
95        self.Security_Attributes = Security_Attributes
96        self.Type = Type
97    def factory(*args_, **kwargs_):
98        if WindowsWaitableTimerObjectType.subclass:
99            return WindowsWaitableTimerObjectType.subclass(*args_, **kwargs_)
100        else:
101            return WindowsWaitableTimerObjectType(*args_, **kwargs_)
102    factory = staticmethod(factory)
103    def get_Handle(self): return self.Handle
104    def set_Handle(self, Handle): self.Handle = Handle
105    def get_Name(self): return self.Name
106    def set_Name(self, Name): self.Name = Name
107    def validate_StringObjectPropertyType(self, value):
108        # Validate type cybox_common.StringObjectPropertyType, a restriction on None.
109        pass
110    def get_Security_Attributes(self): return self.Security_Attributes
111    def set_Security_Attributes(self, Security_Attributes): self.Security_Attributes = Security_Attributes
112    def get_Type(self): return self.Type
113    def set_Type(self, Type): self.Type = Type
114    def validate_WaitableTimerType(self, value):
115        # Validate type WaitableTimerType, a restriction on None.
116        pass
117    def hasContent_(self):
118        if (
119            self.Handle is not None or
120            self.Name is not None or
121            self.Security_Attributes is not None or
122            self.Type is not None or
123            super(WindowsWaitableTimerObjectType, self).hasContent_()
124            ):
125            return True
126        else:
127            return False
128    def export(self, lwrite, level, namespace_='WinWaitableTimerObj:', name_='WindowsWaitableTimerObjectType', namespacedef_='', pretty_print=True):
129        if pretty_print:
130            eol_ = '\n'
131        else:
132            eol_ = ''
133        showIndent(lwrite, level, pretty_print)
134        lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', ))
135        already_processed = set()
136        self.exportAttributes(lwrite, level, already_processed, namespace_, name_='WindowsWaitableTimerObjectType')
137        if self.hasContent_():
138            lwrite('>%s' % (eol_, ))
139            self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print)
140            showIndent(lwrite, level, pretty_print)
141            lwrite('</%s%s>%s' % (namespace_, name_, eol_))
142        else:
143            lwrite('/>%s' % (eol_, ))
144    def exportAttributes(self, lwrite, level, already_processed, namespace_='WinWaitableTimerObj:', name_='WindowsWaitableTimerObjectType'):
145        super(WindowsWaitableTimerObjectType, self).exportAttributes(lwrite, level, already_processed, namespace_, name_='WindowsWaitableTimerObjectType')
146    def exportChildren(self, lwrite, level, namespace_='WinWaitableTimerObj:', name_='WindowsWaitableTimerObjectType', fromsubclass_=False, pretty_print=True):
147        super(WindowsWaitableTimerObjectType, self).exportChildren(lwrite, level, 'WinWaitableTimerObj:', name_, True, pretty_print=pretty_print)
148        if pretty_print:
149            eol_ = '\n'
150        else:
151            eol_ = ''
152        if self.Handle is not None:
153            self.Handle.export(lwrite, level, 'WinWaitableTimerObj:', name_='Handle', pretty_print=pretty_print)
154        if self.Name is not None:
155            self.Name.export(lwrite, level, 'WinWaitableTimerObj:', name_='Name', pretty_print=pretty_print)
156        if self.Security_Attributes is not None:
157            self.Security_Attributes.export(lwrite, level, 'WinWaitableTimerObj:', name_='Security_Attributes', pretty_print=pretty_print)
158        if self.Type is not None:
159            self.Type.export(lwrite, level, 'WinWaitableTimerObj:', name_='Type', pretty_print=pretty_print)
160    def build(self, node):
161        self.__sourcenode__ = node
162        already_processed = set()
163        self.buildAttributes(node, node.attrib, already_processed)
164        for child in node:
165            nodeName_ = Tag_pattern_.match(child.tag).groups()[-1]
166            self.buildChildren(child, node, nodeName_)
167    def buildAttributes(self, node, attrs, already_processed):
168        super(WindowsWaitableTimerObjectType, self).buildAttributes(node, attrs, already_processed)
169    def buildChildren(self, child_, node, nodeName_, fromsubclass_=False):
170        if nodeName_ == 'Handle':
171            obj_ = win_handle_object.WindowsHandleObjectType.factory()
172            obj_.build(child_)
173            self.set_Handle(obj_)
174        elif nodeName_ == 'Name':
