1# Copyright (c) 2018, The MITRE Corporation. All rights reserved. 2# See LICENSE.txt for complete terms. 3 4import sys 5 6from mixbox.binding_utils import * 7 8from cybox.bindings import cybox_core 9from cybox.bindings import cybox_common 10from cybox.bindings import code_object 11from cybox.bindings import process_object 12 13class BehaviorType(GeneratedsSuper): 14 """The BehaviorType is one of the foundational MAEC types, and serves 15 as a method for the characterization of malicious behaviors 16 found or observed in malware. Behaviors can be thought of as 17 representing the purpose behind groups of MAEC Actions, and are 18 therefore representative of distinct portions of higher-level 19 malware functionality. Thus, while a malware instance may 20 perform some multitude of Actions, it is likely that these 21 Actions represent only a few distinct behaviors. Some examples 22 include vulnerability exploitation, email address harvesting, 23 the disabling of a security service, etc.The required id field 24 specifies a unique ID for this Behavior. The ID must follow the 25 pattern defined in the BehaviorIDPattern simple type.The 26 ordinal_position field specifies the ordinal position of the 27 Behavior with respect to the execution of the malware.The status 28 field specifies the execution status of the Behavior being 29 characterized.The duration field specifies the duration of the 30 Behavior. One way to derive such a value may be to calculate the 31 difference between the timestamps of the first and last actions 32 that compose the behavior.""" 33 subclass = None 34 superclass = None 35 def __init__(self, status=None, duration=None, ordinal_position=None, id=None, Purpose=None, Description=None, Discovery_Method=None, Action_Composition=None, Associated_Code=None, Relationships=None): 36 self.status = _cast(None, status) 37 self.duration = _cast(None, duration) 38 self.ordinal_position = _cast(int, ordinal_position) 39 self.id = _cast(None, id) 40 self.Purpose = Purpose 41 self.Description = Description 42 self.Discovery_Method = Discovery_Method 43 self.Action_Composition = Action_Composition 44 self.Associated_Code = Associated_Code 45 self.Relationships = Relationships 46 def factory(*args_, **kwargs_): 47 if BehaviorType.subclass: 48 return BehaviorType.subclass(*args_, **kwargs_) 49 else: 50 return BehaviorType(*args_, **kwargs_) 51 factory = staticmethod(factory) 52 def get_Purpose(self): return self.Purpose 53 def set_Purpose(self, Purpose): self.Purpose = Purpose 54 def get_Description(self): return self.Description 55 def set_Description(self, Description): self.Description = Description 56 def get_Discovery_Method(self): return self.Discovery_Method 57 def set_Discovery_Method(self, Discovery_Method): self.Discovery_Method = Discovery_Method 58 def get_Action_Composition(self): return self.Action_Composition 59 def set_Action_Composition(self, Action_Composition): self.Action_Composition = Action_Composition 60 def get_Associated_Code(self): return self.Associated_Code 61 def set_Associated_Code(self, Associated_Code): self.Associated_Code = Associated_Code 62 def get_Relationships(self): return self.Relationships 63 def set_Relationships(self, Relationships): self.Relationships = Relationships 64 def get_status(self): return self.status 65 def set_status(self, status): self.status = status 66 def get_duration(self): return self.duration 67 def set_duration(self, duration): self.duration = duration 68 def get_ordinal_position(self): return self.ordinal_position 69 def set_ordinal_position(self, ordinal_position): self.ordinal_position = ordinal_position 70 def get_id(self): return self.id 71 def set_id(self, id): self.id = id 72 def hasContent_(self): 73 if ( 74 self.Purpose is not None or 75 self.Description is not None or 76 self.Discovery_Method is not None or 77 self.Action_Composition is not None or 78 self.Associated_Code is not None or 79 self.Relationships is not None 80 ): 81 return True 82 else: 83 return False 84 def export(self, write, level, namespace_='maecBundle:', name_='BehaviorType', namespacedef_='', pretty_print=True): 85 if pretty_print: 86 eol_ = '\n' 87 else: 88 eol_ = '' 89 showIndent(write, level, pretty_print) 90 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 91 already_processed = set() 92 self.exportAttributes(write, level, already_processed, namespace_, name_='BehaviorType') 93 if self.hasContent_(): 94 write('>%s' % (eol_, )) 95 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 96 showIndent(write, level, pretty_print) 97 write('</%s%s>%s' % (namespace_, name_, eol_)) 98 else: 99 write('/>%s' % (eol_, )) 100 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='BehaviorType'): 101 if self.status is not None and 'status' not in already_processed: 102 already_processed.add('status') 103 write(' status=%s' % (quote_attrib(self.status), )) 104 if self.duration is not None and 'duration' not in already_processed: 105 already_processed.add('duration') 106 write(' duration=%s' % (quote_attrib(self.duration))) 107 if self.ordinal_position is not None and 'ordinal_position' not in already_processed: 108 already_processed.add('ordinal_position') 109 write(' ordinal_position="%s"' % self.gds_format_integer(self.ordinal_position, input_name='ordinal_position')) 110 if self.id is not None and 'id' not in already_processed: 111 already_processed.add('id') 112 write(' id=%s' % (quote_attrib(self.id), )) 113 def exportChildren(self, write, level, namespace_='maecBundle:', name_='BehaviorType', fromsubclass_=False, pretty_print=True): 114 if pretty_print: 115 eol_ = '\n' 116 else: 117 eol_ = '' 118 if self.Purpose is not None: 119 self.Purpose.export(write, level, 'maecBundle:', name_='Purpose', pretty_print=pretty_print) 120 if self.Description is not None: 121 showIndent(write, level, pretty_print) 122 write('<%sDescription>%s</%sDescription>%s' % ('maecBundle:', quote_xml(self.Description), 'maecBundle:', eol_)) 123 if self.Discovery_Method is not None: 124 self.Discovery_Method.export(write, level, 'maecBundle:', name_='Discovery_Method', pretty_print=pretty_print) 125 if self.Action_Composition is not None: 126 self.Action_Composition.export(write, level, 'maecBundle:', name_='Action_Composition', pretty_print=pretty_print) 127 if self.Associated_Code is not None: 128 self.Associated_Code.export(write, level, 'maecBundle:', name_='Associated_Code', pretty_print=pretty_print) 129 if self.Relationships is not None: 130 self.Relationships.export(write, level, 'maecBundle:', name_='Relationships', pretty_print=pretty_print) 131 def build(self, node): 132 self.__sourcenode__ = node 133 already_processed = set() 134 self.buildAttributes(node, node.attrib, already_processed) 135 for child in node: 136 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 137 self.buildChildren(child, node, nodeName_) 138 def buildAttributes(self, node, attrs, already_processed): 139 value = find_attr_value_('status', node) 140 if value is not None and 'status' not in already_processed: 141 already_processed.add('status') 142 self.status = value 143 value = find_attr_value_('duration', node) 144 if value is not None and 'duration' not in already_processed: 145 already_processed.add('duration') 146 self.duration = value 147 value = find_attr_value_('ordinal_position', node) 148 if value is not None and 'ordinal_position' not in already_processed: 149 already_processed.add('ordinal_position') 150 try: 151 self.ordinal_position = int(value) 152 except ValueError as exp: 153 raise_parse_error(node, 'Bad integer attribute: %s' % exp) 154 if self.ordinal_position <= 0: 155 raise_parse_error(node, 'Invalid PositiveInteger') 156 value = find_attr_value_('id', node) 157 if value is not None and 'id' not in already_processed: 158 already_processed.add('id') 159 self.id = value 160 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 161 if nodeName_ == 'Purpose': 162 obj_ = BehaviorPurposeType.factory() 163 obj_.build(child_) 164 self.set_Purpose(obj_) 165 elif nodeName_ == 'Description': 166 Description_ = child_.text 167 Description_ = self.gds_validate_string(Description_, node, 'Description') 168 self.Description = Description_ 169 elif nodeName_ == 'Discovery_Method': 170 obj_ = cybox_common.MeasureSourceType.factory() 171 obj_.build(child_) 172 self.set_Discovery_Method(obj_) 173 elif nodeName_ == 'Action_Composition': 174 obj_ = BehavioralActionsType.factory() 175 obj_.build(child_) 176 self.set_Action_Composition(obj_) 177 elif nodeName_ == 'Associated_Code': 178 obj_ = AssociatedCodeType.factory() 179 obj_.build(child_) 180 self.set_Associated_Code(obj_) 181 elif nodeName_ == 'Relationships': 182 obj_ = BehaviorRelationshipListType.factory() 183 obj_.build(child_) 184 self.set_Relationships(obj_) 185# end class BehaviorType 186 187class BundleType(GeneratedsSuper): 188 """The BundleType serves as the high-level construct which encapsulates 189 all Bundle elements, and represents some characterized analysis 190 data (from any arbitrary set of analyses) for a single malware 191 instance in terms of its MAEC Components (e.g., Behaviors, 192 Actions, Objects, etc.).The required id field specifies a unique 193 ID for this MAEC Bundle. The required schema_version field 194 specifies the version of the MAEC Bundle Schema that the 195 document has been written in and that should be used for 196 validation.The required defined_subject field specifies whether 197 the subject attributes of the characterized malware instance are 198 included inside this Bundle (via the top-level 199 Malware_Instance_Object_Attributes field) or elsewhere (such as 200 a MAEC Subject in a MAEC Package).The content_type field 201 specifies the general type of content contained in this Bundle, 202 e.g. static analysis tool output, dynamic analysis tool output, 203 etc.The timestamp field specifies the date/time that the bundle 204 was generated.""" 205 subclass = None 206 superclass = None 207 def __init__(self, defined_subject=None, content_type=None, id=None, schema_version=None, timestamp=None, Malware_Instance_Object_Attributes=None, AV_Classifications=None, Process_Tree=None, Capabilities=None, Behaviors=None, Actions=None, Objects=None, Candidate_Indicators=None, Collections=None): 208 self.defined_subject = _cast(bool, defined_subject) 209 self.content_type = _cast(None, content_type) 210 self.id = _cast(None, id) 211 self.schema_version = _cast(None, schema_version) 212 self.timestamp = _cast(None, timestamp) 213 self.Malware_Instance_Object_Attributes = Malware_Instance_Object_Attributes 214 self.AV_Classifications = AV_Classifications 215 self.Process_Tree = Process_Tree 216 self.Capabilities = Capabilities 217 self.Behaviors = Behaviors 218 self.Actions = Actions 219 self.Objects = Objects 220 self.Candidate_Indicators = Candidate_Indicators 221 self.Collections = Collections 222 def factory(*args_, **kwargs_): 223 if BundleType.subclass: 224 return BundleType.subclass(*args_, **kwargs_) 225 else: 226 return BundleType(*args_, **kwargs_) 227 factory = staticmethod(factory) 228 def get_Malware_Instance_Object_Attributes(self): return self.Malware_Instance_Object_Attributes 229 def set_Malware_Instance_Object_Attributes(self, Malware_Instance_Object_Attributes): self.Malware_Instance_Object_Attributes = Malware_Instance_Object_Attributes 230 def get_AV_Classifications(self): return self.AV_Classifications 231 def set_AV_Classifications(self, AV_Classifications): self.AV_Classifications = AV_Classifications 232 def get_Process_Tree(self): return self.Process_Tree 233 def set_Process_Tree(self, Process_Tree): self.Process_Tree = Process_Tree 234 def get_Capabilities(self): return self.Capabilities 235 def set_Capabilities(self, Capabilities): self.Capabilities = Capabilities 236 def get_Behaviors(self): return self.Behaviors 237 def set_Behaviors(self, Behaviors): self.Behaviors = Behaviors 238 def get_Actions(self): return self.Actions 239 def set_Actions(self, Actions): self.Actions = Actions 240 def get_Objects(self): return self.Objects 241 def set_Objects(self, Objects): self.Objects = Objects 242 def get_Candidate_Indicators(self): return self.Candidate_Indicators 243 def set_Candidate_Indicators(self, Candidate_Indicators): self.Candidate_Indicators = Candidate_Indicators 244 def get_Collections(self): return self.Collections 245 def set_Collections(self, Collections): self.Collections = Collections 246 def get_defined_subject(self): return self.defined_subject 247 def set_defined_subject(self, defined_subject): self.defined_subject = defined_subject 248 def get_content_type(self): return self.content_type 249 def set_content_type(self, content_type): self.content_type = content_type 250 def get_id(self): return self.id 251 def set_id(self, id): self.id = id 252 def get_schema_version(self): return self.schema_version 253 def set_schema_version(self, schema_version): self.schema_version = schema_version 254 def get_timestamp(self): return self.timestamp 255 def set_timestamp(self, timestamp): self.timestamp = timestamp 256 def hasContent_(self): 257 if ( 258 self.Malware_Instance_Object_Attributes is not None or 259 self.AV_Classifications is not None or 260 self.Process_Tree is not None or 261 self.Capabilities is not None or 262 self.Behaviors is not None or 263 self.Actions is not None or 264 self.Objects is not None or 265 self.Candidate_Indicators is not None or 266 self.Collections is not None 267 ): 268 return True 269 else: 270 return False 271 def export(self, write, level, namespace_='maecBundle:', name_='MAEC_Bundle', namespacedef_='', pretty_print=True): 272 if pretty_print: 273 eol_ = '\n' 274 else: 275 eol_ = '' 276 showIndent(write, level, pretty_print) 277 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 278 already_processed = set() 279 self.exportAttributes(write, level, already_processed, namespace_, name_='MAEC_Bundle') 280 if self.hasContent_(): 281 write('>%s' % (eol_, )) 282 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 283 showIndent(write, level, pretty_print) 284 write('</%s%s>%s' % (namespace_, name_, eol_)) 285 else: 286 write('/>%s' % (eol_, )) 287 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='MAEC_Bundle'): 288 if self.defined_subject is not None and 'defined_subject' not in already_processed: 289 already_processed.add('defined_subject') 290 write(' defined_subject="%s"' % self.gds_format_boolean(self.defined_subject, input_name='defined_subject')) 291 if self.content_type is not None and 'content_type' not in already_processed: 292 already_processed.add('content_type') 293 write(' content_type=%s' % (quote_attrib(self.content_type), )) 294 if self.id is not None and 'id' not in already_processed: 295 already_processed.add('id') 296 write(' id=%s' % (quote_attrib(self.id), )) 297 if self.schema_version is not None and 'schema_version' not in already_processed: 298 already_processed.add('schema_version') 299 write(' schema_version=%s' % (quote_attrib(self.schema_version))) 300 if self.timestamp is not None and 'timestamp' not in already_processed: 301 already_processed.add('timestamp') 302 write(' timestamp="%s"' % self.gds_format_datetime(self.timestamp, input_name='timestamp')) 303 def exportChildren(self, write, level, namespace_='maecBundle:', name_='MAEC_Bundle', fromsubclass_=False, pretty_print=True): 304 if pretty_print: 305 eol_ = '\n' 306 else: 307 eol_ = '' 308 if self.Malware_Instance_Object_Attributes is not None: 309 self.Malware_Instance_Object_Attributes.export(write, level, 'maecBundle:', name_='Malware_Instance_Object_Attributes', pretty_print=pretty_print) 310 if self.AV_Classifications is not None: 311 self.AV_Classifications.export(write, level, 'maecBundle:', name_='AV_Classifications', pretty_print=pretty_print) 312 if self.Process_Tree is not None: 313 self.Process_Tree.export(write, level, 'maecBundle:', name_='Process_Tree', pretty_print=pretty_print) 314 if self.Capabilities is not None: 315 self.Capabilities.export(write, level, 'maecBundle:', name_='Capabilities', pretty_print=pretty_print) 316 if self.Behaviors is not None: 317 self.Behaviors.export(write, level, 'maecBundle:', name_='Behaviors', pretty_print=pretty_print) 318 if self.Actions is not None: 319 self.Actions.export(write, level, 'maecBundle:', name_='Actions', pretty_print=pretty_print) 320 if self.Objects is not None: 321 self.Objects.export(write, level, 'maecBundle:', name_='Objects', pretty_print=pretty_print) 322 if self.Candidate_Indicators is not None: 323 self.Candidate_Indicators.export(write, level, 'maecBundle:', name_='Candidate_Indicators', pretty_print=pretty_print) 324 if self.Collections is not None: 325 self.Collections.export(write, level, 'maecBundle:', name_='Collections', pretty_print=pretty_print) 326 def build(self, node): 327 self.__sourcenode__ = node 328 already_processed = set() 329 self.buildAttributes(node, node.attrib, already_processed) 330 for child in node: 331 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 332 self.buildChildren(child, node, nodeName_) 333 def buildAttributes(self, node, attrs, already_processed): 334 value = find_attr_value_('defined_subject', node) 335 if value is not None and 'defined_subject' not in already_processed: 336 already_processed.add('defined_subject') 337 if value in ('true', '1'): 338 self.defined_subject = True 339 elif value in ('false', '0'): 340 self.defined_subject = False 341 else: 342 raise_parse_error(node, 'Bad boolean attribute') 343 value = find_attr_value_('content_type', node) 344 if value is not None and 'content_type' not in already_processed: 345 already_processed.add('content_type') 346 self.content_type = value 347 value = find_attr_value_('id', node) 348 if value is not None and 'id' not in already_processed: 349 already_processed.add('id') 350 self.id = value 351 value = find_attr_value_('schema_version', node) 352 if value is not None and 'schema_version' not in already_processed: 353 already_processed.add('schema_version') 354 self.schema_version = value 355 value = find_attr_value_('timestamp', node) 356 if value is not None and 'timestamp' not in already_processed: 357 already_processed.add('timestamp') 358 try: 359 self.timestamp = self.gds_parse_datetime(value, node, 'timestamp') 360 except ValueError as exp: 361 raise ValueError('Bad date-time attribute (timestamp): %s' % exp) 362 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 363 if nodeName_ == 'Malware_Instance_Object_Attributes': 364 obj_ = cybox_core.ObjectType.factory() 365 obj_.build(child_) 366 self.set_Malware_Instance_Object_Attributes(obj_) 367 elif nodeName_ == 'AV_Classifications': 368 obj_ = AVClassificationsType.factory() 369 obj_.build(child_) 370 self.set_AV_Classifications(obj_) 371 elif nodeName_ == 'Process_Tree': 372 obj_ = ProcessTreeType.factory() 373 obj_.build(child_) 374 self.set_Process_Tree(obj_) 375 elif nodeName_ == 'Capabilities': 376 obj_ = CapabilityListType.factory() 377 obj_.build(child_) 378 self.set_Capabilities(obj_) 379 elif nodeName_ == 'Behaviors': 380 obj_ = BehaviorListType.factory() 381 obj_.build(child_) 382 self.set_Behaviors(obj_) 383 elif nodeName_ == 'Actions': 384 obj_ = ActionListType.factory() 385 obj_.build(child_) 386 self.set_Actions(obj_) 387 elif nodeName_ == 'Objects': 388 obj_ = ObjectListType.factory() 389 obj_.build(child_) 390 self.set_Objects(obj_) 391 elif nodeName_ == 'Candidate_Indicators': 392 obj_ = CandidateIndicatorListType.factory() 393 obj_.build(child_) 394 self.set_Candidate_Indicators(obj_) 395 elif nodeName_ == 'Collections': 396 obj_ = CollectionsType.factory() 397 obj_.build(child_) 398 self.set_Collections(obj_) 399# end class BundleType 400 401class APICallType(GeneratedsSuper): 402 """The APICallType provides a method for the characterization of API 403 calls, including functions and their parameters.The 404 function_name field contains the exact name of the API function 405 called, e.g. CreateFileEx.The normalized_function_name field 406 contains the normalized name of the API function called, e.g. 407 CreateFile.""" 408 subclass = None 409 superclass = None 410 def __init__(self, normalized_function_name=None, function_name=None, Address=None, Return_Value=None, Parameters=None): 411 self.normalized_function_name = _cast(None, normalized_function_name) 412 self.function_name = _cast(None, function_name) 413 self.Address = Address 414 self.Return_Value = Return_Value 415 self.Parameters = Parameters 416 def factory(*args_, **kwargs_): 417 if APICallType.subclass: 418 return APICallType.subclass(*args_, **kwargs_) 419 else: 420 return APICallType(*args_, **kwargs_) 421 factory = staticmethod(factory) 422 def get_Address(self): return self.Address 423 def set_Address(self, Address): self.Address = Address 424 def get_Return_Value(self): return self.Return_Value 425 def set_Return_Value(self, Return_Value): self.Return_Value = Return_Value 426 def get_Parameters(self): return self.Parameters 427 def set_Parameters(self, Parameters): self.Parameters = Parameters 428 def get_normalized_function_name(self): return self.normalized_function_name 429 def set_normalized_function_name(self, normalized_function_name): self.normalized_function_name = normalized_function_name 430 def get_function_name(self): return self.function_name 431 def set_function_name(self, function_name): self.function_name = function_name 432 def hasContent_(self): 433 if ( 434 self.Address is not None or 435 self.Return_Value is not None or 436 self.Parameters is not None 437 ): 438 return True 439 else: 440 return False 441 def export(self, write, level, namespace_='maecBundle:', name_='APICallType', namespacedef_='', pretty_print=True): 442 if pretty_print: 443 eol_ = '\n' 444 else: 445 eol_ = '' 446 showIndent(write, level, pretty_print) 447 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 448 already_processed = set() 449 self.exportAttributes(write, level, already_processed, namespace_, name_='APICallType') 450 if self.hasContent_(): 451 write('>%s' % (eol_, )) 452 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 453 showIndent(write, level, pretty_print) 454 write('</%s%s>%s' % (namespace_, name_, eol_)) 455 else: 456 write('/>%s' % (eol_, )) 457 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='APICallType'): 458 if self.normalized_function_name is not None and 'normalized_function_name' not in already_processed: 459 already_processed.add('normalized_function_name') 460 write(' normalized_function_name=%s' % (quote_attrib(self.normalized_function_name))) 461 if self.function_name is not None and 'function_name' not in already_processed: 462 already_processed.add('function_name') 463 write(' function_name=%s' % (quote_attrib(self.function_name))) 464 def exportChildren(self, write, level, namespace_='maecBundle:', name_='APICallType', fromsubclass_=False, pretty_print=True): 465 if pretty_print: 466 eol_ = '\n' 467 else: 468 eol_ = '' 469 if self.Address is not None: 470 showIndent(write, level, pretty_print) 471 write('<%sAddress>%s</%sAddress>%s' % ('maecBundle:', quote_xml(self.Address), 'maecBundle:', eol_)) 472 if self.Return_Value is not None: 473 showIndent(write, level, pretty_print) 474 write('<%sReturn_Value>%s</%sReturn_Value>%s' % ('maecBundle:', quote_xml(self.Return_Value), 'maecBundle:', eol_)) 475 if self.Parameters is not None: 476 self.Parameters.export(write, level, 'maecBundle:', name_='Parameters', pretty_print=pretty_print) 477 def build(self, node): 478 self.__sourcenode__ = node 479 already_processed = set() 480 self.buildAttributes(node, node.attrib, already_processed) 481 for child in node: 482 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 483 self.buildChildren(child, node, nodeName_) 484 def buildAttributes(self, node, attrs, already_processed): 485 value = find_attr_value_('normalized_function_name', node) 486 if value is not None and 'normalized_function_name' not in already_processed: 487 already_processed.add('normalized_function_name') 488 self.normalized_function_name = value 489 value = find_attr_value_('function_name', node) 490 if value is not None and 'function_name' not in already_processed: 491 already_processed.add('function_name') 492 self.function_name = value 493 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 494 if nodeName_ == 'Address': 495 Address_ = child_.text 496 Address_ = self.gds_validate_string(Address_, node, 'Address') 497 self.Address = Address_ 498 elif nodeName_ == 'Return_Value': 499 Return_Value_ = child_.text 500 Return_Value_ = self.gds_validate_string(Return_Value_, node, 'Return_Value') 501 self.Return_Value = Return_Value_ 502 elif nodeName_ == 'Parameters': 503 obj_ = ParameterListType.factory() 504 obj_.build(child_) 505 self.set_Parameters(obj_) 506# end class APICallType 507 508class ActionImplementationType(GeneratedsSuper): 509 """The ActionImplementationType serves as a method for the 510 characterization of Action Implementations. Currently supported 511 are implementations achieved through API function calls and 512 abstractly defined code. The id field specifies a unique ID for 513 this Action Implementation. The ID must follow the pattern 514 defined in the ActionImpIDPattern simple type. The required type 515 field refers to the type of Action Implementation being 516 characterized in this element.""" 517 subclass = None 518 superclass = None 519 def __init__(self, type_=None, id=None, Compatible_Platforms=None, API_Call=None, Code=None): 520 self.type_ = _cast(None, type_) 521 self.id = _cast(None, id) 522 self.Compatible_Platforms = Compatible_Platforms 523 self.API_Call = API_Call 524 if Code is None: 525 self.Code = [] 526 else: 527 self.Code = Code 528 def factory(*args_, **kwargs_): 529 if ActionImplementationType.subclass: 530 return ActionImplementationType.subclass(*args_, **kwargs_) 531 else: 532 return ActionImplementationType(*args_, **kwargs_) 533 factory = staticmethod(factory) 534 def get_Compatible_Platforms(self): return self.Compatible_Platforms 535 def set_Compatible_Platforms(self, Compatible_Platforms): self.Compatible_Platforms = Compatible_Platforms 536 def get_API_Call(self): return self.API_Call 537 def set_API_Call(self, API_Call): self.API_Call = API_Call 538 def get_Code(self): return self.Code 539 def set_Code(self, Code): self.Code = Code 540 def add_Code(self, value): self.Code.append(value) 541 def insert_Code(self, index, value): self.Code[index] = value 542 def get_type(self): return self.type_ 543 def set_type(self, type_): self.type_ = type_ 544 def get_id(self): return self.id 545 def set_id(self, id): self.id = id 546 def hasContent_(self): 547 if ( 548 self.Compatible_Platforms is not None or 549 self.API_Call is not None or 550 self.Code 551 ): 552 return True 553 else: 554 return False 555 def export(self, write, level, namespace_='maecBundle:', name_='ActionImplementationType', namespacedef_='', pretty_print=True): 556 if pretty_print: 557 eol_ = '\n' 558 else: 559 eol_ = '' 560 showIndent(write, level, pretty_print) 561 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 562 already_processed = set() 563 self.exportAttributes(write, level, already_processed, namespace_, name_='ActionImplementationType') 564 if self.hasContent_(): 565 write('>%s' % (eol_, )) 566 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 567 showIndent(write, level, pretty_print) 568 write('</%s%s>%s' % (namespace_, name_, eol_)) 569 else: 570 write('/>%s' % (eol_, )) 571 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='ActionImplementationType'): 572 if self.type_ is not None and 'type_' not in already_processed: 573 already_processed.add('type_') 574 write(' type=%s' % (quote_attrib(self.type_), )) 575 if self.id is not None and 'id' not in already_processed: 576 already_processed.add('id') 577 write(' id=%s' % (quote_attrib(self.id), )) 578 def exportChildren(self, write, level, namespace_='maecBundle:', name_='ActionImplementationType', fromsubclass_=False, pretty_print=True): 579 if pretty_print: 580 eol_ = '\n' 581 else: 582 eol_ = '' 583 if self.Compatible_Platforms is not None: 584 self.Compatible_Platforms.export(write, level, 'maecBundle:', name_='Compatible_Platforms', pretty_print=pretty_print) 585 if self.API_Call is not None: 586 self.API_Call.export(write, level, 'maecBundle:', name_='API_Call', pretty_print=pretty_print) 587 for Code_ in self.Code: 588 Code_.export(write, level, 'maecBundle:', name_='Code', pretty_print=pretty_print) 589 def build(self, node): 590 self.