cti-python-stix2/stix2/test/test_bundle.py

import pytest

import stix2


EXPECTED_BUNDLE = """{
    "type": "bundle",
    "id": "bundle--00000000-0000-0000-0000-000000000004",
    "spec_version": "2.0",
    "objects": [
        {
            "type": "indicator",
            "id": "indicator--00000000-0000-0000-0000-000000000001",
            "created": "2017-01-01T12:34:56.000Z",
            "modified": "2017-01-01T12:34:56.000Z",
            "pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
            "valid_from": "2017-01-01T12:34:56Z",
            "labels": [
                "malicious-activity"
            ]
        },
        {
            "type": "malware",
            "id": "malware--00000000-0000-0000-0000-000000000002",
            "created": "2017-01-01T12:34:56.000Z",
            "modified": "2017-01-01T12:34:56.000Z",
            "name": "Cryptolocker",
            "labels": [
                "ransomware"
            ]
        },
        {
            "type": "relationship",
            "id": "relationship--00000000-0000-0000-0000-000000000003",
            "created": "2017-01-01T12:34:56.000Z",
            "modified": "2017-01-01T12:34:56.000Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--01234567-89ab-cdef-0123-456789abcdef",
            "target_ref": "malware--fedcba98-7654-3210-fedc-ba9876543210"
        }
    ]
}"""


def test_empty_bundle():
    bundle = stix2.Bundle()

    assert bundle.type == "bundle"
    assert bundle.id.startswith("bundle--")
    assert bundle.spec_version == "2.0"
    with pytest.raises(AttributeError):
        assert bundle.objects


def test_bundle_with_wrong_type():
    with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo:
        stix2.Bundle(type="not-a-bundle")

    assert excinfo.value.cls == stix2.Bundle
    assert excinfo.value.prop_name == "type"
    assert excinfo.value.reason == "must equal 'bundle'."
    assert str(excinfo.value) == "Invalid value for Bundle 'type': must equal 'bundle'."


def test_bundle_id_must_start_with_bundle():
    with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo:
        stix2.Bundle(id='my-prefix--')

    assert excinfo.value.cls == stix2.Bundle
    assert excinfo.value.prop_name == "id"
    assert excinfo.value.reason == "must start with 'bundle--'."
    assert str(excinfo.value) == "Invalid value for Bundle 'id': must start with 'bundle--'."


def test_bundle_with_wrong_spec_version():
    with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo:
        stix2.Bundle(spec_version="1.2")

    assert excinfo.value.cls == stix2.Bundle
    assert excinfo.value.prop_name == "spec_version"
    assert excinfo.value.reason == "must equal '2.0'."
    assert str(excinfo.value) == "Invalid value for Bundle 'spec_version': must equal '2.0'."


def test_create_bundle(indicator, malware, relationship):
    bundle = stix2.Bundle(objects=[indicator, malware, relationship])

    assert str(bundle) == EXPECTED_BUNDLE


def test_create_bundle_with_positional_args(indicator, malware, relationship):
    bundle = stix2.Bundle(indicator, malware, relationship)

    assert str(bundle) == EXPECTED_BUNDLE


def test_create_bundle_with_positional_listarg(indicator, malware, relationship):
    bundle = stix2.Bundle([indicator, malware, relationship])

    assert str(bundle) == EXPECTED_BUNDLE


def test_create_bundle_with_listarg_and_positional_arg(indicator, malware, relationship):
    bundle = stix2.Bundle([indicator, malware], relationship)

    assert str(bundle) == EXPECTED_BUNDLE


def test_create_bundle_with_listarg_and_kwarg(indicator, malware, relationship):
    bundle = stix2.Bundle([indicator, malware], objects=[relationship])

    assert str(bundle) == EXPECTED_BUNDLE


def test_create_bundle_with_arg_listarg_and_kwarg(indicator, malware, relationship):
    bundle = stix2.Bundle([indicator], malware, objects=[relationship])

    assert str(bundle) == EXPECTED_BUNDLE


def test_create_bundle_invalid(indicator, malware, relationship):
    with pytest.raises(ValueError) as excinfo:
        stix2.Bundle(objects=[1])
    assert excinfo.value.reason == "This property may only contain a dictionary or object"

