本文整理匯總了Python中cybox.objects.email_message_object.EmailMessage.raw_body方法的典型用法代碼示例。如果您正苦於以下問題:Python EmailMessage.raw_body方法的具體用法?Python EmailMessage.raw_body怎麽用?Python EmailMessage.raw_body使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類cybox.objects.email_message_object.EmailMessage的用法示例。
在下文中一共展示了EmailMessage.raw_body方法的5個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: to_cybox
# 需要導入模塊: from cybox.objects.email_message_object import EmailMessage [as 別名]
# 或者: from cybox.objects.email_message_object.EmailMessage import raw_body [as 別名]
def to_cybox(self, exclude=None):
"""
Convert an email to a CybOX Observables.
Pass parameter exclude to specify fields that should not be
included in the returned object.
Returns a tuple of (CybOX object, releasability list).
To get the cybox object as xml or json, call to_xml() or
to_json(), respectively, on the resulting CybOX object.
"""
if exclude == None:
exclude = []
observables = []
obj = EmailMessage()
# Assume there is going to be at least one header
obj.header = EmailHeader()
if 'message_id' not in exclude:
obj.header.message_id = String(self.message_id)
if 'subject' not in exclude:
obj.header.subject = String(self.subject)
if 'sender' not in exclude:
obj.header.sender = Address(self.reply_to, Address.CAT_EMAIL)
if 'reply_to' not in exclude:
obj.header.reply_to = Address(self.reply_to, Address.CAT_EMAIL)
if 'x_originating_ip' not in exclude:
obj.header.x_originating_ip = Address(self.x_originating_ip,
Address.CAT_IPV4)
if 'raw_body' not in exclude:
obj.raw_body = self.raw_body
if 'raw_header' not in exclude:
obj.raw_header = self.raw_header
#copy fields where the names differ between objects
if 'helo' not in exclude and 'email_server' not in exclude:
obj.email_server = String(self.helo)
if ('from_' not in exclude and 'from' not in exclude and
'from_address' not in exclude):
obj.header.from_ = EmailAddress(self.from_address)
if 'date' not in exclude and 'isodate' not in exclude:
obj.header.date = DateTime(self.isodate)
observables.append(Observable(obj))
return (observables, self.releasability)示例2: __parse_email_message
# 需要導入模塊: from cybox.objects.email_message_object import EmailMessage [as 別名]
# 或者: from cybox.objects.email_message_object.EmailMessage import raw_body [as 別名]
def __parse_email_message(self, msg):
""" Parses the supplied message
Returns a map of message parts expressed as cybox objects.
Keys: 'message', 'files', 'urls'
"""
files = []
url_list = []
domain_list = []
message = EmailMessage()
# Headers are required (for now)
message.header = self.__create_cybox_headers(msg)
if self.include_attachments:
files = self.__create_cybox_files(msg)
message.attachments = Attachments()
for f in files:
message.attachments.append(f.parent.id_)
f.add_related(message, "Contained_Within", inline=False)
if self.include_raw_headers:
raw_headers_str = self.__get_raw_headers(msg).strip()
if raw_headers_str:
message.raw_header = String(raw_headers_str)
# need this for parsing urls AND raw body text
raw_body = "\n".join(self.__get_raw_body_text(msg)).strip()
if self.include_raw_body and raw_body:
message.raw_body = String(raw_body)
if self.include_urls:
(url_list, domain_list) = self.__parse_urls(raw_body)
if url_list:
links = Links()
for u in url_list:
links.append(LinkReference(u.parent.id_))
if links:
message.links = links
# Return a list of all objects we've built
return [message] + files + url_list + domain_list示例3: make_cybox_object
# 需要導入模塊: from cybox.objects.email_message_object import EmailMessage [as 別名]
# 或者: from cybox.objects.email_message_object.EmailMessage import raw_body [as 別名]
def make_cybox_object(type_, name=None, value=None):
"""
Converts type_, name, and value to a CybOX object instance.
:param type_: The object type.
:type type_: str
:param name: The object name.
:type name: str
:param value: The object value.
:type value: str
:returns: CybOX object
"""
if type_ == "Address":
return Address(category=name, address_value=value)
elif type_ == "Email Message":
e = EmailMessage()
e.raw_body = value
return e
#TODO: Http Request Header Fields not implemented?
#elif type_ == "Http Request Header Fields":
#pass
#TODO: Mutex object type is incomplete
#elif type_ == "Mutex":
#return Mutex.object_from_dict({'name': value})
#TODO: use Byte_Run object?
#elif type_ == "String":
#pass
elif type_ == "URI":
#return URI(type_=name, value=value)
r = URI()
r.type_ = name
r.value = value
return r
#TODO: Win_File incomplete
#elif type_ == "Win File":
#TODO: Registry_Key incomplete
#elif type_ == "Win Handle" and name == "RegistryKey":
#return Registry_Key.object_from_dict({'key':value})
raise UnsupportedCybOXObjectTypeError(type_, name)示例4: make_cybox_object
# 需要導入模塊: from cybox.objects.email_message_object import EmailMessage [as 別名]
# 或者: from cybox.objects.email_message_object.EmailMessage import raw_body [as 別名]
def make_cybox_object(type_, name=None, value=None):
"""
Converts type_, name, and value to a CybOX object instance.
