cti-python-stix2/stix2/__init__.py

"""Python APIs for STIX 2."""

# flake8: noqa

from . import exceptions
from .bundle import Bundle
from .environment import ObjectFactory
from .observables import (URL, AlternateDataStream, ArchiveExt, Artifact,
                          AutonomousSystem, CustomObservable, Directory,
                          DomainName, EmailAddress, EmailMessage,
                          EmailMIMEComponent, File, HTTPRequestExt, ICMPExt,
                          IPv4Address, IPv6Address, MACAddress, Mutex,
                          NetworkTraffic, NTFSExt, PDFExt, Process,
                          RasterImageExt, SocketExt, Software, TCPExt,
                          UNIXAccountExt, UserAccount, WindowsPEBinaryExt,
                          WindowsPEOptionalHeaderType, WindowsPESection,
                          WindowsProcessExt, WindowsRegistryKey,
                          WindowsRegistryValueType, WindowsServiceExt,
                          X509Certificate, X509V3ExtenstionsType,
                          parse_observable)
from .other import (TLP_AMBER, TLP_GREEN, TLP_RED, TLP_WHITE,
                    ExternalReference, GranularMarking, KillChainPhase,
                    MarkingDefinition, StatementMarking, TLPMarking)
from .patterns import (AndBooleanExpression, AndObservationExpression,
                       BasicObjectPathComponent, EqualityComparisonExpression,
                       FloatConstant, FollowedByObservationExpression,
                       GreaterThanComparisonExpression,
                       GreaterThanEqualComparisonExpression, HashConstant,
                       HexConstant, IntegerConstant,
                       IsSubsetComparisonExpression,
                       IsSupersetComparisonExpression,
                       LessThanComparisonExpression,
                       LessThanEqualComparisonExpression,
                       LikeComparisonExpression, ListConstant,
                       ListObjectPathComponent, MatchesComparisonExpression,
                       ObjectPath, ObservationExpression, OrBooleanExpression,
                       OrObservationExpression, ParentheticalExpression,
                       QualifiedObservationExpression,
                       ReferenceObjectPathComponent, RepeatQualifier,
                       StartStopQualifier, StringConstant, WithinQualifier)
from .sdo import (AttackPattern, Campaign, CourseOfAction, CustomObject,
                  Identity, Indicator, IntrusionSet, Malware, ObservedData,
                  Report, ThreatActor, Tool, Vulnerability)
from .sro import Relationship, Sighting
from .utils import get_dict
from .version import __version__

OBJ_MAP = {
    'attack-pattern': AttackPattern,
    'campaign': Campaign,
    'course-of-action': CourseOfAction,
    'identity': Identity,
    'indicator': Indicator,
    'intrusion-set': IntrusionSet,
    'malware': Malware,
    'marking-definition': MarkingDefinition,
    'observed-data': ObservedData,
    'report': Report,
    'relationship': Relationship,
    'threat-actor': ThreatActor,
    'tool': Tool,
    'sighting': Sighting,
    'vulnerability': Vulnerability,
}


def parse(data, allow_custom=False):
    """Deserialize a string or file-like object into a STIX object.

    Args:
        data: The STIX 2 string to be parsed.
        allow_custom (bool): Whether to allow custom properties or not. Default: False.

    Returns:
        An instantiated Python STIX object.
    """

    obj = get_dict(data)

    if 'type' not in obj:
        raise exceptions.ParseError("Can't parse object with no 'type' property: %s" % str(obj))

    try:
        obj_class = OBJ_MAP[obj['type']]
    except KeyError:
        raise exceptions.ParseError("Can't parse unknown object type '%s'! For custom types, use the CustomObject decorator." % obj['type'])
    return obj_class(allow_custom=allow_custom, **obj)


def _register_type(new_type):
    """Register a custom STIX Object type.
    """

    OBJ_MAP[new_type._type] = new_type
Refactor library into separate files. 2017-02-10 22:35:02 +01:00			`"""Python APIs for STIX 2."""`
Initial tests for STIX 2 2017-01-17 21:37:47 +01:00
Fix or ignore Flake8 warnings. 2017-03-22 14:05:59 +01:00			`# flake8: noqa`

