Relative imports

docs/api_vs_bindings/api_snippet.rst

@@ -1,8 +1,7 @@
 .. code-block:: python
 
   # Import the required APIs
-  from maec.bundle.bundle import Bundle
-  from maec.bundle.malware_action import MalwareAction
+  from maec.bundle import Bundle, MalwareAction
   from maec.utils import IDGenerator, set_id_method
   from cybox.core import Object, AssociatedObjects, AssociatedObject, AssociationType
   from cybox.objects.file_object import File

docs/examples.rst

@@ -32,8 +32,7 @@ different types of analysis.
 
 .. testcode::
 
-    from maec.package.package import Package
-    from maec.package.malware_subject import MalwareSubject
+    from maec.package import Package, MalwareSubject
     from maec.utils import IDGenerator, set_id_method
 
     set_id_method(IDGenerator.METHOD_INT)
@@ -65,7 +64,7 @@ that it is characterizing.
 
 .. testcode::
 
-    from maec.package.malware_subject import MalwareSubject
+    from maec.package import MalwareSubject
     from maec.utils import IDGenerator, set_id_method
     from cybox.core import Object
     from cybox.objects.file_object import File
@@ -111,7 +110,7 @@ instance that it is characterizing.
 
 .. testcode::
 
-    from maec.bundle.bundle import Bundle
+    from maec.bundle import Bundle
     from maec.utils import IDGenerator, set_id_method
     from cybox.core import Object
     from cybox.objects.file_object import File
@@ -148,8 +147,8 @@ be defined in their parent Malware Subject.
 
 .. testcode::
 
-    from maec.package.malware_subject import MalwareSubject
-    from maec.bundle.bundle import Bundle
+    from maec.package import MalwareSubject
+    from maec.bundle import Bundle
     from maec.utils import IDGenerator, set_id_method
     from cybox.core import Object
     from cybox.objects.file_object import File
@@ -195,8 +194,8 @@ needed.
 
 .. testcode::
 
-    from maec.bundle.bundle import Bundle
-    from maec.bundle.malware_action import MalwareAction
+    from maec.bundle import Bundle
+    from maec.bundle import MalwareAction
     from maec.utils import IDGenerator, set_id_method
     from cybox.core import Object, AssociatedObjects, AssociatedObject, AssociationType
     from cybox.objects.file_object import File

docs/getting_started.rst

@@ -30,14 +30,14 @@ Creating a MAEC Package
 
 .. code-block:: python
 
-  from maec.package.package import Package                # Import the MAEC Package API
-  from maec.package.malware_subject import MalwareSubject # Import the MAEC Malware Subject API
+  from maec.package import Package              # Import the MAEC Package API
+  from maec.package import MalwareSubject       # Import the MAEC Malware Subject API
 
-  package = Package()                         # Create an instance of Package
-  malware_subject = MalwareSubject()              # Create an instance of MalwareSubject
-  package.add_malware_subject(malware_subject)    # Add the Malware Subject to the Package
+  package = Package()                           # Create an instance of Package
+  malware_subject = MalwareSubject()            # Create an instance of MalwareSubject
+  package.add_malware_subject(malware_subject)  # Add the Malware Subject to the Package
 
-  print(package.to_xml())                    # Print the XML for this MAEC Package
+  print(package.to_xml())                       # Print the XML for this MAEC Package
 
 Parsing MAEC XML
 ****************

examples/comparator_example.py

@@ -1,6 +1,6 @@
 import pprint
 import maec.bindings.maec_bundle as maec_bundle_binding
-from maec.bundle.bundle import Bundle
+from maec.bundle import Bundle
 # Matching properties dictionary
 match_on_dictionary = {'FileObjectType': ['file_name'],
                        'WindowsRegistryKeyObjectType': ['hive', 'values.name/data'],