:param type_: The object type.
:type type_: str
:param name: The object name.
:type name: str
:param value: The object value.
:type value: str
:returns: CybOX object
"""
if type_ == "Account":
acct = Account()
acct.description = value
return acct
elif type_ == "Address":
return Address(category=name, address_value=value)
elif type_ == "Email Message":
e = EmailMessage()
e.raw_body = value
return e
elif type_ == "API":
api = API()
api.description = value
return api
elif type_ == "Artifact":
if name == "Data Region":
atype = Artifact.TYPE_GENERIC
elif name == 'FileSystem Fragment':
atype = Artifact.TYPE_FILE_SYSTEM
elif name == 'Memory Region':
atype = Artifact.TYPE_MEMORY
else:
raise UnsupportedCybOXObjectTypeError(type_, name)
return Artifact(value, atype)
elif type_ == "Code":
obj = Code()
obj.code_segment = value
obj.type = name
return obj
elif type_ == "Disk":
disk = Disk()
disk.disk_name = type_
disk.type = name
return disk
elif type_ == "Disk Partition":
disk = DiskPartition()
disk.device_name = type_
disk.type = name
return disk
elif type_ == "DNS Query":
r = URI()
r.value = value
dq = DNSQuestion()
dq.qname = r
d = DNSQuery()
d.question = dq
return d
elif type_ == "DNS Record":
# DNS Record indicators in CRITs are just a free form text box, there
# is no good way to map them into the attributes of a DNSRecord cybox
# object. So just stuff it in the description until someone tells me
# otherwise.
d = StructuredText(value=value)
dr = DNSRecord()
dr.description = d
return dr
elif type_ == "GUI Dialogbox":
obj = GUIDialogbox()
obj.box_text = value
return obj
elif type_ == "GUI Window":
obj = GUIWindow()
obj.window_display_name = value
return obj
elif type_ == "HTTP Request Header Fields" and name and name == "User-Agent":
# TODO/NOTE: HTTPRequestHeaderFields has a ton of fields for info.
# we should revisit this as UI is reworked or CybOX is improved.
obj = HTTPRequestHeaderFields()
obj.user_agent = value
return obj
elif type_ == "Library":
obj = Library()
obj.name = value
obj.type = name
return obj
elif type_ == "Memory":
obj = Memory()
obj.memory_source = value
return obj
elif type_ == "Mutex":
m = Mutex()
m.named = True
m.name = String(value)
return m
elif type_ == "Network Connection":
obj = NetworkConnection()
obj.layer7_protocol = value
#.........這裏部分代碼省略.........
示例5: cybox_object_email
# 需要導入模塊: from cybox.objects.email_message_object import EmailMessage [as 別名]
# 或者: from cybox.objects.email_message_object.EmailMessage import raw_body [as 別名]
def cybox_object_email(obj):
e = EmailMessage()
e.raw_body = obj.raw_body
e.raw_header = obj.raw_header
# Links
e.links = Links()
for link in obj.links.all():
pass
# Attachments
e.attachments = Attachments()
attachment_objects = []
for att in obj.attachments.all():
for meta in att.file_meta.all():
fobj = cybox_object_file(att, meta)
e.attachments.append(fobj.parent.id_)
fobj.add_related(e, "Contained_Within", inline=False)
attachment_objects.append(fobj)
# construct header information
h = EmailHeader()
h.subject = obj.subject
h.date = obj.email_date
h.message_id = obj.message_id
h.content_type = obj.content_type
h.mime_version = obj.mime_version
h.user_agent = obj.user_agent
h.x_mailer = obj.x_mailer
# From
for from_ in obj.from_string.all():
from_address = EmailAddress(from_.sender)
from_address.is_spoofed = from_.is_spoofed
from_address.condition = from_.condition
h.from_ = from_address
# Sender
for sender in obj.sender.all():
sender_address = EmailAddress(sender.sender)
sender_address.is_spoofed = sender.is_spoofed
sender_address.condition = sender.condition
h.sender.add(sender_address)
# To
recipients = EmailRecipients()
for recipient in obj.recipients.all():
rec_address = EmailAddress(recipient.recipient)
rec_address.is_spoofed = recipient.is_spoofed
rec_address.condition = recipient.condition
recipients.append(rec_address)
h.to = recipients
# CC
recipients = EmailRecipients()
for recipient in obj.recipients_cc.all():
rec_address = EmailAddress(recipient.recipient)
rec_address.is_spoofed = recipient.is_spoofed
rec_address.condition = recipient.condition
recipients.append(rec_address)
h.cc = recipients
# BCC
recipients = EmailRecipients()
for recipient in obj.recipients_bcc.all():
rec_address = EmailAddress(recipient.recipient)
rec_address.is_spoofed = recipient.is_spoofed
rec_address.condition = recipient.condition
recipients.append(rec_address)
h.bcc = recipients
e.header = h
return e, attachment_objects