__sourcenode__ = node 591 already_processed = set() 592 self.buildAttributes(node, node.attrib, already_processed) 593 for child in node: 594 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 595 self.buildChildren(child, node, nodeName_) 596 def buildAttributes(self, node, attrs, already_processed): 597 value = find_attr_value_('type', node) 598 if value is not None and 'type' not in already_processed: 599 already_processed.add('type') 600 self.type_ = value 601 value = find_attr_value_('id', node) 602 if value is not None and 'id' not in already_processed: 603 already_processed.add('id') 604 self.id = value 605 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 606 if nodeName_ == 'Compatible_Platforms': 607 obj_ = PlatformListType.factory() 608 obj_.build(child_) 609 self.set_Compatible_Platforms(obj_) 610 elif nodeName_ == 'API_Call': 611 obj_ = APICallType.factory() 612 obj_.build(child_) 613 self.set_API_Call(obj_) 614 elif nodeName_ == 'Code': 615 obj_ = code_object.CodeObjectType.factory() 616 obj_.build(child_) 617 self.Code.append(obj_) 618# end class ActionImplementationType 619 620class CVEVulnerabilityType(GeneratedsSuper): 621 """The CVEVulnerabilityType provides a way of referencing specific 622 vulnerabilities that malware exploits or attempts to exploit via 623 a Common Vulnerabilities and Exposures (CVE) identifier. For 624 more information on CVE please see http://cve.mitre.org. The 625 cve_id attribute contains the ID of the CVE that is being 626 referenced, e.g., CVE-1999-0002.""" 627 subclass = None 628 superclass = None 629 def __init__(self, cve_id=None, Description=None): 630 self.cve_id = _cast(None, cve_id) 631 self.Description = Description 632 def factory(*args_, **kwargs_): 633 if CVEVulnerabilityType.subclass: 634 return CVEVulnerabilityType.subclass(*args_, **kwargs_) 635 else: 636 return CVEVulnerabilityType(*args_, **kwargs_) 637 factory = staticmethod(factory) 638 def get_Description(self): return self.Description 639 def set_Description(self, Description): self.Description = Description 640 def get_cve_id(self): return self.cve_id 641 def set_cve_id(self, cve_id): self.cve_id = cve_id 642 def hasContent_(self): 643 if ( 644 self.Description is not None 645 ): 646 return True 647 else: 648 return False 649 def export(self, write, level, namespace_='maecBundle:', name_='CVEVulnerabilityType', namespacedef_='', pretty_print=True): 650 if pretty_print: 651 eol_ = '\n' 652 else: 653 eol_ = '' 654 showIndent(write, level, pretty_print) 655 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 656 already_processed = set() 657 self.exportAttributes(write, level, already_processed, namespace_, name_='CVEVulnerabilityType') 658 if self.hasContent_(): 659 write('>%s' % (eol_, )) 660 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 661 showIndent(write, level, pretty_print) 662 write('</%s%s>%s' % (namespace_, name_, eol_)) 663 else: 664 write('/>%s' % (eol_, )) 665 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='CVEVulnerabilityType'): 666 if self.cve_id is not None and 'cve_id' not in already_processed: 667 already_processed.add('cve_id') 668 write(' cve_id=%s' % (quote_attrib(self.cve_id))) 669 def exportChildren(self, write, level, namespace_='maecBundle:', name_='CVEVulnerabilityType', fromsubclass_=False, pretty_print=True): 670 if pretty_print: 671 eol_ = '\n' 672 else: 673 eol_ = '' 674 if self.Description is not None: 675 showIndent(write, level, pretty_print) 676 write('<%sDescription>%s</%sDescription>%s' % ('maecBundle:', quote_xml(self.Description), 'maecBundle:', eol_)) 677 def build(self, node): 678 self.__sourcenode__ = node 679 already_processed = set() 680 self.buildAttributes(node, node.attrib, already_processed) 681 for child in node: 682 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 683 self.buildChildren(child, node, nodeName_) 684 def buildAttributes(self, node, attrs, already_processed): 685 value = find_attr_value_('cve_id', node) 686 if value is not None and 'cve_id' not in already_processed: 687 already_processed.add('cve_id') 688 self.cve_id = value 689 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 690 if nodeName_ == 'Description': 691 Description_ = child_.text 692 Description_ = self.gds_validate_string(Description_, node, 'Description') 693 self.Description = Description_ 694# end class CVEVulnerabilityType 695 696class BaseCollectionType(GeneratedsSuper): 697 """The BaseCollectionType is the base type for other MAEC collection 698 types.The name field specifies the name of the collection.""" 699 subclass = None 700 superclass = None 701 def __init__(self, name=None, Affinity_Type=None, Affinity_Degree=None, Description=None, extensiontype_=None): 702 self.name = _cast(None, name) 703 self.Affinity_Type = Affinity_Type 704 self.Affinity_Degree = Affinity_Degree 705 self.Description = Description 706 self.extensiontype_ = extensiontype_ 707 def factory(*args_, **kwargs_): 708 if BaseCollectionType.subclass: 709 return BaseCollectionType.subclass(*args_, **kwargs_) 710 else: 711 return BaseCollectionType(*args_, **kwargs_) 712 factory = staticmethod(factory) 713 def get_Affinity_Type(self): return self.Affinity_Type 714 def set_Affinity_Type(self, Affinity_Type): self.Affinity_Type = Affinity_Type 715 def get_Affinity_Degree(self): return self.Affinity_Degree 716 def set_Affinity_Degree(self, Affinity_Degree): self.Affinity_Degree = Affinity_Degree 717 def get_Description(self): return self.Description 718 def set_Description(self, Description): self.Description = Description 719 def get_name(self): return self.name 720 def set_name(self, name): self.name = name 721 def get_extensiontype_(self): return self.extensiontype_ 722 def set_extensiontype_(self, extensiontype_): self.extensiontype_ = extensiontype_ 723 def hasContent_(self): 724 if ( 725 self.Affinity_Type is not None or 726 self.Affinity_Degree is not None or 727 self.Description is not None 728 ): 729 return True 730 else: 731 return False 732 def export(self, write, level, namespace_='maecBundle:', name_='BaseCollectionType', namespacedef_='', pretty_print=True): 733 if pretty_print: 734 eol_ = '\n' 735 else: 736 eol_ = '' 737 showIndent(write, level, pretty_print) 738 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 739 already_processed = set() 740 self.exportAttributes(write, level, already_processed, namespace_, name_='BaseCollectionType') 741 if self.hasContent_(): 742 write('>%s' % (eol_, )) 743 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 744 showIndent(write, level, pretty_print) 745 write('</%s%s>%s' % (namespace_, name_, eol_)) 746 else: 747 write('/>%s' % (eol_, )) 748 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='BaseCollectionType'): 749 if self.name is not None and 'name' not in already_processed: 750 already_processed.add('name') 751 write(' name=%s' % (quote_attrib(self.name))) 752 if self.extensiontype_ is not None and 'xsi:type' not in already_processed: 753 already_processed.add('xsi:type') 754 write(' xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"') 755 write(' xsi:type="%s"' % self.extensiontype_) 756 def exportChildren(self, write, level, namespace_='maecBundle:', name_='BaseCollectionType', fromsubclass_=False, pretty_print=True): 757 if pretty_print: 758 eol_ = '\n' 759 else: 760 eol_ = '' 761 if self.Affinity_Type is not None: 762 showIndent(write, level, pretty_print) 763 write('<%sAffinity_Type>%s</%sAffinity_Type>%s' % ('maecBundle:', quote_xml(self.Affinity_Type), 'maecBundle:', eol_)) 764 if self.Affinity_Degree is not None: 765 showIndent(write, level, pretty_print) 766 write('<%sAffinity_Degree>%s</%sAffinity_Degree>%s' % ('maecBundle:', quote_xml(self.Affinity_Degree), 'maecBundle:', eol_)) 767 if self.Description is not None: 768 showIndent(write, level, pretty_print) 769 write('<%sDescription>%s</%sDescription>%s' % ('maecBundle:', quote_xml(self.Description), 'maecBundle:', eol_)) 770 def build(self, node): 771 self.__sourcenode__ = node 772 already_processed = set() 773 self.buildAttributes(node, node.attrib, already_processed) 774 for child in node: 775 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 776 self.buildChildren(child, node, nodeName_) 777 def buildAttributes(self, node, attrs, already_processed): 778 value = find_attr_value_('name', node) 779 if value is not None and 'name' not in already_processed: 780 already_processed.add('name') 781 self.name = value 782 value = find_attr_value_('xsi:type', node) 783 if value is not None and 'xsi:type' not in already_processed: 784 already_processed.add('xsi:type') 785 self.extensiontype_ = value 786 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 787 if nodeName_ == 'Affinity_Type': 788 Affinity_Type_ = child_.text 789 Affinity_Type_ = self.gds_validate_string(Affinity_Type_, node, 'Affinity_Type') 790 self.Affinity_Type = Affinity_Type_ 791 elif nodeName_ == 'Affinity_Degree': 792 Affinity_Degree_ = child_.text 793 Affinity_Degree_ = self.gds_validate_string(Affinity_Degree_, node, 'Affinity_Degree') 794 self.Affinity_Degree = Affinity_Degree_ 795 elif nodeName_ == 'Description': 796 Description_ = child_.text 797 Description_ = self.gds_validate_string(Description_, node, 'Description') 798 self.Description = Description_ 799# end class BaseCollectionType 800 801class BehaviorRelationshipType(GeneratedsSuper): 802 """The BehaviorRelationshipType provides a method for the 803 characterization of relationships between Behaviors. The type 804 field specifies the nature of the relationship between Behaviors 805 that is being captured.""" 806 subclass = None 807 superclass = None 808 def __init__(self, type_=None, Behavior_Reference=None): 809 self.type_ = _cast(None, type_) 810 if Behavior_Reference is None: 811 self.Behavior_Reference = [] 812 else: 813 self.Behavior_Reference = Behavior_Reference 814 def factory(*args_, **kwargs_): 815 if BehaviorRelationshipType.subclass: 816 return BehaviorRelationshipType.subclass(*args_, **kwargs_) 817 else: 818 return BehaviorRelationshipType(*args_, **kwargs_) 819 factory = staticmethod(factory) 820 def get_Behavior_Reference(self): return self.Behavior_Reference 821 def set_Behavior_Reference(self, Behavior_Reference): self.Behavior_Reference = Behavior_Reference 822 def add_Behavior_Reference(self, value): self.Behavior_Reference.append(value) 823 def insert_Behavior_Reference(self, index, value): self.Behavior_Reference[index] = value 824 def get_type(self): return self.type_ 825 def set_type(self, type_): self.type_ = type_ 826 def hasContent_(self): 827 if ( 828 self.Behavior_Reference 829 ): 830 return True 831 else: 832 return False 833 def export(self, write, level, namespace_='maecBundle:', name_='BehaviorRelationshipType', namespacedef_='', pretty_print=True): 834 if pretty_print: 835 eol_ = '\n' 836 else: 837 eol_ = '' 838 showIndent(write, level, pretty_print) 839 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 840 already_processed = set() 841 self.exportAttributes(write, level, already_processed, namespace_, name_='BehaviorRelationshipType') 842 if self.hasContent_(): 843 write('>%s' % (eol_, )) 844 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 845 showIndent(write, level, pretty_print) 846 write('</%s%s>%s' % (namespace_, name_, eol_)) 847 else: 848 write('/>%s' % (eol_, )) 849 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='BehaviorRelationshipType'): 850 if self.type_ is not None and 'type_' not in already_processed: 851 already_processed.add('type_') 852 write(' type=%s' % (quote_attrib(self.type_), )) 853 def exportChildren(self, write, level, namespace_='maecBundle:', name_='BehaviorRelationshipType', fromsubclass_=False, pretty_print=True): 854 if pretty_print: 855 eol_ = '\n' 856 else: 857 eol_ = '' 858 for Behavior_Reference_ in self.Behavior_Reference: 859 Behavior_Reference_.export(write, level, 'maecBundle:', name_='Behavior_Reference', pretty_print=pretty_print) 860 def build(self, node): 861 self.__sourcenode__ = node 862 already_processed = set() 863 self.buildAttributes(node, node.attrib, already_processed) 864 for child in node: 865 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 866 self.buildChildren(child, node, nodeName_) 867 def buildAttributes(self, node, attrs, already_processed): 868 value = find_attr_value_('type', node) 869 if value is not None and 'type' not in already_processed: 870 already_processed.add('type') 871 self.type_ = value 872 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 873 if nodeName_ == 'Behavior_Reference': 874 obj_ = BehaviorReferenceType.factory() 875 obj_.build(child_) 876 self.Behavior_Reference.append(obj_) 877# end class BehaviorRelationshipType 878 879class AVClassificationsType(GeneratedsSuper): 880 """The AVClassificationsType captures any Anti-Virus (AV) tool 881 classifications for an Object.""" 882 subclass = None 883 superclass = None 884 def __init__(self, AV_Classification=None): 885 if AV_Classification is None: 886 self.AV_Classification = [] 887 else: 888 self.AV_Classification = AV_Classification 889 def factory(*args_, **kwargs_): 890 if AVClassificationsType.subclass: 891 return AVClassificationsType.subclass(*args_, **kwargs_) 892 else: 893 return AVClassificationsType(*args_, **kwargs_) 894 factory = staticmethod(factory) 895 def get_AV_Classification(self): return self.AV_Classification 896 def set_AV_Classification(self, AV_Classification): self.AV_Classification = AV_Classification 897 def add_AV_Classification(self, value): self.AV_Classification.append(value) 898 def insert_AV_Classification(self, index, value): self.AV_Classification[index] = value 899 def hasContent_(self): 900 if ( 901 self.AV_Classification 902 ): 903 return True 904 else: 905 return False 906 def export(self, write, level, namespace_='maecBundle:', name_='AVClassificationsType', namespacedef_='', pretty_print=True): 907 if pretty_print: 908 eol_ = '\n' 909 else: 910 eol_ = '' 911 showIndent(write, level, pretty_print) 912 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 913 already_processed = set() 914 self.exportAttributes(write, level, already_processed, namespace_, name_='AVClassificationsType') 915 if self.hasContent_(): 916 write('>%s' % (eol_, )) 917 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 918 showIndent(write, level, pretty_print) 919 write('</%s%s>%s' % (namespace_, name_, eol_)) 920 else: 921 write('/>%s' % (eol_, )) 922 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='AVClassificationsType'): 923 pass 924 def exportChildren(self, write, level, namespace_='maecBundle:', name_='AVClassificationsType', fromsubclass_=False, pretty_print=True): 925 if pretty_print: 926 eol_ = '\n' 927 else: 928 eol_ = '' 929 for AV_Classification_ in self.AV_Classification: 930 AV_Classification_.export(write, level, 'maecBundle:', name_='AV_Classification', pretty_print=pretty_print) 931 def build(self, node): 932 self.__sourcenode__ = node 933 already_processed = set() 934 self.buildAttributes(node, node.attrib, already_processed) 935 for child in node: 936 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 937 self.buildChildren(child, node, nodeName_) 938 def buildAttributes(self, node, attrs, already_processed): 939 pass 940 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 941 if nodeName_ == 'AV_Classification': 942 obj_ = AVClassificationType.factory() 943 obj_.build(child_) 944 self.AV_Classification.append(obj_) 945# end class AVClassificationsType 946 947class ParameterType(GeneratedsSuper): 948 """The ParameterType characterizes function parameters.This field 949 refers to the ordinal position of the parameter with respect to 950 the function where it is used.The name field specifies the name 951 of the parameter.The value field specifies the actual value of 952 the parameter.""" 953 subclass = None 954 superclass = None 955 def __init__(self, ordinal_position=None, name=None, value=None): 956 self.ordinal_position = _cast(int, ordinal_position) 957 self.name = _cast(None, name) 958 self.value = _cast(None, value) 959 pass 960 def factory(*args_, **kwargs_): 961 if ParameterType.subclass: 962 return ParameterType.subclass(*args_, **kwargs_) 963 else: 964 return ParameterType(*args_, **kwargs_) 965 factory = staticmethod(factory) 966 def get_ordinal_position(self): return self.ordinal_position 967 def set_ordinal_position(self, ordinal_position): self.ordinal_position = ordinal_position 968 def get_name(self): return self.name 969 def set_name(self, name): self.name = name 970 def get_value(self): return self.value 971 def set_value(self, value): self.value = value 972 def hasContent_(self): 973 if ( 974 975 ): 976 return True 977 else: 978 return False 979 def export(self, write, level, namespace_='maecBundle:', name_='ParameterType', namespacedef_='', pretty_print=True): 980 if pretty_print: 981 eol_ = '\n' 982 else: 983 eol_ = '' 984 showIndent(write, level, pretty_print) 985 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 986 already_processed = set() 987 self.exportAttributes(write, level, already_processed, namespace_, name_='ParameterType') 988 if self.hasContent_(): 989 write('>%s' % (eol_, )) 990 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 991 write('</%s%s>%s' % (namespace_, name_, eol_)) 992 else: 993 write('/>%s' % (eol_, )) 994 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='ParameterType'): 995 if self.ordinal_position is not None and 'ordinal_position' not in already_processed: 996 already_processed.add('ordinal_position') 997 write(' ordinal_position="%s"' % self.gds_format_integer(self.ordinal_position, input_name='ordinal_position')) 998 if self.name is not None and 'name' not in already_processed: 999 already_processed.add('name') 1000 write(' name=%s' % (quote_attrib(self.name))) 1001 if self.value is not None and 'value' not in already_processed: 1002 already_processed.add('value') 1003 write(' value=%s' % (quote_attrib(self.value))) 1004 def exportChildren(self, write, level, namespace_='maecBundle:', name_='ParameterType', fromsubclass_=False, pretty_print=True): 1005 pass 1006 def build(self, node): 1007 self.__sourcenode__ = node 1008 already_processed = set() 1009 self.buildAttributes(node, node.attrib, already_processed) 1010 for child in node: 1011 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 1012 self.buildChildren(child, node, nodeName_) 1013 def buildAttributes(self, node, attrs, already_processed): 1014 value = find_attr_value_('ordinal_position', node) 1015 if value is not None and 'ordinal_position' not in already_processed: 1016 already_processed.add('ordinal_position') 1017 try: 1018 self.ordinal_position = int(value) 1019 except ValueError as exp: 1020 raise_parse_error(node, 'Bad integer attribute: %s' % exp) 1021 if self.ordinal_position <= 0: 1022 raise_parse_error(node, 'Invalid PositiveInteger') 1023 value = find_attr_value_('name', node) 1024 if value is not None and 'name' not in already_processed: 1025 already_processed.add('name') 1026 self.name = value 1027 value = find_attr_value_('value', node) 1028 if value is not None and 'value' not in already_processed: 1029 already_processed.add('value') 1030 self.value = value 1031 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 1032 pass 1033# end class ParameterType 1034 1035class ParameterListType(GeneratedsSuper): 1036 """The ParametersType captures a list of function parameters.""" 1037 subclass = None 1038 superclass = None 1039 def __init__(self, Parameter=None): 1040 if Parameter is None: 1041 self.Parameter = [] 1042 else: 1043 self.Parameter = Parameter 1044 def factory(*args_, **kwargs_): 1045 if ParameterListType.subclass: 1046 return ParameterListType.subclass(*args_, **kwargs_) 1047 else: 1048 return ParameterListType(*args_, **kwargs_) 1049 factory = staticmethod(factory) 1050 def get_Parameter(self): return self.Parameter 1051 def set_Parameter(self, Parameter): self.Parameter = Parameter 1052 def add_Parameter(self, value): self.Parameter.append(value) 1053 def insert_Parameter(self, index, value): self.Parameter[index] = value 1054 def hasContent_(self): 1055 if ( 1056 self.Parameter 1057 ): 1058 return True 1059 else: 1060 return False 1061 def export(self, write, level, namespace_='maecBundle:', name_='ParameterListType', namespacedef_='', pretty_print=True): 1062 if pretty_print: 1063 eol_ = '\n' 1064 else: 1065 eol_ = '' 1066 showIndent(write, level, pretty_print) 1067 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 1068 already_processed = set() 1069 self.exportAttributes(write, level, already_processed, namespace_, name_='ParameterListType') 1070 if self.hasContent_(): 1071 write('>%s' % (eol_, )) 1072 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 1073 showIndent(write, level, pretty_print) 1074 write('</%s%s>%s' % (namespace_, name_, eol_)) 1075 else: 1076 write('/>%s' % (eol_, )) 1077 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='ParameterListType'): 1078 pass 1079 def exportChildren(self, write, level, namespace_='maecBundle:', name_='ParameterListType', fromsubclass_=False, pretty_print=True): 1080 if pretty_print: 1081 eol_ = '\n' 1082 else: 1083 eol_ = '' 1084 for Parameter_ in self.Parameter: 1085 Parameter_.export(write, level, 'maecBundle:', name_='Parameter', pretty_print=pretty_print) 1086 def build(self, node): 1087 self.__sourcenode__ = node 1088 already_processed = set() 1089 self.buildAttributes(node, node.attrib, already_processed) 1090 for child in node: 1091 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 1092 self.buildChildren(child, node, nodeName_) 1093 def buildAttributes(self, node, attrs, already_processed): 1094 pass 1095 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 1096 if nodeName_ == 'Parameter': 1097 obj_ = ParameterType.factory() 1098 obj_.build(child_) 1099 self.Parameter.append(obj_) 1100# end class ParameterListType 1101 1102class AssociatedCodeType(GeneratedsSuper): 1103 """The AssociatedCodeType serves as generic way of specifying any code 1104 snippets associated with a MAEC entity, such as a Behavior.""" 1105 subclass = None 1106 superclass = None 1107 def __init__(self, Code_Snippet=None): 1108 if Code_Snippet is None: 1109 self.Code_Snippet = [] 1110 else: 1111 self.Code_Snippet = Code_Snippet 1112 def factory(*args_, **kwargs_): 1113 if AssociatedCodeType.subclass: 1114 return AssociatedCodeType.subclass(*args_, **kwargs_) 1115 else: 1116 return AssociatedCodeType(*args_, **kwargs_) 1117 factory = staticmethod(factory) 1118 def get_Code_Snippet(self): return self.Code_Snippet 1119 def set_Code_Snippet(self, Code_Snippet): self.Code_Snippet = Code_Snippet 1120 def add_Code_Snippet(self, value): self.Code_Snippet.append(value) 1121 def insert_Code_Snippet(self, index, value): self.Code_Snippet[index] = value 1122 def hasContent_(self): 1123 if ( 1124 self.Code_Snippet 1125 ): 1126 return True 1127 else: 1128 return False 1129 def export(self, write, level, namespace_='maecBundle:', name_='AssociatedCodeType', namespacedef_='', pretty_print=True): 1130 if pretty_print: 1131 eol_ = '\n' 1132 else: 1133 eol_ = '' 1134 showIndent(write, level, pretty_print) 1135 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 1136 already_processed = set() 1137 self.exportAttributes(write, level, already_processed, namespace_, name_='AssociatedCodeType') 1138 if self.hasContent_(): 1139 write('>%s' % (eol_, )) 1140 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 1141 showIndent(write, level, pretty_print) 1142 write('</%s%s>%s' % (namespace_, name_, eol_)) 1143 else: 1144 write('/>%s' % (eol_, )) 1145 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='AssociatedCodeType'): 1146 pass 1147 def exportChildren(self, write, level, namespace_='maecBundle:', name_='AssociatedCodeType', fromsubclass_=False, pretty_print=True): 1148 if pretty_print: 1149 eol_ = '\n' 1150 else: 1151 eol_ = '' 1152 for Code_Snippet_ in self.Code_Snippet: 1153 Code_Snippet_.export(write, level, 'maecBundle:', name_='Code_Snippet', pretty_print=pretty_print) 1154 def build(self, node): 1155 self.__sourcenode__ = node 1156 already_processed = set() 1157 self.buildAttributes(node, node.attrib, already_processed) 1158 for child in node: 1159 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 1160 self.buildChildren(child, node, nodeName_) 1161 def buildAttributes(self, node, attrs, already_processed): 1162 pass 1163 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 1164 if nodeName_ == 'Code_Snippet': 1165 obj_ = code_object.CodeObjectType.factory() 1166 obj_.build(child_) 1167 self.Code_Snippet.append(obj_) 1168# end class AssociatedCodeType 1169 1170class BehaviorPurposeType(GeneratedsSuper): 1171 """The BehaviorPurposeType captures the purpose behind a malware 1172 Behavior.""" 1173 subclass = None 1174 superclass = None 1175 def __init__(self, Description=None, Vulnerability_Exploit=None): 1176 self.Description = Description 1177 self.Vulnerability_Exploit = Vulnerability_Exploit 1178 def factory(*args_, **kwargs_): 1179 if BehaviorPurposeType.subclass: 1180 return BehaviorPurposeType.subclass(*args_, **kwargs_) 1181 else: 1182 return BehaviorPurposeType(*args_, **kwargs_) 1183 factory = staticmethod(factory) 1184 def get_Description(self): return self.Description 1185 def set_Description(self, Description): self.Description = Description 1186 def get_Vulnerability_Exploit(self): return self.Vulnerability_Exploit 1187 def set_Vulnerability_Exploit(self, Vulnerability_Exploit): self.Vulnerability_Exploit = Vulnerability_Exploit 1188 def hasContent_(self): 1189 if ( 1190 self.Description is not None or 1191 self.Vulnerability_Exploit is not None 1192 ): 1193 return True 1194 else: 1195 return False 1196 def export(self, write, level, namespace_='maecBundle:', name_='BehaviorPurposeType', namespacedef_='', pretty_print=True): 1197 if pretty_print: 1198 eol_ = '\n' 1199 else: 1200 eol_ = '' 1201 showIndent(write, level, pretty_print) 1202 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 1203 already_processed = set() 1204 self.exportAttributes(write, level, already_processed, namespace_, name_='BehaviorPurposeType') 1205 if self.hasContent_(): 1206 write('>%s' % (eol_, )) 1207 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 1208 showIndent(write, level, pretty_print) 1209 write('</%s%s>%s' % (namespace_, name_, eol_)) 1210 else: 1211 write('/>%s' % (eol_, )) 1212 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='BehaviorPurposeType'): 1213 pass 1214 def exportChildren(self, write, level, namespace_='maecBundle:', name_='BehaviorPurposeType', fromsubclass_=False, pretty_print=True): 1215 if pretty_print: 1216 eol_ = '\n' 1217 else: 1218 eol_ = '' 1219 if self.Description is not None: 1220 showIndent(write, level, pretty_print) 1221 write('<%sDescription>%s</%sDescription>%s' % ('maecBundle:', quote_xml(self.Description), 'maecBundle:', eol_)) 1222 if self.Vulnerability_Exploit is not None: 1223 self.Vulnerability_Exploit.export(write, level, 'maecBundle:', name_='Vulnerability_Exploit', pretty_print=pretty_print) 1224 def build(self, node): 1225 self.