2017-04-25 00:29:56 +02:00
|
|
|
import datetime as dt
|
|
|
|
|
2017-04-19 15:22:08 +02:00
|
|
|
import pytest
|
|
|
|
import pytz
|
2017-05-09 21:10:53 +02:00
|
|
|
|
2017-02-24 18:56:55 +01:00
|
|
|
import stix2
|
|
|
|
|
2019-01-23 16:56:20 +01:00
|
|
|
from .constants import INTRUSION_SET_ID
|
2017-04-19 15:22:08 +02:00
|
|
|
|
2017-02-24 18:56:55 +01:00
|
|
|
EXPECTED = """{
|
2017-08-15 19:41:51 +02:00
|
|
|
"type": "intrusion-set",
|
|
|
|
"id": "intrusion-set--4e78f46f-a023-4e5f-bc24-71b3ca22ec29",
|
|
|
|
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
|
|
|
|
"created": "2016-04-06T20:03:48.000Z",
|
|
|
|
"modified": "2016-04-06T20:03:48.000Z",
|
|
|
|
"name": "Bobcat Breakin",
|
|
|
|
"description": "Incidents usually feature a shared TTP of a bobcat being released...",
|
2017-02-24 18:56:55 +01:00
|
|
|
"aliases": [
|
|
|
|
"Zookeeper"
|
|
|
|
],
|
|
|
|
"goals": [
|
|
|
|
"acquisition-theft",
|
|
|
|
"harassment",
|
|
|
|
"damage"
|
2017-08-15 19:41:51 +02:00
|
|
|
]
|
2017-02-24 18:56:55 +01:00
|
|
|
}"""
|
|
|
|
|
|
|
|
|
|
|
|
def test_intrusion_set_example():
|
2018-07-05 21:23:25 +02:00
|
|
|
intrusion_set = stix2.v20.IntrusionSet(
|
2019-01-23 05:07:20 +01:00
|
|
|
id=INTRUSION_SET_ID,
|
2019-01-23 16:56:20 +01:00
|
|
|
created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
|
2017-06-23 00:47:35 +02:00
|
|
|
created="2016-04-06T20:03:48.000Z",
|
|
|
|
modified="2016-04-06T20:03:48.000Z",
|
2017-02-24 18:56:55 +01:00
|
|
|
name="Bobcat Breakin",
|
|
|
|
description="Incidents usually feature a shared TTP of a bobcat being released...",
|
|
|
|
aliases=["Zookeeper"],
|
2018-07-13 17:10:05 +02:00
|
|
|
goals=["acquisition-theft", "harassment", "damage"],
|
2017-02-24 18:56:55 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
assert str(intrusion_set) == EXPECTED
|
|
|
|
|
2017-04-19 15:22:08 +02:00
|
|
|
|
2018-07-13 17:10:05 +02:00
|
|
|
@pytest.mark.parametrize(
|
|
|
|
"data", [
|
|
|
|
EXPECTED,
|
|
|
|
{
|
|
|
|
"aliases": [
|
|
|
|
"Zookeeper",
|
|
|
|
],
|
|
|
|
"created": "2016-04-06T20:03:48.000Z",
|
2019-01-23 16:56:20 +01:00
|
|
|
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
|
2018-07-13 17:10:05 +02:00
|
|
|
"description": "Incidents usually feature a shared TTP of a bobcat being released...",
|
|
|
|
"goals": [
|
|
|
|
"acquisition-theft",
|
|
|
|
"harassment",
|
|
|
|
"damage",
|
|
|
|
],
|
2019-01-23 05:07:20 +01:00
|
|
|
"id": INTRUSION_SET_ID,
|
2018-07-13 17:10:05 +02:00
|
|
|
"modified": "2016-04-06T20:03:48.000Z",
|
|
|
|
"name": "Bobcat Breakin",
|
|
|
|
"type": "intrusion-set",
|
|
|
|
},
|
|
|
|
],
|
|
|
|
)
|
2017-04-19 15:22:08 +02:00
|
|
|
def test_parse_intrusion_set(data):
|
2018-07-05 21:23:25 +02:00
|
|
|
intset = stix2.parse(data, version="2.0")
|
2017-04-19 15:22:08 +02:00
|
|
|
|
|
|
|
assert intset.type == "intrusion-set"
|
|
|
|
assert intset.id == INTRUSION_SET_ID
|
|
|
|
assert intset.created == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc)
|
|
|
|
assert intset.modified == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc)
|
|
|
|
assert intset.goals == ["acquisition-theft", "harassment", "damage"]
|
|
|
|
assert intset.aliases == ["Zookeeper"]
|
|
|
|
assert intset.description == "Incidents usually feature a shared TTP of a bobcat being released..."
|
|
|
|
assert intset.name == "Bobcat Breakin"
|
|
|
|
|
2017-02-24 18:56:55 +01:00
|
|
|
# TODO: Add other examples
|