    with pytest.raises(ValueError) as excinfo:
        stix2.Bundle(objects=[{}])
    assert excinfo.value.reason == "This property may only contain a non-empty dictionary or object"

    with pytest.raises(ValueError) as excinfo:
        stix2.Bundle(objects=[{'type': 'bundle'}])
    assert excinfo.value.reason == 'This property may not contain a Bundle object'


def test_parse_bundle():
    bundle = stix2.parse(EXPECTED_BUNDLE)

    assert bundle.type == "bundle"
    assert bundle.id.startswith("bundle--")
    assert bundle.spec_version == "2.0"
    assert type(bundle.objects[0]) is stix2.Indicator
    assert bundle.objects[0].type == 'indicator'
    assert bundle.objects[1].type == 'malware'
    assert bundle.objects[2].type == 'relationship'


def test_parse_unknown_type():
    unknown = {
        "type": "other",
        "id": "other--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
        "created": "2016-04-06T20:03:00Z",
        "modified": "2016-04-06T20:03:00Z",
        "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
        "description": "Campaign by Green Group against a series of targets in the financial services sector.",
        "name": "Green Group Attacks Against Finance",
    }

    with pytest.raises(stix2.exceptions.ParseError) as excinfo:
        stix2.parse(unknown)
    assert str(excinfo.value) == "Can't parse unknown object type 'other'! For custom types, use the CustomObject decorator."
Split up test functions 2017-03-22 13:46:39 +01:00			`import pytest`

			`import stix2`

Switch to isort for checking import order because it has a pre-commit hook 2017-05-09 21:10:53 +02:00
Split up test functions 2017-03-22 13:46:39 +01:00			`EXPECTED_BUNDLE = """{`
Update all tests. Re-organize EXPECTED values, update some regex expressions. 2017-08-15 19:41:51 +02:00			`"type": "bundle",`
Split up test functions 2017-03-22 13:46:39 +01:00			`"id": "bundle--00000000-0000-0000-0000-000000000004",`
Update all tests. Re-organize EXPECTED values, update some regex expressions. 2017-08-15 19:41:51 +02:00			`"spec_version": "2.0",`
Split up test functions 2017-03-22 13:46:39 +01:00			`"objects": [`
			`{`
Update all tests. Re-organize EXPECTED values, update some regex expressions. 2017-08-15 19:41:51 +02:00			`"type": "indicator",`
Split up test functions 2017-03-22 13:46:39 +01:00			`"id": "indicator--00000000-0000-0000-0000-000000000001",`
Update all tests. Re-organize EXPECTED values, update some regex expressions. 2017-08-15 19:41:51 +02:00			`"created": "2017-01-01T12:34:56.000Z",`
			`"modified": "2017-01-01T12:34:56.000Z",`
Update required properties, indicator label and tests. closes #68 2017-10-06 16:29:30 +02:00			`"pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",`
			`"valid_from": "2017-01-01T12:34:56Z",`
Split up test functions 2017-03-22 13:46:39 +01:00			`"labels": [`
			`"malicious-activity"`
Update required properties, indicator label and tests. closes #68 2017-10-06 16:29:30 +02:00			`]`
Split up test functions 2017-03-22 13:46:39 +01:00			`},`
			`{`
Update all tests. Re-organize EXPECTED values, update some regex expressions. 2017-08-15 19:41:51 +02:00			`"type": "malware",`
Split up test functions 2017-03-22 13:46:39 +01:00			`"id": "malware--00000000-0000-0000-0000-000000000002",`
Update all tests. Re-organize EXPECTED values, update some regex expressions. 2017-08-15 19:41:51 +02:00			`"created": "2017-01-01T12:34:56.000Z",`
Add timestamp precision for `created` and `modified` Fix #24 2017-06-23 00:47:35 +02:00			`"modified": "2017-01-01T12:34:56.000Z",`
Split up test functions 2017-03-22 13:46:39 +01:00			`"name": "Cryptolocker",`
Update all tests. Re-organize EXPECTED values, update some regex expressions. 2017-08-15 19:41:51 +02:00			`"labels": [`
			`"ransomware"`
			`]`
Split up test functions 2017-03-22 13:46:39 +01:00			`},`
			`{`
Update all tests. Re-organize EXPECTED values, update some regex expressions. 2017-08-15 19:41:51 +02:00			`"type": "relationship",`
Split up test functions 2017-03-22 13:46:39 +01:00			`"id": "relationship--00000000-0000-0000-0000-000000000003",`
Update all tests. Re-organize EXPECTED values, update some regex expressions. 2017-08-15 19:41:51 +02:00			`"created": "2017-01-01T12:34:56.000Z",`
Add timestamp precision for `created` and `modified` Fix #24 2017-06-23 00:47:35 +02:00			`"modified": "2017-01-01T12:34:56.000Z",`
Split up test functions 2017-03-22 13:46:39 +01:00			`"relationship_type": "indicates",`
			`"source_ref": "indicator--01234567-89ab-cdef-0123-456789abcdef",`
Update all tests. Re-organize EXPECTED values, update some regex expressions. 2017-08-15 19:41:51 +02:00			`"target_ref": "malware--fedcba98-7654-3210-fedc-ba9876543210"`
Split up test functions 2017-03-22 13:46:39 +01:00			`}`
Update all tests. Re-organize EXPECTED values, update some regex expressions. 2017-08-15 19:41:51 +02:00			`]`
Split up test functions 2017-03-22 13:46:39 +01:00			`}"""`