Switch to isort for checking import order because it has a pre-commit hook 2017-05-09 21:10:53 +02:00			`from . import exceptions`
Refactor library into separate files. 2017-02-10 22:35:02 +01:00			`from .bundle import Bundle`
Create ObjectFactory class currently only supports created_by_ref 2017-07-12 17:36:15 +02:00			`from .environment import ObjectFactory`
added rest of cyber observables extensions and embedded objects set up EXT_MAPs added FloatProperty implemented ExtensionsProperty 2017-05-15 19:48:41 +02:00			`from .observables import (URL, AlternateDataStream, ArchiveExt, Artifact,`
Move ObservableProperty, ExtensionsProperty, and Observable parsing code into observables.py to prevent circular imports and fix #23. 2017-07-14 20:55:57 +02:00			`AutonomousSystem, CustomObservable, Directory,`
			`DomainName, EmailAddress, EmailMessage,`
			`EmailMIMEComponent, File, HTTPRequestExt, ICMPExt,`
			`IPv4Address, IPv6Address, MACAddress, Mutex,`
			`NetworkTraffic, NTFSExt, PDFExt, Process,`
			`RasterImageExt, SocketExt, Software, TCPExt,`
added rest of cyber observables extensions and embedded objects set up EXT_MAPs added FloatProperty implemented ExtensionsProperty 2017-05-15 19:48:41 +02:00			`UNIXAccountExt, UserAccount, WindowsPEBinaryExt,`
			`WindowsPEOptionalHeaderType, WindowsPESection,`
			`WindowsProcessExt, WindowsRegistryKey,`
			`WindowsRegistryValueType, WindowsServiceExt,`
Move ObservableProperty, ExtensionsProperty, and Observable parsing code into observables.py to prevent circular imports and fix #23. 2017-07-14 20:55:57 +02:00			`X509Certificate, X509V3ExtenstionsType,`
			`parse_observable)`
Move TLP constants up to stix2 namespace 2017-07-05 19:21:06 +02:00			`from .other import (TLP_AMBER, TLP_GREEN, TLP_RED, TLP_WHITE,`
			`ExternalReference, GranularMarking, KillChainPhase,`
Switch to isort for checking import order because it has a pre-commit hook 2017-05-09 21:10:53 +02:00			`MarkingDefinition, StatementMarking, TLPMarking)`
merge all classes into patterns.py 2017-07-19 15:39:17 +02:00			`from .patterns import (AndBooleanExpression, AndObservationExpression,`
			`BasicObjectPathComponent, EqualityComparisonExpression,`
			`FloatConstant, FollowedByObservationExpression,`
			`GreaterThanComparisonExpression,`
			`GreaterThanEqualComparisonExpression, HashConstant,`
			`HexConstant, IntegerConstant,`
			`IsSubsetComparisonExpression,`
			`IsSupersetComparisonExpression,`
			`LessThanComparisonExpression,`
			`LessThanEqualComparisonExpression,`
			`LikeComparisonExpression, ListConstant,`
			`ListObjectPathComponent, MatchesComparisonExpression,`
			`ObjectPath, ObservationExpression, OrBooleanExpression,`
			`OrObservationExpression, ParentheticalExpression,`
			`QualifiedObservationExpression,`
			`ReferenceObjectPathComponent, RepeatQualifier,`
			`StartStopQualifier, StringConstant, WithinQualifier)`
Move ObservableProperty, ExtensionsProperty, and Observable parsing code into observables.py to prevent circular imports and fix #23. 2017-07-14 20:55:57 +02:00			`from .sdo import (AttackPattern, Campaign, CourseOfAction, CustomObject,`
			`Identity, Indicator, IntrusionSet, Malware, ObservedData,`
			`Report, ThreatActor, Tool, Vulnerability)`
Add Sighting object and data markings - Update ReferenceProperty to allow specifying a particular object type - Update ListProperty and add SelectorProperty - Add description to Relationship 2017-03-31 21:52:27 +02:00			`from .sro import Relationship, Sighting`
Fix parsing errors - Typos in Attack Pattern tests - Put MarkingDefinition, ExternalReference, and KillChainPhase together in a file for objects that aren't SDOs or SROs - Create utility function to return dictionary from string or file-like object - Put off testing parsing Cyber Observable Objects until a later commit 2017-04-19 20:32:56 +02:00			`from .utils import get_dict`
Add stix2.__version__ 2017-07-06 15:39:33 +02:00			`from .version import __version__`
Add parsing of Malware objects 2017-04-05 23:12:44 +02:00
Fix typos, add to Property class documentation, small performance boosts, and let strings and booleans in a ListProperty be handled by __call__(). 2017-04-24 22:33:59 +02:00			`OBJ_MAP = {`
			`'attack-pattern': AttackPattern,`
			`'campaign': Campaign,`
			`'course-of-action': CourseOfAction,`
			`'identity': Identity,`
			`'indicator': Indicator,`
			`'intrusion-set': IntrusionSet,`
			`'malware': Malware,`
			`'marking-definition': MarkingDefinition,`
			`'observed-data': ObservedData,`
			`'report': Report,`
			`'relationship': Relationship,`
			`'threat-actor': ThreatActor,`
			`'tool': Tool,`
			`'sighting': Sighting,`
			`'vulnerability': Vulnerability,`
			`}`