175            obj_ = cybox_common.StringObjectPropertyType.factory()
176            obj_.build(child_)
177            self.set_Name(obj_)
178        elif nodeName_ == 'Security_Attributes':
179            obj_ = cybox_common.StringObjectPropertyType.factory()
180            obj_.build(child_)
181            self.set_Security_Attributes(obj_)
182        elif nodeName_ == 'Type':
183            obj_ = WaitableTimerType.factory()
184            obj_.build(child_)
185            self.set_Type(obj_)
186        super(WindowsWaitableTimerObjectType, self).buildChildren(child_, node, nodeName_, True)
187# end class WindowsWaitableTimerObjectType
188
189GDSClassesMapping = {
190    'Build_Utility': cybox_common.BuildUtilityType,
191    'Errors': cybox_common.ErrorsType,
192    'Time': cybox_common.TimeType,
193    'Certificate_Issuer': cybox_common.StringObjectPropertyType,
194    'Metadata': cybox_common.MetadataType,
195    'Hash': cybox_common.HashType,
196    'Information_Source_Type': cybox_common.ControlledVocabularyStringType,
197    'Block_Hash_Value': cybox_common.HashValueType,
198    'Fuzzy_Hash_Structure': cybox_common.FuzzyHashStructureType,
199    'SubDatum': cybox_common.MetadataType,
200    'Segment_Hash': cybox_common.HashValueType,
201    'Digital_Signature': cybox_common.DigitalSignatureInfoType,
202    'Code_Snippets': cybox_common.CodeSnippetsType,
203    'Value': cybox_common.StringObjectPropertyType,
204    'Length': cybox_common.IntegerObjectPropertyType,
205    'Encoding': cybox_common.ControlledVocabularyStringType,
206    'Internationalization_Settings': cybox_common.InternationalizationSettingsType,
207    'Tool_Configuration': cybox_common.ToolConfigurationType,
208    'Security_Attributes': cybox_common.StringObjectPropertyType,
209    'Object_Address': cybox_common.UnsignedLongObjectPropertyType,
210    'English_Translation': cybox_common.StringObjectPropertyType,
211    'Functions': cybox_common.FunctionsType,
212    'String_Value': cybox_common.StringObjectPropertyType,
213    'Pointer_Count': cybox_common.UnsignedLongObjectPropertyType,
214    'Build_Utility_Platform_Specification': cybox_common.PlatformSpecificationType,
215    'Compiler_Informal_Description': cybox_common.CompilerInformalDescriptionType,
216    'System': cybox_common.ObjectPropertiesType,
217    'Platform': cybox_common.PlatformSpecificationType,
218    'Usage_Context_Assumptions': cybox_common.UsageContextAssumptionsType,
219    'Type': win_handle_object.HandleType,
220    'Compilers': cybox_common.CompilersType,
221    'Tool_Type': cybox_common.ControlledVocabularyStringType,
222    'String': cybox_common.ExtractedStringType,
223    'Tool': cybox_common.ToolInformationType,
224    'Build_Information': cybox_common.BuildInformationType,
225    'Tool_Hashes': cybox_common.HashListType,
226    'Compiler_Platform_Specification': cybox_common.PlatformSpecificationType,
227    'Error_Instances': cybox_common.ErrorInstancesType,
228    'Data_Segment': cybox_common.StringObjectPropertyType,
229    'Certificate_Subject': cybox_common.StringObjectPropertyType,
230    'Language': cybox_common.StringObjectPropertyType,
231    'Property': cybox_common.PropertyType,
232    'Strings': cybox_common.ExtractedStringsType,
233    'File_System_Offset': cybox_common.IntegerObjectPropertyType,
234    'Reference_Description': cybox_common.StructuredTextType,
235    'User_Account_Info': cybox_common.ObjectPropertiesType,
236    'Configuration_Settings': cybox_common.ConfigurationSettingsType,
237    'Simple_Hash_Value': cybox_common.SimpleHashValueType,
238    'Byte_String_Value': cybox_common.HexBinaryObjectPropertyType,
239    'Instance': cybox_common.ObjectPropertiesType,
240    'Import': cybox_common.StringObjectPropertyType,
241    'Access_Mask': cybox_common.UnsignedLongObjectPropertyType,
242    'Identifier': cybox_common.PlatformIdentifierType,
243    'Tool_Specific_Data': cybox_common.ToolSpecificDataType,
244    'Execution_Environment': cybox_common.ExecutionEnvironmentType,
245    'ID': cybox_common.UnsignedIntegerObjectPropertyType,
246    'Dependencies': cybox_common.DependenciesType,
247    'Offset': cybox_common.IntegerObjectPropertyType,
248    'Date': cybox_common.DateRangeType,
249    'Hashes': cybox_common.HashListType,
250    'Segments': cybox_common.HashSegmentsType,
251    'Segment_Count': cybox_common.IntegerObjectPropertyType,
252    'Usage_Context_Assumption': cybox_common.StructuredTextType,
253    'Block_Hash': cybox_common.FuzzyHashBlockType,