__sourcenode__ = node 1226 already_processed = set() 1227 self.buildAttributes(node, node.attrib, already_processed) 1228 for child in node: 1229 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 1230 self.buildChildren(child, node, nodeName_) 1231 def buildAttributes(self, node, attrs, already_processed): 1232 pass 1233 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 1234 if nodeName_ == 'Description': 1235 Description_ = child_.text 1236 Description_ = self.gds_validate_string(Description_, node, 'Description') 1237 self.Description = Description_ 1238 elif nodeName_ == 'Vulnerability_Exploit': 1239 obj_ = ExploitType.factory() 1240 obj_.build(child_) 1241 self.set_Vulnerability_Exploit(obj_) 1242# end class BehaviorPurposeType 1243 1244class PlatformListType(GeneratedsSuper): 1245 """The PlatformListType captures a list of software or hardware 1246 platforms.""" 1247 subclass = None 1248 superclass = None 1249 def __init__(self, Platform=None): 1250 if Platform is None: 1251 self.Platform = [] 1252 else: 1253 self.Platform = Platform 1254 def factory(*args_, **kwargs_): 1255 if PlatformListType.subclass: 1256 return PlatformListType.subclass(*args_, **kwargs_) 1257 else: 1258 return PlatformListType(*args_, **kwargs_) 1259 factory = staticmethod(factory) 1260 def get_Platform(self): return self.Platform 1261 def set_Platform(self, Platform): self.Platform = Platform 1262 def add_Platform(self, value): self.Platform.append(value) 1263 def insert_Platform(self, index, value): self.Platform[index] = value 1264 def hasContent_(self): 1265 if ( 1266 self.Platform 1267 ): 1268 return True 1269 else: 1270 return False 1271 def export(self, write, level, namespace_='maecBundle:', name_='PlatformListType', namespacedef_='', pretty_print=True): 1272 if pretty_print: 1273 eol_ = '\n' 1274 else: 1275 eol_ = '' 1276 showIndent(write, level, pretty_print) 1277 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 1278 already_processed = set() 1279 self.exportAttributes(write, level, already_processed, namespace_, name_='PlatformListType') 1280 if self.hasContent_(): 1281 write('>%s' % (eol_, )) 1282 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 1283 showIndent(write, level, pretty_print) 1284 write('</%s%s>%s' % (namespace_, name_, eol_)) 1285 else: 1286 write('/>%s' % (eol_, )) 1287 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='PlatformListType'): 1288 pass 1289 def exportChildren(self, write, level, namespace_='maecBundle:', name_='PlatformListType', fromsubclass_=False, pretty_print=True): 1290 if pretty_print: 1291 eol_ = '\n' 1292 else: 1293 eol_ = '' 1294 for Platform_ in self.Platform: 1295 Platform_.export(write, level, 'maecBundle:', name_='Platform', pretty_print=pretty_print) 1296 def build(self, node): 1297 self.__sourcenode__ = node 1298 already_processed = set() 1299 self.buildAttributes(node, node.attrib, already_processed) 1300 for child in node: 1301 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 1302 self.buildChildren(child, node, nodeName_) 1303 def buildAttributes(self, node, attrs, already_processed): 1304 pass 1305 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 1306 if nodeName_ == 'Platform': 1307 obj_ = cybox_common.PlatformSpecificationType.factory() 1308 obj_.build(child_) 1309 self.Platform.append(obj_) 1310# end class PlatformListType 1311 1312class ExploitType(GeneratedsSuper): 1313 """The ExploitType characterizes any exploitable weakness that may be 1314 targeted for exploitation by a malware instance through a 1315 Behavior. Most commonly, this refers to a known and identifiable 1316 vulnerability, but it may also refer to one or more 1317 weaknesses.The known_vulnerability field specifies whether the 1318 vulnerability that the malware is exploiting has been previously 1319 identified. If so, it should be referenced via a CVE ID in the 1320 CVE element. If not, the platform(s) targeted by the 1321 vulnerability exploitation behavior may be specified in the 1322 Targeted_Platforms element.""" 1323 subclass = None 1324 superclass = None 1325 def __init__(self, known_vulnerability=None, CVE=None, CWE_ID=None, Targeted_Platforms=None): 1326 self.known_vulnerability = _cast(bool, known_vulnerability) 1327 self.CVE = CVE 1328 if CWE_ID is None: 1329 self.CWE_ID = [] 1330 else: 1331 self.CWE_ID = CWE_ID 1332 self.Targeted_Platforms = Targeted_Platforms 1333 def factory(*args_, **kwargs_): 1334 if ExploitType.subclass: 1335 return ExploitType.subclass(*args_, **kwargs_) 1336 else: 1337 return ExploitType(*args_, **kwargs_) 1338 factory = staticmethod(factory) 1339 def get_CVE(self): return self.CVE 1340 def set_CVE(self, CVE): self.CVE = CVE 1341 def get_CWE_ID(self): return self.CWE_ID 1342 def set_CWE_ID(self, CWE_ID): self.CWE_ID = CWE_ID 1343 def add_CWE_ID(self, value): self.CWE_ID.append(value) 1344 def insert_CWE_ID(self, index, value): self.CWE_ID[index] = value 1345 def get_Targeted_Platforms(self): return self.Targeted_Platforms 1346 def set_Targeted_Platforms(self, Targeted_Platforms): self.Targeted_Platforms = Targeted_Platforms 1347 def get_known_vulnerability(self): return self.known_vulnerability 1348 def set_known_vulnerability(self, known_vulnerability): self.known_vulnerability = known_vulnerability 1349 def hasContent_(self): 1350 if ( 1351 self.CVE is not None or 1352 self.CWE_ID or 1353 self.Targeted_Platforms is not None 1354 ): 1355 return True 1356 else: 1357 return False 1358 def export(self, write, level, namespace_='maecBundle:', name_='ExploitType', namespacedef_='', pretty_print=True): 1359 if pretty_print: 1360 eol_ = '\n' 1361 else: 1362 eol_ = '' 1363 showIndent(write, level, pretty_print) 1364 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 1365 already_processed = set() 1366 self.exportAttributes(write, level, already_processed, namespace_, name_='ExploitType') 1367 if self.hasContent_(): 1368 write('>%s' % (eol_, )) 1369 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 1370 showIndent(write, level, pretty_print) 1371 write('</%s%s>%s' % (namespace_, name_, eol_)) 1372 else: 1373 write('/>%s' % (eol_, )) 1374 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='ExploitType'): 1375 if self.known_vulnerability is not None and 'known_vulnerability' not in already_processed: 1376 already_processed.add('known_vulnerability') 1377 write(' known_vulnerability="%s"' % self.gds_format_boolean(self.known_vulnerability, input_name='known_vulnerability')) 1378 def exportChildren(self, write, level, namespace_='maecBundle:', name_='ExploitType', fromsubclass_=False, pretty_print=True): 1379 if pretty_print: 1380 eol_ = '\n' 1381 else: 1382 eol_ = '' 1383 if self.CVE is not None: 1384 self.CVE.export(write, level, 'maecBundle:', name_='CVE', pretty_print=pretty_print) 1385 for CWE_ID_ in self.CWE_ID: 1386 showIndent(write, level, pretty_print) 1387 write('<%sCWE_ID>%s</%sCWE_ID>%s' % ('maecBundle:', quote_xml(CWE_ID_), 'maecBundle:', eol_)) 1388 if self.Targeted_Platforms is not None: 1389 self.Targeted_Platforms.export(write, level, 'maecBundle:', name_='Targeted_Platforms', pretty_print=pretty_print) 1390 def build(self, node): 1391 self.__sourcenode__ = node 1392 already_processed = set() 1393 self.buildAttributes(node, node.attrib, already_processed) 1394 for child in node: 1395 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 1396 self.buildChildren(child, node, nodeName_) 1397 def buildAttributes(self, node, attrs, already_processed): 1398 value = find_attr_value_('known_vulnerability', node) 1399 if value is not None and 'known_vulnerability' not in already_processed: 1400 already_processed.add('known_vulnerability') 1401 if value in ('true', '1'): 1402 self.known_vulnerability = True 1403 elif value in ('false', '0'): 1404 self.known_vulnerability = False 1405 else: 1406 raise_parse_error(node, 'Bad boolean attribute') 1407 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 1408 if nodeName_ == 'CVE': 1409 obj_ = CVEVulnerabilityType.factory() 1410 obj_.build(child_) 1411 self.set_CVE(obj_) 1412 elif nodeName_ == 'CWE_ID': 1413 CWE_ID_ = child_.text 1414 CWE_ID_ = self.gds_validate_string(CWE_ID_, node, 'CWE_ID') 1415 self.CWE_ID.append(CWE_ID_) 1416 elif nodeName_ == 'Targeted_Platforms': 1417 obj_ = PlatformListType.factory() 1418 obj_.build(child_) 1419 self.set_Targeted_Platforms(obj_) 1420# end class ExploitType 1421 1422class BehaviorRelationshipListType(GeneratedsSuper): 1423 """The BehaviorRelationshipListType captures any relationships between 1424 a Behavior and other Behaviors.""" 1425 subclass = None 1426 superclass = None 1427 def __init__(self, Relationship=None): 1428 if Relationship is None: 1429 self.Relationship = [] 1430 else: 1431 self.Relationship = Relationship 1432 def factory(*args_, **kwargs_): 1433 if BehaviorRelationshipListType.subclass: 1434 return BehaviorRelationshipListType.subclass(*args_, **kwargs_) 1435 else: 1436 return BehaviorRelationshipListType(*args_, **kwargs_) 1437 factory = staticmethod(factory) 1438 def get_Relationship(self): return self.Relationship 1439 def set_Relationship(self, Relationship): self.Relationship = Relationship 1440 def add_Relationship(self, value): self.Relationship.append(value) 1441 def insert_Relationship(self, index, value): self.Relationship[index] = value 1442 def hasContent_(self): 1443 if ( 1444 self.Relationship 1445 ): 1446 return True 1447 else: 1448 return False 1449 def export(self, write, level, namespace_='maecBundle:', name_='BehaviorRelationshipListType', namespacedef_='', pretty_print=True): 1450 if pretty_print: 1451 eol_ = '\n' 1452 else: 1453 eol_ = '' 1454 showIndent(write, level, pretty_print) 1455 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 1456 already_processed = set() 1457 self.exportAttributes(write, level, already_processed, namespace_, name_='BehaviorRelationshipListType') 1458 if self.hasContent_(): 1459 write('>%s' % (eol_, )) 1460 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 1461 showIndent(write, level, pretty_print) 1462 write('</%s%s>%s' % (namespace_, name_, eol_)) 1463 else: 1464 write('/>%s' % (eol_, )) 1465 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='BehaviorRelationshipListType'): 1466 pass 1467 def exportChildren(self, write, level, namespace_='maecBundle:', name_='BehaviorRelationshipListType', fromsubclass_=False, pretty_print=True): 1468 if pretty_print: 1469 eol_ = '\n' 1470 else: 1471 eol_ = '' 1472 for Relationship_ in self.Relationship: 1473 Relationship_.export(write, level, 'maecBundle:', name_='Relationship', pretty_print=pretty_print) 1474 def build(self, node): 1475 self.__sourcenode__ = node 1476 already_processed = set() 1477 self.buildAttributes(node, node.attrib, already_processed) 1478 for child in node: 1479 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 1480 self.buildChildren(child, node, nodeName_) 1481 def buildAttributes(self, node, attrs, already_processed): 1482 pass 1483 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 1484 if nodeName_ == 'Relationship': 1485 obj_ = BehaviorRelationshipType.factory() 1486 obj_.build(child_) 1487 self.Relationship.append(obj_) 1488# end class BehaviorRelationshipListType 1489 1490class BehavioralActionsType(GeneratedsSuper): 1491 """The BehavioralActionsType is intended to capture the Actions or 1492 Action Collections that make up a Behavior.""" 1493 subclass = None 1494 superclass = None 1495 def __init__(self, Action_Collection=None, Action=None, Action_Reference=None, Action_Equivalence_Reference=None): 1496 if Action_Collection is None: 1497 self.Action_Collection = [] 1498 else: 1499 self.Action_Collection = Action_Collection 1500 if Action is None: 1501 self.Action = [] 1502 else: 1503 self.Action = Action 1504 if Action_Reference is None: 1505 self.Action_Reference = [] 1506 else: 1507 self.Action_Reference = Action_Reference 1508 if Action_Equivalence_Reference is None: 1509 self.Action_Equivalence_Reference = [] 1510 else: 1511 self.Action_Equivalence_Reference = Action_Equivalence_Reference 1512 def factory(*args_, **kwargs_): 1513 if BehavioralActionsType.subclass: 1514 return BehavioralActionsType.subclass(*args_, **kwargs_) 1515 else: 1516 return BehavioralActionsType(*args_, **kwargs_) 1517 factory = staticmethod(factory) 1518 def get_Action_Collection(self): return self.Action_Collection 1519 def set_Action_Collection(self, Action_Collection): self.Action_Collection = Action_Collection 1520 def add_Action_Collection(self, value): self.Action_Collection.append(value) 1521 def insert_Action_Collection(self, index, value): self.Action_Collection[index] = value 1522 def get_Action(self): return self.Action 1523 def set_Action(self, Action): self.Action = Action 1524 def add_Action(self, value): self.Action.append(value) 1525 def insert_Action(self, index, value): self.Action[index] = value 1526 def get_Action_Reference(self): return self.Action_Reference 1527 def set_Action_Reference(self, Action_Reference): self.Action_Reference = Action_Reference 1528 def add_Action_Reference(self, value): self.Action_Reference.append(value) 1529 def insert_Action_Reference(self, index, value): self.Action_Reference[index] = value 1530 def get_Action_Equivalence_Reference(self): return self.Action_Equivalence_Reference 1531 def set_Action_Equivalence_Reference(self, Action_Equivalence_Reference): self.Action_Equivalence_Reference = Action_Equivalence_Reference 1532 def add_Action_Equivalence_Reference(self, value): self.Action_Equivalence_Reference.append(value) 1533 def insert_Action_Equivalence_Reference(self, index, value): self.Action_Equivalence_Reference[index] = value 1534 def hasContent_(self): 1535 if ( 1536 self.Action_Collection or 1537 self.Action or 1538 self.Action_Reference or 1539 self.Action_Equivalence_Reference 1540 ): 1541 return True 1542 else: 1543 return False 1544 def export(self, write, level, namespace_='maecBundle:', name_='BehavioralActionsType', namespacedef_='', pretty_print=True): 1545 if pretty_print: 1546 eol_ = '\n' 1547 else: 1548 eol_ = '' 1549 showIndent(write, level, pretty_print) 1550 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 1551 already_processed = set() 1552 self.exportAttributes(write, level, already_processed, namespace_, name_='BehavioralActionsType') 1553 if self.hasContent_(): 1554 write('>%s' % (eol_, )) 1555 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 1556 showIndent(write, level, pretty_print) 1557 write('</%s%s>%s' % (namespace_, name_, eol_)) 1558 else: 1559 write('/>%s' % (eol_, )) 1560 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='BehavioralActionsType'): 1561 pass 1562 def exportChildren(self, write, level, namespace_='maecBundle:', name_='BehavioralActionsType', fromsubclass_=False, pretty_print=True): 1563 if pretty_print: 1564 eol_ = '\n' 1565 else: 1566 eol_ = '' 1567 for Action_Collection_ in self.Action_Collection: 1568 Action_Collection_.export(write, level, 'maecBundle:', name_='Action_Collection', pretty_print=pretty_print) 1569 for Action_ in self.Action: 1570 Action_.export(write, level, 'maecBundle:', name_='Action', pretty_print=pretty_print) 1571 for Action_Reference_ in self.Action_Reference: 1572 Action_Reference_.export(write, level, 'maecBundle:', name_='Action_Reference', pretty_print=pretty_print) 1573 for Action_Equivalence_Reference_ in self.Action_Equivalence_Reference: 1574 Action_Equivalence_Reference_.export(write, level, 'maecBundle:', name_='Action_Equivalence_Reference', pretty_print=pretty_print) 1575 def build(self, node): 1576 self.__sourcenode__ = node 1577 already_processed = set() 1578 self.buildAttributes(node, node.attrib, already_processed) 1579 for child in node: 1580 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 1581 self.buildChildren(child, node, nodeName_) 1582 def buildAttributes(self, node, attrs, already_processed): 1583 pass 1584 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 1585 if nodeName_ == 'Action_Collection': 1586 obj_ = ActionCollectionType.factory() 1587 obj_.build(child_) 1588 self.Action_Collection.append(obj_) 1589 elif nodeName_ == 'Action': 1590 obj_ = BehavioralActionType.factory() 1591 obj_.build(child_) 1592 self.Action.append(obj_) 1593 elif nodeName_ == 'Action_Reference': 1594 obj_ = BehavioralActionReferenceType.factory() 1595 obj_.build(child_) 1596 self.Action_Reference.append(obj_) 1597 elif nodeName_ == 'Action_Equivalence_Reference': 1598 obj_ = BehavioralActionEquivalenceReferenceType.factory() 1599 obj_.build(child_) 1600 self.Action_Equivalence_Reference.append(obj_) 1601# end class BehavioralActionsType 1602 1603class BehaviorListType(GeneratedsSuper): 1604 """The BehaviorListType captures a list of Behaviors.""" 1605 subclass = None 1606 superclass = None 1607 def __init__(self, Behavior=None): 1608 if Behavior is None: 1609 self.Behavior = [] 1610 else: 1611 self.Behavior = Behavior 1612 def factory(*args_, **kwargs_): 1613 if BehaviorListType.subclass: 1614 return BehaviorListType.subclass(*args_, **kwargs_) 1615 else: 1616 return BehaviorListType(*args_, **kwargs_) 1617 factory = staticmethod(factory) 1618 def get_Behavior(self): return self.Behavior 1619 def set_Behavior(self, Behavior): self.Behavior = Behavior 1620 def add_Behavior(self, value): self.Behavior.append(value) 1621 def insert_Behavior(self, index, value): self.Behavior[index] = value 1622 def hasContent_(self): 1623 if ( 1624 self.Behavior 1625 ): 1626 return True 1627 else: 1628 return False 1629 def export(self, write, level, namespace_='maecBundle:', name_='BehaviorListType', namespacedef_='', pretty_print=True): 1630 if pretty_print: 1631 eol_ = '\n' 1632 else: 1633 eol_ = '' 1634 showIndent(write, level, pretty_print) 1635 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 1636 already_processed = set() 1637 self.exportAttributes(write, level, already_processed, namespace_, name_='BehaviorListType') 1638 if self.hasContent_(): 1639 write('>%s' % (eol_, )) 1640 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 1641 showIndent(write, level, pretty_print) 1642 write('</%s%s>%s' % (namespace_, name_, eol_)) 1643 else: 1644 write('/>%s' % (eol_, )) 1645 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='BehaviorListType'): 1646 pass 1647 def exportChildren(self, write, level, namespace_='maecBundle:', name_='BehaviorListType', fromsubclass_=False, pretty_print=True): 1648 if pretty_print: 1649 eol_ = '\n' 1650 else: 1651 eol_ = '' 1652 for Behavior_ in self.Behavior: 1653 Behavior_.export(write, level, 'maecBundle:', name_='Behavior', pretty_print=pretty_print) 1654 def build(self, node): 1655 self.__sourcenode__ = node 1656 already_processed = set() 1657 self.buildAttributes(node, node.attrib, already_processed) 1658 for child in node: 1659 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 1660 self.buildChildren(child, node, nodeName_) 1661 def buildAttributes(self, node, attrs, already_processed): 1662 pass 1663 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 1664 if nodeName_ == 'Behavior': 1665 obj_ = BehaviorType.factory() 1666 obj_.build(child_) 1667 self.Behavior.append(obj_) 1668# end class BehaviorListType 1669 1670class ActionListType(GeneratedsSuper): 1671 """The ActionListType captures a list of Actions.""" 1672 subclass = None 1673 superclass = None 1674 def __init__(self, Action=None): 1675 if Action is None: 1676 self.Action = [] 1677 else: 1678 self.Action = Action 1679 def factory(*args_, **kwargs_): 1680 if ActionListType.subclass: 1681 return ActionListType.subclass(*args_, **kwargs_) 1682 else: 1683 return ActionListType(*args_, **kwargs_) 1684 factory = staticmethod(factory) 1685 def get_Action(self): return self.Action 1686 def set_Action(self, Action): self.Action = Action 1687 def add_Action(self, value): self.Action.append(value) 1688 def insert_Action(self, index, value): self.Action[index] = value 1689 def hasContent_(self): 1690 if ( 1691 self.Action 1692 ): 1693 return True 1694 else: 1695 return False 1696 def export(self, write, level, namespace_='maecBundle:', name_='ActionListType', namespacedef_='', pretty_print=True): 1697 if pretty_print: 1698 eol_ = '\n' 1699 else: 1700 eol_ = '' 1701 showIndent(write, level, pretty_print) 1702 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 1703 already_processed = set() 1704 self.exportAttributes(write, level, already_processed, namespace_, name_='ActionListType') 1705 if self.hasContent_(): 1706 write('>%s' % (eol_, )) 1707 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 1708 showIndent(write, level, pretty_print) 1709 write('</%s%s>%s' % (namespace_, name_, eol_)) 1710 else: 1711 write('/>%s' % (eol_, )) 1712 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='ActionListType'): 1713 pass 1714 def exportChildren(self, write, level, namespace_='maecBundle:', name_='ActionListType', fromsubclass_=False, pretty_print=True): 1715 if pretty_print: 1716 eol_ = '\n' 1717 else: 1718 eol_ = '' 1719 for Action_ in self.Action: 1720 Action_.export(write, level, 'maecBundle:', name_='Action', pretty_print=pretty_print) 1721 def build(self, node): 1722 self.__sourcenode__ = node 1723 already_processed = set() 1724 self.buildAttributes(node, node.attrib, already_processed) 1725 for child in node: 1726 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 1727 self.buildChildren(child, node, nodeName_) 1728 def buildAttributes(self, node, attrs, already_processed): 1729 pass 1730 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 1731 if nodeName_ == 'Action': 1732 obj_ = MalwareActionType.factory() 1733 obj_.build(child_) 1734 self.add_Action(obj_) 1735# end class ActionListType 1736 1737class ObjectListType(GeneratedsSuper): 1738 """The ObjectListType captures a list of CybOX Objects.""" 1739 subclass = None 1740 superclass = None 1741 def __init__(self, Object=None): 1742 if Object is None: 1743 self.Object = [] 1744 else: 1745 self.Object = Object 1746 def factory(*args_, **kwargs_): 1747 if ObjectListType.subclass: 1748 return ObjectListType.subclass(*args_, **kwargs_) 1749 else: 1750 return ObjectListType(*args_, **kwargs_) 1751 factory = staticmethod(factory) 1752 def get_Object(self): return self.Object 1753 def set_Object(self, Object): self.Object = Object 1754 def add_Object(self, value): self.Object.append(value) 1755 def insert_Object(self, index, value): self.Object[index] = value 1756 def hasContent_(self): 1757 if ( 1758 self.Object 1759 ): 1760 return True 1761 else: 1762 return False 1763 def export(self, write, level, namespace_='maecBundle:', name_='ObjectListType', namespacedef_='', pretty_print=True): 1764 if pretty_print: 1765 eol_ = '\n' 1766 else: 1767 eol_ = '' 1768 showIndent(write, level, pretty_print) 1769 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 1770 already_processed = set() 1771 self.exportAttributes(write, level, already_processed, namespace_, name_='ObjectListType') 1772 if self.hasContent_(): 1773 write('>%s' % (eol_, )) 1774 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 1775 showIndent(write, level, pretty_print) 1776 write('</%s%s>%s' % (namespace_, name_, eol_)) 1777 else: 1778 write('/>%s' % (eol_, )) 1779 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='ObjectListType'): 1780 pass 1781 def exportChildren(self, write, level, namespace_='maecBundle:', name_='ObjectListType', fromsubclass_=False, pretty_print=True): 1782 if pretty_print: 1783 eol_ = '\n' 1784 else: 1785 eol_ = '' 1786 for Object_ in self.Object: 1787 Object_.export(write, level, 'maecBundle:', name_='Object', pretty_print=pretty_print) 1788 def build(self, node): 1789 self.__sourcenode__ = node 1790 already_processed = set() 1791 self.buildAttributes(node, node.attrib, already_processed) 1792 for child in node: 1793 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 1794 self.buildChildren(child, node, nodeName_) 1795 def buildAttributes(self, node, attrs, already_processed): 1796 pass 1797 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 1798 if nodeName_ == 'Object': 1799 obj_ = cybox_core.ObjectType.factory() 1800 obj_.build(child_) 1801 self.add_Object(obj_) 1802# end class ObjectListType 1803 1804class BehaviorReferenceType(GeneratedsSuper): 1805 """The BehaviorReferenceType serves as a method for referencing 1806 existing behaviors contained in the Bundle.The behavior_idref 1807 field specifies the id of the Behavior being referenced; this 1808 Behavior must be present in the current Bundle.""" 1809 subclass = None 1810 superclass = None 1811 def __init__(self, behavior_idref=None): 1812 self.behavior_idref = _cast(None, behavior_idref) 1813 pass 1814 def factory(*args_, **kwargs_): 1815 if BehaviorReferenceType.subclass: 1816 return BehaviorReferenceType.subclass(*args_, **kwargs_) 1817 else: 1818 return BehaviorReferenceType(*args_, **kwargs_) 1819 factory = staticmethod(factory) 1820 def get_behavior_idref(self): return self.behavior_idref 1821 def set_behavior_idref(self, behavior_idref): self.behavior_idref = behavior_idref 1822 def hasContent_(self): 1823 if ( 1824 1825 ): 1826 return True 1827 else: 1828 return False 1829 def export(self, write, level, namespace_='maecBundle:', name_='BehaviorReferenceType', namespacedef_='', pretty_print=True): 1830 if pretty_print: 1831 eol_ = '\n' 1832 else: 1833 eol_ = '' 1834 showIndent(write, level, pretty_print) 1835 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 1836 already_processed = set() 1837 self.exportAttributes(write, level, already_processed, namespace_, name_='BehaviorReferenceType') 1838 if self.hasContent_(): 1839 write('>%s' % (eol_, )) 1840 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 1841 write('</%s%s>%s' % (namespace_, name_, eol_)) 1842 else: 1843 write('/>%s' % (eol_, )) 1844 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='BehaviorReferenceType'): 1845 if self.behavior_idref is not None and 'behavior_idref' not in already_processed: 1846 already_processed.add('behavior_idref') 1847 write(' behavior_idref=%s' % (quote_attrib(self.behavior_idref), )) 1848 def exportChildren(self, write, level, namespace_='maecBundle:', name_='BehaviorReferenceType', fromsubclass_=False, pretty_print=True): 1849 pass 1850 def build(self, node): 1851 self.__sourcenode__ = node 1852 already_processed = set() 1853 self.buildAttributes(node, node.attrib, already_processed) 1854 for child in node: 1855 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 1856 self.buildChildren(child, node, nodeName_) 1857 def buildAttributes(self, node, attrs, already_processed): 1858 value = find_attr_value_('behavior_idref', node) 1859 if value is not None and 'behavior_idref' not in already_processed: 1860 already_processed.add('behavior_idref') 1861 self.behavior_idref = value 1862 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 1863 pass 1864# end class BehaviorReferenceType 1865 1866class ObjectReferenceType(GeneratedsSuper): 1867 """The ObjectReferenceType serves as a method for linking to CybOX 1868 Objects embedded in the MAEC Bundle.The object_idref field 1869 specifies the id of a CybOX Object being referenced in the 1870 current MAEC Bundle.""" 