cti-python-stix2/stix2/sources/taxii.py

"""
Python STIX 2.0 TAXII Source/Sink

Classes:
    TAXIICollectionStore
    TAXIICollectionSink
    TAXIICollectionSource

TODO: Test everything

"""

import json

from stix2.sources import DataSink, DataSource, DataStore, Filter, make_id

TAXII_FILTERS = ['added_after', 'id', 'type', 'version']


class TAXIICollectionStore(DataStore):
    """
    """
    def __init__(self, collection, name="TAXIICollectionStore"):
        """
        Create a new TAXII Collection Data store

        Args:
            collection (taxii2.Collection): Collection instance

        """
        super(TAXIICollectionStore, self).__init__(name=name)
        self.source = TAXIICollectionSource(collection)
        self.sink = TAXIICollectionSink(collection)


class TAXIICollectionSink(DataSink):
    """
    """
    def __init__(self, collection, name="TAXIICollectionSink"):
        super(TAXIICollectionSink, self).__init__(name=name)
        self.collection = collection

    def add(self, stix_obj):
        """
        """
        self.collection.add_objects(self.create_bundle([json.loads(str(stix_obj))]))

    @staticmethod
    def create_bundle(objects):
        return dict(id="bundle--%s" % make_id(),
                    objects=objects,
                    spec_version="2.0",
                    type="bundle")


class TAXIICollectionSource(DataSource):
    """
    """
    def __init__(self, collection, name="TAXIICollectionSource"):
        super(TAXIICollectionSource, self).__init__(name=name)
        self.collection = collection

    def get(self, stix_id, _composite_filters=None):
        """
        """
        # combine all query filters
        query = []
        if self.filters:
            query.extend(self.filters.values())
        if _composite_filters:
            query.extend(_composite_filters)

        # separate taxii query terms (can be done remotely)
        taxii_filters = self._parse_taxii_filters(query)

        stix_objs = self.collection.get_object(stix_id, taxii_filters)["objects"]

        stix_obj = self.apply_common_filters(stix_objs, query)

        if len(stix_obj) > 0:
            stix_obj = stix_obj[0]
        else:
            stix_obj = None

        return stix_obj

    def all_versions(self, stix_id, _composite_filters=None):
        """
        """
        # make query in TAXII query format since 'id' is TAXII field
        query = [
            Filter("match[id]", "=", stix_id),
            Filter("match[version]", "=", "all")
        ]

        all_data = self.query(query=query, _composite_filters=_composite_filters)

        return all_data

    def query(self, query=None, _composite_filters=None):
        """
        """
        if query is None:
            query = []

        # combine all query filters
        if self.filters:
            query.extend(self.filters.values())
        if _composite_filters:
            query.extend(_composite_filters)

        # separate taxii query terms (can be done remotely)
        taxii_filters = self._parse_taxii_filters(query)

        # query TAXII collection
        all_data = self.collection.get_objects(filters=taxii_filters)["objects"]

        # deduplicate data (before filtering as reduces wasted filtering)
        all_data = self.deduplicate(all_data)

        # apply local (composite and data source filters)
        all_data = self.apply_common_filters(all_data, query)

        return all_data

    def _parse_taxii_filters(self, query):
        """Parse out TAXII filters that the TAXII server can filter on.

        Notes:
            For instance - "?match[type]=indicator,sighting" should be in a
            query dict as follows:

            {
                "field": "type"
                "op": "=",
                "value": "indicator,sighting"
            }

        Args:
            query (list): list of filters to extract which ones are TAXII
                specific.

        Returns:
            params (dict): dict of the TAXII filters but in format required
                for 'requests.get()'.

        """
        params = {}

        for filter_ in query:
            if filter_.field in TAXII_FILTERS:
                if filter_.field == "added_after":
                    params[filter_.field] = filter_.value
                else:
                    taxii_field = "match[%s]" % filter_.field
                    params[taxii_field] = filter_.value
        return params
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`"""`
			`Python STIX 2.0 TAXII Source/Sink`
Initial code for TAXII data source. 2017-05-24 17:25:40 +02:00
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`Classes:`
			`TAXIICollectionStore`
			`TAXIICollectionSink`
			`TAXIICollectionSource`
Initial code for TAXII data source. 2017-05-24 17:25:40 +02:00
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`TODO: Test everything`
Initial code for TAXII data source. 2017-05-24 17:25:40 +02:00
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`"""`
Initial code for TAXII data source. 2017-05-24 17:25:40 +02:00
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`import json`
Initial code for TAXII data source. 2017-05-24 17:25:40 +02:00
Change query dict style for Filter namedtuple. 2017-08-18 18:05:12 +02:00			`from stix2.sources import DataSink, DataSource, DataStore, Filter, make_id`
tests for TAXII data source; some bug fixes 2017-05-30 22:56:27 +02:00
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`TAXII_FILTERS = ['added_after', 'id', 'type', 'version']`
Initial code for TAXII data source. 2017-05-24 17:25:40 +02:00

Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`class TAXIICollectionStore(DataStore):`
			`"""`
			`"""`
Clean up TAXII Datastore to use latest TAXII client 2017-07-20 21:36:54 +02:00			`def __init__(self, collection, name="TAXIICollectionStore"):`
			`"""`
			`Create a new TAXII Collection Data store`

			`Args:`
			`collection (taxii2.Collection): Collection instance`
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00
Formatting changes, replace deduplicate() code in DataSource, missing super() calls to initialize objects. 2017-08-11 14:10:20 +02:00			`"""`
Add missing call to super() in TAXIICollectionStore. 2017-08-11 15:52:29 +02:00			`super(TAXIICollectionStore, self).__init__(name=name)`
Clean up TAXII Datastore to use latest TAXII client 2017-07-20 21:36:54 +02:00			`self.source = TAXIICollectionSource(collection)`
			`self.sink = TAXIICollectionSink(collection)`
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00

			`class TAXIICollectionSink(DataSink):`
			`"""`
			`"""`
Clean up TAXII Datastore to use latest TAXII client 2017-07-20 21:36:54 +02:00			`def __init__(self, collection, name="TAXIICollectionSink"):`
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`super(TAXIICollectionSink, self).__init__(name=name)`
Clean up TAXII Datastore to use latest TAXII client 2017-07-20 21:36:54 +02:00			`self.collection = collection`
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00
taxii client and source/sink seperated; memory store common data dict (bug); all *Store classes have their sources and sinks tethered to one backend target 2017-07-13 00:03:59 +02:00			`def add(self, stix_obj):`
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`"""`
			`"""`
			`self.collection.add_objects(self.create_bundle([json.loads(str(stix_obj))]))`
Initial code for TAXII data source. 2017-05-24 17:25:40 +02:00
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`@staticmethod`
			`def create_bundle(objects):`
Formatting changes, replace deduplicate() code in DataSource, missing super() calls to initialize objects. 2017-08-11 14:10:20 +02:00			`return dict(id="bundle--%s" % make_id(),`
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`objects=objects,`
			`spec_version="2.0",`
			`type="bundle")`
Initial code for TAXII data source. 2017-05-24 17:25:40 +02:00
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00
			`class TAXIICollectionSource(DataSource):`
			`"""`
			`"""`
Clean up TAXII Datastore to use latest TAXII client 2017-07-20 21:36:54 +02:00			`def __init__(self, collection, name="TAXIICollectionSource"):`
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`super(TAXIICollectionSource, self).__init__(name=name)`
Clean up TAXII Datastore to use latest TAXII client 2017-07-20 21:36:54 +02:00			`self.collection = collection`
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00
			`def get(self, stix_id, _composite_filters=None):`
			`"""`
			`"""`
			`# combine all query filters`
			`query = []`
			`if self.filters:`
			`query.extend(self.filters.values())`
			`if _composite_filters:`
			`query.extend(_composite_filters)`
Initial code for TAXII data source. 2017-05-24 17:25:40 +02:00
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`# separate taxii query terms (can be done remotely)`
			`taxii_filters = self._parse_taxii_filters(query)`
Initial code for TAXII data source. 2017-05-24 17:25:40 +02:00
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`stix_objs = self.collection.get_object(stix_id, taxii_filters)["objects"]`
Initial code for TAXII data source. 2017-05-24 17:25:40 +02:00
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`stix_obj = self.apply_common_filters(stix_objs, query)`
Initial code for TAXII data source. 2017-05-24 17:25:40 +02:00
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`if len(stix_obj) > 0:`
			`stix_obj = stix_obj[0]`
			`else:`
			`stix_obj = None`
Initial code for TAXII data source. 2017-05-24 17:25:40 +02:00
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`return stix_obj`
Initial code for TAXII data source. 2017-05-24 17:25:40 +02:00
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`def all_versions(self, stix_id, _composite_filters=None):`
			`"""`
Code style changes. 2017-05-26 21:24:33 +02:00			`"""`
Initial code for TAXII data source. 2017-05-24 17:25:40 +02:00			`# make query in TAXII query format since 'id' is TAXII field`
			`query = [`
Change query dict style for Filter namedtuple. 2017-08-18 18:05:12 +02:00			`Filter("match[id]", "=", stix_id),`
			`Filter("match[version]", "=", "all")`
Initial code for TAXII data source. 2017-05-24 17:25:40 +02:00			`]`