			`def test_empty_bundle():`
			`bundle = stix2.Bundle()`

			`assert bundle.type == "bundle"`
			`assert bundle.id.startswith("bundle--")`
			`assert bundle.spec_version == "2.0"`
Make object attribute access act like dictionary access, raising an error for any property (including custom or optional) not set on the object. 2017-06-07 17:06:20 +02:00			`with pytest.raises(AttributeError):`
			`assert bundle.objects`
Split up test functions 2017-03-22 13:46:39 +01:00

			`def test_bundle_with_wrong_type():`
Rename exception class. 2017-04-18 21:42:59 +02:00			`with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo:`
Fix or ignore Flake8 warnings. 2017-03-22 14:05:59 +01:00			`stix2.Bundle(type="not-a-bundle")`
Split up test functions 2017-03-22 13:46:39 +01:00
Add exception for invalid Property values. 2017-04-18 21:19:16 +02:00			`assert excinfo.value.cls == stix2.Bundle`
			`assert excinfo.value.prop_name == "type"`
			`assert excinfo.value.reason == "must equal 'bundle'."`
Split up test functions 2017-03-22 13:46:39 +01:00			`assert str(excinfo.value) == "Invalid value for Bundle 'type': must equal 'bundle'."`


			`def test_bundle_id_must_start_with_bundle():`
Rename exception class. 2017-04-18 21:42:59 +02:00			`with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo:`
Fix or ignore Flake8 warnings. 2017-03-22 14:05:59 +01:00			`stix2.Bundle(id='my-prefix--')`
Split up test functions 2017-03-22 13:46:39 +01:00
Add exception for invalid Property values. 2017-04-18 21:19:16 +02:00			`assert excinfo.value.cls == stix2.Bundle`
			`assert excinfo.value.prop_name == "id"`
			`assert excinfo.value.reason == "must start with 'bundle--'."`
Split up test functions 2017-03-22 13:46:39 +01:00			`assert str(excinfo.value) == "Invalid value for Bundle 'id': must start with 'bundle--'."`


			`def test_bundle_with_wrong_spec_version():`
Rename exception class. 2017-04-18 21:42:59 +02:00			`with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo:`
Fix or ignore Flake8 warnings. 2017-03-22 14:05:59 +01:00			`stix2.Bundle(spec_version="1.2")`
Split up test functions 2017-03-22 13:46:39 +01:00
Add exception for invalid Property values. 2017-04-18 21:19:16 +02:00			`assert excinfo.value.cls == stix2.Bundle`
			`assert excinfo.value.prop_name == "spec_version"`
			`assert excinfo.value.reason == "must equal '2.0'."`
Split up test functions 2017-03-22 13:46:39 +01:00			`assert str(excinfo.value) == "Invalid value for Bundle 'spec_version': must equal '2.0'."`


