2020-06-18 16:23:08 +02:00
|
|
|
from collections import OrderedDict
|
|
|
|
|
2018-07-26 02:53:53 +02:00
|
|
|
import pytest
|
|
|
|
|
|
|
|
import stix2
|
2020-03-27 10:53:39 +01:00
|
|
|
from stix2 import exceptions, parsing
|
2018-07-26 02:53:53 +02:00
|
|
|
|
|
|
|
BUNDLE = {
|
|
|
|
"type": "bundle",
|
|
|
|
"spec_version": "2.0",
|
|
|
|
"id": "bundle--00000000-0000-4000-8000-000000000007",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"id": "indicator--00000000-0000-4000-8000-000000000001",
|
|
|
|
"created": "2017-01-01T12:34:56.000Z",
|
|
|
|
"modified": "2017-01-01T12:34:56.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
|
|
|
|
"valid_from": "2017-01-01T12:34:56Z",
|
|
|
|
"labels": [
|
|
|
|
"malicious-activity",
|
|
|
|
],
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "malware",
|
|
|
|
"id": "malware--00000000-0000-4000-8000-000000000003",
|
|
|
|
"created": "2017-01-01T12:34:56.000Z",
|
|
|
|
"modified": "2017-01-01T12:34:56.000Z",
|
|
|
|
"name": "Cryptolocker",
|
|
|
|
"labels": [
|
|
|
|
"ransomware",
|
|
|
|
],
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"id": "relationship--00000000-0000-4000-8000-000000000005",
|
|
|
|
"created": "2017-01-01T12:34:56.000Z",
|
|
|
|
"modified": "2017-01-01T12:34:56.000Z",
|
|
|
|
"relationship_type": "indicates",
|
|
|
|
"source_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7",
|
|
|
|
"target_ref": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e",
|
|
|
|
},
|
|
|
|
],
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
def test_dict_to_stix2_bundle_with_version():
|
|
|
|
with pytest.raises(exceptions.ExtraPropertiesError) as excinfo:
|
2020-03-27 10:53:39 +01:00
|
|
|
parsing.dict_to_stix2(BUNDLE, version='2.1')
|
2018-07-26 02:53:53 +02:00
|
|
|
|
|
|
|
assert str(excinfo.value) == "Unexpected properties for Bundle: (spec_version)."
|
|
|
|
|
|
|
|
|
|
|
|
def test_parse_observable_with_version():
|
|
|
|
observable = {"type": "file", "name": "foo.exe"}
|
2020-03-27 10:53:39 +01:00
|
|
|
obs_obj = parsing.parse_observable(observable, version='2.0')
|
2018-07-26 02:53:53 +02:00
|
|
|
v = 'v20'
|
|
|
|
|
|
|
|
assert v in str(obs_obj.__class__)
|
|
|
|
|
|
|
|
|
2018-11-29 20:41:57 +01:00
|
|
|
@pytest.mark.xfail(reason="The default version is no longer 2.0", condition=stix2.DEFAULT_VERSION != "2.0")
|
|
|
|
def test_parse_observable_with_no_version():
|
|
|
|
observable = {"type": "file", "name": "foo.exe"}
|
2020-03-27 10:53:39 +01:00
|
|
|
obs_obj = parsing.parse_observable(observable)
|
2018-11-29 20:41:57 +01:00
|
|
|
v = 'v20'
|
|
|
|
|
|
|
|
assert v in str(obs_obj.__class__)
|
|
|
|
|
|
|
|
|
2018-07-26 02:53:53 +02:00
|
|
|
def test_register_marking_with_version():
|
2020-06-18 16:23:08 +02:00
|
|
|
class NewMarking1:
|
|
|
|
_type = 'x-new-marking1'
|
|
|
|
_properties = OrderedDict()
|
|
|
|
|
|
|
|
parsing._register_marking(NewMarking1, version='2.0')
|
2018-07-26 02:53:53 +02:00
|
|
|
v = 'v20'
|
|
|
|
|
2020-06-18 16:23:08 +02:00
|
|
|
assert NewMarking1._type in parsing.STIX2_OBJ_MAPS[v]['markings']
|
|
|
|
assert v in str(parsing.STIX2_OBJ_MAPS[v]['markings'][NewMarking1._type])
|