1871 subclass = None 1872 superclass = None 1873 def __init__(self, object_idref=None): 1874 self.object_idref = _cast(None, object_idref) 1875 pass 1876 def factory(*args_, **kwargs_): 1877 if ObjectReferenceType.subclass: 1878 return ObjectReferenceType.subclass(*args_, **kwargs_) 1879 else: 1880 return ObjectReferenceType(*args_, **kwargs_) 1881 factory = staticmethod(factory) 1882 def get_object_idref(self): return self.object_idref 1883 def set_object_idref(self, object_idref): self.object_idref = object_idref 1884 def hasContent_(self): 1885 if ( 1886 1887 ): 1888 return True 1889 else: 1890 return False 1891 def export(self, write, level, namespace_='maecBundle:', name_='ObjectReferenceType', namespacedef_='', pretty_print=True): 1892 if pretty_print: 1893 eol_ = '\n' 1894 else: 1895 eol_ = '' 1896 showIndent(write, level, pretty_print) 1897 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 1898 already_processed = set() 1899 self.exportAttributes(write, level, already_processed, namespace_, name_='ObjectReferenceType') 1900 if self.hasContent_(): 1901 write('>%s' % (eol_, )) 1902 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 1903 write('</%s%s>%s' % (namespace_, name_, eol_)) 1904 else: 1905 write('/>%s' % (eol_, )) 1906 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='ObjectReferenceType'): 1907 if self.object_idref is not None and 'object_idref' not in already_processed: 1908 already_processed.add('object_idref') 1909 write(' object_idref=%s' % (quote_attrib(self.object_idref), )) 1910 def exportChildren(self, write, level, namespace_='maecBundle:', name_='ObjectReferenceType', fromsubclass_=False, pretty_print=True): 1911 pass 1912 def build(self, node): 1913 self.__sourcenode__ = node 1914 already_processed = set() 1915 self.buildAttributes(node, node.attrib, already_processed) 1916 for child in node: 1917 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 1918 self.buildChildren(child, node, nodeName_) 1919 def buildAttributes(self, node, attrs, already_processed): 1920 value = find_attr_value_('object_idref', node) 1921 if value is not None and 'object_idref' not in already_processed: 1922 already_processed.add('object_idref') 1923 self.object_idref = value 1924 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 1925 pass 1926# end class ObjectReferenceType 1927 1928class BehavioralActionEquivalenceReferenceType(GeneratedsSuper): 1929 """The BehavioralActionEquivalenceReferenceType defines an Action 1930 Equivalence reference that can be used as part of a Behavior. 1931 Since the Action Equivalency equates two or more actions to a 1932 single one, this can be thought of as specifying one of the 1933 aforementioned Actions as part of the composition of the 1934 Behavior.The action_equivalence_idref field specifies the ID of 1935 an Action Equivalence contained in the same MAEC document as the 1936 Behavior that utilizes it.The behavioral_ordering field defines 1937 the ordering of the Action Equivalency with respect to the other 1938 actions that make up the behavior. So an action with a 1939 behavioral_ordering of "1" would come before an action with a 1940 behavioral_ordering of "2", etc.""" 1941 subclass = None 1942 superclass = None 1943 def __init__(self, action_equivalence_idref=None, behavioral_ordering=None): 1944 self.action_equivalence_idref = _cast(None, action_equivalence_idref) 1945 self.behavioral_ordering = _cast(int, behavioral_ordering) 1946 pass 1947 def factory(*args_, **kwargs_): 1948 if BehavioralActionEquivalenceReferenceType.subclass: 1949 return BehavioralActionEquivalenceReferenceType.subclass(*args_, **kwargs_) 1950 else: 1951 return BehavioralActionEquivalenceReferenceType(*args_, **kwargs_) 1952 factory = staticmethod(factory) 1953 def get_action_equivalence_idref(self): return self.action_equivalence_idref 1954 def set_action_equivalence_idref(self, action_equivalence_idref): self.action_equivalence_idref = action_equivalence_idref 1955 def get_behavioral_ordering(self): return self.behavioral_ordering 1956 def set_behavioral_ordering(self, behavioral_ordering): self.behavioral_ordering = behavioral_ordering 1957 def hasContent_(self): 1958 if ( 1959 1960 ): 1961 return True 1962 else: 1963 return False 1964 def export(self, write, level, namespace_='maecBundle:', name_='BehavioralActionEquivalenceReferenceType', namespacedef_='', pretty_print=True): 1965 if pretty_print: 1966 eol_ = '\n' 1967 else: 1968 eol_ = '' 1969 showIndent(write, level, pretty_print) 1970 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 1971 already_processed = set() 1972 self.exportAttributes(write, level, already_processed, namespace_, name_='BehavioralActionEquivalenceReferenceType') 1973 if self.hasContent_(): 1974 write('>%s' % (eol_, )) 1975 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 1976 write('</%s%s>%s' % (namespace_, name_, eol_)) 1977 else: 1978 write('/>%s' % (eol_, )) 1979 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='BehavioralActionEquivalenceReferenceType'): 1980 if self.action_equivalence_idref is not None and 'action_equivalence_idref' not in already_processed: 1981 already_processed.add('action_equivalence_idref') 1982 write(' action_equivalence_idref=%s' % (quote_attrib(self.action_equivalence_idref), )) 1983 if self.behavioral_ordering is not None and 'behavioral_ordering' not in already_processed: 1984 already_processed.add('behavioral_ordering') 1985 write(' behavioral_ordering="%s"' % self.gds_format_integer(self.behavioral_ordering, input_name='behavioral_ordering')) 1986 def exportChildren(self, write, level, namespace_='maecBundle:', name_='BehavioralActionEquivalenceReferenceType', fromsubclass_=False, pretty_print=True): 1987 pass 1988 def build(self, node): 1989 self.__sourcenode__ = node 1990 already_processed = set() 1991 self.buildAttributes(node, node.attrib, already_processed) 1992 for child in node: 1993 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 1994 self.buildChildren(child, node, nodeName_) 1995 def buildAttributes(self, node, attrs, already_processed): 1996 value = find_attr_value_('action_equivalence_idref', node) 1997 if value is not None and 'action_equivalence_idref' not in already_processed: 1998 already_processed.add('action_equivalence_idref') 1999 self.action_equivalence_idref = value 2000 value = find_attr_value_('behavioral_ordering', node) 2001 if value is not None and 'behavioral_ordering' not in already_processed: 2002 already_processed.add('behavioral_ordering') 2003 try: 2004 self.behavioral_ordering = int(value) 2005 except ValueError as exp: 2006 raise_parse_error(node, 'Bad integer attribute: %s' % exp) 2007 if self.behavioral_ordering <= 0: 2008 raise_parse_error(node, 'Invalid PositiveInteger') 2009 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 2010 pass 2011# end class BehavioralActionEquivalenceReferenceType 2012 2013class BehaviorReferenceListType(GeneratedsSuper): 2014 """The BehaviorReferenceListType captures a list of Behavior 2015 References.""" 2016 subclass = None 2017 superclass = None 2018 def __init__(self, Behavior_Reference=None): 2019 if Behavior_Reference is None: 2020 self.Behavior_Reference = [] 2021 else: 2022 self.Behavior_Reference = Behavior_Reference 2023 def factory(*args_, **kwargs_): 2024 if BehaviorReferenceListType.subclass: 2025 return BehaviorReferenceListType.subclass(*args_, **kwargs_) 2026 else: 2027 return BehaviorReferenceListType(*args_, **kwargs_) 2028 factory = staticmethod(factory) 2029 def get_Behavior_Reference(self): return self.Behavior_Reference 2030 def set_Behavior_Reference(self, Behavior_Reference): self.Behavior_Reference = Behavior_Reference 2031 def add_Behavior_Reference(self, value): self.Behavior_Reference.append(value) 2032 def insert_Behavior_Reference(self, index, value): self.Behavior_Reference[index] = value 2033 def hasContent_(self): 2034 if ( 2035 self.Behavior_Reference 2036 ): 2037 return True 2038 else: 2039 return False 2040 def export(self, write, level, namespace_='maecBundle:', name_='BehaviorReferenceListType', namespacedef_='', pretty_print=True): 2041 if pretty_print: 2042 eol_ = '\n' 2043 else: 2044 eol_ = '' 2045 showIndent(write, level, pretty_print) 2046 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 2047 already_processed = set() 2048 self.exportAttributes(write, level, already_processed, namespace_, name_='BehaviorReferenceListType') 2049 if self.hasContent_(): 2050 write('>%s' % (eol_, )) 2051 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 2052 showIndent(write, level, pretty_print) 2053 write('</%s%s>%s' % (namespace_, name_, eol_)) 2054 else: 2055 write('/>%s' % (eol_, )) 2056 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='BehaviorReferenceListType'): 2057 pass 2058 def exportChildren(self, write, level, namespace_='maecBundle:', name_='BehaviorReferenceListType', fromsubclass_=False, pretty_print=True): 2059 if pretty_print: 2060 eol_ = '\n' 2061 else: 2062 eol_ = '' 2063 for Behavior_Reference_ in self.Behavior_Reference: 2064 Behavior_Reference_.export(write, level, 'maecBundle:', name_='Behavior_Reference', pretty_print=pretty_print) 2065 def build(self, node): 2066 self.__sourcenode__ = node 2067 already_processed = set() 2068 self.buildAttributes(node, node.attrib, already_processed) 2069 for child in node: 2070 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 2071 self.buildChildren(child, node, nodeName_) 2072 def buildAttributes(self, node, attrs, already_processed): 2073 pass 2074 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 2075 if nodeName_ == 'Behavior_Reference': 2076 obj_ = BehaviorReferenceType.factory() 2077 obj_.build(child_) 2078 self.Behavior_Reference.append(obj_) 2079# end class BehaviorReferenceListType 2080 2081class ActionReferenceListType(GeneratedsSuper): 2082 """The ActionReferenceListType captures a list of Action References.""" 2083 subclass = None 2084 superclass = None 2085 def __init__(self, Action_Reference=None): 2086 if Action_Reference is None: 2087 self.Action_Reference = [] 2088 else: 2089 self.Action_Reference = Action_Reference 2090 def factory(*args_, **kwargs_): 2091 if ActionReferenceListType.subclass: 2092 return ActionReferenceListType.subclass(*args_, **kwargs_) 2093 else: 2094 return ActionReferenceListType(*args_, **kwargs_) 2095 factory = staticmethod(factory) 2096 def get_Action_Reference(self): return self.Action_Reference 2097 def set_Action_Reference(self, Action_Reference): self.Action_Reference = Action_Reference 2098 def add_Action_Reference(self, value): self.Action_Reference.append(value) 2099 def insert_Action_Reference(self, index, value): self.Action_Reference[index] = value 2100 def hasContent_(self): 2101 if ( 2102 self.Action_Reference 2103 ): 2104 return True 2105 else: 2106 return False 2107 def export(self, write, level, namespace_='maecBundle:', name_='ActionReferenceListType', namespacedef_='', pretty_print=True): 2108 if pretty_print: 2109 eol_ = '\n' 2110 else: 2111 eol_ = '' 2112 showIndent(write, level, pretty_print) 2113 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 2114 already_processed = set() 2115 self.exportAttributes(write, level, already_processed, namespace_, name_='ActionReferenceListType') 2116 if self.hasContent_(): 2117 write('>%s' % (eol_, )) 2118 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 2119 showIndent(write, level, pretty_print) 2120 write('</%s%s>%s' % (namespace_, name_, eol_)) 2121 else: 2122 write('/>%s' % (eol_, )) 2123 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='ActionReferenceListType'): 2124 pass 2125 def exportChildren(self, write, level, namespace_='maecBundle:', name_='ActionReferenceListType', fromsubclass_=False, pretty_print=True): 2126 if pretty_print: 2127 eol_ = '\n' 2128 else: 2129 eol_ = '' 2130 for Action_Reference_ in self.Action_Reference: 2131 Action_Reference_.export(write, level, 'maecBundle:', name_='Action_Reference', pretty_print=pretty_print) 2132 def build(self, node): 2133 self.__sourcenode__ = node 2134 already_processed = set() 2135 self.buildAttributes(node, node.attrib, already_processed) 2136 for child in node: 2137 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 2138 self.buildChildren(child, node, nodeName_) 2139 def buildAttributes(self, node, attrs, already_processed): 2140 pass 2141 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 2142 if nodeName_ == 'Action_Reference': 2143 obj_ = cybox_core.ActionReferenceType.factory() 2144 obj_.build(child_) 2145 self.add_Action_Reference(obj_) 2146# end class ActionReferenceListType 2147 2148class ObjectReferenceListType(GeneratedsSuper): 2149 """The ObjectReferenceListType captures a list of references to CybOX 2150 Objects.""" 2151 subclass = None 2152 superclass = None 2153 def __init__(self, Object_Reference=None): 2154 if Object_Reference is None: 2155 self.Object_Reference = [] 2156 else: 2157 self.Object_Reference = Object_Reference 2158 def factory(*args_, **kwargs_): 2159 if ObjectReferenceListType.subclass: 2160 return ObjectReferenceListType.subclass(*args_, **kwargs_) 2161 else: 2162 return ObjectReferenceListType(*args_, **kwargs_) 2163 factory = staticmethod(factory) 2164 def get_Object_Reference(self): return self.Object_Reference 2165 def set_Object_Reference(self, Object_Reference): self.Object_Reference = Object_Reference 2166 def add_Object_Reference(self, value): self.Object_Reference.append(value) 2167 def insert_Object_Reference(self, index, value): self.Object_Reference[index] = value 2168 def hasContent_(self): 2169 if ( 2170 self.Object_Reference 2171 ): 2172 return True 2173 else: 2174 return False 2175 def export(self, write, level, namespace_='maecBundle:', name_='ObjectReferenceListType', namespacedef_='', pretty_print=True): 2176 if pretty_print: 2177 eol_ = '\n' 2178 else: 2179 eol_ = '' 2180 showIndent(write, level, pretty_print) 2181 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 2182 already_processed = set() 2183 self.exportAttributes(write, level, already_processed, namespace_, name_='ObjectReferenceListType') 2184 if self.hasContent_(): 2185 write('>%s' % (eol_, )) 2186 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 2187 showIndent(write, level, pretty_print) 2188 write('</%s%s>%s' % (namespace_, name_, eol_)) 2189 else: 2190 write('/>%s' % (eol_, )) 2191 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='ObjectReferenceListType'): 2192 pass 2193 def exportChildren(self, write, level, namespace_='maecBundle:', name_='ObjectReferenceListType', fromsubclass_=False, pretty_print=True): 2194 if pretty_print: 2195 eol_ = '\n' 2196 else: 2197 eol_ = '' 2198 for Object_Reference_ in self.Object_Reference: 2199 Object_Reference_.export(write, level, 'maecBundle:', name_='Object_Reference', pretty_print=pretty_print) 2200 def build(self, node): 2201 self.__sourcenode__ = node 2202 already_processed = set() 2203 self.buildAttributes(node, node.attrib, already_processed) 2204 for child in node: 2205 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 2206 self.buildChildren(child, node, nodeName_) 2207 def buildAttributes(self, node, attrs, already_processed): 2208 pass 2209 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 2210 if nodeName_ == 'Object_Reference': 2211 obj_ = ObjectReferenceType.factory() 2212 obj_.build(child_) 2213 self.Object_Reference.append(obj_) 2214# end class ObjectReferenceListType 2215 2216class CandidateIndicatorType(GeneratedsSuper): 2217 """The CandidateIndicatorType provides a way of defining a MAEC entity- 2218 based Candidate Indicator, which specifies the particular 2219 components that may signify the presence of the malware instance 2220 on a host system or network.The id field specifies a unique ID 2221 for this Candidate Indicator. The ID must follow the pattern 2222 defined in the CandidateIndicatorIDPattern simple type.The 2223 creation_datetime field specifies the date/time that the 2224 Candidate Indicator was created.The lastupdate_datetime field 2225 specifies the last date/time that the Candidate Indicator was 2226 updated.The version field specifies the version of the Candidate 2227 Indicator.""" 2228 subclass = None 2229 superclass = None 2230 def __init__(self, version=None, creation_datetime=None, id=None, lastupdate_datetime=None, Importance=None, Numeric_Importance=None, Author=None, Description=None, Malware_Entity=None, Composition=None): 2231 self.version = _cast(None, version) 2232 self.creation_datetime = _cast(None, creation_datetime) 2233 self.id = _cast(None, id) 2234 self.lastupdate_datetime = _cast(None, lastupdate_datetime) 2235 self.Importance = Importance 2236 self.Numeric_Importance = Numeric_Importance 2237 self.Author = Author 2238 self.Description = Description 2239 self.Malware_Entity = Malware_Entity 2240 self.Composition = Composition 2241 def factory(*args_, **kwargs_): 2242 if CandidateIndicatorType.subclass: 2243 return CandidateIndicatorType.subclass(*args_, **kwargs_) 2244 else: 2245 return CandidateIndicatorType(*args_, **kwargs_) 2246 factory = staticmethod(factory) 2247 def get_Importance(self): return self.Importance 2248 def set_Importance(self, Importance): self.Importance = Importance 2249 def get_Numeric_Importance(self): return self.Numeric_Importance 2250 def set_Numeric_Importance(self, Numeric_Importance): self.Numeric_Importance = Numeric_Importance 2251 def get_Author(self): return self.Author 2252 def set_Author(self, Author): self.Author = Author 2253 def get_Description(self): return self.Description 2254 def set_Description(self, Description): self.Description = Description 2255 def get_Malware_Entity(self): return self.Malware_Entity 2256 def set_Malware_Entity(self, Malware_Entity): self.Malware_Entity = Malware_Entity 2257 def get_Composition(self): return self.Composition 2258 def set_Composition(self, Composition): self.Composition = Composition 2259 def get_version(self): return self.version 2260 def set_version(self, version): self.version = version 2261 def get_creation_datetime(self): return self.creation_datetime 2262 def set_creation_datetime(self, creation_datetime): self.creation_datetime = creation_datetime 2263 def get_id(self): return self.id 2264 def set_id(self, id): self.id = id 2265 def get_lastupdate_datetime(self): return self.lastupdate_datetime 2266 def set_lastupdate_datetime(self, lastupdate_datetime): self.lastupdate_datetime = lastupdate_datetime 2267 def hasContent_(self): 2268 if ( 2269 self.Importance is not None or 2270 self.Numeric_Importance is not None or 2271 self.Author is not None or 2272 self.Description is not None or 2273 self.Malware_Entity is not None or 2274 self.Composition is not None 2275 ): 2276 return True 2277 else: 2278 return False 2279 def export(self, write, level, namespace_='maecBundle:', name_='CandidateIndicatorType', namespacedef_='', pretty_print=True): 2280 if pretty_print: 2281 eol_ = '\n' 2282 else: 2283 eol_ = '' 2284 showIndent(write, level, pretty_print) 2285 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 2286 already_processed = set() 2287 self.exportAttributes(write, level, already_processed, namespace_, name_='CandidateIndicatorType') 2288 if self.hasContent_(): 2289 write('>%s' % (eol_, )) 2290 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 2291 showIndent(write, level, pretty_print) 2292 write('</%s%s>%s' % (namespace_, name_, eol_)) 2293 else: 2294 write('/>%s' % (eol_, )) 2295 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='CandidateIndicatorType'): 2296 if self.version is not None and 'version' not in already_processed: 2297 already_processed.add('version') 2298 write(' version=%s' % (quote_attrib(self.version))) 2299 if self.creation_datetime is not None and 'creation_datetime' not in already_processed: 2300 already_processed.add('creation_datetime') 2301 write(' creation_datetime="%s"' % self.gds_format_datetime(self.creation_datetime, input_name='creation_datetime')) 2302 if self.id is not None and 'id' not in already_processed: 2303 already_processed.add('id') 2304 write(' id=%s' % (quote_attrib(self.id), )) 2305 if self.lastupdate_datetime is not None and 'lastupdate_datetime' not in already_processed: 2306 already_processed.add('lastupdate_datetime') 2307 write(' lastupdate_datetime="%s"' % self.gds_format_datetime(self.lastupdate_datetime, input_name='lastupdate_datetime')) 2308 def exportChildren(self, write, level, namespace_='maecBundle:', name_='CandidateIndicatorType', fromsubclass_=False, pretty_print=True): 2309 if pretty_print: 2310 eol_ = '\n' 2311 else: 2312 eol_ = '' 2313 if self.Importance is not None: 2314 self.Importance.export(write, level, 'maecBundle:', name_='Importance', pretty_print=pretty_print) 2315 if self.Numeric_Importance is not None: 2316 showIndent(write, level, pretty_print) 2317 write('<%sNumeric_Importance>%s</%sNumeric_Importance>%s' % ('maecBundle:', self.gds_format_integer(self.Numeric_Importance, input_name='Numeric_Importance'), 'maecBundle:', eol_)) 2318 if self.Author is not None: 2319 showIndent(write, level, pretty_print) 2320 write('<%sAuthor>%s</%sAuthor>%s' % ('maecBundle:', quote_xml(self.Author), 'maecBundle:', eol_)) 2321 if self.Description is not None: 2322 showIndent(write, level, pretty_print) 2323 write('<%sDescription>%s</%sDescription>%s' % ('maecBundle:', quote_xml(self.Description), 'maecBundle:', eol_)) 2324 if self.Malware_Entity is not None: 2325 self.Malware_Entity.export(write, level, 'maecBundle:', name_='Malware_Entity', pretty_print=pretty_print) 2326 if self.Composition is not None: 2327 self.Composition.export(write, level, 'maecBundle:', name_='Composition', pretty_print=pretty_print) 2328 def build(self, node): 2329 self.__sourcenode__ = node 2330 already_processed = set() 2331 self.buildAttributes(node, node.attrib, already_processed) 2332 for child in node: 2333 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 2334 self.buildChildren(child, node, nodeName_) 2335 def buildAttributes(self, node, attrs, already_processed): 2336 value = find_attr_value_('version', node) 2337 if value is not None and 'version' not in already_processed: 2338 already_processed.add('version') 2339 self.version = value 2340 value = find_attr_value_('creation_datetime', node) 2341 if value is not None and 'creation_datetime' not in already_processed: 2342 already_processed.add('creation_datetime') 2343 try: 2344 self.creation_datetime = value 2345 except ValueError as exp: 2346 raise ValueError('Bad date-time attribute (creation_datetime): %s' % exp) 2347 value = find_attr_value_('id', node) 2348 if value is not None and 'id' not in already_processed: 2349 already_processed.add('id') 2350 self.id = value 2351 value = find_attr_value_('lastupdate_datetime', node) 2352 if value is not None and 'lastupdate_datetime' not in already_processed: 2353 already_processed.add('lastupdate_datetime') 2354 try: 2355 self.lastupdate_datetime = value 2356 except ValueError as exp: 2357 raise ValueError('Bad date-time attribute (lastupdate_datetime): %s' % exp) 2358 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 2359 if nodeName_ == 'Importance': 2360 obj_ = cybox_common.ControlledVocabularyStringType.factory() 2361 obj_.build(child_) 2362 self.set_Importance(obj_) 2363 elif nodeName_ == 'Numeric_Importance': 2364 sval_ = child_.text 2365 try: 2366 ival_ = int(sval_) 2367 except (TypeError, ValueError) as exp: 2368 raise_parse_error(child_, 'requires integer: %s' % exp) 2369 if ival_ <= 0: 2370 raise_parse_error(child_, 'requires positiveInteger') 2371 ival_ = self.gds_validate_integer(ival_, node, 'Numeric_Importance') 2372 self.Numeric_Importance = ival_ 2373 elif nodeName_ == 'Author': 2374 Author_ = child_.text 2375 Author_ = self.gds_validate_string(Author_, node, 'Author') 2376 self.Author = Author_ 2377 elif nodeName_ == 'Description': 2378 Description_ = child_.text 2379 Description_ = self.gds_validate_string(Description_, node, 'Description') 2380 self.Description = Description_ 2381 elif nodeName_ == 'Malware_Entity': 2382 obj_ = MalwareEntityType.factory() 2383 obj_.build(child_) 2384 self.set_Malware_Entity(obj_) 2385 elif nodeName_ == 'Composition': 2386 obj_ = CandidateIndicatorCompositionType.factory() 2387 obj_.build(child_) 2388 self.set_Composition(obj_) 2389# end class CandidateIndicatorType 2390 2391class CandidateIndicatorListType(GeneratedsSuper): 2392 """The CandidateIndicatorListType captures a list of Candidate 2393 Indicators.""" 2394 subclass = None 2395 superclass = None 2396 def __init__(self, Candidate_Indicator=None): 2397 if Candidate_Indicator is None: 2398 self.Candidate_Indicator = [] 2399 else: 2400 self.Candidate_Indicator = Candidate_Indicator 2401 def factory(*args_, **kwargs_): 2402 if CandidateIndicatorListType.subclass: 2403 return CandidateIndicatorListType.subclass(*args_, **kwargs_) 2404 else: 2405 return CandidateIndicatorListType(*args_, **kwargs_) 2406 factory = staticmethod(factory) 2407 def get_Candidate_Indicator(self): return self.Candidate_Indicator 2408 def set_Candidate_Indicator(self, Candidate_Indicator): self.Candidate_Indicator = Candidate_Indicator 2409 def add_Candidate_Indicator(self, value): self.Candidate_Indicator.append(value) 2410 def insert_Candidate_Indicator(self, index, value): self.Candidate_Indicator[index] = value 2411 def hasContent_(self): 2412 if ( 2413 self.Candidate_Indicator 2414 ): 2415 return True 2416 else: 2417 return False 2418 def export(self, write, level, namespace_='maecBundle:', name_='CandidateIndicatorListType', namespacedef_='', pretty_print=True): 2419 if pretty_print: 2420 eol_ = '\n' 2421 else: 2422 eol_ = '' 2423 showIndent(write, level, pretty_print) 2424 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 2425 already_processed = set() 2426 self.exportAttributes(write, level, already_processed, namespace_, name_='CandidateIndicatorListType') 2427 if self.hasContent_(): 2428 write('>%s' % (eol_, )) 2429 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 2430 showIndent(write, level, pretty_print) 2431 write('</%s%s>%s' % (namespace_, name_, eol_)) 2432 else: 2433 write('/>%s' % (eol_, )) 2434 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='CandidateIndicatorListType'): 2435 pass 2436 def exportChildren(self, write, level, namespace_='maecBundle:', name_='CandidateIndicatorListType', fromsubclass_=False, pretty_print=True): 2437 if pretty_print: 2438 eol_ = '\n' 2439 else: 2440 eol_ = '' 2441 for Candidate_Indicator_ in self.Candidate_Indicator: 2442 Candidate_Indicator_.export(write, level, 'maecBundle:', name_='Candidate_Indicator', pretty_print=pretty_print) 2443 def build(self, node): 2444 self.__sourcenode__ = node 2445 already_processed = set() 2446 self.buildAttributes(node, node.attrib, already_processed) 2447 for child in node: 2448 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 2449 self.buildChildren(child, node, nodeName_) 2450 def buildAttributes(self, node, attrs, already_processed): 2451 pass 2452 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 2453 if nodeName_ == 'Candidate_Indicator': 2454 obj_ = CandidateIndicatorType.factory() 2455 obj_.build(child_) 2456 self.Candidate_Indicator.append(obj_) 2457# end class CandidateIndicatorListType 2458 2459class MalwareEntityType(GeneratedsSuper): 2460 """The MalwareEntityType provides a mechanism for characterizing the 2461 particular entity that an indicator or signature is written 2462 against, whether it is a particular malware instance, family, 2463 etc.""" 2464 subclass = None 2465 superclass = None 2466 def __init__(self, Type=None, Name=None, Description=None): 2467 self.Type = Type 2468 self.Name = Name 2469 self.Description = Description 2470 def factory(*args_, **kwargs_): 2471 if MalwareEntityType.subclass: 2472 return MalwareEntityType.subclass(*args_, **kwargs_) 2473 else: 2474 return MalwareEntityType(*args_, **kwargs_) 2475 factory = staticmethod(factory) 2476 def get_Type(self): return self.Type 2477 def set_Type(self, Type): self.Type = Type 2478 def get_Name(self): return self.Name 2479 def set_Name(self, Name): self.Name = Name 2480 def get_Description(self): return self.Description 2481 def set_Description(self, Description): self.Description = Description 2482 def hasContent_(self): 2483 if ( 2484 self.Type is not None or 2485 self.Name is not None or 2486 self.Description is not None 2487 ): 2488 return True 2489 else: 2490 return False 2491 def export(self, write, level, namespace_='maecBundle:', name_='MalwareEntityType', namespacedef_='', pretty_print=True): 2492 if pretty_print: 2493 eol_ = '\n' 2494 else: 2495 eol_ = '' 2496 showIndent(write, level, pretty_print) 2497 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 2498 already_processed = set() 2499 self.exportAttributes(write, level, already_processed, namespace_, name_='MalwareEntityType') 2500 if self.hasContent_(): 2501 write('>%s' % (eol_, )) 2502 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 2503 showIndent(write, level, pretty_print) 2504 write('</%s%s>%s' % (namespace_, name_, eol_)) 2505 else: 2506 write('/>%s' % (eol_, )) 2507 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='MalwareEntityType'): 2508 pass 2509 def exportChildren(self, write, level, namespace_='maecBundle:', name_='MalwareEntityType', fromsubclass_=False, pretty_print=True): 2510 if pretty_print: 2511 eol_ = '\n' 2512 else: 2513 eol_ = '' 2514 if self.Type is not None: 2515 self.Type.export(write, level, 'maecBundle:', name_='Type', pretty_print=pretty_print) 2516 if self.Name is not None: 2517 showIndent(write, level, pretty_print) 2518 write('<%sName>%s</%sName>%s' % ('maecBundle:', quote_xml(self.Name), 'maecBundle:', eol_)) 2519 if self.Description is not None: 2520 showIndent(write, level, pretty_print) 2521 write('<%sDescription>%s</%sDescription>%s' % ('maecBundle:', quote_xml(self.Description), 'maecBundle:', eol_)) 2522 def build(self, node): 2523 self.