Move fixtures to conftest.py 2017-04-07 22:36:42 +02:00			`def test_create_bundle(indicator, malware, relationship):`
Split up test functions 2017-03-22 13:46:39 +01:00			`bundle = stix2.Bundle(objects=[indicator, malware, relationship])`
Make CompositeDataStore subclass DataStore. Remove deduplicate() from CompositeDataSource. 2017-08-16 15:58:33 +02:00
Split up test functions 2017-03-22 13:46:39 +01:00			`assert str(bundle) == EXPECTED_BUNDLE`


Move fixtures to conftest.py 2017-04-07 22:36:42 +02:00			`def test_create_bundle_with_positional_args(indicator, malware, relationship):`
Split up test functions 2017-03-22 13:46:39 +01:00			`bundle = stix2.Bundle(indicator, malware, relationship)`

			`assert str(bundle) == EXPECTED_BUNDLE`
Allow passing a list to Bundle constructor Fix #26 2017-07-05 17:31:56 +02:00

			`def test_create_bundle_with_positional_listarg(indicator, malware, relationship):`
			`bundle = stix2.Bundle([indicator, malware, relationship])`

			`assert str(bundle) == EXPECTED_BUNDLE`


			`def test_create_bundle_with_listarg_and_positional_arg(indicator, malware, relationship):`
			`bundle = stix2.Bundle([indicator, malware], relationship)`

			`assert str(bundle) == EXPECTED_BUNDLE`


			`def test_create_bundle_with_listarg_and_kwarg(indicator, malware, relationship):`
			`bundle = stix2.Bundle([indicator, malware], objects=[relationship])`

			`assert str(bundle) == EXPECTED_BUNDLE`


			`def test_create_bundle_with_arg_listarg_and_kwarg(indicator, malware, relationship):`
			`bundle = stix2.Bundle([indicator], malware, objects=[relationship])`

			`assert str(bundle) == EXPECTED_BUNDLE`
Parse bundles correctly This required refactoring parts of the library. Code in __init__.py merged into bundle.py, which was renamed core.py. Code in other.py was merged into common.py. Fixes #40. 2017-08-11 22:18:20 +02:00

Increase code coverage 2017-08-24 23:53:43 +02:00			`def test_create_bundle_invalid(indicator, malware, relationship):`
			`with pytest.raises(ValueError) as excinfo:`
			`stix2.Bundle(objects=[1])`
			`assert excinfo.value.reason == "This property may only contain a dictionary or object"`

			`with pytest.raises(ValueError) as excinfo:`
			`stix2.Bundle(objects=[{}])`
			`assert excinfo.value.reason == "This property may only contain a non-empty dictionary or object"`

			`with pytest.raises(ValueError) as excinfo:`
			`stix2.Bundle(objects=[{'type': 'bundle'}])`
			`assert excinfo.value.reason == 'This property may not contain a Bundle object'`


Parse bundles correctly This required refactoring parts of the library. Code in __init__.py merged into bundle.py, which was renamed core.py. Code in other.py was merged into common.py. Fixes #40. 2017-08-11 22:18:20 +02:00			`def test_parse_bundle():`
			`bundle = stix2.parse(EXPECTED_BUNDLE)`

			`assert bundle.type == "bundle"`
			`assert bundle.id.startswith("bundle--")`
			`assert bundle.spec_version == "2.0"`
			`assert type(bundle.objects[0]) is stix2.Indicator`
			`assert bundle.objects[0].type == 'indicator'`
			`assert bundle.objects[1].type == 'malware'`
			`assert bundle.objects[2].type == 'relationship'`
Minor changes to DataSource.apply_common_filters(). Improve overall code coverage. 2017-08-29 21:15:32 +02:00

			`def test_parse_unknown_type():`
			`unknown = {`
			`"type": "other",`
			`"id": "other--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",`
			`"created": "2016-04-06T20:03:00Z",`
			`"modified": "2016-04-06T20:03:00Z",`
			`"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",`
			`"description": "Campaign by Green Group against a series of targets in the financial services sector.",`
			`"name": "Green Group Attacks Against Finance",`
			`}`

			`with pytest.raises(stix2.exceptions.ParseError) as excinfo:`
			`stix2.parse(unknown)`
			`assert str(excinfo.value) == "Can't parse unknown object type 'other'! For custom types, use the CustomObject decorator."`