cti-python-stix2/stix2/test/v20/test_threat_actor.py

66 lines
1.9 KiB
Python
Raw Permalink Normal View History

import datetime as dt
2017-04-19 15:22:08 +02:00
import pytest
import pytz
2017-02-24 18:56:55 +01:00
import stix2
from .constants import IDENTITY_ID, THREAT_ACTOR_ID
2017-04-19 15:22:08 +02:00
2017-02-24 18:56:55 +01:00
EXPECTED = """{
"type": "threat-actor",
"id": "threat-actor--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
"created_by_ref": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c",
"created": "2016-04-06T20:03:48.000Z",
"modified": "2016-04-06T20:03:48.000Z",
"name": "Evil Org",
2017-02-24 18:56:55 +01:00
"description": "The Evil Org threat actor group",
"labels": [
"crime-syndicate"
]
2017-02-24 18:56:55 +01:00
}"""
def test_threat_actor_example():
threat_actor = stix2.v20.ThreatActor(
2019-01-23 05:07:20 +01:00
id=THREAT_ACTOR_ID,
created_by_ref=IDENTITY_ID,
created="2016-04-06T20:03:48.000Z",
modified="2016-04-06T20:03:48.000Z",
2017-02-24 18:56:55 +01:00
description="The Evil Org threat actor group",
labels=["crime-syndicate"],
2019-01-23 05:07:20 +01:00
name="Evil Org",
2017-02-24 18:56:55 +01:00
)
assert str(threat_actor) == EXPECTED
2017-04-19 15:22:08 +02:00
@pytest.mark.parametrize(
"data", [
EXPECTED,
{
"created": "2016-04-06T20:03:48.000Z",
"created_by_ref": IDENTITY_ID,
"description": "The Evil Org threat actor group",
2019-01-23 05:07:20 +01:00
"id": THREAT_ACTOR_ID,
"modified": "2016-04-06T20:03:48.000Z",
2019-01-23 05:07:20 +01:00
"labels": ["crime-syndicate"],
"name": "Evil Org",
"type": "threat-actor",
},
],
)
2017-04-19 15:22:08 +02:00
def test_parse_threat_actor(data):
actor = stix2.parse(data, version="2.0")
2017-04-19 15:22:08 +02:00
assert actor.type == 'threat-actor'
assert actor.id == THREAT_ACTOR_ID
assert actor.created == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc)
assert actor.modified == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc)
assert actor.created_by_ref == IDENTITY_ID
2017-04-19 15:22:08 +02:00
assert actor.description == "The Evil Org threat actor group"
assert actor.name == "Evil Org"
assert actor.labels == ["crime-syndicate"]
2017-02-24 18:56:55 +01:00
# TODO: Add other examples