new: Add test cases for stix export

2019-02-01 11:07:42 +01:00 · 2019-02-01 11:07:42 +01:00 · 0a01a16c6b
parent bab80181f1
commit 0a01a16c6b
3 changed files with 19 additions and 2 deletions
--- a/pymisp/aping.py
+++ b/pymisp/aping.py
@ -284,7 +284,7 @@ class ExpandedPyMISP(PyMISP):

        '''

-        return_formats = ['openioc', 'json', 'xml', 'suricata', 'snort', 'text', 'rpz', 'csv', 'cache']
+        return_formats = ['openioc', 'json', 'xml', 'suricata', 'snort', 'text', 'rpz', 'csv', 'cache', 'stix', 'stix2']

        if controller not in ['events', 'attributes', 'objects', 'sightings']:
            raise ValueError('controller has to be in {}'.format(', '.join(['events', 'attributes', 'objects'])))
--- a/pymisp/data/misp-objects
+++ b/pymisp/data/misp-objects
@ -1 +1 @@
-Subproject commit b6a7ccd2dce4ec3479b6ac44482aaed66d3dd02b
+Subproject commit 36dc6efab3b01eb92790b57a552cfb32d919fb6f
--- a/tests/testlive_comprehensive.py
+++ b/tests/testlive_comprehensive.py
@ -7,6 +7,8 @@ from pymisp import ExpandedPyMISP, MISPEvent, MISPOrganisation, MISPUser, Distri
 from pymisp.tools import make_binary_objects
 from datetime import datetime, timedelta, date
 from io import BytesIO
+import re
+import json

 import time
 from uuid import uuid4
@ -822,6 +824,21 @@ class TestComprehensive(unittest.TestCase):
            self.admin_misp_connector.delete_event(first.id)
            self.admin_misp_connector.delete_event(second.id)

+    def test_search_stix(self):
+        first = self.create_simple_event()
+        first.add_attribute('ip-src', '8.8.8.8')
+        try:
+            first = self.user_misp_connector.add_event(first)
+            stix = self.user_misp_connector.search(return_format='stix', eventid=first.id)
+            found = re.findall('8.8.8.8', stix)
+            self.assertTrue(found)
+            stix2 = self.user_misp_connector.search(return_format='stix2', eventid=first.id)
+            json.dumps(stix2, indent=2)
+            self.assertEqual(stix2['objects'][-1]['pattern'], "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '8.8.8.8']")
+        finally:
+            # Delete event
+            self.admin_misp_connector.delete_event(first.id)
+
    def test_upload_sample(self):
        first = self.create_simple_event()
        second = self.create_simple_event()