Package lib :: Package maec :: Module maec11 :: Class malwareMetaData
[hide private]
[frames] | no frames]

Class malwareMetaData

source code

     object --+    
              |    
GeneratedsSuper --+
                  |
                 malwareMetaData

This is the top level element for the xml document. Required
attribute is version. Open issues: 2. Right way to express
commonality in field data so that it can be combined properly 3.
How to handle unicode in urls Change list 11/12/2009 1. adding
documentation across the schema 2. added partner to
OriginTypeEnum 3. made sha1 in fileObject optional 4. added
isDamaged as a propertyType 5. changed property name isNon-
replicating to isNonReplicating 6/11/2009 1. incremented version
2.Rename parents/children in relationship to source/target 3.
Add generic relationship, ‘relatedTo’ 4. Make commonality
element in fieldDataEntry optional 5. Add unknown element to
origintypeenum 6. Remove ipv4 and ipv6 from locationenum 7. Make
id on ip object startaddress-endaddress even if startaddress ==
endaddress. Added IPRange type 8. Add optional firstSeenDate to
fieldDataEntry, for first time entity providing data saw the
object 6/4/2009 1. File - id should be a xs:hexBinary 2. File -
extraHash should be a xs:string 3. Uri – add optional
ipProtocol field, with enumeration of values tcp/udp/icmp etc.
4. Uri – add documentation that protocol in uri needs to be
either from well known list (from iana.org) or ‘unknown’ 5.
Domain - need to fix documentation for domain – example is
wrong 6. registry – remove valuedata – it is in a property
7. ip object – rename to ip, and give it a start address and
end address. Share a single address by making start and end the
same. Id will be address or startaddress-endaddress 8. service
– delete – subsumed by uri with extra data elements in it 9.
classification – remove modifiers (attributes) on category and
put in properties 10. classification – add documentation that
category is companyname:category 11. objectProperty – move
timestamp to be top level instead of on each property and make
it required 12. relationship – make timestamp required 13.
relationship – add doc on runs. removed 'exploits' - it refers
to environment object that no longer exists 14. added comment
field to propertyenum 15. made timeStamp -> timestamp for
consistency 16.incremented version 5/31/2009 1. incremented
version 2. changed url to uri 3. removed environment object and
related enumerations 4. added restriction on uri to not allow a
question mark (?) 5/15/2009 1. incremented version 2. Added
neutral classification type 3. Added numberOfWebsitesHosting and
numberOfWebsitesRedirecting to volume units enumeration 4. added
referrer, operatingSystem, userAgent and browser to properties
5. made classification type attribute required 5/8/2009 1. added
new object type for asn 2. moved domain information to
properties, so that domains info can be timestamped 3. added
properties for geolocation of an ip address 4. added property
for location url for a file 5. added VolumeUnitsEnum and volume
tag in fieldData. This is to allow sharing of actual prevalence
numbers, with various units. 6. Added ipProtocol (tcp/udp) to
service object. Also changed names of expectedProtocol and
actualProtocol to be expectedApplicationProtocol and
actualApplicationProtocol 7. added 'references' surrounding tag
to ref tag in fieldDataEntry and objectProperty, so that can
assign multiple references if required 8. made id on file back
to hexBinary. Use length to figure out what hash it is. 9.
incremented version 10. added properties for httpMethod and
postData 11. added relationship types 'contactedBy' and
'downloadedFrom' 4/17/2009 1. Incremented version 2. Added
unwanted to ClassificationTypeEnum 3. Added text about ids for
files to documentation 4. Removed filename from file object
definition 5. Relaxed requirement on id of file to be an
xs:hexString to be an xs:string to allow e.g. md5:aaaaabbbbccc
as an id. Not enormously happy about that… 6. Made sha256
optional and sha1 required in files 7. Added “open issues”
section in documentation for top level element 8. Category is
now an xs:string; deleted CategoryTypeEnum 9. Added comment to
doc on fieldDataEntry about using standard time periods, but
kept start date and end date 10. Added objectProperties element,
and example illustratingProperties.xml. Currently allowed
properties are filename, filepath, registryValueData and
urlParameterString. There is an optional timestamp on each
property. I allowed objectProperty to have an id, so that it can
be referenced elsewhere, although we might want to re-think
that. 11. Added some better documentation to relationships 12.
Added more documentation throughout The version of the schema.
This is currently fixed to be 1.1. A required identifier for the
document.

Instance Methods [hide private]
 
__init__(self, version=None, id=None, company=None, author=None, comment=None, timestamp=None, objects=None, objectProperties=None, relationships=None, fieldData=None)
x.__init__(...) initializes x; see help(type(x)) for signature
source code
 
get_company(self) source code
 
set_company(self, company) source code
 
get_author(self) source code
 
set_author(self, author) source code
 
get_comment(self) source code
 
set_comment(self, comment) source code
 
get_timestamp(self) source code
 
set_timestamp(self, timestamp) source code
 
get_objects(self) source code
 
set_objects(self, objects) source code
 
get_objectProperties(self) source code
 
set_objectProperties(self, objectProperties) source code
 
get_relationships(self) source code
 
set_relationships(self, relationships) source code
 
get_fieldData(self) source code
 
set_fieldData(self, fieldData) source code
 
get_version(self) source code
 
set_version(self, version) source code
 
get_id(self) source code
 
set_id(self, id) source code
 
export(self, outfile, level, namespace_='maec:', name_='malwareMetaData', namespacedef_='') source code
 
exportAttributes(self, outfile, level, already_processed, namespace_='maec:', name_='malwareMetaData') source code
 
exportChildren(self, outfile, level, namespace_='maec:', name_='malwareMetaData', fromsubclass_=False) source code
 
hasContent_(self) source code
 
exportLiteral(self, outfile, level, name_='malwareMetaData') source code
 
exportLiteralAttributes(self, outfile, level, already_processed, name_) source code
 
exportLiteralChildren(self, outfile, level, name_) source code
 
build(self, node) source code
 
buildAttributes(self, node, attrs, already_processed) source code
 
buildChildren(self, child_, node, nodeName_, fromsubclass_=False) source code

Inherited from GeneratedsSuper: gds_build_any, gds_format_boolean, gds_format_boolean_list, gds_format_double, gds_format_double_list, gds_format_float, gds_format_float_list, gds_format_integer, gds_format_integer_list, gds_format_string, gds_str_lower, gds_validate_boolean, gds_validate_boolean_list, gds_validate_double, gds_validate_double_list, gds_validate_float, gds_validate_float_list, gds_validate_integer, gds_validate_integer_list, gds_validate_string, get_class_obj_, get_path_, get_path_list_

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Static Methods [hide private]
 
factory(*args_, **kwargs_) source code
Class Variables [hide private]
  subclass = None
hash(x)
  superclass = None
hash(x)

Inherited from GeneratedsSuper: Tag_strip_pattern_

Properties [hide private]

Inherited from object: __class__

Method Details [hide private]

__init__(self, version=None, id=None, company=None, author=None, comment=None, timestamp=None, objects=None, objectProperties=None, relationships=None, fieldData=None)
(Constructor)

source code 

x.__init__(...) initializes x; see help(type(x)) for signature

Overrides: object.__init__
(inherited documentation)