Add custom properties via 'allow_custom' Custom properties can be specified by passing them to a STIX object constructor in the 'custom_properties' argument, or with the 'allow_custom' argument set to True, which will add any unrecognized keyword arguments as properties on the object. The 'allow_custom' argument can also be used with the parse() and parse_observable() functions. An error is now raised when attempting to parse objects without a 'type' property, such as external references, kill chain phases, and granular markings. The object which contains them is what should be parsed, not these objects themselves. 2017-06-12 18:54:05 +02:00			`def parse(data, allow_custom=False):`
			`"""Deserialize a string or file-like object into a STIX object.`

			`Args:`
			`data: The STIX 2 string to be parsed.`
			`allow_custom (bool): Whether to allow custom properties or not. Default: False.`

			`Returns:`
			`An instantiated Python STIX object.`
			`"""`
Add parsing of Malware objects 2017-04-05 23:12:44 +02:00
Fix parsing errors - Typos in Attack Pattern tests - Put MarkingDefinition, ExternalReference, and KillChainPhase together in a file for objects that aren't SDOs or SROs - Create utility function to return dictionary from string or file-like object - Put off testing parsing Cyber Observable Objects until a later commit 2017-04-19 20:32:56 +02:00			`obj = get_dict(data)`
Add parsing of Malware objects 2017-04-05 23:12:44 +02:00
			`if 'type' not in obj:`
Add custom properties via 'allow_custom' Custom properties can be specified by passing them to a STIX object constructor in the 'custom_properties' argument, or with the 'allow_custom' argument set to True, which will add any unrecognized keyword arguments as properties on the object. The 'allow_custom' argument can also be used with the parse() and parse_observable() functions. An error is now raised when attempting to parse objects without a 'type' property, such as external references, kill chain phases, and granular markings. The object which contains them is what should be parsed, not these objects themselves. 2017-06-12 18:54:05 +02:00			`raise exceptions.ParseError("Can't parse object with no 'type' property: %s" % str(obj))`

			`try:`
			`obj_class = OBJ_MAP[obj['type']]`
			`except KeyError:`
Add custom Cyber Observables 2017-06-14 15:34:42 +02:00			`raise exceptions.ParseError("Can't parse unknown object type '%s'! For custom types, use the CustomObject decorator." % obj['type'])`
Add custom properties via 'allow_custom' Custom properties can be specified by passing them to a STIX object constructor in the 'custom_properties' argument, or with the 'allow_custom' argument set to True, which will add any unrecognized keyword arguments as properties on the object. The 'allow_custom' argument can also be used with the parse() and parse_observable() functions. An error is now raised when attempting to parse objects without a 'type' property, such as external references, kill chain phases, and granular markings. The object which contains them is what should be parsed, not these objects themselves. 2017-06-12 18:54:05 +02:00			`return obj_class(allow_custom=allow_custom, **obj)`


Add custom STIX Object types 2017-06-12 22:15:12 +02:00			`def _register_type(new_type):`
			`"""Register a custom STIX Object type.`
			`"""`

			`OBJ_MAP[new_type._type] = new_type`