From 0a01a16c6b1a165ae5c4d60dab3e6cda0957f12b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= <raphael@vinot.info>
Date: Fri, 1 Feb 2019 11:07:42 +0100
Subject: [PATCH] new: Add test cases for stix export

---
 pymisp/aping.py                 |  2 +-
 pymisp/data/misp-objects        |  2 +-
 tests/testlive_comprehensive.py | 17 +++++++++++++++++
 3 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/pymisp/aping.py b/pymisp/aping.py
index 848de01..5f697f5 100644
--- a/pymisp/aping.py
+++ b/pymisp/aping.py
@@ -284,7 +284,7 @@ class ExpandedPyMISP(PyMISP):
 
         '''
 
-        return_formats = ['openioc', 'json', 'xml', 'suricata', 'snort', 'text', 'rpz', 'csv', 'cache']
+        return_formats = ['openioc', 'json', 'xml', 'suricata', 'snort', 'text', 'rpz', 'csv', 'cache', 'stix', 'stix2']
 
         if controller not in ['events', 'attributes', 'objects', 'sightings']:
             raise ValueError('controller has to be in {}'.format(', '.join(['events', 'attributes', 'objects'])))
diff --git a/pymisp/data/misp-objects b/pymisp/data/misp-objects
index b6a7ccd..36dc6ef 160000
--- a/pymisp/data/misp-objects
+++ b/pymisp/data/misp-objects
@@ -1 +1 @@
-Subproject commit b6a7ccd2dce4ec3479b6ac44482aaed66d3dd02b
+Subproject commit 36dc6efab3b01eb92790b57a552cfb32d919fb6f
diff --git a/tests/testlive_comprehensive.py b/tests/testlive_comprehensive.py
index 1eb4e37..50d8945 100644
--- a/tests/testlive_comprehensive.py
+++ b/tests/testlive_comprehensive.py
@@ -7,6 +7,8 @@ from pymisp import ExpandedPyMISP, MISPEvent, MISPOrganisation, MISPUser, Distri
 from pymisp.tools import make_binary_objects
 from datetime import datetime, timedelta, date
 from io import BytesIO
+import re
+import json
 
 import time
 from uuid import uuid4
@@ -822,6 +824,21 @@ class TestComprehensive(unittest.TestCase):
             self.admin_misp_connector.delete_event(first.id)
             self.admin_misp_connector.delete_event(second.id)
 
+    def test_search_stix(self):
+        first = self.create_simple_event()
+        first.add_attribute('ip-src', '8.8.8.8')
+        try:
+            first = self.user_misp_connector.add_event(first)
+            stix = self.user_misp_connector.search(return_format='stix', eventid=first.id)
+            found = re.findall('8.8.8.8', stix)
+            self.assertTrue(found)
+            stix2 = self.user_misp_connector.search(return_format='stix2', eventid=first.id)
+            json.dumps(stix2, indent=2)
+            self.assertEqual(stix2['objects'][-1]['pattern'], "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '8.8.8.8']")
+        finally:
+            # Delete event
+            self.admin_misp_connector.delete_event(first.id)
+
     def test_upload_sample(self):
         first = self.create_simple_event()
         second = self.create_simple_event()