cti-python-stix2/stix2/test/v20/test_attack_pattern.py

117 lines
3.0 KiB
Python
Raw Normal View History

import datetime as dt
2017-04-19 15:22:08 +02:00
import pytest
import pytz
2017-02-24 18:56:55 +01:00
import stix2
2017-04-19 15:22:08 +02:00
from .constants import ATTACK_PATTERN_ID
2017-02-24 18:56:55 +01:00
EXPECTED = """{
"type": "attack-pattern",
"id": "attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061",
"created": "2016-05-12T08:17:27.000Z",
"modified": "2016-05-12T08:17:27.000Z",
"name": "Spear Phishing",
2017-02-24 18:56:55 +01:00
"description": "...",
"external_references": [
{
"source_name": "capec",
"external_id": "CAPEC-163"
2017-02-24 18:56:55 +01:00
}
]
2017-02-24 18:56:55 +01:00
}"""
def test_attack_pattern_example():
ap = stix2.v20.AttackPattern(
id=ATTACK_PATTERN_ID,
created="2016-05-12T08:17:27.000Z",
modified="2016-05-12T08:17:27.000Z",
2017-02-24 18:56:55 +01:00
name="Spear Phishing",
external_references=[{
"source_name": "capec",
"external_id": "CAPEC-163",
2017-02-24 18:56:55 +01:00
}],
description="...",
)
assert str(ap) == EXPECTED
@pytest.mark.parametrize(
"data", [
EXPECTED,
{
"type": "attack-pattern",
"id": ATTACK_PATTERN_ID,
"created": "2016-05-12T08:17:27.000Z",
"modified": "2016-05-12T08:17:27.000Z",
"description": "...",
"external_references": [
{
"external_id": "CAPEC-163",
"source_name": "capec",
},
],
"name": "Spear Phishing",
},
],
)
2017-04-19 15:22:08 +02:00
def test_parse_attack_pattern(data):
ap = stix2.parse(data, version="2.0")
2017-04-19 15:22:08 +02:00
assert ap.type == 'attack-pattern'
assert ap.id == ATTACK_PATTERN_ID
assert ap.created == dt.datetime(2016, 5, 12, 8, 17, 27, tzinfo=pytz.utc)
assert ap.modified == dt.datetime(2016, 5, 12, 8, 17, 27, tzinfo=pytz.utc)
assert ap.description == "..."
assert ap.external_references[0].external_id == 'CAPEC-163'
assert ap.external_references[0].source_name == 'capec'
2017-04-19 15:22:08 +02:00
assert ap.name == "Spear Phishing"
def test_attack_pattern_invalid_labels():
with pytest.raises(stix2.exceptions.InvalidValueError):
stix2.v20.AttackPattern(
id=ATTACK_PATTERN_ID,
created="2016-05-12T08:17:27Z",
modified="2016-05-12T08:17:27Z",
name="Spear Phishing",
labels=1,
)
def test_overly_precise_timestamps():
2019-01-22 18:55:19 +01:00
ap = stix2.v20.AttackPattern(
id=ATTACK_PATTERN_ID,
created="2016-05-12T08:17:27.0000342Z",
modified="2016-05-12T08:17:27.000287Z",
name="Spear Phishing",
external_references=[{
"source_name": "capec",
"external_id": "CAPEC-163",
}],
description="...",
)
assert str(ap) == EXPECTED
def test_less_precise_timestamps():
2019-01-22 18:55:19 +01:00
ap = stix2.v20.AttackPattern(
id=ATTACK_PATTERN_ID,
created="2016-05-12T08:17:27.00Z",
modified="2016-05-12T08:17:27.0Z",
name="Spear Phishing",
external_references=[{
"source_name": "capec",
"external_id": "CAPEC-163",
}],
description="...",
)
assert str(ap) == EXPECTED
2017-02-24 18:56:55 +01:00
# TODO: Add other examples