examples/package_generation_example.py

@@ -8,12 +8,8 @@
 from cybox.core import AssociatedObjects, AssociatedObject, Object, AssociationType
 from cybox.common import Hash, HashList
 from cybox.objects.file_object import File
-from maec.bundle.bundle import Bundle, Collections
-from maec.bundle.malware_action import MalwareAction
-from maec.bundle.capability import Capability
-from maec.package.analysis import Analysis
-from maec.package.malware_subject import MalwareSubject
-from maec.package.package import Package
+from maec.bundle import Bundle, Collections, MalwareAction, Capability
+from maec.package import Analysis, MalwareSubject, Package
 from cybox.utils import Namespace
 import maec.utils
 

maec/analytics/__init__.py

@@ -0,0 +1,2 @@
+from .distance import Distance, StaticFeatureVector, DynamicFeatureVector
+from .static_features import static_features_dict

maec/bundle/__init__.py

@@ -1 +1,30 @@
-_namespace = 'http://maec.mitre.org/XMLSchema/maec-bundle-4'
+_namespace = 'http://maec.mitre.org/XMLSchema/maec-bundle-4'
+
+import maec
+from .malware_action import (MalwareAction, ActionImplementation, APICall,
+                             ParameterList, Parameter)
+from .object_reference import ObjectReferenceList, ObjectReference
+from .av_classification import AVClassification, AVClassifications
+from .behavior_reference import BehaviorReference
+from .behavior import (Behavior, AssociatedCode, BehaviorPurpose, Exploit,
+                       CVEVulnerability, PlatformList, BehavioralActions,
+                       BehavioralAction, BehavioralActionReference,
+                       BehavioralActionEquivalenceReference)
+from .action_reference_list import ActionReferenceList
+from .candidate_indicator import (CandidateIndicatorList, CandidateIndicator,
+                                  CandidateIndicatorComposition, MalwareEntity)
+from .process_tree import ProcessTree, ProcessTreeNode
+from .bundle_reference import BundleReference
+from .capability import (CapabilityList, Capability, CapabilityObjective,
+                         CapabilityProperty, CapabilityRelationship,
+                         CapabilityObjectiveRelationship, CapabilityReference,
+                         CapabilityObjectiveReference)
+from .object_history import ObjectHistoryEntry, ObjectHistory
+from .bundle import (Bundle, BehaviorReference, Collections,
+                     CandidateIndicatorCollectionList, ObjectCollectionList,
+                     ActionCollectionList, BehaviorCollectionList, 
+                     CandidateIndicatorCollection, ObjectCollection,
+                     BehaviorCollection, ActionCollection, BaseCollection,
+                     ObjectList, ActionList, BehaviorList)
+
+

maec/bundle/action_reference_list.py

@@ -9,12 +9,13 @@
 from cybox.core import ActionReference
 
 import maec
+from . import _namespace
 import maec.bindings.maec_bundle as bundle_binding
 
 
 class ActionReferenceList(maec.EntityList):
     _contained_type = ActionReference
     _binding_class = bundle_binding.ActionReferenceListType
     _binding_var = "Action_Reference"
-    _namespace = maec.bundle._namespace
+    _namespace = _namespace
 

maec/bundle/av_classification.py

@@ -7,11 +7,12 @@
 # Last updated 09/26/2014
 
 import maec
+from . import _namespace
 import maec.bindings.maec_bundle as bundle_binding
 from cybox.common import ToolInformation
 
 class AVClassification(ToolInformation, maec.Entity):
-    _namespace = maec.bundle._namespace
+    _namespace = _namespace
     _binding = bundle_binding
     _binding_class = bundle_binding.AVClassificationType
 
@@ -66,4 +67,4 @@ class AVClassifications(maec.EntityList):
     _contained_type = AVClassification
     _binding_class = bundle_binding.AVClassificationsType
     _binding_var = "AV_Classification"
-    _namespace = maec.bundle._namespace
+    _namespace = _namespace

maec/bundle/behavior.py

@@ -7,41 +7,42 @@
 # Last updated 08/27/2014
 
 import maec
+from . import _namespace
 import maec.bindings.maec_bundle as bundle_binding
+from maec.bundle import MalwareAction
 from cybox.core.action_reference import ActionReference
 from cybox.common.measuresource import MeasureSource
 from cybox.common.platform_specification import PlatformSpecification
-from maec.bundle.malware_action import MalwareAction
 from cybox.objects.code_object import Code
 #from maec.bundle.bundle import ActionCollection
 import datetime
 