__sourcenode__ = node 2524 already_processed = set() 2525 self.buildAttributes(node, node.attrib, already_processed) 2526 for child in node: 2527 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 2528 self.buildChildren(child, node, nodeName_) 2529 def buildAttributes(self, node, attrs, already_processed): 2530 pass 2531 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 2532 if nodeName_ == 'Type': 2533 obj_ = cybox_common.ControlledVocabularyStringType.factory() 2534 obj_.build(child_) 2535 self.set_Type(obj_) 2536 elif nodeName_ == 'Name': 2537 Name_ = child_.text 2538 Name_ = self.gds_validate_string(Name_, node, 'Name') 2539 self.Name = Name_ 2540 elif nodeName_ == 'Description': 2541 Description_ = child_.text 2542 Description_ = self.gds_validate_string(Description_, node, 'Description') 2543 self.Description = Description_ 2544# end class MalwareEntityType 2545 2546class CollectionsType(GeneratedsSuper): 2547 """The CollectionsType captures the various types of MAEC entity 2548 collections.""" 2549 subclass = None 2550 superclass = None 2551 def __init__(self, Behavior_Collections=None, Action_Collections=None, Object_Collections=None, Candidate_Indicator_Collections=None): 2552 self.Behavior_Collections = Behavior_Collections 2553 self.Action_Collections = Action_Collections 2554 self.Object_Collections = Object_Collections 2555 self.Candidate_Indicator_Collections = Candidate_Indicator_Collections 2556 def factory(*args_, **kwargs_): 2557 if CollectionsType.subclass: 2558 return CollectionsType.subclass(*args_, **kwargs_) 2559 else: 2560 return CollectionsType(*args_, **kwargs_) 2561 factory = staticmethod(factory) 2562 def get_Behavior_Collections(self): return self.Behavior_Collections 2563 def set_Behavior_Collections(self, Behavior_Collections): self.Behavior_Collections = Behavior_Collections 2564 def get_Action_Collections(self): return self.Action_Collections 2565 def set_Action_Collections(self, Action_Collections): self.Action_Collections = Action_Collections 2566 def get_Object_Collections(self): return self.Object_Collections 2567 def set_Object_Collections(self, Object_Collections): self.Object_Collections = Object_Collections 2568 def get_Candidate_Indicator_Collections(self): return self.Candidate_Indicator_Collections 2569 def set_Candidate_Indicator_Collections(self, Candidate_Indicator_Collections): self.Candidate_Indicator_Collections = Candidate_Indicator_Collections 2570 def hasContent_(self): 2571 if ( 2572 self.Behavior_Collections is not None or 2573 self.Action_Collections is not None or 2574 self.Object_Collections is not None or 2575 self.Candidate_Indicator_Collections is not None 2576 ): 2577 return True 2578 else: 2579 return False 2580 def export(self, write, level, namespace_='maecBundle:', name_='CollectionsType', namespacedef_='', pretty_print=True): 2581 if pretty_print: 2582 eol_ = '\n' 2583 else: 2584 eol_ = '' 2585 showIndent(write, level, pretty_print) 2586 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 2587 already_processed = set() 2588 self.exportAttributes(write, level, already_processed, namespace_, name_='CollectionsType') 2589 if self.hasContent_(): 2590 write('>%s' % (eol_, )) 2591 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 2592 showIndent(write, level, pretty_print) 2593 write('</%s%s>%s' % (namespace_, name_, eol_)) 2594 else: 2595 write('/>%s' % (eol_, )) 2596 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='CollectionsType'): 2597 pass 2598 def exportChildren(self, write, level, namespace_='maecBundle:', name_='CollectionsType', fromsubclass_=False, pretty_print=True): 2599 if pretty_print: 2600 eol_ = '\n' 2601 else: 2602 eol_ = '' 2603 if self.Behavior_Collections is not None: 2604 self.Behavior_Collections.export(write, level, 'maecBundle:', name_='Behavior_Collections', pretty_print=pretty_print) 2605 if self.Action_Collections is not None: 2606 self.Action_Collections.export(write, level, 'maecBundle:', name_='Action_Collections', pretty_print=pretty_print) 2607 if self.Object_Collections is not None: 2608 self.Object_Collections.export(write, level, 'maecBundle:', name_='Object_Collections', pretty_print=pretty_print) 2609 if self.Candidate_Indicator_Collections is not None: 2610 self.Candidate_Indicator_Collections.export(write, level, 'maecBundle:', name_='Candidate_Indicator_Collections', pretty_print=pretty_print) 2611 def build(self, node): 2612 self.__sourcenode__ = node 2613 already_processed = set() 2614 self.buildAttributes(node, node.attrib, already_processed) 2615 for child in node: 2616 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 2617 self.buildChildren(child, node, nodeName_) 2618 def buildAttributes(self, node, attrs, already_processed): 2619 pass 2620 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 2621 if nodeName_ == 'Behavior_Collections': 2622 obj_ = BehaviorCollectionListType.factory() 2623 obj_.build(child_) 2624 self.set_Behavior_Collections(obj_) 2625 elif nodeName_ == 'Action_Collections': 2626 obj_ = ActionCollectionListType.factory() 2627 obj_.build(child_) 2628 self.set_Action_Collections(obj_) 2629 elif nodeName_ == 'Object_Collections': 2630 obj_ = ObjectCollectionListType.factory() 2631 obj_.build(child_) 2632 self.set_Object_Collections(obj_) 2633 elif nodeName_ == 'Candidate_Indicator_Collections': 2634 obj_ = CandidateIndicatorCollectionListType.factory() 2635 obj_.build(child_) 2636 self.set_Candidate_Indicator_Collections(obj_) 2637# end class CollectionsType 2638 2639class BundleReferenceType(GeneratedsSuper): 2640 """The BundleReferenceType serves as a method for linking to Bundles 2641 embedded in other locations.The bundle_idref field references 2642 the ID of a Bundle contained inside the current MAEC document.""" 2643 subclass = None 2644 superclass = None 2645 def __init__(self, bundle_idref=None): 2646 self.bundle_idref = _cast(None, bundle_idref) 2647 pass 2648 def factory(*args_, **kwargs_): 2649 if BundleReferenceType.subclass: 2650 return BundleReferenceType.subclass(*args_, **kwargs_) 2651 else: 2652 return BundleReferenceType(*args_, **kwargs_) 2653 factory = staticmethod(factory) 2654 def get_bundle_idref(self): return self.bundle_idref 2655 def set_bundle_idref(self, bundle_idref): self.bundle_idref = bundle_idref 2656 def hasContent_(self): 2657 if ( 2658 2659 ): 2660 return True 2661 else: 2662 return False 2663 def export(self, write, level, namespace_='maecBundle:', name_='BundleReferenceType', namespacedef_='', pretty_print=True): 2664 if pretty_print: 2665 eol_ = '\n' 2666 else: 2667 eol_ = '' 2668 showIndent(write, level, pretty_print) 2669 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 2670 already_processed = set() 2671 self.exportAttributes(write, level, already_processed, namespace_, name_='BundleReferenceType') 2672 if self.hasContent_(): 2673 write('>%s' % (eol_, )) 2674 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 2675 write('</%s%s>%s' % (namespace_, name_, eol_)) 2676 else: 2677 write('/>%s' % (eol_, )) 2678 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='BundleReferenceType'): 2679 if self.bundle_idref is not None and 'bundle_idref' not in already_processed: 2680 already_processed.add('bundle_idref') 2681 write(' bundle_idref=%s' % (quote_attrib(self.bundle_idref), )) 2682 def exportChildren(self, write, level, namespace_='maecBundle:', name_='BundleReferenceType', fromsubclass_=False, pretty_print=True): 2683 pass 2684 def build(self, node): 2685 self.__sourcenode__ = node 2686 already_processed = set() 2687 self.buildAttributes(node, node.attrib, already_processed) 2688 for child in node: 2689 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 2690 self.buildChildren(child, node, nodeName_) 2691 def buildAttributes(self, node, attrs, already_processed): 2692 value = find_attr_value_('bundle_idref', node) 2693 if value is not None and 'bundle_idref' not in already_processed: 2694 already_processed.add('bundle_idref') 2695 self.bundle_idref = value 2696 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 2697 pass 2698# end class BundleReferenceType 2699 2700class ProcessTreeType(GeneratedsSuper): 2701 """The ProcessTreeType captures the process tree for the malware 2702 instance, including the parent process and processes spawned by 2703 it, along with any Actions initiated by each.""" 2704 subclass = None 2705 superclass = None 2706 def __init__(self, Root_Process=None): 2707 self.Root_Process = Root_Process 2708 def factory(*args_, **kwargs_): 2709 if ProcessTreeType.subclass: 2710 return ProcessTreeType.subclass(*args_, **kwargs_) 2711 else: 2712 return ProcessTreeType(*args_, **kwargs_) 2713 factory = staticmethod(factory) 2714 def get_Root_Process(self): return self.Root_Process 2715 def set_Root_Process(self, Root_Process): self.Root_Process = Root_Process 2716 def hasContent_(self): 2717 if ( 2718 self.Root_Process is not None 2719 ): 2720 return True 2721 else: 2722 return False 2723 def export(self, write, level, namespace_='maecBundle:', name_='ProcessTreeType', namespacedef_='', pretty_print=True): 2724 if pretty_print: 2725 eol_ = '\n' 2726 else: 2727 eol_ = '' 2728 showIndent(write, level, pretty_print) 2729 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 2730 already_processed = set() 2731 self.exportAttributes(write, level, already_processed, namespace_, name_='ProcessTreeType') 2732 if self.hasContent_(): 2733 write('>%s' % (eol_, )) 2734 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 2735 showIndent(write, level, pretty_print) 2736 write('</%s%s>%s' % (namespace_, name_, eol_)) 2737 else: 2738 write('/>%s' % (eol_, )) 2739 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='ProcessTreeType'): 2740 pass 2741 def exportChildren(self, write, level, namespace_='maecBundle:', name_='ProcessTreeType', fromsubclass_=False, pretty_print=True): 2742 if pretty_print: 2743 eol_ = '\n' 2744 else: 2745 eol_ = '' 2746 if self.Root_Process is not None: 2747 self.Root_Process.export(write, level, 'maecBundle:', name_='Root_Process', pretty_print=pretty_print) 2748 def build(self, node): 2749 self.__sourcenode__ = node 2750 already_processed = set() 2751 self.buildAttributes(node, node.attrib, already_processed) 2752 for child in node: 2753 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 2754 self.buildChildren(child, node, nodeName_) 2755 def buildAttributes(self, node, attrs, already_processed): 2756 pass 2757 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 2758 if nodeName_ == 'Root_Process': 2759 obj_ = ProcessTreeNodeType.factory() 2760 obj_.build(child_) 2761 self.set_Root_Process(obj_) 2762# end class ProcessTreeType 2763 2764class CandidateIndicatorCompositionType(GeneratedsSuper): 2765 """The CandidateIndicatorCompositionType captures the composition of a 2766 Candidate Indicator, via references to any corresponding MAEC 2767 entities contained in the Bundle.The operator field specifies 2768 the Boolean operator for this level of the Candidate Indicator's 2769 composition.""" 2770 subclass = None 2771 superclass = None 2772 def __init__(self, operator=None, Behavior_Reference=None, Action_Reference=None, Object_Reference=None, Sub_Composition=None): 2773 self.operator = _cast(None, operator) 2774 if Behavior_Reference is None: 2775 self.Behavior_Reference = [] 2776 else: 2777 self.Behavior_Reference = Behavior_Reference 2778 if Action_Reference is None: 2779 self.Action_Reference = [] 2780 else: 2781 self.Action_Reference = Action_Reference 2782 if Object_Reference is None: 2783 self.Object_Reference = [] 2784 else: 2785 self.Object_Reference = Object_Reference 2786 if Sub_Composition is None: 2787 self.Sub_Composition = [] 2788 else: 2789 self.Sub_Composition = Sub_Composition 2790 def factory(*args_, **kwargs_): 2791 if CandidateIndicatorCompositionType.subclass: 2792 return CandidateIndicatorCompositionType.subclass(*args_, **kwargs_) 2793 else: 2794 return CandidateIndicatorCompositionType(*args_, **kwargs_) 2795 factory = staticmethod(factory) 2796 def get_Behavior_Reference(self): return self.Behavior_Reference 2797 def set_Behavior_Reference(self, Behavior_Reference): self.Behavior_Reference = Behavior_Reference 2798 def add_Behavior_Reference(self, value): self.Behavior_Reference.append(value) 2799 def insert_Behavior_Reference(self, index, value): self.Behavior_Reference[index] = value 2800 def get_Action_Reference(self): return self.Action_Reference 2801 def set_Action_Reference(self, Action_Reference): self.Action_Reference = Action_Reference 2802 def add_Action_Reference(self, value): self.Action_Reference.append(value) 2803 def insert_Action_Reference(self, index, value): self.Action_Reference[index] = value 2804 def get_Object_Reference(self): return self.Object_Reference 2805 def set_Object_Reference(self, Object_Reference): self.Object_Reference = Object_Reference 2806 def add_Object_Reference(self, value): self.Object_Reference.append(value) 2807 def insert_Object_Reference(self, index, value): self.Object_Reference[index] = value 2808 def get_Sub_Composition(self): return self.Sub_Composition 2809 def set_Sub_Composition(self, Sub_Composition): self.Sub_Composition = Sub_Composition 2810 def add_Sub_Composition(self, value): self.Sub_Composition.append(value) 2811 def insert_Sub_Composition(self, index, value): self.Sub_Composition[index] = value 2812 def get_operator(self): return self.operator 2813 def set_operator(self, operator): self.operator = operator 2814 def hasContent_(self): 2815 if ( 2816 self.Behavior_Reference or 2817 self.Action_Reference or 2818 self.Object_Reference or 2819 self.Sub_Composition 2820 ): 2821 return True 2822 else: 2823 return False 2824 def export(self, write, level, namespace_='maecBundle:', name_='CandidateIndicatorCompositionType', namespacedef_='', pretty_print=True): 2825 if pretty_print: 2826 eol_ = '\n' 2827 else: 2828 eol_ = '' 2829 showIndent(write, level, pretty_print) 2830 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 2831 already_processed = set() 2832 self.exportAttributes(write, level, already_processed, namespace_, name_='CandidateIndicatorCompositionType') 2833 if self.hasContent_(): 2834 write('>%s' % (eol_, )) 2835 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 2836 showIndent(write, level, pretty_print) 2837 write('</%s%s>%s' % (namespace_, name_, eol_)) 2838 else: 2839 write('/>%s' % (eol_, )) 2840 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='CandidateIndicatorCompositionType'): 2841 if self.operator is not None and 'operator' not in already_processed: 2842 already_processed.add('operator') 2843 write(' operator=%s' % (quote_attrib(self.operator), )) 2844 def exportChildren(self, write, level, namespace_='maecBundle:', name_='CandidateIndicatorCompositionType', fromsubclass_=False, pretty_print=True): 2845 if pretty_print: 2846 eol_ = '\n' 2847 else: 2848 eol_ = '' 2849 for Behavior_Reference_ in self.Behavior_Reference: 2850 Behavior_Reference_.export(write, level, 'maecBundle:', name_='Behavior_Reference', pretty_print=pretty_print) 2851 for Action_Reference_ in self.Action_Reference: 2852 Action_Reference_.export(write, level, 'maecBundle:', name_='Action_Reference', pretty_print=pretty_print) 2853 for Object_Reference_ in self.Object_Reference: 2854 Object_Reference_.export(write, level, 'maecBundle:', name_='Object_Reference', pretty_print=pretty_print) 2855 for Sub_Composition_ in self.Sub_Composition: 2856 Sub_Composition_.export(write, level, 'maecBundle:', name_='Sub_Composition', pretty_print=pretty_print) 2857 def build(self, node): 2858 self.__sourcenode__ = node 2859 already_processed = set() 2860 self.buildAttributes(node, node.attrib, already_processed) 2861 for child in node: 2862 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 2863 self.buildChildren(child, node, nodeName_) 2864 def buildAttributes(self, node, attrs, already_processed): 2865 value = find_attr_value_('operator', node) 2866 if value is not None and 'operator' not in already_processed: 2867 already_processed.add('operator') 2868 self.operator = value 2869 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 2870 if nodeName_ == 'Behavior_Reference': 2871 obj_ = BehaviorReferenceType.factory() 2872 obj_.build(child_) 2873 self.Behavior_Reference.append(obj_) 2874 elif nodeName_ == 'Action_Reference': 2875 obj_ = BehavioralActionReferenceType.factory() 2876 obj_.build(child_) 2877 self.set_Action_Reference(obj_) 2878 elif nodeName_ == 'Object_Reference': 2879 obj_ = ObjectReferenceType.factory() 2880 obj_.build(child_) 2881 self.Object_Reference.append(obj_) 2882 elif nodeName_ == 'Sub_Composition': 2883 obj_ = CandidateIndicatorCompositionType.factory() 2884 obj_.build(child_) 2885 self.Sub_Composition.append(obj_) 2886# end class CandidateIndicatorCompositionType 2887 2888class CandidateIndicatorCollectionType(BaseCollectionType): 2889 """The CandidateIndicatorCollectionType provides a mechanism for 2890 characterizing collections of Candidate Indicators.The id field 2891 specifies a unique ID for this Candidate Indicator Collection. 2892 The ID must follow the pattern defined in the 2893 CandidateIndicatorCollIDPattern simple type.""" 2894 subclass = None 2895 superclass = BaseCollectionType 2896 def __init__(self, name=None, Affinity_Type=None, Affinity_Degree=None, Description=None, id=None, Candidate_Indicator_List=None): 2897 super(CandidateIndicatorCollectionType, self).__init__(name, Affinity_Type, Affinity_Degree, Description, ) 2898 self.id = _cast(None, id) 2899 self.Candidate_Indicator_List = Candidate_Indicator_List 2900 def factory(*args_, **kwargs_): 2901 if CandidateIndicatorCollectionType.subclass: 2902 return CandidateIndicatorCollectionType.subclass(*args_, **kwargs_) 2903 else: 2904 return CandidateIndicatorCollectionType(*args_, **kwargs_) 2905 factory = staticmethod(factory) 2906 def get_Candidate_Indicator_List(self): return self.Candidate_Indicator_List 2907 def set_Candidate_Indicator_List(self, Candidate_Indicator_List): self.Candidate_Indicator_List = Candidate_Indicator_List 2908 def get_id(self): return self.id 2909 def set_id(self, id): self.id = id 2910 def hasContent_(self): 2911 if ( 2912 self.Candidate_Indicator_List is not None or 2913 super(CandidateIndicatorCollectionType, self).hasContent_() 2914 ): 2915 return True 2916 else: 2917 return False 2918 def export(self, write, level, namespace_='maecBundle:', name_='CandidateIndicatorCollectionType', namespacedef_='', pretty_print=True): 2919 if pretty_print: 2920 eol_ = '\n' 2921 else: 2922 eol_ = '' 2923 showIndent(write, level, pretty_print) 2924 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 2925 already_processed = set() 2926 self.exportAttributes(write, level, already_processed, namespace_, name_='CandidateIndicatorCollectionType') 2927 if self.hasContent_(): 2928 write('>%s' % (eol_, )) 2929 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 2930 showIndent(write, level, pretty_print) 2931 write('</%s%s>%s' % (namespace_, name_, eol_)) 2932 else: 2933 write('/>%s' % (eol_, )) 2934 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='CandidateIndicatorCollectionType'): 2935 super(CandidateIndicatorCollectionType, self).exportAttributes(write, level, already_processed, namespace_, name_='CandidateIndicatorCollectionType') 2936 if self.id is not None and 'id' not in already_processed: 2937 already_processed.add('id') 2938 write(' id=%s' % (quote_attrib(self.id), )) 2939 def exportChildren(self, write, level, namespace_='maecBundle:', name_='CandidateIndicatorCollectionType', fromsubclass_=False, pretty_print=True): 2940 super(CandidateIndicatorCollectionType, self).exportChildren(write, level, 'maecBundle:', name_, True, pretty_print=pretty_print) 2941 if pretty_print: 2942 eol_ = '\n' 2943 else: 2944 eol_ = '' 2945 if self.Candidate_Indicator_List is not None: 2946 self.Candidate_Indicator_List.export(write, level, 'maecBundle:', name_='Candidate_Indicator_List', pretty_print=pretty_print) 2947 def build(self, node): 2948 self.__sourcenode__ = node 2949 already_processed = set() 2950 self.buildAttributes(node, node.attrib, already_processed) 2951 for child in node: 2952 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 2953 self.buildChildren(child, node, nodeName_) 2954 def buildAttributes(self, node, attrs, already_processed): 2955 value = find_attr_value_('id', node) 2956 if value is not None and 'id' not in already_processed: 2957 already_processed.add('id') 2958 self.id = value 2959 super(CandidateIndicatorCollectionType, self).buildAttributes(node, attrs, already_processed) 2960 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 2961 if nodeName_ == 'Candidate_Indicator_List': 2962 obj_ = CandidateIndicatorListType.factory() 2963 obj_.build(child_) 2964 self.set_Candidate_Indicator_List(obj_) 2965 super(CandidateIndicatorCollectionType, self).buildChildren(child_, node, nodeName_, True) 2966# end class CandidateIndicatorCollectionType 2967 2968class CandidateIndicatorCollectionListType(GeneratedsSuper): 2969 """The CandidateIndicatorCollectionListType captures a list of 2970 Candidate Indicators.""" 2971 subclass = None 2972 superclass = None 2973 def __init__(self, Candidate_Indicator_Collection=None): 2974 if Candidate_Indicator_Collection is None: 2975 self.Candidate_Indicator_Collection = [] 2976 else: 2977 self.Candidate_Indicator_Collection = Candidate_Indicator_Collection 2978 def factory(*args_, **kwargs_): 2979 if CandidateIndicatorCollectionListType.subclass: 2980 return CandidateIndicatorCollectionListType.subclass(*args_, **kwargs_) 2981 else: 2982 return CandidateIndicatorCollectionListType(*args_, **kwargs_) 2983 factory = staticmethod(factory) 2984 def get_Candidate_Indicator_Collection(self): return self.Candidate_Indicator_Collection 2985 def set_Candidate_Indicator_Collection(self, Candidate_Indicator_Collection): self.Candidate_Indicator_Collection = Candidate_Indicator_Collection 2986 def add_Candidate_Indicator_Collection(self, value): self.Candidate_Indicator_Collection.append(value) 2987 def insert_Candidate_Indicator_Collection(self, index, value): self.Candidate_Indicator_Collection[index] = value 2988 def hasContent_(self): 2989 if ( 2990 self.Candidate_Indicator_Collection 2991 ): 2992 return True 2993 else: 2994 return False 2995 def export(self, write, level, namespace_='maecBundle:', name_='CandidateIndicatorCollectionListType', namespacedef_='', pretty_print=True): 2996 if pretty_print: 2997 eol_ = '\n' 2998 else: 2999 eol_ = '' 3000 showIndent(write, level, pretty_print) 3001 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 3002 already_processed = set() 3003 self.exportAttributes(write, level, already_processed, namespace_, name_='CandidateIndicatorCollectionListType') 3004 if self.hasContent_(): 3005 write('>%s' % (eol_, )) 3006 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 3007 showIndent(write, level, pretty_print) 3008 write('</%s%s>%s' % (namespace_, name_, eol_)) 3009 else: 3010 write('/>%s' % (eol_, )) 3011 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='CandidateIndicatorCollectionListType'): 3012 pass 3013 def exportChildren(self, write, level, namespace_='maecBundle:', name_='CandidateIndicatorCollectionListType', fromsubclass_=False, pretty_print=True): 3014 if pretty_print: 3015 eol_ = '\n' 3016 else: 3017 eol_ = '' 3018 for Candidate_Indicator_Collection_ in self.Candidate_Indicator_Collection: 3019 Candidate_Indicator_Collection_.export(write, level, 'maecBundle:', name_='Candidate_Indicator_Collection', pretty_print=pretty_print) 3020 def build(self, node): 3021 self.__sourcenode__ = node 3022 already_processed = set() 3023 self.buildAttributes(node, node.attrib, already_processed) 3024 for child in node: 3025 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 3026 self.buildChildren(child, node, nodeName_) 3027 def buildAttributes(self, node, attrs, already_processed): 3028 pass 3029 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 3030 if nodeName_ == 'Candidate_Indicator_Collection': 3031 obj_ = CandidateIndicatorCollectionType.factory() 3032 obj_.build(child_) 3033 self.Candidate_Indicator_Collection.append(obj_) 3034# end class CandidateIndicatorCollectionListType 3035 3036class BehaviorCollectionListType(GeneratedsSuper): 3037 """The BehaviorCollectionListType captures a list of Behaviors 3038 Collections.""" 3039 subclass = None 3040 superclass = None 3041 def __init__(self, Behavior_Collection=None): 3042 if Behavior_Collection is None: 3043 self.Behavior_Collection = [] 3044 else: 3045 self.Behavior_Collection = Behavior_Collection 3046 def factory(*args_, **kwargs_): 3047 if BehaviorCollectionListType.subclass: 3048 return BehaviorCollectionListType.subclass(*args_, **kwargs_) 3049 else: 3050 return BehaviorCollectionListType(*args_, **kwargs_) 3051 factory = staticmethod(factory) 3052 def get_Behavior_Collection(self): return self.Behavior_Collection 3053 def set_Behavior_Collection(self, Behavior_Collection): self.Behavior_Collection = Behavior_Collection 3054 def add_Behavior_Collection(self, value): self.Behavior_Collection.append(value) 3055 def insert_Behavior_Collection(self, index, value): self.Behavior_Collection[index] = value 3056 def hasContent_(self): 3057 if ( 3058 self.Behavior_Collection 3059 ): 3060 return True 3061 else: 3062 return False 3063 def export(self, write, level, namespace_='maecBundle:', name_='BehaviorCollectionListType', namespacedef_='', pretty_print=True): 3064 if pretty_print: 3065 eol_ = '\n' 3066 else: 3067 eol_ = '' 3068 showIndent(write, level, pretty_print) 3069 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 3070 already_processed = set() 3071 self.exportAttributes(write, level, already_processed, namespace_, name_='BehaviorCollectionListType') 3072 if self.hasContent_(): 3073 write('>%s' % (eol_, )) 3074 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 3075 showIndent(write, level, pretty_print) 3076 write('</%s%s>%s' % (namespace_, name_, eol_)) 3077 else: 3078 write('/>%s' % (eol_, )) 3079 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='BehaviorCollectionListType'): 3080 pass 3081 def exportChildren(self, write, level, namespace_='maecBundle:', name_='BehaviorCollectionListType', fromsubclass_=False, pretty_print=True): 3082 if pretty_print: 3083 eol_ = '\n' 3084 else: 3085 eol_ = '' 3086 for Behavior_Collection_ in self.Behavior_Collection: 3087 Behavior_Collection_.export(write, level, 'maecBundle:', name_='Behavior_Collection', pretty_print=pretty_print) 3088 def build(self, node): 3089 self.