2017-04-25 00:29:56 +02:00
|
|
|
import datetime as dt
|
|
|
|
|
2017-04-19 15:22:08 +02:00
|
|
|
import pytest
|
|
|
|
import pytz
|
2017-05-09 21:10:53 +02:00
|
|
|
|
2017-02-24 18:56:55 +01:00
|
|
|
import stix2
|
|
|
|
|
2017-04-19 15:22:08 +02:00
|
|
|
from .constants import ATTACK_PATTERN_ID
|
|
|
|
|
2017-02-24 18:56:55 +01:00
|
|
|
EXPECTED = """{
|
2017-08-15 19:41:51 +02:00
|
|
|
"type": "attack-pattern",
|
|
|
|
"id": "attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061",
|
2017-06-23 00:47:35 +02:00
|
|
|
"created": "2016-05-12T08:17:27.000Z",
|
2017-08-15 19:41:51 +02:00
|
|
|
"modified": "2016-05-12T08:17:27.000Z",
|
|
|
|
"name": "Spear Phishing",
|
2017-02-24 18:56:55 +01:00
|
|
|
"description": "...",
|
|
|
|
"external_references": [
|
|
|
|
{
|
2017-08-15 19:41:51 +02:00
|
|
|
"source_name": "capec",
|
|
|
|
"external_id": "CAPEC-163"
|
2017-02-24 18:56:55 +01:00
|
|
|
}
|
2017-08-15 19:41:51 +02:00
|
|
|
]
|
2017-02-24 18:56:55 +01:00
|
|
|
}"""
|
|
|
|
|
|
|
|
|
|
|
|
def test_attack_pattern_example():
|
2018-07-05 21:23:25 +02:00
|
|
|
ap = stix2.v20.AttackPattern(
|
2019-01-22 18:42:47 +01:00
|
|
|
id=ATTACK_PATTERN_ID,
|
2017-06-23 00:47:35 +02:00
|
|
|
created="2016-05-12T08:17:27.000Z",
|
|
|
|
modified="2016-05-12T08:17:27.000Z",
|
2017-02-24 18:56:55 +01:00
|
|
|
name="Spear Phishing",
|
|
|
|
external_references=[{
|
|
|
|
"source_name": "capec",
|
2018-07-13 17:10:05 +02:00
|
|
|
"external_id": "CAPEC-163",
|
2017-02-24 18:56:55 +01:00
|
|
|
}],
|
|
|
|
description="...",
|
|
|
|
)
|
|
|
|
|
|
|
|
assert str(ap) == EXPECTED
|
|
|
|
|
|
|
|
|
2018-07-13 17:10:05 +02:00
|
|
|
@pytest.mark.parametrize(
|
|
|
|
"data", [
|
|
|
|
EXPECTED,
|
|
|
|
{
|
|
|
|
"type": "attack-pattern",
|
2019-01-22 18:42:47 +01:00
|
|
|
"id": ATTACK_PATTERN_ID,
|
2018-07-13 17:10:05 +02:00
|
|
|
"created": "2016-05-12T08:17:27.000Z",
|
|
|
|
"modified": "2016-05-12T08:17:27.000Z",
|
|
|
|
"description": "...",
|
|
|
|
"external_references": [
|
|
|
|
{
|
|
|
|
"external_id": "CAPEC-163",
|
|
|
|
"source_name": "capec",
|
|
|
|
},
|
|
|
|
],
|
|
|
|
"name": "Spear Phishing",
|
|
|
|
},
|
|
|
|
],
|
|
|
|
)
|
2017-04-19 15:22:08 +02:00
|
|
|
def test_parse_attack_pattern(data):
|
2018-07-05 21:23:25 +02:00
|
|
|
ap = stix2.parse(data, version="2.0")
|
2017-04-19 15:22:08 +02:00
|
|
|
|
|
|
|
assert ap.type == 'attack-pattern'
|
|
|
|
assert ap.id == ATTACK_PATTERN_ID
|
|
|
|
assert ap.created == dt.datetime(2016, 5, 12, 8, 17, 27, tzinfo=pytz.utc)
|
|
|
|
assert ap.modified == dt.datetime(2016, 5, 12, 8, 17, 27, tzinfo=pytz.utc)
|
|
|
|
assert ap.description == "..."
|
2017-04-19 20:32:56 +02:00
|
|
|
assert ap.external_references[0].external_id == 'CAPEC-163'
|
|
|
|
assert ap.external_references[0].source_name == 'capec'
|
2017-04-19 15:22:08 +02:00
|
|
|
assert ap.name == "Spear Phishing"
|
|
|
|
|
2017-05-15 16:57:40 +02:00
|
|
|
|
|
|
|
def test_attack_pattern_invalid_labels():
|
|
|
|
with pytest.raises(stix2.exceptions.InvalidValueError):
|
2018-07-05 21:23:25 +02:00
|
|
|
stix2.v20.AttackPattern(
|
2019-01-22 18:42:47 +01:00
|
|
|
id=ATTACK_PATTERN_ID,
|
2017-05-15 16:57:40 +02:00
|
|
|
created="2016-05-12T08:17:27Z",
|
|
|
|
modified="2016-05-12T08:17:27Z",
|
|
|
|
name="Spear Phishing",
|
2018-07-13 17:10:05 +02:00
|
|
|
labels=1,
|
2017-05-15 16:57:40 +02:00
|
|
|
)
|
|
|
|
|
2019-01-22 18:42:47 +01:00
|
|
|
|
|
|
|
def test_overly_precise_timestamps():
|
2019-01-22 18:55:19 +01:00
|
|
|
ap = stix2.v20.AttackPattern(
|
2019-01-22 18:42:47 +01:00
|
|
|
id=ATTACK_PATTERN_ID,
|
|
|
|
created="2016-05-12T08:17:27.0000342Z",
|
|
|
|
modified="2016-05-12T08:17:27.000287Z",
|
|
|
|
name="Spear Phishing",
|
|
|
|
external_references=[{
|
|
|
|
"source_name": "capec",
|
|
|
|
"external_id": "CAPEC-163",
|
|
|
|
}],
|
|
|
|
description="...",
|
|
|
|
)
|
|
|
|
|
|
|
|
assert str(ap) == EXPECTED
|
|
|
|
|
|
|
|
|
|
|
|
def test_less_precise_timestamps():
|
2019-01-22 18:55:19 +01:00
|
|
|
ap = stix2.v20.AttackPattern(
|
2019-01-22 18:42:47 +01:00
|
|
|
id=ATTACK_PATTERN_ID,
|
|
|
|
created="2016-05-12T08:17:27.00Z",
|
|
|
|
modified="2016-05-12T08:17:27.0Z",
|
|
|
|
name="Spear Phishing",
|
|
|
|
external_references=[{
|
|
|
|
"source_name": "capec",
|
|
|
|
"external_id": "CAPEC-163",
|
|
|
|
}],
|
|
|
|
description="...",
|
|
|
|
)
|
|
|
|
|
|
|
|
assert str(ap) == EXPECTED
|
|
|
|
|
2017-02-24 18:56:55 +01:00
|
|
|
# TODO: Add other examples
|