254    'Dependency': cybox_common.DependencyType,
255    'Error': cybox_common.ErrorType,
256    'Trigger_Point': cybox_common.HexBinaryObjectPropertyType,
257    'Environment_Variable': cybox_common.EnvironmentVariableType,
258    'Byte_Run': cybox_common.ByteRunType,
259    'Contributors': cybox_common.PersonnelType,
260    'Image_Offset': cybox_common.IntegerObjectPropertyType,
261    'Imports': cybox_common.ImportsType,
262    'Library': cybox_common.LibraryType,
263    'References': cybox_common.ToolReferencesType,
264    'Windows_Handle': win_handle_object.WindowsHandleObjectType,
265    'Internal_Strings': cybox_common.InternalStringsType,
266    'Custom_Properties': cybox_common.CustomPropertiesType,
267    'Configuration_Setting': cybox_common.ConfigurationSettingType,
268    'Libraries': cybox_common.LibrariesType,
269    'Function': cybox_common.StringObjectPropertyType,
270    'Handle': win_handle_object.WindowsHandleObjectType,
271    'Description': cybox_common.StructuredTextType,
272    'Code_Snippet': cybox_common.ObjectPropertiesType,
273    'Build_Configuration': cybox_common.BuildConfigurationType,
274    'Address': cybox_common.HexBinaryObjectPropertyType,
275    'Search_Within': cybox_common.IntegerObjectPropertyType,
276    'Segment': cybox_common.HashSegmentType,
277    'Compiler': cybox_common.CompilerType,
278    'Name': cybox_common.StringObjectPropertyType,
279    'Signature_Description': cybox_common.StringObjectPropertyType,
280    'Block_Size': cybox_common.IntegerObjectPropertyType,
281    'Search_Distance': cybox_common.IntegerObjectPropertyType,
282    'Fuzzy_Hash_Value': cybox_common.FuzzyHashValueType,
283    'Dependency_Description': cybox_common.StructuredTextType,
284    'Contributor': cybox_common.ContributorType,
285    'Tools': cybox_common.ToolsInformationType,
286    'Data_Size': cybox_common.DataSizeType,
287}
288
289USAGE_TEXT = """
290Usage: python <Parser>.py [ -s ] <in_xml_file>
291"""
292
293def usage():
294    print(USAGE_TEXT)
295    sys.exit(1)
296
297def get_root_tag(node):
298    tag = Tag_pattern_.match(node.tag).groups()[-1]
299    rootClass = GDSClassesMapping.get(tag)
300    if rootClass is None:
301        rootClass = globals().get(tag)
302    return tag, rootClass
303
304def parse(inFileName):
305    doc = parsexml_(inFileName)
306    rootNode = doc.getroot()
307    rootTag, rootClass = get_root_tag(rootNode)
308    if rootClass is None:
309        rootTag = 'Windows_Waitable_Timer'
310        rootClass = WindowsWaitableTimerObjectType
311    rootObj = rootClass.factory()
312    rootObj.build(rootNode)
313    # Enable Python to collect the space used by the DOM.
314    doc = None
315#    sys.stdout.write('<?xml version="1.0" ?>\n')
316#    rootObj.export(sys.stdout.write, 0, name_=rootTag,
317#        namespacedef_='',
318#        pretty_print=True)
319    return rootObj
320
321def parseEtree(inFileName):
322    doc = parsexml_(inFileName)
323    rootNode = doc.getroot()
324    rootTag, rootClass = get_root_tag(rootNode)
325    if rootClass is None:
326        rootTag = 'Windows_Waitable_Timer'
327        rootClass = WindowsWaitableTimerObjectType
328    rootObj = rootClass.factory()
329    rootObj.build(rootNode)
330    # Enable Python to collect the space used by the DOM.
331    doc = None
332    rootElement = rootObj.to_etree(None, name_=rootTag)
333    content = etree_.tostring(rootElement, pretty_print=True,
334        xml_declaration=True, encoding="utf-8")
335    sys.stdout.write(content)
336    sys.stdout.write('\n')
337    return rootObj, rootElement
338
339def parseString(inString):
340    from mixbox.vendor.six import StringIO
341    doc = parsexml_(StringIO(inString))
342    rootNode = doc.getroot()
343    rootTag, rootClass = get_root_tag(rootNode)
344    if rootClass is None:
345        rootTag = 'Windows_Waitable_Timer'
346        rootClass = WindowsWaitableTimerObjectType
347    rootObj = rootClass.factory()
348    rootObj.build(rootNode)
349    # Enable Python to collect the space used by the DOM.
350    doc = None
351#    sys.stdout.write('<?xml version="1.0" ?>\n')
352#    rootObj.export(sys.stdout.write, 0, name_="Windows_Waitable_Timer",
353#        namespacedef_='')
354    return rootObj
355
356def main():
357    args = sys.argv[1:]
358    if len(args) == 1:
359        parse(args[0])
360    else:
361        usage()
362
363if __name__ == '__main__':
364    #import pdb; pdb.set_trace()
365    main()
366
367__all__ = [
368    "WindowsWaitableTimerObjectType",
369    "WaitableTimerType"
370    ]
371