			`all_data = self.query(query=query, _composite_filters=_composite_filters)`

			`return all_data`

			`def query(self, query=None, _composite_filters=None):`
Code style changes. 2017-05-26 21:24:33 +02:00			`"""`
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`"""`
Initial code for TAXII data source. 2017-05-24 17:25:40 +02:00			`if query is None:`
			`query = []`

			`# combine all query filters`
			`if self.filters:`
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`query.extend(self.filters.values())`
Initial code for TAXII data source. 2017-05-24 17:25:40 +02:00			`if _composite_filters:`
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`query.extend(_composite_filters)`
Initial code for TAXII data source. 2017-05-24 17:25:40 +02:00
Code style changes. 2017-05-26 21:24:33 +02:00			`# separate taxii query terms (can be done remotely)`
Initial code for TAXII data source. 2017-05-24 17:25:40 +02:00			`taxii_filters = self._parse_taxii_filters(query)`

Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`# query TAXII collection`
			`all_data = self.collection.get_objects(filters=taxii_filters)["objects"]`
Initial code for TAXII data source. 2017-05-24 17:25:40 +02:00
			`# deduplicate data (before filtering as reduces wasted filtering)`
			`all_data = self.deduplicate(all_data)`

			`# apply local (composite and data source filters)`
			`all_data = self.apply_common_filters(all_data, query)`

			`return all_data`

			`def _parse_taxii_filters(self, query):`
Formatting changes, replace deduplicate() code in DataSource, missing super() calls to initialize objects. 2017-08-11 14:10:20 +02:00			`"""Parse out TAXII filters that the TAXII server can filter on.`
Initial code for TAXII data source. 2017-05-24 17:25:40 +02:00
Formatting changes, replace deduplicate() code in DataSource, missing super() calls to initialize objects. 2017-08-11 14:10:20 +02:00			`Notes:`
			`For instance - "?match[type]=indicator,sighting" should be in a`
			`query dict as follows:`

			`{`
			`"field": "type"`
			`"op": "=",`
			`"value": "indicator,sighting"`
			`}`
Initial code for TAXII data source. 2017-05-24 17:25:40 +02:00
			`Args:`
Code style changes. 2017-05-26 21:24:33 +02:00			`query (list): list of filters to extract which ones are TAXII`
			`specific.`
Initial code for TAXII data source. 2017-05-24 17:25:40 +02:00
			`Returns:`
Code style changes. 2017-05-26 21:24:33 +02:00			`params (dict): dict of the TAXII filters but in format required`
			`for 'requests.get()'.`
Initial code for TAXII data source. 2017-05-24 17:25:40 +02:00
Formatting changes, replace deduplicate() code in DataSource, missing super() calls to initialize objects. 2017-08-11 14:10:20 +02:00			`"""`
Initial code for TAXII data source. 2017-05-24 17:25:40 +02:00			`params = {}`

Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`for filter_ in query:`
Convert rest of code to use namedtuple Filters 2017-08-09 21:25:06 +02:00			`if filter_.field in TAXII_FILTERS:`
			`if filter_.field == "added_after":`
			`params[filter_.field] = filter_.value`
tests for TAXII data source; some bug fixes 2017-05-30 22:56:27 +02:00			`else:`
Merge pull request #41 from oasis-open/namedtuple-filters Use Namedtuples for Filters. 2017-08-14 21:01:07 +02:00			`taxii_field = "match[%s]" % filter_.field`
Convert rest of code to use namedtuple Filters 2017-08-09 21:25:06 +02:00			`params[taxii_field] = filter_.value`
Initial code for TAXII data source. 2017-05-24 17:25:40 +02:00			`return params`