__sourcenode__ = node 3090 already_processed = set() 3091 self.buildAttributes(node, node.attrib, already_processed) 3092 for child in node: 3093 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 3094 self.buildChildren(child, node, nodeName_) 3095 def buildAttributes(self, node, attrs, already_processed): 3096 pass 3097 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 3098 if nodeName_ == 'Behavior_Collection': 3099 obj_ = BehaviorCollectionType.factory() 3100 obj_.build(child_) 3101 self.Behavior_Collection.append(obj_) 3102# end class BehaviorCollectionListType 3103 3104class ActionCollectionListType(GeneratedsSuper): 3105 """The ActionCollectionListType captures a list of Actions Collections.""" 3106 subclass = None 3107 superclass = None 3108 def __init__(self, Action_Collection=None): 3109 if Action_Collection is None: 3110 self.Action_Collection = [] 3111 else: 3112 self.Action_Collection = Action_Collection 3113 def factory(*args_, **kwargs_): 3114 if ActionCollectionListType.subclass: 3115 return ActionCollectionListType.subclass(*args_, **kwargs_) 3116 else: 3117 return ActionCollectionListType(*args_, **kwargs_) 3118 factory = staticmethod(factory) 3119 def get_Action_Collection(self): return self.Action_Collection 3120 def set_Action_Collection(self, Action_Collection): self.Action_Collection = Action_Collection 3121 def add_Action_Collection(self, value): self.Action_Collection.append(value) 3122 def insert_Action_Collection(self, index, value): self.Action_Collection[index] = value 3123 def hasContent_(self): 3124 if ( 3125 self.Action_Collection 3126 ): 3127 return True 3128 else: 3129 return False 3130 def export(self, write, level, namespace_='maecBundle:', name_='ActionCollectionListType', namespacedef_='', pretty_print=True): 3131 if pretty_print: 3132 eol_ = '\n' 3133 else: 3134 eol_ = '' 3135 showIndent(write, level, pretty_print) 3136 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 3137 already_processed = set() 3138 self.exportAttributes(write, level, already_processed, namespace_, name_='ActionCollectionListType') 3139 if self.hasContent_(): 3140 write('>%s' % (eol_, )) 3141 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 3142 showIndent(write, level, pretty_print) 3143 write('</%s%s>%s' % (namespace_, name_, eol_)) 3144 else: 3145 write('/>%s' % (eol_, )) 3146 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='ActionCollectionListType'): 3147 pass 3148 def exportChildren(self, write, level, namespace_='maecBundle:', name_='ActionCollectionListType', fromsubclass_=False, pretty_print=True): 3149 if pretty_print: 3150 eol_ = '\n' 3151 else: 3152 eol_ = '' 3153 for Action_Collection_ in self.Action_Collection: 3154 Action_Collection_.export(write, level, 'maecBundle:', name_='Action_Collection', pretty_print=pretty_print) 3155 def build(self, node): 3156 self.__sourcenode__ = node 3157 already_processed = set() 3158 self.buildAttributes(node, node.attrib, already_processed) 3159 for child in node: 3160 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 3161 self.buildChildren(child, node, nodeName_) 3162 def buildAttributes(self, node, attrs, already_processed): 3163 pass 3164 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 3165 if nodeName_ == 'Action_Collection': 3166 obj_ = ActionCollectionType.factory() 3167 obj_.build(child_) 3168 self.Action_Collection.append(obj_) 3169# end class ActionCollectionListType 3170 3171class ObjectCollectionListType(GeneratedsSuper): 3172 """The ObjectCollectionListType captures a list of Object Collections.""" 3173 subclass = None 3174 superclass = None 3175 def __init__(self, Object_Collection=None): 3176 if Object_Collection is None: 3177 self.Object_Collection = [] 3178 else: 3179 self.Object_Collection = Object_Collection 3180 def factory(*args_, **kwargs_): 3181 if ObjectCollectionListType.subclass: 3182 return ObjectCollectionListType.subclass(*args_, **kwargs_) 3183 else: 3184 return ObjectCollectionListType(*args_, **kwargs_) 3185 factory = staticmethod(factory) 3186 def get_Object_Collection(self): return self.Object_Collection 3187 def set_Object_Collection(self, Object_Collection): self.Object_Collection = Object_Collection 3188 def add_Object_Collection(self, value): self.Object_Collection.append(value) 3189 def insert_Object_Collection(self, index, value): self.Object_Collection[index] = value 3190 def hasContent_(self): 3191 if ( 3192 self.Object_Collection 3193 ): 3194 return True 3195 else: 3196 return False 3197 def export(self, write, level, namespace_='maecBundle:', name_='ObjectCollectionListType', namespacedef_='', pretty_print=True): 3198 if pretty_print: 3199 eol_ = '\n' 3200 else: 3201 eol_ = '' 3202 showIndent(write, level, pretty_print) 3203 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 3204 already_processed = set() 3205 self.exportAttributes(write, level, already_processed, namespace_, name_='ObjectCollectionListType') 3206 if self.hasContent_(): 3207 write('>%s' % (eol_, )) 3208 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 3209 showIndent(write, level, pretty_print) 3210 write('</%s%s>%s' % (namespace_, name_, eol_)) 3211 else: 3212 write('/>%s' % (eol_, )) 3213 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='ObjectCollectionListType'): 3214 pass 3215 def exportChildren(self, write, level, namespace_='maecBundle:', name_='ObjectCollectionListType', fromsubclass_=False, pretty_print=True): 3216 if pretty_print: 3217 eol_ = '\n' 3218 else: 3219 eol_ = '' 3220 for Object_Collection_ in self.Object_Collection: 3221 Object_Collection_.export(write, level, 'maecBundle:', name_='Object_Collection', pretty_print=pretty_print) 3222 def build(self, node): 3223 self.__sourcenode__ = node 3224 already_processed = set() 3225 self.buildAttributes(node, node.attrib, already_processed) 3226 for child in node: 3227 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 3228 self.buildChildren(child, node, nodeName_) 3229 def buildAttributes(self, node, attrs, already_processed): 3230 pass 3231 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 3232 if nodeName_ == 'Object_Collection': 3233 obj_ = ObjectCollectionType.factory() 3234 obj_.build(child_) 3235 self.Object_Collection.append(obj_) 3236# end class ObjectCollectionListType 3237 3238class AVClassificationType(cybox_common.ToolInformationType): 3239 """The AVClassificationType captures information on AV scanner 3240 classifications for the malware instance object captured in the 3241 Bundle or Package.""" 3242 subclass = None 3243 superclass = cybox_common.ToolInformationType 3244 def __init__(self, idref=None, id=None, Name=None, Type=None, Description=None, References=None, Vendor=None, Version=None, Service_Pack=None, Tool_Specific_Data=None, Tool_Hashes=None, Tool_Configuration=None, Execution_Environment=None, Errors=None, Metadata=None, Engine_Version=None, Definition_Version=None, Classification_Name=None): 3245 super(AVClassificationType, self).__init__(idref, id, Name, Type, Description, References, Vendor, Version, Service_Pack, Tool_Specific_Data, Tool_Hashes, Tool_Configuration, Execution_Environment, Errors, Metadata, ) 3246 self.Engine_Version = Engine_Version 3247 self.Definition_Version = Definition_Version 3248 self.Classification_Name = Classification_Name 3249 def factory(*args_, **kwargs_): 3250 if AVClassificationType.subclass: 3251 return AVClassificationType.subclass(*args_, **kwargs_) 3252 else: 3253 return AVClassificationType(*args_, **kwargs_) 3254 factory = staticmethod(factory) 3255 def get_Engine_Version(self): return self.Engine_Version 3256 def set_Engine_Version(self, Engine_Version): self.Engine_Version = Engine_Version 3257 def get_Definition_Version(self): return self.Definition_Version 3258 def set_Definition_Version(self, Definition_Version): self.Definition_Version = Definition_Version 3259 def get_Classification_Name(self): return self.Classification_Name 3260 def set_Classification_Name(self, Classification_Name): self.Classification_Name = Classification_Name 3261 def hasContent_(self): 3262 if ( 3263 self.Engine_Version is not None or 3264 self.Definition_Version is not None or 3265 self.Classification_Name is not None or 3266 super(AVClassificationType, self).hasContent_() 3267 ): 3268 return True 3269 else: 3270 return False 3271 def export(self, write, level, namespace_='maecBundle:', name_='AVClassificationType', namespacedef_='', pretty_print=True): 3272 if pretty_print: 3273 eol_ = '\n' 3274 else: 3275 eol_ = '' 3276 showIndent(write, level, pretty_print) 3277 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 3278 already_processed = set() 3279 self.exportAttributes(write, level, already_processed, namespace_, name_='AVClassificationType') 3280 if self.hasContent_(): 3281 write('>%s' % (eol_, )) 3282 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 3283 showIndent(write, level, pretty_print) 3284 write('</%s%s>%s' % (namespace_, name_, eol_)) 3285 else: 3286 write('/>%s' % (eol_, )) 3287 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='AVClassificationType'): 3288 super(AVClassificationType, self).exportAttributes(write, level, already_processed, namespace_, name_='AVClassificationType') 3289 def exportChildren(self, write, level, namespace_='maecBundle:', name_='AVClassificationType', fromsubclass_=False, pretty_print=True): 3290 super(AVClassificationType, self).exportChildren(write, level, 'maecBundle:', name_, True, pretty_print=pretty_print) 3291 if pretty_print: 3292 eol_ = '\n' 3293 else: 3294 eol_ = '' 3295 if self.Engine_Version is not None: 3296 showIndent(write, level, pretty_print) 3297 write('<%sEngine_Version>%s</%sEngine_Version>%s' % ('maecBundle:', quote_xml(self.Engine_Version), 'maecBundle:', eol_)) 3298 if self.Definition_Version is not None: 3299 showIndent(write, level, pretty_print) 3300 write('<%sDefinition_Version>%s</%sDefinition_Version>%s' % ('maecBundle:', quote_xml(self.Definition_Version), 'maecBundle:', eol_)) 3301 if self.Classification_Name is not None: 3302 showIndent(write, level, pretty_print) 3303 write('<%sClassification_Name>%s</%sClassification_Name>%s' % ('maecBundle:', quote_xml(self.Classification_Name), 'maecBundle:', eol_)) 3304 def build(self, node): 3305 self.__sourcenode__ = node 3306 already_processed = set() 3307 self.buildAttributes(node, node.attrib, already_processed) 3308 for child in node: 3309 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 3310 self.buildChildren(child, node, nodeName_) 3311 def buildAttributes(self, node, attrs, already_processed): 3312 super(AVClassificationType, self).buildAttributes(node, attrs, already_processed) 3313 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 3314 if nodeName_ == 'Engine_Version': 3315 Engine_Version_ = child_.text 3316 Engine_Version_ = self.gds_validate_string(Engine_Version_, node, 'Engine_Version') 3317 self.Engine_Version = Engine_Version_ 3318 elif nodeName_ == 'Definition_Version': 3319 Definition_Version_ = child_.text 3320 Definition_Version_ = self.gds_validate_string(Definition_Version_, node, 'Definition_Version') 3321 self.Definition_Version = Definition_Version_ 3322 elif nodeName_ == 'Classification_Name': 3323 Classification_Name_ = child_.text 3324 Classification_Name_ = self.gds_validate_string(Classification_Name_, node, 'Classification_Name') 3325 self.Classification_Name = Classification_Name_ 3326 super(AVClassificationType, self).buildChildren(child_, node, nodeName_, True) 3327# end class AVClassificationType 3328 3329class ProcessTreeNodeType(process_object.ProcessObjectType): 3330 """The ProcessTreeNodeType captures a single process, or node, in the 3331 process tree. It imports and extends the process_object.ProcessObjectType from 3332 the CybOX Process Object.The required id field specifies a 3333 unique ID for the Process Node. The ID must follow the pattern 3334 defined in the ProcessTreeNodeIDPattern simple type.The 3335 parent_action_idref field specifies the id of the action that 3336 created or injected this process.""" 3337 subclass = None 3338 superclass = process_object.ProcessObjectType 3339 def __init__(self, object_reference=None, Custom_Properties=None, is_hidden=None, PID=None, Name=None, Creation_Time=None, Parent_PID=None, Child_PID_List=None, Image_Info=None, Argument_List=None, Environment_Variable_List=None, Kernel_Time=None, Port_List=None, Network_Connection_List=None, Start_Time=None, Status=None, Username=None, User_Time=None, Extracted_Features=None, id=None, parent_action_idref=None, ordinal_position=None, Initiated_Actions=None, Spawned_Process=None, Injected_Process=None): 3340 super(ProcessTreeNodeType, self).__init__(object_reference, Custom_Properties, is_hidden, PID, Name, Creation_Time, Parent_PID, Child_PID_List, Image_Info, Argument_List, Environment_Variable_List, Kernel_Time, Port_List, Network_Connection_List, Start_Time, Status, Username, User_Time, Extracted_Features, ) 3341 self.id = _cast(None, id) 3342 self.parent_action_idref = _cast(None, parent_action_idref) 3343 self.ordinal_position = ordinal_position 3344 self.Initiated_Actions = Initiated_Actions 3345 if Spawned_Process is None: 3346 self.Spawned_Process = [] 3347 else: 3348 self.Spawned_Process = Spawned_Process 3349 if Injected_Process is None: 3350 self.Injected_Process = [] 3351 else: 3352 self.Injected_Process = Injected_Process 3353 def factory(*args_, **kwargs_): 3354 if ProcessTreeNodeType.subclass: 3355 return ProcessTreeNodeType.subclass(*args_, **kwargs_) 3356 else: 3357 return ProcessTreeNodeType(*args_, **kwargs_) 3358 factory = staticmethod(factory) 3359 def get_Initiated_Actions(self): return self.Initiated_Actions 3360 def set_Initiated_Actions(self, Initiated_Actions): self.Initiated_Actions = Initiated_Actions 3361 def get_Spawned_Process(self): return self.Spawned_Process 3362 def set_Spawned_Process(self, Spawned_Process): self.Spawned_Process = Spawned_Process 3363 def add_Spawned_Process(self, value): self.Spawned_Process.append(value) 3364 def insert_Spawned_Process(self, index, value): self.Spawned_Process[index] = value 3365 def get_Injected_Process(self): return self.Injected_Process 3366 def set_Injected_Process(self, Injected_Process): self.Injected_Process = Injected_Process 3367 def add_Injected_Process(self, value): self.Injected_Process.append(value) 3368 def insert_Injected_Process(self, index, value): self.Injected_Process[index] = value 3369 def get_id(self): return self.id 3370 def set_id(self, id): self.id = id 3371 def get_parent_action_idref(self): return self.parent_action_idref 3372 def set_parent_action_idref(self, parent_action_idref): self.parent_action_idref = parent_action_idref 3373 def get_ordinal_position(self): return self.ordinal_position 3374 def set_ordinal_position(self, ordinal_position): self.ordinal_position = ordinal_position 3375 def hasContent_(self): 3376 if ( 3377 self.Initiated_Actions is not None or 3378 self.Spawned_Process or 3379 self.Injected_Process or 3380 super(ProcessTreeNodeType, self).hasContent_() 3381 ): 3382 return True 3383 else: 3384 return False 3385 def export(self, write, level, namespace_='maecBundle:', name_='ProcessTreeNodeType', namespacedef_='', pretty_print=True): 3386 if pretty_print: 3387 eol_ = '\n' 3388 else: 3389 eol_ = '' 3390 showIndent(write, level, pretty_print) 3391 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 3392 already_processed = set() 3393 self.exportAttributes(write, level, already_processed, namespace_, name_='ProcessTreeNodeType') 3394 if self.hasContent_(): 3395 write('>%s' % (eol_, )) 3396 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 3397 showIndent(write, level, pretty_print) 3398 write('</%s%s>%s' % (namespace_, name_, eol_)) 3399 else: 3400 write('/>%s' % (eol_, )) 3401 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='ProcessTreeNodeType'): 3402 super(ProcessTreeNodeType, self).exportAttributes(write, level, already_processed, namespace_, name_='ProcessTreeNodeType') 3403 if self.id is not None and 'id' not in already_processed: 3404 already_processed.add('id') 3405 write(' id=%s' % (quote_attrib(self.id), )) 3406 if self.parent_action_idref is not None and 'parent_action_idref' not in already_processed: 3407 already_processed.add('parent_action_idref') 3408 write(' parent_action_idref=%s' % (quote_attrib(self.parent_action_idref), )) 3409 if self.ordinal_position is not None and 'ordinal_position' not in already_processed: 3410 already_processed.add('ordinal_position') 3411 write(' ordinal_position=%s' % (quote_attrib(self.ordinal_position), )) 3412 def exportChildren(self, write, level, namespace_='maecBundle:', name_='ProcessTreeNodeType', fromsubclass_=False, pretty_print=True): 3413 super(ProcessTreeNodeType, self).exportChildren(write, level, 'maecBundle:', name_, True, pretty_print=pretty_print) 3414 if pretty_print: 3415 eol_ = '\n' 3416 else: 3417 eol_ = '' 3418 if self.Initiated_Actions is not None: 3419 self.Initiated_Actions.export(write, level, 'maecBundle:', name_='Initiated_Actions', pretty_print=pretty_print) 3420 for Spawned_Process_ in self.Spawned_Process: 3421 Spawned_Process_.export(write, level, 'maecBundle:', name_='Spawned_Process', pretty_print=pretty_print) 3422 for Injected_Process_ in self.Injected_Process: 3423 Injected_Process_.export(write, level, 'maecBundle:', name_='Injected_Process', pretty_print=pretty_print) 3424 def build(self, node): 3425 self.__sourcenode__ = node 3426 already_processed = set() 3427 self.buildAttributes(node, node.attrib, already_processed) 3428 for child in node: 3429 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 3430 self.buildChildren(child, node, nodeName_) 3431 def buildAttributes(self, node, attrs, already_processed): 3432 value = find_attr_value_('id', node) 3433 if value is not None and 'id' not in already_processed: 3434 already_processed.add('id') 3435 self.id = value 3436 value = find_attr_value_('parent_action_idref', node) 3437 if value is not None and 'parent_action_idref' not in already_processed: 3438 already_processed.add('parent_action_idref') 3439 self.parent_action_idref = value 3440 value = find_attr_value_('ordinal_position', node) 3441 if value is not None and 'ordinal_position' not in already_processed: 3442 already_processed.add('ordinal_position') 3443 self.ordinal_position = value 3444 super(ProcessTreeNodeType, self).buildAttributes(node, attrs, already_processed) 3445 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 3446 if nodeName_ == 'Initiated_Actions': 3447 obj_ = ActionReferenceListType.factory() 3448 obj_.build(child_) 3449 self.set_Initiated_Actions(obj_) 3450 elif nodeName_ == 'Spawned_Process': 3451 obj_ = ProcessTreeNodeType.factory() 3452 obj_.build(child_) 3453 self.Spawned_Process.append(obj_) 3454 elif nodeName_ == 'Injected_Process': 3455 obj_ = ProcessTreeNodeType.factory() 3456 obj_.build(child_) 3457 self.Injected_Process.append(obj_) 3458 super(ProcessTreeNodeType, self).buildChildren(child_, node, nodeName_, True) 3459# end class ProcessTreeNodeType 3460 3461class BehavioralActionReferenceType(cybox_core.ActionReferenceType): 3462 """The BehavioralActionReferenceType defines an action reference that 3463 can be used as part of a Behavior.The behavioral_ordering field 3464 defines the ordering of the Action with respect to the other 3465 Actions that make up the Behavior. For example, an Action with a 3466 behavioral_ordering of "1" would come before an Action with a 3467 behavioral_ordering of "2", etc.""" 3468 subclass = None 3469 superclass = cybox_core.ActionReferenceType 3470 def __init__(self, action_id=None, behavioral_ordering=None): 3471 super(BehavioralActionReferenceType, self).__init__(action_id, ) 3472 self.behavioral_ordering = _cast(int, behavioral_ordering) 3473 pass 3474 def factory(*args_, **kwargs_): 3475 if BehavioralActionReferenceType.subclass: 3476 return BehavioralActionReferenceType.subclass(*args_, **kwargs_) 3477 else: 3478 return BehavioralActionReferenceType(*args_, **kwargs_) 3479 factory = staticmethod(factory) 3480 def get_behavioral_ordering(self): return self.behavioral_ordering 3481 def set_behavioral_ordering(self, behavioral_ordering): self.behavioral_ordering = behavioral_ordering 3482 def hasContent_(self): 3483 if ( 3484 super(BehavioralActionReferenceType, self).hasContent_() 3485 ): 3486 return True 3487 else: 3488 return False 3489 def export(self, write, level, namespace_='maecBundle:', name_='BehavioralActionReferenceType', namespacedef_='', pretty_print=True): 3490 if pretty_print: 3491 eol_ = '\n' 3492 else: 3493 eol_ = '' 3494 showIndent(write, level, pretty_print) 3495 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 3496 already_processed = set() 3497 self.exportAttributes(write, level, already_processed, namespace_, name_='BehavioralActionReferenceType') 3498 if self.hasContent_(): 3499 write('>%s' % (eol_, )) 3500 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 3501 write('</%s%s>%s' % (namespace_, name_, eol_)) 3502 else: 3503 write('/>%s' % (eol_, )) 3504 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='BehavioralActionReferenceType'): 3505 super(BehavioralActionReferenceType, self).exportAttributes(write, level, already_processed, namespace_, name_='BehavioralActionReferenceType') 3506 if self.behavioral_ordering is not None and 'behavioral_ordering' not in already_processed: 3507 already_processed.add('behavioral_ordering') 3508 write(' behavioral_ordering="%s"' % self.gds_format_integer(self.behavioral_ordering, input_name='behavioral_ordering')) 3509 def exportChildren(self, write, level, namespace_='maecBundle:', name_='BehavioralActionReferenceType', fromsubclass_=False, pretty_print=True): 3510 super(BehavioralActionReferenceType, self).exportChildren(write, level, 'maecBundle:', name_, True, pretty_print=pretty_print) 3511 pass 3512 def build(self, node): 3513 self.__sourcenode__ = node 3514 already_processed = set() 3515 self.buildAttributes(node, node.attrib, already_processed) 3516 for child in node: 3517 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 3518 self.buildChildren(child, node, nodeName_) 3519 def buildAttributes(self, node, attrs, already_processed): 3520 value = find_attr_value_('behavioral_ordering', node) 3521 if value is not None and 'behavioral_ordering' not in already_processed: 3522 already_processed.add('behavioral_ordering') 3523 try: 3524 self.behavioral_ordering = int(value) 3525 except ValueError as exp: 3526 raise_parse_error(node, 'Bad integer attribute: %s' % exp) 3527 if self.behavioral_ordering <= 0: 3528 raise_parse_error(node, 'Invalid PositiveInteger') 3529 super(BehavioralActionReferenceType, self).buildAttributes(node, attrs, already_processed) 3530 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 3531 super(BehavioralActionReferenceType, self).buildChildren(child_, node, nodeName_, True) 3532 pass 3533# end class BehavioralActionReferenceType 3534 3535class ObjectCollectionType(BaseCollectionType): 3536 """The ObjectCollectionType provides a mechanism for characterizing 3537 collections of Objects. For instance, it can be used to group 3538 all of the Objects that are associated with a specific 3539 behavior.The id attribute specifies a unique ID for this Object 3540 Collection. The ID must follow the pattern defined in the 3541 ObjectCollIDPattern simple type.""" 3542 subclass = None 3543 superclass = BaseCollectionType 3544 def __init__(self, name=None, Affinity_Type=None, Affinity_Degree=None, Description=None, id=None, Object_List=None): 3545 super(ObjectCollectionType, self).__init__(name, Affinity_Type, Affinity_Degree, Description, ) 3546 self.id = _cast(None, id) 3547 self.Object_List = Object_List 3548 def factory(*args_, **kwargs_): 3549 if ObjectCollectionType.subclass: 3550 return ObjectCollectionType.subclass(*args_, **kwargs_) 3551 else: 3552 return ObjectCollectionType(*args_, **kwargs_) 3553 factory = staticmethod(factory) 3554 def get_Object_List(self): return self.Object_List 3555 def set_Object_List(self, Object_List): self.Object_List = Object_List 3556 def get_id(self): return self.id 3557 def set_id(self, id): self.id = id 3558 def hasContent_(self): 3559 if ( 3560 self.Object_List is not None or 3561 super(ObjectCollectionType, self).hasContent_() 3562 ): 3563 return True 3564 else: 3565 return False 3566 def export(self, write, level, namespace_='maecBundle:', name_='ObjectCollectionType', namespacedef_='', pretty_print=True): 3567 if pretty_print: 3568 eol_ = '\n' 3569 else: 3570 eol_ = '' 3571 showIndent(write, level, pretty_print) 3572 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 3573 already_processed = set() 3574 self.exportAttributes(write, level, already_processed, namespace_, name_='ObjectCollectionType') 3575 if self.hasContent_(): 3576 write('>%s' % (eol_, )) 3577 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 3578 showIndent(write, level, pretty_print) 3579 write('</%s%s>%s' % (namespace_, name_, eol_)) 3580 else: 3581 write('/>%s' % (eol_, )) 3582 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='ObjectCollectionType'): 3583 super(ObjectCollectionType, self).exportAttributes(write, level, already_processed, namespace_, name_='ObjectCollectionType') 3584 if self.id is not None and 'id' not in already_processed: 3585 already_processed.add('id') 3586 write(' id=%s' % (quote_attrib(self.id), )) 3587 def exportChildren(self, write, level, namespace_='maecBundle:', name_='ObjectCollectionType', fromsubclass_=False, pretty_print=True): 3588 super(ObjectCollectionType, self).exportChildren(write, level, 'maecBundle:', name_, True, pretty_print=pretty_print) 3589 if pretty_print: 3590 eol_ = '\n' 3591 else: 3592 eol_ = '' 3593 if self.Object_List is not None: 3594 self.Object_List.export(write, level, 'maecBundle:', name_='Object_List', pretty_print=pretty_print) 3595 def build(self, node): 3596 self.__sourcenode__ = node 3597 already_processed = set() 3598 self.buildAttributes(node, node.attrib, already_processed) 3599 for child in node: 3600 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 3601 self.buildChildren(child, node, nodeName_) 3602 def buildAttributes(self, node, attrs, already_processed): 3603 value = find_attr_value_('id', node) 3604 if value is not None and 'id' not in already_processed: 3605 already_processed.add('id') 3606 self.id = value 3607 super(ObjectCollectionType, self).buildAttributes(node, attrs, already_processed) 3608 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 3609 if nodeName_ == 'Object_List': 3610 obj_ = ObjectListType.factory() 3611 obj_.build(child_) 3612 self.set_Object_List(obj_) 3613 super(ObjectCollectionType, self).buildChildren(child_, node, nodeName_, True) 3614# end class ObjectCollectionType 3615 3616class ActionCollectionType(BaseCollectionType): 3617 """The ActionCollectionType provides a method for characterizing 3618 collections of actions. This can be useful for organizing 3619 actions that may be related and where the exact relationship is 3620 unknown, as well as actions whose associated behavior has not 3621 yet been established.The id field specifies a unique ID for this 3622 Action Collection. The ID must follow the pattern defined in the 3623 ActionCollIDPattern simple type.""" 3624 subclass = None 3625 superclass = BaseCollectionType 3626 def __init__(self, name=None, Affinity_Type=None, Affinity_Degree=None, Description=None, id=None, Action_List=None): 3627 super(ActionCollectionType, self).