 class BehavioralActionEquivalenceReference(maec.Entity):
     _binding = bundle_binding
     _binding_class = bundle_binding.BehavioralActionEquivalenceReferenceType    
-    _namespace = maec.bundle._namespace
+    _namespace = _namespace
 
     action_equivalence_idref = maec.TypedField('action_equivalence_idref')
     behavioral_ordering = maec.TypedField('behavioral_ordering')
 
 class BehavioralActionReference(ActionReference):
     _binding = bundle_binding
     _binding_class = bundle_binding.BehavioralActionReferenceType    
-    _namespace = maec.bundle._namespace
+    _namespace = _namespace
 
     behavioral_ordering = maec.TypedField('behavioral_ordering')
 
 class BehavioralAction(maec.Entity):
     _binding = bundle_binding
     _binding_class = bundle_binding.BehavioralActionType    
-    _namespace = maec.bundle._namespace
+    _namespace = _namespace
 
     behavioral_ordering = maec.TypedField('behavioral_ordering')
 
 class BehavioralActions(maec.Entity):
     _binding = bundle_binding
     _binding_class = bundle_binding.BehavioralActionsType    
-    _namespace = maec.bundle._namespace
+    _namespace = _namespace
 
     #action_collection = maec.TypedField('Action_Collection', ActionCollection, multiple=True) #TODO: solve recursive import
     action = maec.TypedField('Action', BehavioralAction, multiple=True)
@@ -53,20 +54,20 @@ class PlatformList(maec.EntityList):
     _binding_class = bundle_binding.PlatformListType
     _binding_var = "Platform"
     _contained_type = PlatformSpecification    
-    _namespace = maec.bundle._namespace
+    _namespace = _namespace
 
 class CVEVulnerability(maec.Entity):
     _binding = bundle_binding
     _binding_class = bundle_binding.CVEVulnerabilityType    
-    _namespace = maec.bundle._namespace
+    _namespace = _namespace
 
     cve_id = maec.TypedField('cve_id')
     description = maec.TypedField('Description')
 
 class Exploit(maec.Entity):
     _binding = bundle_binding
     _binding_class = bundle_binding.ExploitType    
-    _namespace = maec.bundle._namespace
+    _namespace = _namespace
 
     known_vulnerability = maec.TypedField('known_vulnerability')
     cve = maec.TypedField('CVE', CVEVulnerability)
@@ -76,7 +77,7 @@ class Exploit(maec.Entity):
 class BehaviorPurpose(maec.Entity):
     _binding = bundle_binding
     _binding_class = bundle_binding.BehaviorPurposeType       
-    _namespace = maec.bundle._namespace
+    _namespace = _namespace
 
     description = maec.TypedField('Description')
     vulnerability_exploit = maec.TypedField('Vulnerability_Exploit', Exploit)
@@ -86,12 +87,12 @@ class AssociatedCode(maec.EntityList):
     _binding_class = bundle_binding.AssociatedCodeType
     _binding_var = "Code_Snippet"
     _contained_type = Code    
-    _namespace = maec.bundle._namespace
+    _namespace = _namespace
 
 class Behavior(maec.Entity):
     _binding = bundle_binding
     _binding_class = bundle_binding.BehaviorType  
-    _namespace = maec.bundle._namespace
+    _namespace = _namespace
 
     id_ = maec.TypedField('id')
     ordinal_position = maec.TypedField('ordinal_position')

maec/bundle/behavior_reference.py

@@ -7,12 +7,13 @@
 # Last updated 08/28/2014
 
 import maec
+from . import _namespace
 import maec.bindings.maec_bundle as bundle_binding
 
 class BehaviorReference(maec.Entity):
     _binding = bundle_binding
     _binding_class = bundle_binding.BehaviorReferenceType    
-    _namespace = maec.bundle._namespace
+    _namespace = _namespace
 
     behavior_idref = maec.TypedField("behavior_idref")