Skip to content

Models API#

Nodes#

Bases: StructuredNode

Base node type

Source code in machina/core/models/nodes/base.py 
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
class Base(StructuredNode):
    """Base node type"""

    __abstract_node__ = True

    # Common attributes
    uid = UniqueIdProperty()

    md5 = StringProperty(required=True)
    sha256 = StringProperty(required=True)
    size = IntegerProperty(required=True)
    ts = DateTimeProperty(required=True)
    type = StringProperty(required=True)

    ssdeep = StringProperty(default=None) # set later

    extracts = RelationshipTo('Base', 'EXTRACTS', model=Extracts)
    similar = Relationship('Base', 'SIMILAR', model=Similar)
    retyped = RelationshipTo('Base', 'RETYPED', model=Retyped)

Bases: Base

A generic artifact for unknown/untyped data

Source code in machina/core/models/nodes/artifact.py 
3
4
5
class Artifact(Base):
    """A generic artifact for unknown/untyped data"""
    pass

Bases: Base

Source code in machina/core/models/nodes/apk.py 
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
class APK(Base):

    # APK Attribute
    package = StringProperty()
    name = StringProperty()
    androidversion_code = StringProperty()
    androidversion_name = StringProperty()
    permissions = ArrayProperty(StringProperty())
    activities = ArrayProperty(StringProperty())
    providers = ArrayProperty(StringProperty())
    receivers = ArrayProperty(StringProperty())
    services = ArrayProperty(StringProperty())
    min_sdk_version = StringProperty()
    max_sdk_version = StringProperty()
    max_sdk_version = StringProperty()
    effective_target_sdk_version = StringProperty()
    libraries = ArrayProperty(StringProperty())
    main_activity = StringProperty()
    content_provider_uris = ArrayProperty(StringProperty())

    classes = ArrayProperty(JSONProperty())

Bases: Base

bz2 compressed file

Source code in machina/core/models/nodes/bz2.py 
3
4
5
6
class BZ2(Base):
    """bz2 compressed file"""

    pass

Bases: Base

CPIO firmware

Source code in machina/core/models/nodes/cpio.py 
3
4
5
class CPIO(Base):
    """CPIO firmware"""
    pass

Bases: Base

Android DEX file

Source code in machina/core/models/nodes/dex.py 
3
4
5
class Dex(Base):
    """Android DEX file"""
    pass

Bases: Base

Linux ELF file

Source code in machina/core/models/nodes/elf.py 
3
4
5
class Elf(Base):
    """Linux ELF file"""
    pass

Bases: Base

EML

Source code in machina/core/models/nodes/eml.py 
3
4
5
class Eml(Base):
    """EML"""
    pass

Bases: Base

Excel file

Source code in machina/core/models/nodes/excel.py 
3
4
5
class Excel(Base):
    """Excel file"""
    pass

Bases: Base

GZIP compressed file

Source code in machina/core/models/nodes/gzip.py 
3
4
5
class Gzip(Base):
    """GZIP compressed file"""
    pass

Bases: Base

HTML file

Source code in machina/core/models/nodes/html.py 
3
4
5
class HTML(Base):
    """HTML file"""
    pass

Bases: Base

JAR file

Source code in machina/core/models/nodes/jar.py 
3
4
5
class Jar(Base):
    """JAR file"""
    pass

Bases: Base

JFFS2 firmware

Source code in machina/core/models/nodes/jffs2.py 
3
4
5
class JFFS2(Base):
    """JFFS2 firmware"""
    pass

Bases: Base

JPEF Image file

Source code in machina/core/models/nodes/jpeg.py 
5
6
7
8
9
class JPEG(Base):
    """JPEF Image file"""

    # PNG attributes
    exif = JSONProperty()

Bases: Base

LZMA compressed file

Source code in machina/core/models/nodes/lzma.py 
3
4
5
class LZMA(Base):
    """LZMA compressed file"""
    pass

Bases: Base

MachO file

Source code in machina/core/models/nodes/macho.py 
3
4
5
class Macho(Base):
    """MachO file"""
    pass

Bases: Base

memory dump file

Source code in machina/core/models/nodes/memory_dump.py 
3
4
5
class MemoryDump(Base):
    """memory dump file"""
    pass