__init__(name, Affinity_Type, Affinity_Degree, Description, ) 3628 self.id = _cast(None, id) 3629 self.Action_List = Action_List 3630 def factory(*args_, **kwargs_): 3631 if ActionCollectionType.subclass: 3632 return ActionCollectionType.subclass(*args_, **kwargs_) 3633 else: 3634 return ActionCollectionType(*args_, **kwargs_) 3635 factory = staticmethod(factory) 3636 def get_Action_List(self): return self.Action_List 3637 def set_Action_List(self, Action_List): self.Action_List = Action_List 3638 def get_id(self): return self.id 3639 def set_id(self, id): self.id = id 3640 def hasContent_(self): 3641 if ( 3642 self.Action_List is not None or 3643 super(ActionCollectionType, self).hasContent_() 3644 ): 3645 return True 3646 else: 3647 return False 3648 def export(self, write, level, namespace_='maecBundle:', name_='ActionCollectionType', namespacedef_='', pretty_print=True): 3649 if pretty_print: 3650 eol_ = '\n' 3651 else: 3652 eol_ = '' 3653 showIndent(write, level, pretty_print) 3654 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 3655 already_processed = set() 3656 self.exportAttributes(write, level, already_processed, namespace_, name_='ActionCollectionType') 3657 if self.hasContent_(): 3658 write('>%s' % (eol_, )) 3659 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 3660 showIndent(write, level, pretty_print) 3661 write('</%s%s>%s' % (namespace_, name_, eol_)) 3662 else: 3663 write('/>%s' % (eol_, )) 3664 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='ActionCollectionType'): 3665 super(ActionCollectionType, self).exportAttributes(write, level, already_processed, namespace_, name_='ActionCollectionType') 3666 if self.id is not None and 'id' not in already_processed: 3667 already_processed.add('id') 3668 write(' id=%s' % (quote_attrib(self.id), )) 3669 def exportChildren(self, write, level, namespace_='maecBundle:', name_='ActionCollectionType', fromsubclass_=False, pretty_print=True): 3670 super(ActionCollectionType, self).exportChildren(write, level, 'maecBundle:', name_, True, pretty_print=pretty_print) 3671 if pretty_print: 3672 eol_ = '\n' 3673 else: 3674 eol_ = '' 3675 if self.Action_List is not None: 3676 self.Action_List.export(write, level, 'maecBundle:', name_='Action_List', pretty_print=pretty_print) 3677 def build(self, node): 3678 self.__sourcenode__ = node 3679 already_processed = set() 3680 self.buildAttributes(node, node.attrib, already_processed) 3681 for child in node: 3682 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 3683 self.buildChildren(child, node, nodeName_) 3684 def buildAttributes(self, node, attrs, already_processed): 3685 value = find_attr_value_('id', node) 3686 if value is not None and 'id' not in already_processed: 3687 already_processed.add('id') 3688 self.id = value 3689 super(ActionCollectionType, self).buildAttributes(node, attrs, already_processed) 3690 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 3691 if nodeName_ == 'Action_List': 3692 obj_ = ActionListType.factory() 3693 obj_.build(child_) 3694 self.set_Action_List(obj_) 3695 super(ActionCollectionType, self).buildChildren(child_, node, nodeName_, True) 3696# end class ActionCollectionType 3697 3698class BehaviorCollectionType(BaseCollectionType): 3699 """The BehaviorCollectionType provides a mechanism for characterizing 3700 collections of behaviors.The id field specifies a unique ID for 3701 this Behavior Collection. The ID must follow the pattern defined 3702 in the BehaviorCollIDPattern simple type.""" 3703 subclass = None 3704 superclass = BaseCollectionType 3705 def __init__(self, name=None, Affinity_Type=None, Affinity_Degree=None, Description=None, id=None, Purpose=None, Behavior_List=None): 3706 super(BehaviorCollectionType, self).__init__(name, Affinity_Type, Affinity_Degree, Description, ) 3707 self.id = _cast(None, id) 3708 self.Purpose = Purpose 3709 self.Behavior_List = Behavior_List 3710 def factory(*args_, **kwargs_): 3711 if BehaviorCollectionType.subclass: 3712 return BehaviorCollectionType.subclass(*args_, **kwargs_) 3713 else: 3714 return BehaviorCollectionType(*args_, **kwargs_) 3715 factory = staticmethod(factory) 3716 def get_Purpose(self): return self.Purpose 3717 def set_Purpose(self, Purpose): self.Purpose = Purpose 3718 def get_Behavior_List(self): return self.Behavior_List 3719 def set_Behavior_List(self, Behavior_List): self.Behavior_List = Behavior_List 3720 def get_id(self): return self.id 3721 def set_id(self, id): self.id = id 3722 def hasContent_(self): 3723 if ( 3724 self.Purpose is not None or 3725 self.Behavior_List is not None or 3726 super(BehaviorCollectionType, self).hasContent_() 3727 ): 3728 return True 3729 else: 3730 return False 3731 def export(self, write, level, namespace_='maecBundle:', name_='BehaviorCollectionType', namespacedef_='', pretty_print=True): 3732 if pretty_print: 3733 eol_ = '\n' 3734 else: 3735 eol_ = '' 3736 showIndent(write, level, pretty_print) 3737 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 3738 already_processed = set() 3739 self.exportAttributes(write, level, already_processed, namespace_, name_='BehaviorCollectionType') 3740 if self.hasContent_(): 3741 write('>%s' % (eol_, )) 3742 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 3743 showIndent(write, level, pretty_print) 3744 write('</%s%s>%s' % (namespace_, name_, eol_)) 3745 else: 3746 write('/>%s' % (eol_, )) 3747 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='BehaviorCollectionType'): 3748 super(BehaviorCollectionType, self).exportAttributes(write, level, already_processed, namespace_, name_='BehaviorCollectionType') 3749 if self.id is not None and 'id' not in already_processed: 3750 already_processed.add('id') 3751 write(' id=%s' % (quote_attrib(self.id), )) 3752 def exportChildren(self, write, level, namespace_='maecBundle:', name_='BehaviorCollectionType', fromsubclass_=False, pretty_print=True): 3753 super(BehaviorCollectionType, self).exportChildren(write, level, 'maecBundle:', name_, True, pretty_print=pretty_print) 3754 if pretty_print: 3755 eol_ = '\n' 3756 else: 3757 eol_ = '' 3758 if self.Purpose is not None: 3759 write('<%sPurpose>%s</%sPurpose>%s' % ('maecBundle:', quote_xml(self.Purpose), 'maecBundle:', eol_)) 3760 if self.Behavior_List is not None: 3761 self.Behavior_List.export(write, level, 'maecBundle:', name_='Behavior_List', pretty_print=pretty_print) 3762 def build(self, node): 3763 self.__sourcenode__ = node 3764 already_processed = set() 3765 self.buildAttributes(node, node.attrib, already_processed) 3766 for child in node: 3767 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 3768 self.buildChildren(child, node, nodeName_) 3769 def buildAttributes(self, node, attrs, already_processed): 3770 value = find_attr_value_('id', node) 3771 if value is not None and 'id' not in already_processed: 3772 already_processed.add('id') 3773 self.id = value 3774 super(BehaviorCollectionType, self).buildAttributes(node, attrs, already_processed) 3775 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 3776 if nodeName_ == 'Purpose': 3777 obj_ = BehaviorPurposeType.factory() 3778 obj_.build(child_) 3779 self.set_Purpose(obj_) 3780 elif nodeName_ == 'Behavior_List': 3781 obj_ = BehaviorListType.factory() 3782 obj_.build(child_) 3783 self.set_Behavior_List(obj_) 3784 super(BehaviorCollectionType, self).buildChildren(child_, node, nodeName_, True) 3785# end class BehaviorCollectionType 3786 3787class MalwareActionType(cybox_core.ActionType): 3788 """The MalwareActionType is one of the foundational MAEC types, and 3789 serves as a method for the characterization of actions found or 3790 observed in malware. Actions can be thought of as system state 3791 changes and similar operations that represent the fundamental 3792 low-level operation of malware. Some examples include the 3793 creation of a file, deletion of a registry key, and the sending 3794 of some data on a socket. It imports and extends the CybOX 3795 cybox_core.ActionType. For MAEC, the id attribute is required and must 3796 follow the proper syntax: A dash-delimited format is used with 3797 the id or idref starting with the word maec followed by a unique 3798 string, followed by the three letter code 'act', and ending with 3799 an integer.""" 3800 subclass = None 3801 superclass = cybox_core.ActionType 3802 def __init__(self, timestamp=None, action_status=None, ordinal_position=None, context=None, idref=None, id=None, Type=None, Name=None, Description=None, Action_Aliases=None, Action_Arguments=None, Discovery_Method=None, Associated_Objects=None, Relationships=None, Frequency=None, Implementation=None, extensiontype_=None): 3803 super(MalwareActionType, self).__init__(timestamp, action_status, ordinal_position, context, idref, id, Type, Name, Description, Action_Aliases, Action_Arguments, Discovery_Method, Associated_Objects, Relationships, Frequency) 3804 self.Implementation = Implementation 3805 self.extensiontype_ = extensiontype_ 3806 def factory(*args_, **kwargs_): 3807 if MalwareActionType.subclass: 3808 return MalwareActionType.subclass(*args_, **kwargs_) 3809 else: 3810 return MalwareActionType(*args_, **kwargs_) 3811 factory = staticmethod(factory) 3812 def get_Implementation(self): return self.Implementation 3813 def set_Implementation(self, Implementation): self.Implementation = Implementation 3814 def get_extensiontype_(self): return self.extensiontype_ 3815 def set_extensiontype_(self, extensiontype_): self.extensiontype_ = extensiontype_ 3816 def hasContent_(self): 3817 if ( 3818 self.Implementation is not None or 3819 super(MalwareActionType, self).hasContent_() 3820 ): 3821 return True 3822 else: 3823 return False 3824 def export(self, write, level, namespace_='maecBundle:', name_='MalwareActionType', namespacedef_='', pretty_print=True): 3825 if pretty_print: 3826 eol_ = '\n' 3827 else: 3828 eol_ = '' 3829 showIndent(write, level, pretty_print) 3830 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 3831 already_processed = set() 3832 self.exportAttributes(write, level, already_processed, namespace_, name_='MalwareActionType') 3833 if self.hasContent_(): 3834 write('>%s' % (eol_, )) 3835 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 3836 showIndent(write, level, pretty_print) 3837 write('</%s%s>%s' % (namespace_, name_, eol_)) 3838 else: 3839 write('/>%s' % (eol_, )) 3840 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='MalwareActionType'): 3841 super(MalwareActionType, self).exportAttributes(write, level, already_processed, namespace_, name_='MalwareActionType') 3842 if self.extensiontype_ is not None and 'xsi:type' not in already_processed: 3843 already_processed.add('xsi:type') 3844 write(' xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"') 3845 write(' xsi:type="%s"' % self.extensiontype_) 3846 def exportChildren(self, write, level, namespace_='maecBundle:', name_='MalwareActionType', fromsubclass_=False, pretty_print=True): 3847 super(MalwareActionType, self).exportChildren(write, level, 'maecBundle:', name_, True, pretty_print=pretty_print) 3848 if pretty_print: 3849 eol_ = '\n' 3850 else: 3851 eol_ = '' 3852 if self.Implementation is not None: 3853 self.Implementation.export(write, level, 'maecBundle:', name_='Implementation', pretty_print=pretty_print) 3854 def build(self, node): 3855 self.__sourcenode__ = node 3856 already_processed = set() 3857 self.buildAttributes(node, node.attrib, already_processed) 3858 for child in node: 3859 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 3860 self.buildChildren(child, node, nodeName_) 3861 def buildAttributes(self, node, attrs, already_processed): 3862 value = find_attr_value_('xsi:type', node) 3863 if value is not None and 'xsi:type' not in already_processed: 3864 already_processed.add('xsi:type') 3865 self.extensiontype_ = value 3866 super(MalwareActionType, self).buildAttributes(node, attrs, already_processed) 3867 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 3868 if nodeName_ == 'Implementation': 3869 obj_ = ActionImplementationType.factory() 3870 obj_.build(child_) 3871 self.set_Implementation(obj_) 3872 super(MalwareActionType, self).buildChildren(child_, node, nodeName_, True) 3873# end class MalwareActionType 3874 3875class BehavioralActionType(MalwareActionType): 3876 """The BehavioralActionType defines an Action that can be used as part 3877 of a Behavior.The behavioral_ordering field defines the ordering 3878 of the Action with respect to the other Actions that make up the 3879 behavior. So an action with a behavioral_ordering of "1" would 3880 come before an Action with a behavioral_ordering of "2", etc.""" 3881 subclass = None 3882 superclass = MalwareActionType 3883 def __init__(self, timestamp=None, action_status=None, ordinal_position=None, context=None, idref=None, id=None, Type=None, Name=None, Description=None, Action_Aliases=None, Action_Arguments=None, Discovery_Method=None, Associated_Objects=None, Relationships=None, Frequency=None, Implementation=None, behavioral_ordering=None): 3884 super(BehavioralActionType, self).__init__(timestamp, action_status, ordinal_position, context, idref, id, Type, Name, Description, Action_Aliases, Action_Arguments, Discovery_Method, Associated_Objects, Relationships, Frequency, Implementation, ) 3885 self.behavioral_ordering = _cast(int, behavioral_ordering) 3886 pass 3887 def factory(*args_, **kwargs_): 3888 if BehavioralActionType.subclass: 3889 return BehavioralActionType.subclass(*args_, **kwargs_) 3890 else: 3891 return BehavioralActionType(*args_, **kwargs_) 3892 factory = staticmethod(factory) 3893 def get_behavioral_ordering(self): return self.behavioral_ordering 3894 def set_behavioral_ordering(self, behavioral_ordering): self.behavioral_ordering = behavioral_ordering 3895 def hasContent_(self): 3896 if ( 3897 super(BehavioralActionType, self).hasContent_() 3898 ): 3899 return True 3900 else: 3901 return False 3902 def export(self, write, level, namespace_='maecBundle:', name_='BehavioralActionType', namespacedef_='', pretty_print=True): 3903 if pretty_print: 3904 eol_ = '\n' 3905 else: 3906 eol_ = '' 3907 showIndent(write, level, pretty_print) 3908 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 3909 already_processed = set() 3910 self.exportAttributes(write, level, already_processed, namespace_, name_='BehavioralActionType') 3911 if self.hasContent_(): 3912 write('>%s' % (eol_, )) 3913 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 3914 showIndent(write, level, pretty_print) 3915 write('</%s%s>%s' % (namespace_, name_, eol_)) 3916 else: 3917 write('/>%s' % (eol_, )) 3918 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='BehavioralActionType'): 3919 super(BehavioralActionType, self).exportAttributes(write, level, already_processed, namespace_, name_='BehavioralActionType') 3920 if self.behavioral_ordering is not None and 'behavioral_ordering' not in already_processed: 3921 already_processed.add('behavioral_ordering') 3922 write(' behavioral_ordering="%s"' % self.gds_format_integer(self.behavioral_ordering, input_name='behavioral_ordering')) 3923 def exportChildren(self, write, level, namespace_='maecBundle:', name_='BehavioralActionType', fromsubclass_=False, pretty_print=True): 3924 super(BehavioralActionType, self).exportChildren(write, level, 'maecBundle:', name_, True, pretty_print=pretty_print) 3925 def build(self, node): 3926 self.__sourcenode__ = node 3927 already_processed = set() 3928 self.buildAttributes(node, node.attrib, already_processed) 3929 for child in node: 3930 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 3931 self.buildChildren(child, node, nodeName_) 3932 def buildAttributes(self, node, attrs, already_processed): 3933 value = find_attr_value_('behavioral_ordering', node) 3934 if value is not None and 'behavioral_ordering' not in already_processed: 3935 already_processed.add('behavioral_ordering') 3936 try: 3937 self.behavioral_ordering = int(value) 3938 except ValueError as exp: 3939 raise_parse_error(node, 'Bad integer attribute: %s' % exp) 3940 if self.behavioral_ordering <= 0: 3941 raise_parse_error(node, 'Invalid PositiveInteger') 3942 super(BehavioralActionType, self).buildAttributes(node, attrs, already_processed) 3943 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 3944 super(BehavioralActionType, self).buildChildren(child_, node, nodeName_, True) 3945 pass 3946# end class BehavioralActionType 3947 3948class CapabilityType(GeneratedsSuper): 3949 """The CapabilityType captures details of a Capability that may be 3950 implemented in the malware instance, along with its child 3951 Strategic and Tactical Objectives.The required id field 3952 specifies a unique ID for this MAEC Capability.The name field 3953 captures the name of the Capability. It uses the 3954 MalwareCapabilityEnum-1.0 enumeration from the MAEC Vocabularies 3955 schema.""" 3956 subclass = None 3957 superclass = None 3958 def __init__(self, id=None, name=None, Description=None, Property=None, Strategic_Objective=None, Tactical_Objective=None, Behavior_Reference=None, Relationship=None): 3959 self.id = _cast(None, id) 3960 self.name = _cast(None, name) 3961 self.Description = Description 3962 if Property is None: 3963 self.Property = [] 3964 else: 3965 self.Property = Property 3966 if Strategic_Objective is None: 3967 self.Strategic_Objective = [] 3968 else: 3969 self.Strategic_Objective = Strategic_Objective 3970 if Tactical_Objective is None: 3971 self.Tactical_Objective = [] 3972 else: 3973 self.Tactical_Objective = Tactical_Objective 3974 if Behavior_Reference is None: 3975 self.Behavior_Reference = [] 3976 else: 3977 self.Behavior_Reference = Behavior_Reference 3978 if Relationship is None: 3979 self.Relationship = [] 3980 else: 3981 self.Relationship = Relationship 3982 def factory(*args_, **kwargs_): 3983 if CapabilityType.subclass: 3984 return CapabilityType.subclass(*args_, **kwargs_) 3985 else: 3986 return CapabilityType(*args_, **kwargs_) 3987 factory = staticmethod(factory) 3988 def get_Description(self): return self.Description 3989 def set_Description(self, Description): self.Description = Description 3990 def get_Property(self): return self.Property 3991 def set_Property(self, Property): self.Property = Property 3992 def add_Property(self, value): self.Property.append(value) 3993 def insert_Property(self, index, value): self.Property[index] = value 3994 def get_Strategic_Objective(self): return self.Strategic_Objective 3995 def set_Strategic_Objective(self, Strategic_Objective): self.Strategic_Objective = Strategic_Objective 3996 def add_Strategic_Objective(self, value): self.Strategic_Objective.append(value) 3997 def insert_Strategic_Objective(self, index, value): self.Strategic_Objective[index] = value 3998 def get_Tactical_Objective(self): return self.Tactical_Objective 3999 def set_Tactical_Objective(self, Tactical_Objective): self.Tactical_Objective = Tactical_Objective 4000 def add_Tactical_Objective(self, value): self.Tactical_Objective.append(value) 4001 def insert_Tactical_Objective(self, index, value): self.Tactical_Objective[index] = value 4002 def get_Behavior_Reference(self): return self.Behavior_Reference 4003 def set_Behavior_Reference(self, Behavior_Reference): self.Behavior_Reference = Behavior_Reference 4004 def add_Behavior_Reference(self, value): self.Behavior_Reference.append(value) 4005 def insert_Behavior_Reference(self, index, value): self.Behavior_Reference[index] = value 4006 def get_Relationship(self): return self.Relationship 4007 def set_Relationship(self, Relationship): self.Relationship = Relationship 4008 def add_Relationship(self, value): self.Relationship.append(value) 4009 def insert_Relationship(self, index, value): self.Relationship[index] = value 4010 def get_id(self): return self.id 4011 def set_id(self, id): self.id = id 4012 def get_name(self): return self.name 4013 def set_name(self, name): self.name = name 4014 def hasContent_(self): 4015 if ( 4016 self.Description is not None or 4017 self.Property or 4018 self.Strategic_Objective or 4019 self.Tactical_Objective or 4020 self.Behavior_Reference or 4021 self.Relationship 4022 ): 4023 return True 4024 else: 4025 return False 4026 def export(self, write, level, namespace_='maecBundle:', name_='CapabilityType', namespacedef_='', pretty_print=True): 4027 if pretty_print: 4028 eol_ = '\n' 4029 else: 4030 eol_ = '' 4031 showIndent(write, level, pretty_print) 4032 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 4033 already_processed = set() 4034 self.exportAttributes(write, level, already_processed, namespace_, name_='CapabilityType') 4035 if self.hasContent_(): 4036 write('>%s' % (eol_, )) 4037 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 4038 showIndent(write, level, pretty_print) 4039 write('</%s%s>%s' % (namespace_, name_, eol_)) 4040 else: 4041 write('/>%s' % (eol_, )) 4042 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='CapabilityType'): 4043 if self.id is not None and 'id' not in already_processed: 4044 already_processed.add('id') 4045 write(' id=%s' % (quote_attrib(self.id), )) 4046 if self.name is not None and 'name' not in already_processed: 4047 already_processed.add('name') 4048 write(' name=%s' % (quote_attrib(self.name), )) 4049 def exportChildren(self, write, level, namespace_='maecBundle:', name_='CapabilityType', fromsubclass_=False, pretty_print=True): 4050 if pretty_print: 4051 eol_ = '\n' 4052 else: 4053 eol_ = '' 4054 if self.Description is not None: 4055 showIndent(write, level, pretty_print) 4056 write('<%sDescription>%s</%sDescription>%s' % ('maecBundle:', quote_xml(self.Description), 'maecBundle:', eol_)) 4057 for Property_ in self.Property: 4058 Property_.export(write, level, 'maecBundle:', name_='Property', pretty_print=pretty_print) 4059 for Strategic_Objective_ in self.Strategic_Objective: 4060 Strategic_Objective_.export(write, level, 'maecBundle:', name_='Strategic_Objective', pretty_print=pretty_print) 4061 for Tactical_Objective_ in self.Tactical_Objective: 4062 Tactical_Objective_.export(write, level, 'maecBundle:', name_='Tactical_Objective', pretty_print=pretty_print) 4063 for Behavior_Reference_ in self.Behavior_Reference: 4064 Behavior_Reference_.export(write, level, 'maecBundle:', name_='Behavior_Reference', pretty_print=pretty_print) 4065 for Relationship_ in self.Relationship: 4066 Relationship_.export(write, level, 'maecBundle:', name_='Relationship', pretty_print=pretty_print) 4067 def build(self, node): 4068 self.__sourcenode__ = node 4069 already_processed = set() 4070 self.buildAttributes(node, node.attrib, already_processed) 4071 for child in node: 4072 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 4073 self.buildChildren(child, node, nodeName_) 4074 def buildAttributes(self, node, attrs, already_processed): 4075 value = find_attr_value_('id', node) 4076 if value is not None and 'id' not in already_processed: 4077 already_processed.add('id') 4078 self.id = value 4079 value = find_attr_value_('name', node) 4080 if value is not None and 'name' not in already_processed: 4081 already_processed.add('name') 4082 self.name = value 4083 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 4084 if nodeName_ == 'Description': 4085 Description_ = child_.text 4086 Description_ = self.gds_validate_string(Description_, node, 'Description') 4087 self.Description = Description_ 4088 elif nodeName_ == 'Property': 4089 obj_ = CapabilityPropertyType.factory() 4090 obj_.build(child_) 4091 self.Property.append(obj_) 4092 elif nodeName_ == 'Strategic_Objective': 4093 obj_ = CapabilityObjectiveType.factory() 4094 obj_.build(child_) 4095 self.Strategic_Objective.append(obj_) 4096 elif nodeName_ == 'Tactical_Objective': 4097 obj_ = CapabilityObjectiveType.factory() 4098 obj_.build(child_) 4099 self.Tactical_Objective.append(obj_) 4100 elif nodeName_ == 'Behavior_Reference': 4101 obj_ = BehaviorReferenceType.factory() 4102 obj_.build(child_) 4103 self.Behavior_Reference.append(obj_) 4104 elif nodeName_ == 'Relationship': 4105 obj_ = BehaviorRelationshipType.factory() 4106 obj_.build(child_) 4107 self.Relationship.append(obj_) 4108# end class CapabilityType 4109 4110class CapabilityListType(GeneratedsSuper): 4111 """The CapabilityListType captures a list of Capabilities.""" 4112 subclass = None 4113 superclass = None 4114 def __init__(self, Capability=None, Capability_Reference=None): 4115 if Capability is None: 4116 self.Capability = [] 4117 else: 4118 self.Capability = Capability 4119 if Capability_Reference is None: 4120 self.Capability_Reference = [] 4121 else: 4122 self.Capability_Reference = Capability_Reference 4123 def factory(*args_, **kwargs_): 4124 if CapabilityListType.subclass: 4125 return CapabilityListType.subclass(*args_, **kwargs_) 4126 else: 4127 return CapabilityListType(*args_, **kwargs_) 4128 factory = staticmethod(factory) 4129 def get_Capability(self): return self.Capability 4130 def set_Capability(self, Capability): self.Capability = Capability 4131 def add_Capability(self, value): self.Capability.append(value) 4132 def insert_Capability(self, index, value): self.Capability[index] = value 4133 def get_Capability_Reference(self): return self.Capability_Reference 4134 def set_Capability_Reference(self, Capability_Reference): self.Capability_Reference = Capability_Reference 4135 def add_Capability_Reference(self, value): self.Capability_Reference.append(value) 4136 def insert_Capability_Reference(self, index, value): self.Capability_Reference[index] = value 4137 def hasContent_(self): 4138 if ( 4139 self.Capability or 4140 self.Capability_Reference 4141 ): 4142 return True 4143 else: 4144 return False 4145 def export(self, write, level, namespace_='maecBundle:', name_='CapabilityListType', namespacedef_='', pretty_print=True): 4146 if pretty_print: 4147 eol_ = '\n' 4148 else: 4149 eol_ = '' 4150 showIndent(write, level, pretty_print) 4151 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 4152 already_processed = set() 4153 self.exportAttributes(write, level, already_processed, namespace_, name_='CapabilityListType') 4154 if self.hasContent_(): 4155 write('>%s' % (eol_, )) 4156 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 4157 showIndent(write, level, pretty_print) 4158 write('</%s%s>%s' % (namespace_, name_, eol_)) 4159 else: 4160 write('/>%s' % (eol_, )) 4161 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='CapabilityListType'): 4162 pass 4163 def exportChildren(self, write, level, namespace_='maecBundle:', name_='CapabilityListType', fromsubclass_=False, pretty_print=True): 4164 if pretty_print: 4165 eol_ = '\n' 4166 else: 4167 eol_ = '' 4168 for Capability_ in self.Capability: 4169 Capability_.export(write, level, 'maecBundle:', name_='Capability', pretty_print=pretty_print) 4170 for Capability_Reference_ in self.Capability_Reference: 4171 Capability_Reference_.export(write, level, 'maecBundle:', name_='Capability_Reference', pretty_print=pretty_print) 4172 def build(self, node): 4173 self.__sourcenode__ = node 4174 already_processed = set() 4175 self.buildAttributes(node, node.attrib, already_processed) 4176 for child in node: 4177 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 4178 self.buildChildren(child, node, nodeName_) 4179 def buildAttributes(self, node, attrs, already_processed): 4180 pass 4181 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 4182 if nodeName_ == 'Capability': 4183 obj_ = CapabilityType.factory() 4184 obj_.build(child_) 4185 self.Capability.append(obj_) 4186 elif nodeName_ == 'Capability_Reference': 4187 obj_ = CapabilityReferenceType.factory() 4188 obj_.build(child_) 4189 self.Capability_Reference.append(obj_) 4190# end class CapabilityListType 4191 4192class CapabilityReferenceType(GeneratedsSuper): 4193 """The CapabilityReferenceType serves as a method for referencing 4194 existing Capabilities contained in the MAEC document.The 4195 capability_idref field references the ID of a Capability 4196 contained inside the current MAEC document.""" 