Python Object Iteration

Question

Can someone provide an example of how to loop through this object in python and pull out 'value' where api = 'interesting' and arguments.name = 'FileName'?

Here is what I have so far.
This object has many more processes and calls....output has been omitted.

edit: I should mention that I am getting the following error when running this code: "TypeError: list indices must be integers, not str"

for k, v in object['behavior']['processes']['calls'].items():
            if v['api'] == "interesting":
                           <loop through arguments next>

Object:

{"behavior": {
    "processes": [
        {
        "parent_id": "312", 
        "process_name": "test.exe", 
        "process_id": "1184", 
        "first_seen": "2013-03-02 17:22:48,359", 
        "calls": [
            {
            "category": "filesystem", 
            "status": "FAILURE", 
            "return": "0xc000003a", 
            "timestamp": "2013-03-02 17:22:48,519", 
            "thread_id": "364", 
            "repeated": 0, 
            "api": "interesting", 
            "arguments": [
                {
                "name": "FileHandle", 
                "value": "0x00000000"
                }, 
                {
                "name": "DesiredAccess", 
                "value": "0x80100080"
                }, 
                {
                "name": "FileName", 
                "value": "c:\\cgvi5r6i\\vgdgfd.72g"
                }, ...

Answer 1

What you're doing seems OK, but

1. Your indexes are off (look carefully there are lists
2. Your check seems to be invalid (v is a string, so v['api'] is invalid).

So, try doing this instead, (I've taken your object as i)

for k, v in i['behavior']['processes'][0]['calls'][0].items():
    if k == 'api' and v == "interesting":
        print k,v

OR

for dct in i['behavior']['processes'][0]['calls']:
    if dct['api'] == "interesting":
        print 'api',dct['api']

OR

for dct in i['behavior']['processes'][0]['calls']:
    for k,v in dct.items():
        if k == 'api' and  v =="interesting":
            print 'api',dct['api']

OR if the there are multiple parts to each list,

for proc in i['behavior']['processes']:
    for call in proc['calls']:
        print 'api =>',call['api'] # a if here
        for args in call['arguments']:
            print '   argument.name =>',args['name'] # and another if here should do the trick.

Why you get the error
Try the following piece of code, and you'll understand what you were doing wrong

print type(i['behavior']['processes'])
print type(i['behavior']['processes'][0])
print type(i['behavior']['processes'][0]['calls'])
print type(i['behavior']['processes'][0]['calls'][0])

Answer 2

What you've given as a starter in the question won't work because you are not iterating through the elements of the lists that are the values to the keys "processes" and "calls" respectively. That is, you will need something more like

for proc in object ['processes']:
    for call in proc ['calls']:
        if call ['api'] == "interesting":
            fname = None
            for arg in call ['arguments']:
                if arg ['name'] == "FileName":
                    fname = arg ['value']

Then the file name you're looking for will be in fname. This has no error checking, since I don't know where your data has come from.

Answer 3

object['behavior']['processes']['calls']

is a list, not dict.