Bases: Base

MSG file

Source code in machina/core/models/nodes/msg.py 
3
4
5
class Msg(Base):
    """MSG file"""
    pass

Bases: Base

PDF file

Source code in machina/core/models/nodes/pdf.py 
3
4
5
class PDF(Base):
    """PDF file"""
    pass

Bases: Base

PE file

Source code in machina/core/models/nodes/pe.py 
3
4
5
class PE(Base):
    """PE file"""
    pass

Bases: Base

Source code in machina/core/models/nodes/png.py 
5
6
7
8
class PNG(Base):

    # PNG attributes
    exif = JSONProperty()

Bases: Base

Powerpoint file

Source code in machina/core/models/nodes/powerpoint.py 
3
4
5
class Powerpoint(Base):
    """Powerpoint file"""
    pass

Bases: Base

RTF file

Source code in machina/core/models/nodes/rtf.py 
3
4
5
class RTF(Base):
    """RTF file"""
    pass

Bases: Base

SquashFS firmware

Source code in machina/core/models/nodes/squashfs.py 
3
4
5
class SquashFS(Base):
    """SquashFS firmware"""
    pass

Bases: Base

TAR archive file

Source code in machina/core/models/nodes/tar.py 
3
4
5
class Tar(Base):
    """TAR archive file"""
    pass

Bases: Base

extracted URL

Source code in machina/core/models/nodes/url.py 
5
6
7
8
9
class URL(Base):
    """extracted URL"""

    # URL Attribute
    url = StringProperty()

Bases: Base

TIFf image file

Source code in machina/core/models/nodes/tiff.py 
5
6
7
8
9
class TIFF(Base):
    """TIFf image file"""

    # attributes
    exif = JSONProperty()

Bases: Base

Word file

Source code in machina/core/models/nodes/word.py 
3
4
5
class Word(Base):
    """Word file"""
    pass

Bases: Base

Zip compressed file

Source code in machina/core/models/nodes/zip.py 
3
4
5
class Zip(Base):
    """Zip compressed file"""
    pass

Relationships#

Bases: StructuredRel

Base relationship

Source code in machina/core/models/relationships/base.py 
5
6
7
8
class BaseRelationship(StructuredRel):
    """Base relationship"""

    ts = DateTimeProperty(default=lambda: datetime.now())

Bases: BaseRelationship

Establish a node (some binary data) as being extracted from another node

Source code in machina/core/models/relationships/extracts.py 
 5
 6
 7
 8
 9
10
11
class Extracts(BaseRelationship):
    """Establish a node (some binary data) as being
        extracted from another node"""
    label = 'extracts'

    # E.g. 'dynamic', 'static'
    method = StringProperty()

Bases: BaseRelationship

Establish a node (some binary data) as being extracted from another node

Source code in machina/core/models/relationships/retyped.py 
5
6
7
8
class Retyped(BaseRelationship):
    """Establish a node (some binary data) as being
        extracted from another node"""
    pass

Utils#

db_ts_to_fs_fmt(ts) #

convert database timestamp to file-system formatted timestamp string

Source code in machina/core/models/utils.py 
20
21
22
def db_ts_to_fs_fmt(ts:datetime) -> str:
    """convert database timestamp to file-system formatted timestamp string"""
    return ts.strftime("%Y%m%d%H%M%S%f")

resolve_db_node_cls(resolved_type) #

resolve a OGM subclass given a resolved machina type (e.g. in types.json) if not resolved, we expect unresolved to be stored as a generic Artifact, so return that cls

Returns:

Type Description
str

the type string to resolve to a class
Source code in machina/core/models/utils.py 
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
def resolve_db_node_cls(resolved_type: str) -> Type[Base]:
    """resolve a OGM subclass given a resolved machina type (e.g. in types.json)
    if not resolved, we expect unresolved to be stored as a generic Artifact, so return that cls

    :return: the type string to resolve to a class
    :rtype: str
    """
    all_models = Base.__subclasses__()
    for c in all_models:
        # if c.element_type.lower() == resolved_type.lower():
        if c.__name__.lower() == resolved_type.lower():
            return c
    return Artifact