4197 subclass = None 4198 superclass = None 4199 def __init__(self, capability_idref=None): 4200 self.capability_idref = _cast(None, capability_idref) 4201 pass 4202 def factory(*args_, **kwargs_): 4203 if CapabilityReferenceType.subclass: 4204 return CapabilityReferenceType.subclass(*args_, **kwargs_) 4205 else: 4206 return CapabilityReferenceType(*args_, **kwargs_) 4207 factory = staticmethod(factory) 4208 def get_capability_idref(self): return self.capability_idref 4209 def set_capability_idref(self, capability_idref): self.capability_idref = capability_idref 4210 def hasContent_(self): 4211 if ( 4212 self.capability_idref is not None 4213 ): 4214 return True 4215 else: 4216 return False 4217 def export(self, write, level, namespace_='maecBundle:', name_='CapabilityReferenceType', namespacedef_='', pretty_print=True): 4218 if pretty_print: 4219 eol_ = '\n' 4220 else: 4221 eol_ = '' 4222 showIndent(write, level, pretty_print) 4223 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 4224 already_processed = set() 4225 self.exportAttributes(write, level, already_processed, namespace_, name_='CapabilityReferenceType') 4226 if self.hasContent_(): 4227 write('>%s' % (eol_, )) 4228 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 4229 write('</%s%s>%s' % (namespace_, name_, eol_)) 4230 else: 4231 write('/>%s' % (eol_, )) 4232 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='CapabilityReferenceType'): 4233 if self.capability_idref is not None and 'capability_idref' not in already_processed: 4234 already_processed.add('capability_idref') 4235 write(' capability_idref=%s' % (quote_attrib(self.capability_idref), )) 4236 def exportChildren(self, write, level, namespace_='maecBundle:', name_='CapabilityReferenceType', fromsubclass_=False, pretty_print=True): 4237 pass 4238 def build(self, node): 4239 self.__sourcenode__ = node 4240 already_processed = set() 4241 self.buildAttributes(node, node.attrib, already_processed) 4242 for child in node: 4243 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 4244 self.buildChildren(child, node, nodeName_) 4245 def buildAttributes(self, node, attrs, already_processed): 4246 value = find_attr_value_('capability_idref', node) 4247 if value is not None and 'capability_idref' not in already_processed: 4248 already_processed.add('capability_idref') 4249 self.capability_idref = value 4250 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 4251 pass 4252# end class CapabilityReferenceType 4253 4254class CapabilityObjectiveType(GeneratedsSuper): 4255 """The CapabilityObjectiveType captures details of a Capability 4256 Strategic or Tactical Objective may be implemented in the 4257 malware instance and its properties.The required id field 4258 specifies a unique ID for this Capability Objective.""" 4259 subclass = None 4260 superclass = None 4261 def __init__(self, id=None, Name=None, Description=None, Property=None, Behavior_Reference=None, Relationship=None): 4262 self.id = _cast(None, id) 4263 self.Name = Name 4264 self.Description = Description 4265 if Property is None: 4266 self.Property = [] 4267 else: 4268 self.Property = Property 4269 if Behavior_Reference is None: 4270 self.Behavior_Reference = [] 4271 else: 4272 self.Behavior_Reference = Behavior_Reference 4273 if Relationship is None: 4274 self.Relationship = [] 4275 else: 4276 self.Relationship = Relationship 4277 def factory(*args_, **kwargs_): 4278 if CapabilityObjectiveType.subclass: 4279 return CapabilityObjectiveType.subclass(*args_, **kwargs_) 4280 else: 4281 return CapabilityObjectiveType(*args_, **kwargs_) 4282 factory = staticmethod(factory) 4283 def get_Name(self): return self.Name 4284 def set_Name(self, Name): self.Name = Name 4285 def get_Description(self): return self.Description 4286 def set_Description(self, Description): self.Description = Description 4287 def get_Property(self): return self.Property 4288 def set_Property(self, Property): self.Property = Property 4289 def add_Property(self, value): self.Property.append(value) 4290 def insert_Property(self, index, value): self.Property[index] = value 4291 def get_Behavior_Reference(self): return self.Behavior_Reference 4292 def set_Behavior_Reference(self, Behavior_Reference): self.Behavior_Reference = Behavior_Reference 4293 def add_Behavior_Reference(self, value): self.Behavior_Reference.append(value) 4294 def insert_Behavior_Reference(self, index, value): self.Behavior_Reference[index] = value 4295 def get_Relationship(self): return self.Relationship 4296 def set_Relationship(self, Relationship): self.Relationship = Relationship 4297 def add_Relationship(self, value): self.Relationship.append(value) 4298 def insert_Relationship(self, index, value): self.Relationship[index] = value 4299 def get_id(self): return self.id 4300 def set_id(self, id): self.id = id 4301 def hasContent_(self): 4302 if ( 4303 self.Name is not None or 4304 self.Description is not None or 4305 self.Property or 4306 self.Behavior_Reference or 4307 self.Relationship 4308 ): 4309 return True 4310 else: 4311 return False 4312 def export(self, write, level, namespace_='maecBundle:', name_='CapabilityObjectiveType', namespacedef_='', pretty_print=True): 4313 if pretty_print: 4314 eol_ = '\n' 4315 else: 4316 eol_ = '' 4317 showIndent(write, level, pretty_print) 4318 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 4319 already_processed = set() 4320 self.exportAttributes(write, level, already_processed, namespace_, name_='CapabilityObjectiveType') 4321 if self.hasContent_(): 4322 write('>%s' % (eol_, )) 4323 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 4324 showIndent(write, level, pretty_print) 4325 write('</%s%s>%s' % (namespace_, name_, eol_)) 4326 else: 4327 write('/>%s' % (eol_, )) 4328 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='CapabilityObjectiveType'): 4329 if self.id is not None and 'id' not in already_processed: 4330 already_processed.add('id') 4331 write(' id=%s' % (quote_attrib(self.id), )) 4332 def exportChildren(self, write, level, namespace_='maecBundle:', name_='CapabilityObjectiveType', fromsubclass_=False, pretty_print=True): 4333 if pretty_print: 4334 eol_ = '\n' 4335 else: 4336 eol_ = '' 4337 if self.Name is not None: 4338 self.Name.export(write, level, 'maecBundle:', name_='Name', pretty_print=pretty_print) 4339 if self.Description is not None: 4340 showIndent(write, level, pretty_print) 4341 write('<%sDescription>%s</%sDescription>%s' % ('maecBundle:', quote_xml(self.Description), 'maecBundle:', eol_)) 4342 for Property_ in self.Property: 4343 Property_.export(write, level, 'maecBundle:', name_='Property', pretty_print=pretty_print) 4344 for Behavior_Reference_ in self.Behavior_Reference: 4345 Behavior_Reference_.export(write, level, 'maecBundle:', name_='Behavior_Reference', pretty_print=pretty_print) 4346 for Relationship_ in self.Relationship: 4347 Relationship_.export(write, level, 'maecBundle:', name_='Relationship', pretty_print=pretty_print) 4348 def build(self, node): 4349 self.__sourcenode__ = node 4350 already_processed = set() 4351 self.buildAttributes(node, node.attrib, already_processed) 4352 for child in node: 4353 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 4354 self.buildChildren(child, node, nodeName_) 4355 def buildAttributes(self, node, attrs, already_processed): 4356 value = find_attr_value_('id', node) 4357 if value is not None and 'id' not in already_processed: 4358 already_processed.add('id') 4359 self.id = value 4360 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 4361 if nodeName_ == 'Name': 4362 obj_ = cybox_common.ControlledVocabularyStringType.factory() 4363 obj_.build(child_) 4364 self.set_Name(obj_) 4365 elif nodeName_ == 'Description': 4366 Description_ = child_.text 4367 Description_ = self.gds_validate_string(Description_, node, 'Description') 4368 self.Description = Description_ 4369 elif nodeName_ == 'Property': 4370 obj_ = CapabilityPropertyType.factory() 4371 obj_.build(child_) 4372 self.Property.append(obj_) 4373 elif nodeName_ == 'Behavior_Reference': 4374 obj_ = BehaviorReferenceType.factory() 4375 obj_.build(child_) 4376 self.Behavior_Reference.append(obj_) 4377 elif nodeName_ == 'Relationship': 4378 obj_ = CapabilityObjectiveRelationshipType.factory() 4379 obj_.build(child_) 4380 self.Relationship.append(obj_) 4381# end class CapabilityObjectiveType 4382 4383class CapabilityRelationshipType(GeneratedsSuper): 4384 """The CapabilityObjectiveRelationshipType captures a relationship 4385 between a Capability and one or more other Capabilitys.""" 4386 subclass = None 4387 superclass = None 4388 def __init__(self, Relationship_Type=None, Capability_Reference=None): 4389 self.Relationship_Type = Relationship_Type 4390 if Capability_Reference is None: 4391 self.Capability_Reference = [] 4392 else: 4393 self.Capability_Reference = Capability_Reference 4394 def factory(*args_, **kwargs_): 4395 if CapabilityRelationshipType.subclass: 4396 return CapabilityRelationshipType.subclass(*args_, **kwargs_) 4397 else: 4398 return CapabilityRelationshipType(*args_, **kwargs_) 4399 factory = staticmethod(factory) 4400 def get_Relationship_Type(self): return self.Relationship_Type 4401 def set_Relationship_Type(self, Relationship_Type): self.Relationship_Type = Relationship_Type 4402 def get_Capability_Reference(self): return self.Capability_Reference 4403 def set_Capability_Reference(self, Capability_Reference): self.Capability_Reference = Capability_Reference 4404 def add_Capability_Reference(self, value): self.Capability_Reference.append(value) 4405 def insert_Capability_Reference(self, index, value): self.Capability_Reference[index] = value 4406 def hasContent_(self): 4407 if ( 4408 self.Relationship_Type is not None or 4409 self.Capability_Reference 4410 ): 4411 return True 4412 else: 4413 return False 4414 def export(self, write, level, namespace_='maecBundle:', name_='CapabilityRelationshipType', namespacedef_='', pretty_print=True): 4415 if pretty_print: 4416 eol_ = '\n' 4417 else: 4418 eol_ = '' 4419 showIndent(write, level, pretty_print) 4420 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 4421 already_processed = set() 4422 self.exportAttributes(write, level, already_processed, namespace_, name_='CapabilityRelationshipType') 4423 if self.hasContent_(): 4424 write('>%s' % (eol_, )) 4425 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 4426 showIndent(write, level, pretty_print) 4427 write('</%s%s>%s' % (namespace_, name_, eol_)) 4428 else: 4429 write('/>%s' % (eol_, )) 4430 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='CapabilityRelationshipType'): 4431 pass 4432 def exportChildren(self, write, level, namespace_='maecBundle:', name_='CapabilityRelationshipType', fromsubclass_=False, pretty_print=True): 4433 if pretty_print: 4434 eol_ = '\n' 4435 else: 4436 eol_ = '' 4437 if self.Relationship_Type is not None: 4438 self.Relationship_Type.export(write, level, 'maecBundle:', name_='Relationship_Type', pretty_print=pretty_print) 4439 for Capability_Reference_ in self.Capability_Reference: 4440 Capability_Reference_.export(write, level, 'maecBundle:', name_='Capability_Reference', pretty_print=pretty_print) 4441 def build(self, node): 4442 self.__sourcenode__ = node 4443 already_processed = set() 4444 self.buildAttributes(node, node.attrib, already_processed) 4445 for child in node: 4446 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 4447 self.buildChildren(child, node, nodeName_) 4448 def buildAttributes(self, node, attrs, already_processed): 4449 pass 4450 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 4451 if nodeName_ == 'Relationship_Type': 4452 obj_ = cybox_common.ControlledVocabularyStringType.factory() 4453 obj_.build(child_) 4454 self.set_Relationship_Type(obj_) 4455 elif nodeName_ == 'Capability_Reference': 4456 obj_ = CapabilityReferenceType.factory() 4457 obj_.build(child_) 4458 self.Capability_Reference.append(obj_) 4459# end class CapabilityRelationshipType 4460 4461class CapabilityObjectiveRelationshipType(GeneratedsSuper): 4462 """The CapabilityObjectiveRelationshipType captures a relationship 4463 between a Strategic or Tactical Objective and one or more other 4464 Strategic or Tactical Objectives.""" 4465 subclass = None 4466 superclass = None 4467 def __init__(self, Relationship_Type=None, Objective_Reference=None): 4468 self.Relationship_Type = Relationship_Type 4469 if Objective_Reference is None: 4470 self.Objective_Reference = [] 4471 else: 4472 self.Objective_Reference = Objective_Reference 4473 def factory(*args_, **kwargs_): 4474 if CapabilityObjectiveRelationshipType.subclass: 4475 return CapabilityObjectiveRelationshipType.subclass(*args_, **kwargs_) 4476 else: 4477 return CapabilityObjectiveRelationshipType(*args_, **kwargs_) 4478 factory = staticmethod(factory) 4479 def get_Relationship_Type(self): return self.Relationship_Type 4480 def set_Relationship_Type(self, Relationship_Type): self.Relationship_Type = Relationship_Type 4481 def get_Objective_Reference(self): return self.Objective_Reference 4482 def set_Objective_Reference(self, Objective_Reference): self.Objective_Reference = Objective_Reference 4483 def add_Objective_Reference(self, value): self.Objective_Reference.append(value) 4484 def insert_Objective_Reference(self, index, value): self.Objective_Reference[index] = value 4485 def hasContent_(self): 4486 if ( 4487 self.Relationship_Type is not None or 4488 self.Objective_Reference 4489 ): 4490 return True 4491 else: 4492 return False 4493 def export(self, write, level, namespace_='maecBundle:', name_='CapabilityObjectiveRelationshipType', namespacedef_='', pretty_print=True): 4494 if pretty_print: 4495 eol_ = '\n' 4496 else: 4497 eol_ = '' 4498 showIndent(write, level, pretty_print) 4499 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 4500 already_processed = set() 4501 self.exportAttributes(write, level, already_processed, namespace_, name_='CapabilityObjectiveRelationshipType') 4502 if self.hasContent_(): 4503 write('>%s' % (eol_, )) 4504 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 4505 showIndent(write, level, pretty_print) 4506 write('</%s%s>%s' % (namespace_, name_, eol_)) 4507 else: 4508 write('/>%s' % (eol_, )) 4509 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='CapabilityObjectiveRelationshipType'): 4510 pass 4511 def exportChildren(self, write, level, namespace_='maecBundle:', name_='CapabilityObjectiveRelationshipType', fromsubclass_=False, pretty_print=True): 4512 if pretty_print: 4513 eol_ = '\n' 4514 else: 4515 eol_ = '' 4516 if self.Relationship_Type is not None: 4517 self.Relationship_Type.export(write, level, 'maecBundle:', name_='Relationship_Type', pretty_print=pretty_print) 4518 for Objective_Reference_ in self.Objective_Reference: 4519 Objective_Reference_.export(write, level, 'maecBundle:', name_='Objective_Reference', pretty_print=pretty_print) 4520 def build(self, node): 4521 self.__sourcenode__ = node 4522 already_processed = set() 4523 self.buildAttributes(node, node.attrib, already_processed) 4524 for child in node: 4525 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 4526 self.buildChildren(child, node, nodeName_) 4527 def buildAttributes(self, node, attrs, already_processed): 4528 pass 4529 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 4530 if nodeName_ == 'Relationship_Type': 4531 obj_ = cybox_common.ControlledVocabularyStringType.factory() 4532 obj_.build(child_) 4533 self.set_Relationship_Type(obj_) 4534 elif nodeName_ == 'Objective_Reference': 4535 obj_ = CapabilityObjectiveReferenceType.factory() 4536 obj_.build(child_) 4537 self.Objective_Reference.append(obj_) 4538# end class CapabilityObjectiveRelationshipType 4539 4540class CapabilityObjectiveReferenceType(GeneratedsSuper): 4541 """The CapabilityObjectiveReferenceType serves as a method for 4542 referencing existing Capability Objectives (either Strategic or 4543 Tactical) contained in the Bundle.The objective_idref field 4544 references the ID of a Capability Objective (either Strategic or 4545 Tactical) contained inside the current MAEC document.""" 4546 subclass = None 4547 superclass = None 4548 def __init__(self, objective_idref=None): 4549 self.objective_idref = _cast(None, objective_idref) 4550 pass 4551 def factory(*args_, **kwargs_): 4552 if CapabilityObjectiveReferenceType.subclass: 4553 return CapabilityObjectiveReferenceType.subclass(*args_, **kwargs_) 4554 else: 4555 return CapabilityObjectiveReferenceType(*args_, **kwargs_) 4556 factory = staticmethod(factory) 4557 def get_objective_idref(self): return self.objective_idref 4558 def set_objective_idref(self, objective_idref): self.objective_idref = objective_idref 4559 def hasContent_(self): 4560 if ( 4561 4562 ): 4563 return True 4564 else: 4565 return False 4566 def export(self, write, level, namespace_='maecBundle:', name_='CapabilityObjectiveReferenceType', namespacedef_='', pretty_print=True): 4567 if pretty_print: 4568 eol_ = '\n' 4569 else: 4570 eol_ = '' 4571 showIndent(write, level, pretty_print) 4572 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 4573 already_processed = set() 4574 self.exportAttributes(write, level, already_processed, namespace_, name_='CapabilityObjectiveReferenceType') 4575 if self.hasContent_(): 4576 write('>%s' % (eol_, )) 4577 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 4578 write('</%s%s>%s' % (namespace_, name_, eol_)) 4579 else: 4580 write('/>%s' % (eol_, )) 4581 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='CapabilityObjectiveReferenceType'): 4582 if self.objective_idref is not None and 'objective_idref' not in already_processed: 4583 already_processed.add('objective_idref') 4584 write(' objective_idref=%s' % (quote_attrib(self.objective_idref), )) 4585 def exportChildren(self, write, level, namespace_='maecBundle:', name_='CapabilityObjectiveReferenceType', fromsubclass_=False, pretty_print=True): 4586 pass 4587 def build(self, node): 4588 self.__sourcenode__ = node 4589 already_processed = set() 4590 self.buildAttributes(node, node.attrib, already_processed) 4591 for child in node: 4592 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 4593 self.buildChildren(child, node, nodeName_) 4594 def buildAttributes(self, node, attrs, already_processed): 4595 value = find_attr_value_('objective_idref', node) 4596 if value is not None and 'objective_idref' not in already_processed: 4597 already_processed.add('objective_idref') 4598 self.objective_idref = value 4599 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 4600 pass 4601# end class CapabilityObjectiveReferenceType 4602 4603class CapabilityPropertyType(GeneratedsSuper): 4604 """The CapabilityPropertyType captures a single property of a 4605 Capability or Capability Objective.""" 4606 subclass = None 4607 superclass = None 4608 def __init__(self, Name=None, Value=None): 4609 self.Name = Name 4610 self.Value = Value 4611 def factory(*args_, **kwargs_): 4612 if CapabilityPropertyType.subclass: 4613 return CapabilityPropertyType.subclass(*args_, **kwargs_) 4614 else: 4615 return CapabilityPropertyType(*args_, **kwargs_) 4616 factory = staticmethod(factory) 4617 def get_Name(self): return self.Name 4618 def set_Name(self, Name): self.Name = Name 4619 def get_Value(self): return self.Value 4620 def set_Value(self, Value): self.Value = Value 4621 def validate_StringObjectPropertyType(self, value): 4622 # Validate type cybox_common.StringObjectPropertyType, a restriction on None. 4623 pass 4624 def hasContent_(self): 4625 if ( 4626 self.Name is not None or 4627 self.Value is not None 4628 ): 4629 return True 4630 else: 4631 return False 4632 def export(self, write, level, namespace_='maecBundle:', name_='CapabilityPropertyType', namespacedef_='', pretty_print=True): 4633 if pretty_print: 4634 eol_ = '\n' 4635 else: 4636 eol_ = '' 4637 showIndent(write, level, pretty_print) 4638 write('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 4639 already_processed = set() 4640 self.exportAttributes(write, level, already_processed, namespace_, name_='CapabilityPropertyType') 4641 if self.hasContent_(): 4642 write('>%s' % (eol_, )) 4643 self.exportChildren(write, level + 1, namespace_, name_, pretty_print=pretty_print) 4644 showIndent(write, level, pretty_print) 4645 write('</%s%s>%s' % (namespace_, name_, eol_)) 4646 else: 4647 write('/>%s' % (eol_, )) 4648 def exportAttributes(self, write, level, already_processed, namespace_='maecBundle:', name_='CapabilityPropertyType'): 4649 pass 4650 def exportChildren(self, write, level, namespace_='maecBundle:', name_='CapabilityPropertyType', fromsubclass_=False, pretty_print=True): 4651 if pretty_print: 4652 eol_ = '\n' 4653 else: 4654 eol_ = '' 4655 if self.Name is not None: 4656 self.Name.export(write, level, 'maecBundle:', name_='Name', pretty_print=pretty_print) 4657 if self.Value is not None: 4658 self.Value.export(write, level, 'maecBundle:', name_='Value', pretty_print=pretty_print) 4659 def build(self, node): 4660 self.__sourcenode__ = node 4661 already_processed = set() 4662 self.buildAttributes(node, node.attrib, already_processed) 4663 for child in node: 4664 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 4665 self.buildChildren(child, node, nodeName_) 4666 def buildAttributes(self, node, attrs, already_processed): 4667 pass 4668 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 4669 if nodeName_ == 'Name': 4670 obj_ = cybox_common.ControlledVocabularyStringType.factory() 4671 obj_.build(child_) 4672 self.set_Name(obj_) 4673 elif nodeName_ == 'Value': 4674 obj_ = cybox_common.StringObjectPropertyType.factory() 4675 obj_.build(child_) 4676 self.set_Value(obj_) 4677# end class CapabilityPropertyType 4678 4679USAGE_TEXT = """ 4680Usage: python <Parser>.py [ -s ] <in_xml_file> 4681""" 4682 4683def usage(): 4684 print(USAGE_TEXT) 4685 sys.exit(1) 4686 4687def get_root_tag(node): 4688 tag = Tag_pattern_.match(node.tag).groups()[-1] 4689 rootClass = GDSClassesMapping.get(tag) 4690 if rootClass is None: 4691 rootClass = globals().get(tag) 4692 return tag, rootClass 4693 4694def parse(inFileName): 4695 doc = parsexml_(inFileName) 4696 rootNode = doc.getroot() 4697 rootTag, rootClass = get_root_tag(rootNode) 4698 rootObj = rootClass.factory() 4699 rootObj.build(rootNode) 4700 # Enable Python to collect the space used by the DOM. 4701 doc = None 4702 #sys.stdout.write('<?xml version="1.0" ?>\n') 4703 #rootObj.export(sys.stdout, 0, name_=rootTag, 4704 # namespacedef_='', 4705 # pretty_print=True) 4706 return rootObj 4707 4708def parseEtree(inFileName): 4709 doc = parsexml_(inFileName) 4710 rootNode = doc.getroot() 4711 rootTag, rootClass = get_root_tag(rootNode) 4712 rootObj = rootClass.factory() 4713 rootObj.build(rootNode) 4714 # Enable Python to collect the space used by the DOM. 4715 doc = None 4716 rootElement = rootObj.to_etree(None, name_=rootTag) 4717 content = etree_.tostring(rootElement, pretty_print=True, 4718 xml_declaration=True, encoding="utf-8") 4719 sys.stdout.write(content) 4720 sys.stdout.write('\n') 4721 return rootObj, rootElement 4722 4723def parseString(inString): 4724 from mixbox.vendor.six import StringIO 4725 doc = parsexml_(StringIO(inString)) 4726 rootNode = doc.getroot() 4727 rootTag, rootClass = get_root_tag(rootNode) 4728 rootObj = rootClass.factory() 4729 rootObj.build(rootNode) 4730 # Enable Python to collect the space used by the DOM. 4731 doc = None 4732 #sys.stdout.write('<?xml version="1.0" ?>\n') 4733 #rootObj.export(sys.stdout, 0, name_="MAEC_Bundle", 4734 # namespacedef_='') 4735 return rootObj 4736 4737def parseLiteral(inFileName): 4738 doc = parsexml_(inFileName) 4739 rootNode = doc.getroot() 4740 rootTag, rootClass = get_root_tag(rootNode) 4741 rootObj = rootClass.factory() 4742 rootObj.build(rootNode) 4743 # Enable Python to collect the space used by the DOM. 4744 doc = None 4745 sys.stdout.write('#from maec_bundle_temp import *\n\n') 4746 sys.stdout.write('from datetime import datetime as datetime_\n\n') 4747 sys.stdout.write('import maec_bundle_temp as model_\n\n') 4748 sys.stdout.write('rootObj = model_.rootTag(\n') 4749 rootObj.exportLiteral(sys.stdout, 0, name_=rootTag) 4750 sys.stdout.write(')\n') 4751 return rootObj 4752 4753def main(): 4754 args = sys.argv[1:] 4755 if len(args) == 1: 4756 parse(args[0]) 4757 else: 4758 usage() 4759 4760if __name__ == '__main__': 4761 #import pdb; pdb.set_trace() 4762 main() 4763 4764__all__ = [ 4765 "MalwareActionType", 4766 "BehaviorType", 4767 "BundleType", 4768 "BehaviorCollectionType", 4769 "ActionCollectionType", 4770 "APICallType", 4771 "ActionImplementationType", 4772 "CVEVulnerabilityType", 4773 "ObjectCollectionType", 4774 "BaseCollectionType", 4775 "BehaviorRelationshipType", 4776 "AVClassificationsType", 4777 "ParameterType", 4778 "ParameterListType", 4779 "AssociatedCodeType", 4780 "BehaviorPurposeType", 4781 "PlatformListType", 4782 "ExploitType", 4783 "BehaviorRelationshipListType", 4784 "BehavioralActionsType", 4785 "BehaviorListType", 4786 "ActionListType", 4787 "ObjectListType", 4788 "BehaviorReferenceType", 4789 "ObjectReferenceType", 4790 "BehavioralActionType", 4791 "BehavioralActionReferenceType", 4792 "BehavioralActionEquivalenceReferenceType", 4793 "BehaviorReferenceListType", 4794 "ActionReferenceListType", 4795 "ObjectReferenceListType", 4796 "CandidateIndicatorType", 4797 "CandidateIndicatorListType", 4798 "MalwareEntityType", 4799 "CollectionsType", 4800 "BundleReferenceType", 4801 "ProcessTreeType", 4802 "ProcessTreeNodeType", 4803 "CandidateIndicatorCompositionType", 4804 "CandidateIndicatorCollectionType", 4805 "CandidateIndicatorCollectionListType", 4806 "BehaviorCollectionListType", 4807 "ActionCollectionListType", 4808 "ObjectCollectionListType", 4809 "AVClassificationType" 4810 ] 4811 4812GDSClassesMapping = { 4813 "MalwareActionType": MalwareActionType, 4814 "MAEC_Bundle": BundleType, 4815 "BehaviorType": BehaviorType, 4816 "BehaviorCollectionType": BehaviorCollectionType, 4817 "ActionCollectionType": ActionCollectionType, 4818 "APICallType": APICallType, 4819 "ActionImplementationType": ActionImplementationType, 4820 "CVEVulnerabilityType": CVEVulnerabilityType, 4821 "ObjectCollectionType": ObjectCollectionType, 4822 "BaseCollectionType": BaseCollectionType, 4823 "BehaviorRelationshipType": BehaviorRelationshipType, 4824 "AVClassificationsType": AVClassificationsType, 4825 "ParameterType": ParameterType, 4826 "ParameterListType": ParameterListType, 4827 "AssociatedCodeType": AssociatedCodeType, 4828 "BehaviorPurposeType": BehaviorPurposeType, 4829 "PlatformListType": PlatformListType, 4830 "ExploitType": ExploitType, 4831 "BehaviorRelationshipListType": BehaviorRelationshipListType, 4832 "BehavioralActionsType": BehavioralActionsType, 4833 "BehaviorListType": BehaviorListType, 4834 "ActionListType": ActionListType, 4835 "ObjectListType": ObjectListType, 4836 "BehaviorReferenceType": BehaviorReferenceType, 4837 "ObjectReferenceType": ObjectReferenceType, 4838 "BehavioralActionType": BehavioralActionType, 4839 "BehavioralActionReferenceType": BehavioralActionReferenceType, 4840 "BehavioralActionEquivalenceReferenceType": BehavioralActionEquivalenceReferenceType, 4841 "BehaviorReferenceListType": BehaviorReferenceListType, 4842 "ActionReferenceListType": ActionReferenceListType, 4843 "ObjectReferenceListType": ObjectReferenceListType, 4844 "CandidateIndicatorType": CandidateIndicatorType, 4845 "CandidateIndicatorListType": CandidateIndicatorListType, 4846 "MalwareEntityType": MalwareEntityType, 4847 "CollectionsType": CollectionsType, 4848 "BundleReferenceType": BundleReferenceType, 4849 "ProcessTreeType": ProcessTreeType, 4850 "ProcessTreeNodeType": ProcessTreeNodeType, 4851 "CandidateIndicatorCompositionType": CandidateIndicatorCompositionType, 4852 "CandidateIndicatorCollectionType": CandidateIndicatorCollectionType, 4853 "CandidateIndicatorCollectionListType": CandidateIndicatorCollectionListType, 4854 "BehaviorCollectionListType": BehaviorCollectionListType, 4855 "ActionCollectionListType": ActionCollectionListType, 4856 "ObjectCollectionListType": ObjectCollectionListType, 4857 "AVClassificationType": AVClassificationType 4858} 4859